2
* QEMU VNC display driver
4
* Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5
* Copyright (C) 2006 Fabrice Bellard
6
* Copyright (C) 2009 Red Hat, Inc
8
* Permission is hereby granted, free of charge, to any person obtaining a copy
9
* of this software and associated documentation files (the "Software"), to deal
10
* in the Software without restriction, including without limitation the rights
11
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12
* copies of the Software, and to permit persons to whom the Software is
13
* furnished to do so, subject to the following conditions:
15
* The above copyright notice and this permission notice shall be included in
16
* all copies or substantial portions of the Software.
18
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21
* THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30
#include "qemu_socket.h"
31
#include "qemu-timer.h"
33
#include "qemu-objects.h"
35
#define VNC_REFRESH_INTERVAL_BASE 30
36
#define VNC_REFRESH_INTERVAL_INC 50
37
#define VNC_REFRESH_INTERVAL_MAX 2000
38
static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
39
static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
41
#include "vnc_keysym.h"
44
static VncDisplay *vnc_display; /* needed for info vnc */
45
static DisplayChangeListener *dcl;
47
static int vnc_cursor_define(VncState *vs);
49
static char *addr_to_string(const char *format,
50
struct sockaddr_storage *sa,
53
char host[NI_MAXHOST];
54
char serv[NI_MAXSERV];
58
if ((err = getnameinfo((struct sockaddr *)sa, salen,
61
NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
62
VNC_DEBUG("Cannot resolve address %d: %s\n",
63
err, gai_strerror(err));
67
/* Enough for the existing format + the 2 vars we're
69
addrlen = strlen(format) + strlen(host) + strlen(serv);
70
addr = qemu_malloc(addrlen + 1);
71
snprintf(addr, addrlen, format, host, serv);
78
char *vnc_socket_local_addr(const char *format, int fd) {
79
struct sockaddr_storage sa;
83
if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
86
return addr_to_string(format, &sa, salen);
89
char *vnc_socket_remote_addr(const char *format, int fd) {
90
struct sockaddr_storage sa;
94
if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
97
return addr_to_string(format, &sa, salen);
100
static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
103
char host[NI_MAXHOST];
104
char serv[NI_MAXSERV];
107
if ((err = getnameinfo((struct sockaddr *)sa, salen,
110
NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
111
VNC_DEBUG("Cannot resolve address %d: %s\n",
112
err, gai_strerror(err));
116
qdict_put(qdict, "host", qstring_from_str(host));
117
qdict_put(qdict, "service", qstring_from_str(serv));
118
qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
123
static int vnc_server_addr_put(QDict *qdict, int fd)
125
struct sockaddr_storage sa;
129
if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
133
return put_addr_qdict(qdict, &sa, salen);
136
static int vnc_qdict_remote_addr(QDict *qdict, int fd)
138
struct sockaddr_storage sa;
142
if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
146
return put_addr_qdict(qdict, &sa, salen);
149
static const char *vnc_auth_name(VncDisplay *vd) {
151
case VNC_AUTH_INVALID:
167
case VNC_AUTH_VENCRYPT:
168
#ifdef CONFIG_VNC_TLS
169
switch (vd->subauth) {
170
case VNC_AUTH_VENCRYPT_PLAIN:
171
return "vencrypt+plain";
172
case VNC_AUTH_VENCRYPT_TLSNONE:
173
return "vencrypt+tls+none";
174
case VNC_AUTH_VENCRYPT_TLSVNC:
175
return "vencrypt+tls+vnc";
176
case VNC_AUTH_VENCRYPT_TLSPLAIN:
177
return "vencrypt+tls+plain";
178
case VNC_AUTH_VENCRYPT_X509NONE:
179
return "vencrypt+x509+none";
180
case VNC_AUTH_VENCRYPT_X509VNC:
181
return "vencrypt+x509+vnc";
182
case VNC_AUTH_VENCRYPT_X509PLAIN:
183
return "vencrypt+x509+plain";
184
case VNC_AUTH_VENCRYPT_TLSSASL:
185
return "vencrypt+tls+sasl";
186
case VNC_AUTH_VENCRYPT_X509SASL:
187
return "vencrypt+x509+sasl";
200
static int vnc_server_info_put(QDict *qdict)
202
if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
206
qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
210
static void vnc_client_cache_auth(VncState *client)
212
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
220
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
221
qdict = qobject_to_qdict(client->info);
224
#ifdef CONFIG_VNC_TLS
225
if (client->tls.session &&
227
qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
230
#ifdef CONFIG_VNC_SASL
231
if (client->sasl.conn &&
232
client->sasl.username) {
233
qdict_put(qdict, "sasl_username",
234
qstring_from_str(client->sasl.username));
239
static void vnc_client_cache_addr(VncState *client)
244
if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
246
/* XXX: how to report the error? */
250
client->info = QOBJECT(qdict);
253
static void vnc_qmp_event(VncState *vs, MonitorEvent event)
262
server = qdict_new();
263
if (vnc_server_info_put(server) < 0) {
268
data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
269
vs->info, QOBJECT(server));
271
monitor_protocol_event(event, data);
273
qobject_incref(vs->info);
274
qobject_decref(data);
277
static void info_vnc_iter(QObject *obj, void *opaque)
280
Monitor *mon = opaque;
282
client = qobject_to_qdict(obj);
283
monitor_printf(mon, "Client:\n");
284
monitor_printf(mon, " address: %s:%s\n",
285
qdict_get_str(client, "host"),
286
qdict_get_str(client, "service"));
288
#ifdef CONFIG_VNC_TLS
289
monitor_printf(mon, " x509_dname: %s\n",
290
qdict_haskey(client, "x509_dname") ?
291
qdict_get_str(client, "x509_dname") : "none");
293
#ifdef CONFIG_VNC_SASL
294
monitor_printf(mon, " username: %s\n",
295
qdict_haskey(client, "sasl_username") ?
296
qdict_get_str(client, "sasl_username") : "none");
300
void do_info_vnc_print(Monitor *mon, const QObject *data)
305
server = qobject_to_qdict(data);
306
if (qdict_get_bool(server, "enabled") == 0) {
307
monitor_printf(mon, "Server: disabled\n");
311
monitor_printf(mon, "Server:\n");
312
monitor_printf(mon, " address: %s:%s\n",
313
qdict_get_str(server, "host"),
314
qdict_get_str(server, "service"));
315
monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
317
clients = qdict_get_qlist(server, "clients");
318
if (qlist_empty(clients)) {
319
monitor_printf(mon, "Client: none\n");
321
qlist_iter(clients, info_vnc_iter, mon);
325
void do_info_vnc(Monitor *mon, QObject **ret_data)
327
if (vnc_display == NULL || vnc_display->display == NULL) {
328
*ret_data = qobject_from_jsonf("{ 'enabled': false }");
334
QTAILQ_FOREACH(client, &vnc_display->clients, next) {
336
/* incref so that it's not freed by upper layers */
337
qobject_incref(client->info);
338
qlist_append_obj(clist, client->info);
342
*ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
344
assert(*ret_data != NULL);
346
if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
347
qobject_decref(*ret_data);
354
1) Get the queue working for IO.
355
2) there is some weirdness when using the -S option (the screen is grey
356
and not totally invalidated
357
3) resolutions > 1024
360
static int vnc_update_client(VncState *vs, int has_dirty);
361
static int vnc_update_client_sync(VncState *vs, int has_dirty);
362
static void vnc_disconnect_start(VncState *vs);
363
static void vnc_disconnect_finish(VncState *vs);
364
static void vnc_init_timer(VncDisplay *vd);
365
static void vnc_remove_timer(VncDisplay *vd);
367
static void vnc_colordepth(VncState *vs);
368
static void framebuffer_update_request(VncState *vs, int incremental,
369
int x_position, int y_position,
371
static void vnc_refresh(void *opaque);
372
static int vnc_refresh_server_surface(VncDisplay *vd);
374
static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
377
VncDisplay *vd = ds->opaque;
378
struct VncSurface *s = &vd->guest;
382
/* round x down to ensure the loop only spans one 16-pixel block per,
383
iteration. otherwise, if (x % 16) != 0, the last iteration may span
384
two 16-pixel blocks but we only mark the first as dirty
389
x = MIN(x, s->ds->width);
390
y = MIN(y, s->ds->height);
391
w = MIN(x + w, s->ds->width) - x;
392
h = MIN(h, s->ds->height);
395
for (i = 0; i < w; i += 16)
396
set_bit((x + i) / 16, s->dirty[y]);
399
void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
402
vnc_write_u16(vs, x);
403
vnc_write_u16(vs, y);
404
vnc_write_u16(vs, w);
405
vnc_write_u16(vs, h);
407
vnc_write_s32(vs, encoding);
410
void buffer_reserve(Buffer *buffer, size_t len)
412
if ((buffer->capacity - buffer->offset) < len) {
413
buffer->capacity += (len + 1024);
414
buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
415
if (buffer->buffer == NULL) {
416
fprintf(stderr, "vnc: out of memory\n");
422
int buffer_empty(Buffer *buffer)
424
return buffer->offset == 0;
427
uint8_t *buffer_end(Buffer *buffer)
429
return buffer->buffer + buffer->offset;
432
void buffer_reset(Buffer *buffer)
437
void buffer_free(Buffer *buffer)
439
qemu_free(buffer->buffer);
441
buffer->capacity = 0;
442
buffer->buffer = NULL;
445
void buffer_append(Buffer *buffer, const void *data, size_t len)
447
memcpy(buffer->buffer + buffer->offset, data, len);
448
buffer->offset += len;
451
static void vnc_desktop_resize(VncState *vs)
453
DisplayState *ds = vs->ds;
455
if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
458
if (vs->client_width == ds_get_width(ds) &&
459
vs->client_height == ds_get_height(ds)) {
462
vs->client_width = ds_get_width(ds);
463
vs->client_height = ds_get_height(ds);
465
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
467
vnc_write_u16(vs, 1); /* number of rects */
468
vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
469
VNC_ENCODING_DESKTOPRESIZE);
470
vnc_unlock_output(vs);
474
#ifdef CONFIG_VNC_THREAD
475
static void vnc_abort_display_jobs(VncDisplay *vd)
479
QTAILQ_FOREACH(vs, &vd->clients, next) {
482
vnc_unlock_output(vs);
484
QTAILQ_FOREACH(vs, &vd->clients, next) {
487
QTAILQ_FOREACH(vs, &vd->clients, next) {
490
vnc_unlock_output(vs);
494
static void vnc_abort_display_jobs(VncDisplay *vd)
499
static void vnc_dpy_resize(DisplayState *ds)
501
VncDisplay *vd = ds->opaque;
504
vnc_abort_display_jobs(vd);
508
vd->server = qemu_mallocz(sizeof(*vd->server));
509
if (vd->server->data)
510
qemu_free(vd->server->data);
511
*(vd->server) = *(ds->surface);
512
vd->server->data = qemu_mallocz(vd->server->linesize *
517
vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
518
if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
519
console_color_init(ds);
520
*(vd->guest.ds) = *(ds->surface);
521
memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
523
QTAILQ_FOREACH(vs, &vd->clients, next) {
525
vnc_desktop_resize(vs);
526
if (vs->vd->cursor) {
527
vnc_cursor_define(vs);
529
memset(vs->dirty, 0xFF, sizeof(vs->dirty));
534
static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
535
void *pixels, int size)
537
vnc_write(vs, pixels, size);
540
/* slowest but generic code. */
541
void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
544
VncDisplay *vd = vs->vd;
546
r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
547
vd->server->pf.rbits);
548
g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
549
vd->server->pf.gbits);
550
b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
551
vd->server->pf.bbits);
552
v = (r << vs->clientds.pf.rshift) |
553
(g << vs->clientds.pf.gshift) |
554
(b << vs->clientds.pf.bshift);
555
switch(vs->clientds.pf.bytes_per_pixel) {
560
if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
570
if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
585
static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
586
void *pixels1, int size)
590
if (pf->bytes_per_pixel == 4) {
591
uint32_t *pixels = pixels1;
594
for(i = 0; i < n; i++) {
595
vnc_convert_pixel(vs, buf, pixels[i]);
596
vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
598
} else if (pf->bytes_per_pixel == 2) {
599
uint16_t *pixels = pixels1;
602
for(i = 0; i < n; i++) {
603
vnc_convert_pixel(vs, buf, pixels[i]);
604
vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
606
} else if (pf->bytes_per_pixel == 1) {
607
uint8_t *pixels = pixels1;
610
for(i = 0; i < n; i++) {
611
vnc_convert_pixel(vs, buf, pixels[i]);
612
vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
615
fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
619
int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
623
VncDisplay *vd = vs->vd;
625
row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
626
for (i = 0; i < h; i++) {
627
vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
628
row += ds_get_linesize(vs->ds);
633
int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
637
switch(vs->vnc_encoding) {
638
case VNC_ENCODING_ZLIB:
639
n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
641
case VNC_ENCODING_HEXTILE:
642
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
643
n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
645
case VNC_ENCODING_TIGHT:
646
n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
648
case VNC_ENCODING_TIGHT_PNG:
649
n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
651
case VNC_ENCODING_ZRLE:
652
n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
654
case VNC_ENCODING_ZYWRLE:
655
n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
658
vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
659
n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
665
static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
667
/* send bitblit op to the vnc client */
669
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
671
vnc_write_u16(vs, 1); /* number of rects */
672
vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
673
vnc_write_u16(vs, src_x);
674
vnc_write_u16(vs, src_y);
675
vnc_unlock_output(vs);
679
static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
681
VncDisplay *vd = ds->opaque;
685
int i,x,y,pitch,depth,inc,w_lim,s;
688
vnc_refresh_server_surface(vd);
689
QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
690
if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
691
vs->force_update = 1;
692
vnc_update_client_sync(vs, 1);
693
/* vs might be free()ed here */
697
/* do bitblit op on the local surface too */
698
pitch = ds_get_linesize(vd->ds);
699
depth = ds_get_bytes_per_pixel(vd->ds);
700
src_row = vd->server->data + pitch * src_y + depth * src_x;
701
dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
706
src_row += pitch * (h-1);
707
dst_row += pitch * (h-1);
712
w_lim = w - (16 - (dst_x % 16));
716
w_lim = w - (w_lim % 16);
717
for (i = 0; i < h; i++) {
718
for (x = 0; x <= w_lim;
719
x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
721
if ((s = w - w_lim) == 0)
724
s = (16 - (dst_x % 16));
729
cmp_bytes = s * depth;
730
if (memcmp(src_row, dst_row, cmp_bytes) == 0)
732
memmove(dst_row, src_row, cmp_bytes);
733
QTAILQ_FOREACH(vs, &vd->clients, next) {
734
if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
735
set_bit(((x + dst_x) / 16), vs->dirty[y]);
739
src_row += pitch - w * depth;
740
dst_row += pitch - w * depth;
744
QTAILQ_FOREACH(vs, &vd->clients, next) {
745
if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
746
vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
751
static void vnc_mouse_set(int x, int y, int visible)
753
/* can we ask the client(s) to move the pointer ??? */
756
static int vnc_cursor_define(VncState *vs)
758
QEMUCursor *c = vs->vd->cursor;
759
PixelFormat pf = qemu_default_pixelformat(32);
762
if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
764
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
765
vnc_write_u8(vs, 0); /* padding */
766
vnc_write_u16(vs, 1); /* # of rects */
767
vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
768
VNC_ENCODING_RICH_CURSOR);
769
isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
770
vnc_write_pixels_generic(vs, &pf, c->data, isize);
771
vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
772
vnc_unlock_output(vs);
778
static void vnc_dpy_cursor_define(QEMUCursor *c)
780
VncDisplay *vd = vnc_display;
783
cursor_put(vd->cursor);
784
qemu_free(vd->cursor_mask);
787
cursor_get(vd->cursor);
788
vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
789
vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
790
cursor_get_mono_mask(c, 0, vd->cursor_mask);
792
QTAILQ_FOREACH(vs, &vd->clients, next) {
793
vnc_cursor_define(vs);
797
static int find_and_clear_dirty_height(struct VncState *vs,
798
int y, int last_x, int x, int height)
802
for (h = 1; h < (height - y); h++) {
804
if (!test_bit(last_x, vs->dirty[y + h])) {
807
for (tmp_x = last_x; tmp_x < x; tmp_x++) {
808
clear_bit(tmp_x, vs->dirty[y + h]);
815
#ifdef CONFIG_VNC_THREAD
816
static int vnc_update_client_sync(VncState *vs, int has_dirty)
818
int ret = vnc_update_client(vs, has_dirty);
823
static int vnc_update_client_sync(VncState *vs, int has_dirty)
825
return vnc_update_client(vs, has_dirty);
829
static int vnc_update_client(VncState *vs, int has_dirty)
831
if (vs->need_update && vs->csock != -1) {
832
VncDisplay *vd = vs->vd;
839
if (vs->output.offset && !vs->audio_cap && !vs->force_update)
840
/* kernel send buffers are full -> drop frames to throttle */
843
if (!has_dirty && !vs->audio_cap && !vs->force_update)
847
* Send screen updates to the vnc client using the server
848
* surface and server dirty map. guest surface updates
849
* happening in parallel don't disturb us, the next pass will
850
* send them to the client.
852
job = vnc_job_new(vs);
854
width = MIN(vd->server->width, vs->client_width);
855
height = MIN(vd->server->height, vs->client_height);
857
for (y = 0; y < height; y++) {
860
for (x = 0; x < width / 16; x++) {
861
if (test_and_clear_bit(x, vs->dirty[y])) {
867
int h = find_and_clear_dirty_height(vs, y, last_x, x,
870
n += vnc_job_add_rect(job, last_x * 16, y,
871
(x - last_x) * 16, h);
877
int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
878
n += vnc_job_add_rect(job, last_x * 16, y,
879
(x - last_x) * 16, h);
884
vs->force_update = 0;
889
vnc_disconnect_finish(vs);
895
static void audio_capture_notify(void *opaque, audcnotification_e cmd)
897
VncState *vs = opaque;
900
case AUD_CNOTIFY_DISABLE:
902
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
903
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
904
vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
905
vnc_unlock_output(vs);
909
case AUD_CNOTIFY_ENABLE:
911
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
912
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
913
vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
914
vnc_unlock_output(vs);
920
static void audio_capture_destroy(void *opaque)
924
static void audio_capture(void *opaque, void *buf, int size)
926
VncState *vs = opaque;
929
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
930
vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
931
vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
932
vnc_write_u32(vs, size);
933
vnc_write(vs, buf, size);
934
vnc_unlock_output(vs);
938
static void audio_add(VncState *vs)
940
struct audio_capture_ops ops;
943
monitor_printf(default_mon, "audio already running\n");
947
ops.notify = audio_capture_notify;
948
ops.destroy = audio_capture_destroy;
949
ops.capture = audio_capture;
951
vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
952
if (!vs->audio_cap) {
953
monitor_printf(default_mon, "Failed to add audio capture\n");
957
static void audio_del(VncState *vs)
960
AUD_del_capture(vs->audio_cap, vs);
961
vs->audio_cap = NULL;
965
static void vnc_disconnect_start(VncState *vs)
969
qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
970
closesocket(vs->csock);
974
static void vnc_disconnect_finish(VncState *vs)
978
vnc_jobs_join(vs); /* Wait encoding jobs */
981
vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
983
buffer_free(&vs->input);
984
buffer_free(&vs->output);
986
qobject_decref(vs->info);
992
#ifdef CONFIG_VNC_TLS
993
vnc_tls_client_cleanup(vs);
994
#endif /* CONFIG_VNC_TLS */
995
#ifdef CONFIG_VNC_SASL
996
vnc_sasl_client_cleanup(vs);
997
#endif /* CONFIG_VNC_SASL */
1000
QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1002
if (QTAILQ_EMPTY(&vs->vd->clients)) {
1006
qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1007
vnc_remove_timer(vs->vd);
1008
if (vs->vd->lock_key_sync)
1009
qemu_remove_led_event_handler(vs->led);
1010
vnc_unlock_output(vs);
1012
#ifdef CONFIG_VNC_THREAD
1013
qemu_mutex_destroy(&vs->output_mutex);
1015
for (i = 0; i < VNC_STAT_ROWS; ++i) {
1016
qemu_free(vs->lossy_rect[i]);
1018
qemu_free(vs->lossy_rect);
1022
int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1024
if (ret == 0 || ret == -1) {
1026
switch (last_errno) {
1030
case WSAEWOULDBLOCK:
1038
VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1039
ret, ret < 0 ? last_errno : 0);
1040
vnc_disconnect_start(vs);
1048
void vnc_client_error(VncState *vs)
1050
VNC_DEBUG("Closing down client sock: protocol error\n");
1051
vnc_disconnect_start(vs);
1056
* Called to write a chunk of data to the client socket. The data may
1057
* be the raw data, or may have already been encoded by SASL.
1058
* The data will be written either straight onto the socket, or
1059
* written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1061
* NB, it is theoretically possible to have 2 layers of encryption,
1062
* both SASL, and this TLS layer. It is highly unlikely in practice
1063
* though, since SASL encryption will typically be a no-op if TLS
1066
* Returns the number of bytes written, which may be less than
1067
* the requested 'datalen' if the socket would block. Returns
1068
* -1 on error, and disconnects the client socket.
1070
long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1073
#ifdef CONFIG_VNC_TLS
1074
if (vs->tls.session) {
1075
ret = gnutls_write(vs->tls.session, data, datalen);
1077
if (ret == GNUTLS_E_AGAIN)
1084
#endif /* CONFIG_VNC_TLS */
1085
ret = send(vs->csock, (const void *)data, datalen, 0);
1086
VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1087
return vnc_client_io_error(vs, ret, socket_error());
1092
* Called to write buffered data to the client socket, when not
1093
* using any SASL SSF encryption layers. Will write as much data
1094
* as possible without blocking. If all buffered data is written,
1095
* will switch the FD poll() handler back to read monitoring.
1097
* Returns the number of bytes written, which may be less than
1098
* the buffered output data if the socket would block. Returns
1099
* -1 on error, and disconnects the client socket.
1101
static long vnc_client_write_plain(VncState *vs)
1105
#ifdef CONFIG_VNC_SASL
1106
VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1107
vs->output.buffer, vs->output.capacity, vs->output.offset,
1108
vs->sasl.waitWriteSSF);
1110
if (vs->sasl.conn &&
1112
vs->sasl.waitWriteSSF) {
1113
ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1115
vs->sasl.waitWriteSSF -= ret;
1117
#endif /* CONFIG_VNC_SASL */
1118
ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1122
memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1123
vs->output.offset -= ret;
1125
if (vs->output.offset == 0) {
1126
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1134
* First function called whenever there is data to be written to
1135
* the client socket. Will delegate actual work according to whether
1136
* SASL SSF layers are enabled (thus requiring encryption calls)
1138
static void vnc_client_write_locked(void *opaque)
1140
VncState *vs = opaque;
1142
#ifdef CONFIG_VNC_SASL
1143
if (vs->sasl.conn &&
1145
!vs->sasl.waitWriteSSF) {
1146
vnc_client_write_sasl(vs);
1148
#endif /* CONFIG_VNC_SASL */
1149
vnc_client_write_plain(vs);
1152
void vnc_client_write(void *opaque)
1154
VncState *vs = opaque;
1156
vnc_lock_output(vs);
1157
if (vs->output.offset) {
1158
vnc_client_write_locked(opaque);
1159
} else if (vs->csock != -1) {
1160
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1162
vnc_unlock_output(vs);
1165
void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1167
vs->read_handler = func;
1168
vs->read_handler_expect = expecting;
1173
* Called to read a chunk of data from the client socket. The data may
1174
* be the raw data, or may need to be further decoded by SASL.
1175
* The data will be read either straight from to the socket, or
1176
* read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1178
* NB, it is theoretically possible to have 2 layers of encryption,
1179
* both SASL, and this TLS layer. It is highly unlikely in practice
1180
* though, since SASL encryption will typically be a no-op if TLS
1183
* Returns the number of bytes read, which may be less than
1184
* the requested 'datalen' if the socket would block. Returns
1185
* -1 on error, and disconnects the client socket.
1187
long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1190
#ifdef CONFIG_VNC_TLS
1191
if (vs->tls.session) {
1192
ret = gnutls_read(vs->tls.session, data, datalen);
1194
if (ret == GNUTLS_E_AGAIN)
1201
#endif /* CONFIG_VNC_TLS */
1202
ret = qemu_recv(vs->csock, data, datalen, 0);
1203
VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1204
return vnc_client_io_error(vs, ret, socket_error());
1209
* Called to read data from the client socket to the input buffer,
1210
* when not using any SASL SSF encryption layers. Will read as much
1211
* data as possible without blocking.
1213
* Returns the number of bytes read. Returns -1 on error, and
1214
* disconnects the client socket.
1216
static long vnc_client_read_plain(VncState *vs)
1219
VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1220
vs->input.buffer, vs->input.capacity, vs->input.offset);
1221
buffer_reserve(&vs->input, 4096);
1222
ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1225
vs->input.offset += ret;
1231
* First function called whenever there is more data to be read from
1232
* the client socket. Will delegate actual work according to whether
1233
* SASL SSF layers are enabled (thus requiring decryption calls)
1235
void vnc_client_read(void *opaque)
1237
VncState *vs = opaque;
1240
#ifdef CONFIG_VNC_SASL
1241
if (vs->sasl.conn && vs->sasl.runSSF)
1242
ret = vnc_client_read_sasl(vs);
1244
#endif /* CONFIG_VNC_SASL */
1245
ret = vnc_client_read_plain(vs);
1247
if (vs->csock == -1)
1248
vnc_disconnect_finish(vs);
1252
while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1253
size_t len = vs->read_handler_expect;
1256
ret = vs->read_handler(vs, vs->input.buffer, len);
1257
if (vs->csock == -1) {
1258
vnc_disconnect_finish(vs);
1263
memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1264
vs->input.offset -= len;
1266
vs->read_handler_expect = ret;
1271
void vnc_write(VncState *vs, const void *data, size_t len)
1273
buffer_reserve(&vs->output, len);
1275
if (vs->csock != -1 && buffer_empty(&vs->output)) {
1276
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1279
buffer_append(&vs->output, data, len);
1282
void vnc_write_s32(VncState *vs, int32_t value)
1284
vnc_write_u32(vs, *(uint32_t *)&value);
1287
void vnc_write_u32(VncState *vs, uint32_t value)
1291
buf[0] = (value >> 24) & 0xFF;
1292
buf[1] = (value >> 16) & 0xFF;
1293
buf[2] = (value >> 8) & 0xFF;
1294
buf[3] = value & 0xFF;
1296
vnc_write(vs, buf, 4);
1299
void vnc_write_u16(VncState *vs, uint16_t value)
1303
buf[0] = (value >> 8) & 0xFF;
1304
buf[1] = value & 0xFF;
1306
vnc_write(vs, buf, 2);
1309
void vnc_write_u8(VncState *vs, uint8_t value)
1311
vnc_write(vs, (char *)&value, 1);
1314
void vnc_flush(VncState *vs)
1316
vnc_lock_output(vs);
1317
if (vs->csock != -1 && vs->output.offset) {
1318
vnc_client_write_locked(vs);
1320
vnc_unlock_output(vs);
1323
uint8_t read_u8(uint8_t *data, size_t offset)
1325
return data[offset];
1328
uint16_t read_u16(uint8_t *data, size_t offset)
1330
return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1333
int32_t read_s32(uint8_t *data, size_t offset)
1335
return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1336
(data[offset + 2] << 8) | data[offset + 3]);
1339
uint32_t read_u32(uint8_t *data, size_t offset)
1341
return ((data[offset] << 24) | (data[offset + 1] << 16) |
1342
(data[offset + 2] << 8) | data[offset + 3]);
1345
static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1349
static void check_pointer_type_change(Notifier *notifier, void *data)
1351
VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1352
int absolute = kbd_mouse_is_absolute();
1354
if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1355
vnc_lock_output(vs);
1356
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1357
vnc_write_u8(vs, 0);
1358
vnc_write_u16(vs, 1);
1359
vnc_framebuffer_update(vs, absolute, 0,
1360
ds_get_width(vs->ds), ds_get_height(vs->ds),
1361
VNC_ENCODING_POINTER_TYPE_CHANGE);
1362
vnc_unlock_output(vs);
1365
vs->absolute = absolute;
1368
static void pointer_event(VncState *vs, int button_mask, int x, int y)
1373
if (button_mask & 0x01)
1374
buttons |= MOUSE_EVENT_LBUTTON;
1375
if (button_mask & 0x02)
1376
buttons |= MOUSE_EVENT_MBUTTON;
1377
if (button_mask & 0x04)
1378
buttons |= MOUSE_EVENT_RBUTTON;
1379
if (button_mask & 0x08)
1381
if (button_mask & 0x10)
1385
kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1386
x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1387
ds_get_height(vs->ds) > 1 ?
1388
y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1390
} else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1394
kbd_mouse_event(x, y, dz, buttons);
1396
if (vs->last_x != -1)
1397
kbd_mouse_event(x - vs->last_x,
1405
static void reset_keys(VncState *vs)
1408
for(i = 0; i < 256; i++) {
1409
if (vs->modifiers_state[i]) {
1410
if (i & SCANCODE_GREY)
1411
kbd_put_keycode(SCANCODE_EMUL0);
1412
kbd_put_keycode(i | SCANCODE_UP);
1413
vs->modifiers_state[i] = 0;
1418
static void press_key(VncState *vs, int keysym)
1420
int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1421
if (keycode & SCANCODE_GREY)
1422
kbd_put_keycode(SCANCODE_EMUL0);
1423
kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1424
if (keycode & SCANCODE_GREY)
1425
kbd_put_keycode(SCANCODE_EMUL0);
1426
kbd_put_keycode(keycode | SCANCODE_UP);
1429
static void kbd_leds(void *opaque, int ledstate)
1431
VncState *vs = opaque;
1434
caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1435
num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1437
if (vs->modifiers_state[0x3a] != caps) {
1438
vs->modifiers_state[0x3a] = caps;
1440
if (vs->modifiers_state[0x45] != num) {
1441
vs->modifiers_state[0x45] = num;
1445
static void do_key_event(VncState *vs, int down, int keycode, int sym)
1447
/* QEMU console switch */
1449
case 0x2a: /* Left Shift */
1450
case 0x36: /* Right Shift */
1451
case 0x1d: /* Left CTRL */
1452
case 0x9d: /* Right CTRL */
1453
case 0x38: /* Left ALT */
1454
case 0xb8: /* Right ALT */
1456
vs->modifiers_state[keycode] = 1;
1458
vs->modifiers_state[keycode] = 0;
1460
case 0x02 ... 0x0a: /* '1' to '9' keys */
1461
if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1462
/* Reset the modifiers sent to the current console */
1464
console_select(keycode - 0x02);
1468
case 0x3a: /* CapsLock */
1469
case 0x45: /* NumLock */
1471
vs->modifiers_state[keycode] ^= 1;
1475
if (down && vs->vd->lock_key_sync &&
1476
keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1477
/* If the numlock state needs to change then simulate an additional
1478
keypress before sending this one. This will happen if the user
1479
toggles numlock away from the VNC window.
1481
if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1482
if (!vs->modifiers_state[0x45]) {
1483
vs->modifiers_state[0x45] = 1;
1484
press_key(vs, 0xff7f);
1487
if (vs->modifiers_state[0x45]) {
1488
vs->modifiers_state[0x45] = 0;
1489
press_key(vs, 0xff7f);
1494
if (down && vs->vd->lock_key_sync &&
1495
((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1496
/* If the capslock state needs to change then simulate an additional
1497
keypress before sending this one. This will happen if the user
1498
toggles capslock away from the VNC window.
1500
int uppercase = !!(sym >= 'A' && sym <= 'Z');
1501
int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1502
int capslock = !!(vs->modifiers_state[0x3a]);
1504
if (uppercase == shift) {
1505
vs->modifiers_state[0x3a] = 0;
1506
press_key(vs, 0xffe5);
1509
if (uppercase != shift) {
1510
vs->modifiers_state[0x3a] = 1;
1511
press_key(vs, 0xffe5);
1516
if (is_graphic_console()) {
1517
if (keycode & SCANCODE_GREY)
1518
kbd_put_keycode(SCANCODE_EMUL0);
1520
kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1522
kbd_put_keycode(keycode | SCANCODE_UP);
1524
/* QEMU console emulation */
1526
int numlock = vs->modifiers_state[0x45];
1528
case 0x2a: /* Left Shift */
1529
case 0x36: /* Right Shift */
1530
case 0x1d: /* Left CTRL */
1531
case 0x9d: /* Right CTRL */
1532
case 0x38: /* Left ALT */
1533
case 0xb8: /* Right ALT */
1536
kbd_put_keysym(QEMU_KEY_UP);
1539
kbd_put_keysym(QEMU_KEY_DOWN);
1542
kbd_put_keysym(QEMU_KEY_LEFT);
1545
kbd_put_keysym(QEMU_KEY_RIGHT);
1548
kbd_put_keysym(QEMU_KEY_DELETE);
1551
kbd_put_keysym(QEMU_KEY_HOME);
1554
kbd_put_keysym(QEMU_KEY_END);
1557
kbd_put_keysym(QEMU_KEY_PAGEUP);
1560
kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1564
kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1567
kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1570
kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1573
kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1576
kbd_put_keysym('5');
1579
kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1582
kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1585
kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1588
kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1591
kbd_put_keysym('0');
1594
kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1598
kbd_put_keysym('/');
1601
kbd_put_keysym('*');
1604
kbd_put_keysym('-');
1607
kbd_put_keysym('+');
1610
kbd_put_keysym('\n');
1614
kbd_put_keysym(sym);
1621
static void key_event(VncState *vs, int down, uint32_t sym)
1626
if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1627
lsym = lsym - 'A' + 'a';
1630
keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1631
do_key_event(vs, down, keycode, sym);
1634
static void ext_key_event(VncState *vs, int down,
1635
uint32_t sym, uint16_t keycode)
1637
/* if the user specifies a keyboard layout, always use it */
1638
if (keyboard_layout)
1639
key_event(vs, down, sym);
1641
do_key_event(vs, down, keycode, sym);
1644
static void framebuffer_update_request(VncState *vs, int incremental,
1645
int x_position, int y_position,
1649
const size_t width = ds_get_width(vs->ds) / 16;
1651
if (y_position > ds_get_height(vs->ds))
1652
y_position = ds_get_height(vs->ds);
1653
if (y_position + h >= ds_get_height(vs->ds))
1654
h = ds_get_height(vs->ds) - y_position;
1656
vs->need_update = 1;
1658
vs->force_update = 1;
1659
for (i = 0; i < h; i++) {
1660
bitmap_set(vs->dirty[y_position + i], 0, width);
1661
bitmap_clear(vs->dirty[y_position + i], width,
1662
VNC_DIRTY_BITS - width);
1667
static void send_ext_key_event_ack(VncState *vs)
1669
vnc_lock_output(vs);
1670
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1671
vnc_write_u8(vs, 0);
1672
vnc_write_u16(vs, 1);
1673
vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1674
VNC_ENCODING_EXT_KEY_EVENT);
1675
vnc_unlock_output(vs);
1679
static void send_ext_audio_ack(VncState *vs)
1681
vnc_lock_output(vs);
1682
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1683
vnc_write_u8(vs, 0);
1684
vnc_write_u16(vs, 1);
1685
vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1686
VNC_ENCODING_AUDIO);
1687
vnc_unlock_output(vs);
1691
static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1694
unsigned int enc = 0;
1697
vs->vnc_encoding = 0;
1698
vs->tight.compression = 9;
1699
vs->tight.quality = -1; /* Lossless by default */
1703
* Start from the end because the encodings are sent in order of preference.
1704
* This way the prefered encoding (first encoding defined in the array)
1705
* will be set at the end of the loop.
1707
for (i = n_encodings - 1; i >= 0; i--) {
1710
case VNC_ENCODING_RAW:
1711
vs->vnc_encoding = enc;
1713
case VNC_ENCODING_COPYRECT:
1714
vs->features |= VNC_FEATURE_COPYRECT_MASK;
1716
case VNC_ENCODING_HEXTILE:
1717
vs->features |= VNC_FEATURE_HEXTILE_MASK;
1718
vs->vnc_encoding = enc;
1720
case VNC_ENCODING_TIGHT:
1721
vs->features |= VNC_FEATURE_TIGHT_MASK;
1722
vs->vnc_encoding = enc;
1724
case VNC_ENCODING_TIGHT_PNG:
1725
vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1726
vs->vnc_encoding = enc;
1728
case VNC_ENCODING_ZLIB:
1729
vs->features |= VNC_FEATURE_ZLIB_MASK;
1730
vs->vnc_encoding = enc;
1732
case VNC_ENCODING_ZRLE:
1733
vs->features |= VNC_FEATURE_ZRLE_MASK;
1734
vs->vnc_encoding = enc;
1736
case VNC_ENCODING_ZYWRLE:
1737
vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1738
vs->vnc_encoding = enc;
1740
case VNC_ENCODING_DESKTOPRESIZE:
1741
vs->features |= VNC_FEATURE_RESIZE_MASK;
1743
case VNC_ENCODING_POINTER_TYPE_CHANGE:
1744
vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1746
case VNC_ENCODING_RICH_CURSOR:
1747
vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1749
case VNC_ENCODING_EXT_KEY_EVENT:
1750
send_ext_key_event_ack(vs);
1752
case VNC_ENCODING_AUDIO:
1753
send_ext_audio_ack(vs);
1755
case VNC_ENCODING_WMVi:
1756
vs->features |= VNC_FEATURE_WMVI_MASK;
1758
case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1759
vs->tight.compression = (enc & 0x0F);
1761
case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1762
if (vs->vd->lossy) {
1763
vs->tight.quality = (enc & 0x0F);
1767
VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1771
vnc_desktop_resize(vs);
1772
check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1775
static void set_pixel_conversion(VncState *vs)
1777
if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1778
(vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1779
!memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1780
vs->write_pixels = vnc_write_pixels_copy;
1781
vnc_hextile_set_pixel_conversion(vs, 0);
1783
vs->write_pixels = vnc_write_pixels_generic;
1784
vnc_hextile_set_pixel_conversion(vs, 1);
1788
static void set_pixel_format(VncState *vs,
1789
int bits_per_pixel, int depth,
1790
int big_endian_flag, int true_color_flag,
1791
int red_max, int green_max, int blue_max,
1792
int red_shift, int green_shift, int blue_shift)
1794
if (!true_color_flag) {
1795
vnc_client_error(vs);
1799
vs->clientds = *(vs->vd->guest.ds);
1800
vs->clientds.pf.rmax = red_max;
1801
vs->clientds.pf.rbits = hweight_long(red_max);
1802
vs->clientds.pf.rshift = red_shift;
1803
vs->clientds.pf.rmask = red_max << red_shift;
1804
vs->clientds.pf.gmax = green_max;
1805
vs->clientds.pf.gbits = hweight_long(green_max);
1806
vs->clientds.pf.gshift = green_shift;
1807
vs->clientds.pf.gmask = green_max << green_shift;
1808
vs->clientds.pf.bmax = blue_max;
1809
vs->clientds.pf.bbits = hweight_long(blue_max);
1810
vs->clientds.pf.bshift = blue_shift;
1811
vs->clientds.pf.bmask = blue_max << blue_shift;
1812
vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1813
vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1814
vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1815
vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1817
set_pixel_conversion(vs);
1819
vga_hw_invalidate();
1823
static void pixel_format_message (VncState *vs) {
1824
char pad[3] = { 0, 0, 0 };
1826
vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1827
vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1829
#ifdef HOST_WORDS_BIGENDIAN
1830
vnc_write_u8(vs, 1); /* big-endian-flag */
1832
vnc_write_u8(vs, 0); /* big-endian-flag */
1834
vnc_write_u8(vs, 1); /* true-color-flag */
1835
vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1836
vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1837
vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1838
vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1839
vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1840
vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1842
vnc_hextile_set_pixel_conversion(vs, 0);
1844
vs->clientds = *(vs->ds->surface);
1845
vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1846
vs->write_pixels = vnc_write_pixels_copy;
1848
vnc_write(vs, pad, 3); /* padding */
1851
static void vnc_dpy_setdata(DisplayState *ds)
1853
/* We don't have to do anything */
1856
static void vnc_colordepth(VncState *vs)
1858
if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1859
/* Sending a WMVi message to notify the client*/
1860
vnc_lock_output(vs);
1861
vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1862
vnc_write_u8(vs, 0);
1863
vnc_write_u16(vs, 1); /* number of rects */
1864
vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1865
ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1866
pixel_format_message(vs);
1867
vnc_unlock_output(vs);
1870
set_pixel_conversion(vs);
1874
static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1878
VncDisplay *vd = vs->vd;
1881
vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1882
if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
1883
qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
1887
case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1891
set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1892
read_u8(data, 6), read_u8(data, 7),
1893
read_u16(data, 8), read_u16(data, 10),
1894
read_u16(data, 12), read_u8(data, 14),
1895
read_u8(data, 15), read_u8(data, 16));
1897
case VNC_MSG_CLIENT_SET_ENCODINGS:
1902
limit = read_u16(data, 2);
1904
return 4 + (limit * 4);
1906
limit = read_u16(data, 2);
1908
for (i = 0; i < limit; i++) {
1909
int32_t val = read_s32(data, 4 + (i * 4));
1910
memcpy(data + 4 + (i * 4), &val, sizeof(val));
1913
set_encodings(vs, (int32_t *)(data + 4), limit);
1915
case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1919
framebuffer_update_request(vs,
1920
read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1921
read_u16(data, 6), read_u16(data, 8));
1923
case VNC_MSG_CLIENT_KEY_EVENT:
1927
key_event(vs, read_u8(data, 1), read_u32(data, 4));
1929
case VNC_MSG_CLIENT_POINTER_EVENT:
1933
pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1935
case VNC_MSG_CLIENT_CUT_TEXT:
1940
uint32_t dlen = read_u32(data, 4);
1945
client_cut_text(vs, read_u32(data, 4), data + 8);
1947
case VNC_MSG_CLIENT_QEMU:
1951
switch (read_u8(data, 1)) {
1952
case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1956
ext_key_event(vs, read_u16(data, 2),
1957
read_u32(data, 4), read_u32(data, 8));
1959
case VNC_MSG_CLIENT_QEMU_AUDIO:
1963
switch (read_u16 (data, 2)) {
1964
case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1967
case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1970
case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1973
switch (read_u8(data, 4)) {
1974
case 0: vs->as.fmt = AUD_FMT_U8; break;
1975
case 1: vs->as.fmt = AUD_FMT_S8; break;
1976
case 2: vs->as.fmt = AUD_FMT_U16; break;
1977
case 3: vs->as.fmt = AUD_FMT_S16; break;
1978
case 4: vs->as.fmt = AUD_FMT_U32; break;
1979
case 5: vs->as.fmt = AUD_FMT_S32; break;
1981
printf("Invalid audio format %d\n", read_u8(data, 4));
1982
vnc_client_error(vs);
1985
vs->as.nchannels = read_u8(data, 5);
1986
if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1987
printf("Invalid audio channel coount %d\n",
1989
vnc_client_error(vs);
1992
vs->as.freq = read_u32(data, 6);
1995
printf ("Invalid audio message %d\n", read_u8(data, 4));
1996
vnc_client_error(vs);
2002
printf("Msg: %d\n", read_u16(data, 0));
2003
vnc_client_error(vs);
2008
printf("Msg: %d\n", data[0]);
2009
vnc_client_error(vs);
2013
vnc_read_when(vs, protocol_client_msg, 1);
2017
static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2022
vs->client_width = ds_get_width(vs->ds);
2023
vs->client_height = ds_get_height(vs->ds);
2024
vnc_write_u16(vs, vs->client_width);
2025
vnc_write_u16(vs, vs->client_height);
2027
pixel_format_message(vs);
2030
size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2032
size = snprintf(buf, sizeof(buf), "QEMU");
2034
vnc_write_u32(vs, size);
2035
vnc_write(vs, buf, size);
2038
vnc_client_cache_auth(vs);
2039
vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2041
vnc_read_when(vs, protocol_client_msg, 1);
2046
void start_client_init(VncState *vs)
2048
vnc_read_when(vs, protocol_client_init, 1);
2051
static void make_challenge(VncState *vs)
2055
srand(time(NULL)+getpid()+getpid()*987654+rand());
2057
for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2058
vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2061
static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2063
unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2065
unsigned char key[8];
2066
time_t now = time(NULL);
2068
if (!vs->vd->password) {
2069
VNC_DEBUG("No password configured on server");
2072
if (vs->vd->expires < now) {
2073
VNC_DEBUG("Password is expired");
2077
memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2079
/* Calculate the expected challenge response */
2080
pwlen = strlen(vs->vd->password);
2081
for (i=0; i<sizeof(key); i++)
2082
key[i] = i<pwlen ? vs->vd->password[i] : 0;
2084
for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2085
des(response+j, response+j);
2087
/* Compare expected vs actual challenge response */
2088
if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2089
VNC_DEBUG("Client challenge reponse did not match\n");
2092
VNC_DEBUG("Accepting VNC challenge response\n");
2093
vnc_write_u32(vs, 0); /* Accept auth */
2096
start_client_init(vs);
2101
vnc_write_u32(vs, 1); /* Reject auth */
2102
if (vs->minor >= 8) {
2103
static const char err[] = "Authentication failed";
2104
vnc_write_u32(vs, sizeof(err));
2105
vnc_write(vs, err, sizeof(err));
2108
vnc_client_error(vs);
2112
void start_auth_vnc(VncState *vs)
2115
/* Send client a 'random' challenge */
2116
vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2119
vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2123
static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2125
/* We only advertise 1 auth scheme at a time, so client
2126
* must pick the one we sent. Verify this */
2127
if (data[0] != vs->auth) { /* Reject auth */
2128
VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2129
vnc_write_u32(vs, 1);
2130
if (vs->minor >= 8) {
2131
static const char err[] = "Authentication failed";
2132
vnc_write_u32(vs, sizeof(err));
2133
vnc_write(vs, err, sizeof(err));
2135
vnc_client_error(vs);
2136
} else { /* Accept requested auth */
2137
VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2140
VNC_DEBUG("Accept auth none\n");
2141
if (vs->minor >= 8) {
2142
vnc_write_u32(vs, 0); /* Accept auth completion */
2145
start_client_init(vs);
2149
VNC_DEBUG("Start VNC auth\n");
2153
#ifdef CONFIG_VNC_TLS
2154
case VNC_AUTH_VENCRYPT:
2155
VNC_DEBUG("Accept VeNCrypt auth\n");;
2156
start_auth_vencrypt(vs);
2158
#endif /* CONFIG_VNC_TLS */
2160
#ifdef CONFIG_VNC_SASL
2162
VNC_DEBUG("Accept SASL auth\n");
2163
start_auth_sasl(vs);
2165
#endif /* CONFIG_VNC_SASL */
2167
default: /* Should not be possible, but just in case */
2168
VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2169
vnc_write_u8(vs, 1);
2170
if (vs->minor >= 8) {
2171
static const char err[] = "Authentication failed";
2172
vnc_write_u32(vs, sizeof(err));
2173
vnc_write(vs, err, sizeof(err));
2175
vnc_client_error(vs);
2181
static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2185
memcpy(local, version, 12);
2188
if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2189
VNC_DEBUG("Malformed protocol version %s\n", local);
2190
vnc_client_error(vs);
2193
VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2194
if (vs->major != 3 ||
2200
VNC_DEBUG("Unsupported client version\n");
2201
vnc_write_u32(vs, VNC_AUTH_INVALID);
2203
vnc_client_error(vs);
2206
/* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2207
* as equivalent to v3.3 by servers
2209
if (vs->minor == 4 || vs->minor == 5)
2212
if (vs->minor == 3) {
2213
if (vs->auth == VNC_AUTH_NONE) {
2214
VNC_DEBUG("Tell client auth none\n");
2215
vnc_write_u32(vs, vs->auth);
2217
start_client_init(vs);
2218
} else if (vs->auth == VNC_AUTH_VNC) {
2219
VNC_DEBUG("Tell client VNC auth\n");
2220
vnc_write_u32(vs, vs->auth);
2224
VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2225
vnc_write_u32(vs, VNC_AUTH_INVALID);
2227
vnc_client_error(vs);
2230
VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2231
vnc_write_u8(vs, 1); /* num auth */
2232
vnc_write_u8(vs, vs->auth);
2233
vnc_read_when(vs, protocol_client_auth, 1);
2240
static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2242
struct VncSurface *vs = &vd->guest;
2244
return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2247
void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2251
w = (x + w) / VNC_STAT_RECT;
2252
h = (y + h) / VNC_STAT_RECT;
2256
for (j = y; j <= h; j++) {
2257
for (i = x; i <= w; i++) {
2258
vs->lossy_rect[j][i] = 1;
2263
static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2266
int sty = y / VNC_STAT_RECT;
2267
int stx = x / VNC_STAT_RECT;
2270
y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2271
x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2273
QTAILQ_FOREACH(vs, &vd->clients, next) {
2276
/* kernel send buffers are full -> refresh later */
2277
if (vs->output.offset) {
2281
if (!vs->lossy_rect[sty][stx]) {
2285
vs->lossy_rect[sty][stx] = 0;
2286
for (j = 0; j < VNC_STAT_RECT; ++j) {
2287
bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2295
static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2301
for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2302
for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2303
VncRectStat *rect = vnc_stat_rect(vd, x, y);
2305
rect->updated = false;
2309
qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2311
if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2314
vd->guest.last_freq_check = *tv;
2316
for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2317
for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2318
VncRectStat *rect= vnc_stat_rect(vd, x, y);
2319
int count = ARRAY_SIZE(rect->times);
2320
struct timeval min, max;
2322
if (!timerisset(&rect->times[count - 1])) {
2326
max = rect->times[(rect->idx + count - 1) % count];
2327
qemu_timersub(tv, &max, &res);
2329
if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2331
has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2332
memset(rect->times, 0, sizeof (rect->times));
2336
min = rect->times[rect->idx];
2337
max = rect->times[(rect->idx + count - 1) % count];
2338
qemu_timersub(&max, &min, &res);
2340
rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2341
rect->freq /= count;
2342
rect->freq = 1. / rect->freq;
2348
double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2354
x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2355
y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2357
for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2358
for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2359
total += vnc_stat_rect(vs->vd, i, j)->freq;
2371
static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2375
rect = vnc_stat_rect(vd, x, y);
2376
if (rect->updated) {
2379
rect->times[rect->idx] = *tv;
2380
rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2381
rect->updated = true;
2384
static int vnc_refresh_server_surface(VncDisplay *vd)
2388
uint8_t *server_row;
2393
struct timeval tv = { 0, 0 };
2395
if (!vd->non_adaptive) {
2396
gettimeofday(&tv, NULL);
2397
has_dirty = vnc_update_stats(vd, &tv);
2401
* Walk through the guest dirty map.
2402
* Check and copy modified bits from guest to server surface.
2403
* Update server dirty map.
2405
cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2406
guest_row = vd->guest.ds->data;
2407
server_row = vd->server->data;
2408
for (y = 0; y < vd->guest.ds->height; y++) {
2409
if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2412
uint8_t *server_ptr;
2414
guest_ptr = guest_row;
2415
server_ptr = server_row;
2417
for (x = 0; x < vd->guest.ds->width;
2418
x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2419
if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2421
if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2423
memcpy(server_ptr, guest_ptr, cmp_bytes);
2424
if (!vd->non_adaptive)
2425
vnc_rect_updated(vd, x, y, &tv);
2426
QTAILQ_FOREACH(vs, &vd->clients, next) {
2427
set_bit((x / 16), vs->dirty[y]);
2432
guest_row += ds_get_linesize(vd->ds);
2433
server_row += ds_get_linesize(vd->ds);
2438
static void vnc_refresh(void *opaque)
2440
VncDisplay *vd = opaque;
2442
int has_dirty, rects = 0;
2446
if (vnc_trylock_display(vd)) {
2447
vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2448
qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2449
vd->timer_interval);
2453
has_dirty = vnc_refresh_server_surface(vd);
2454
vnc_unlock_display(vd);
2456
QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2457
rects += vnc_update_client(vs, has_dirty);
2458
/* vs might be free()ed here */
2461
/* vd->timer could be NULL now if the last client disconnected,
2462
* in this case don't update the timer */
2463
if (vd->timer == NULL)
2466
if (has_dirty && rects) {
2467
vd->timer_interval /= 2;
2468
if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2469
vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2471
vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2472
if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2473
vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2475
qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2478
static void vnc_init_timer(VncDisplay *vd)
2480
vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2481
if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2482
vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2483
vnc_dpy_resize(vd->ds);
2488
static void vnc_remove_timer(VncDisplay *vd)
2490
if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2491
qemu_del_timer(vd->timer);
2492
qemu_free_timer(vd->timer);
2497
static void vnc_connect(VncDisplay *vd, int csock, int skipauth)
2499
VncState *vs = qemu_mallocz(sizeof(VncState));
2505
vs->auth = VNC_AUTH_NONE;
2506
#ifdef CONFIG_VNC_TLS
2507
vs->subauth = VNC_AUTH_INVALID;
2510
vs->auth = vd->auth;
2511
#ifdef CONFIG_VNC_TLS
2512
vs->subauth = vd->subauth;
2516
vs->lossy_rect = qemu_mallocz(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2517
for (i = 0; i < VNC_STAT_ROWS; ++i) {
2518
vs->lossy_rect[i] = qemu_mallocz(VNC_STAT_COLS * sizeof (uint8_t));
2521
VNC_DEBUG("New client on socket %d\n", csock);
2523
socket_set_nonblock(vs->csock);
2524
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2526
vnc_client_cache_addr(vs);
2527
vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2534
vs->as.freq = 44100;
2535
vs->as.nchannels = 2;
2536
vs->as.fmt = AUD_FMT_S16;
2537
vs->as.endianness = 0;
2539
#ifdef CONFIG_VNC_THREAD
2540
qemu_mutex_init(&vs->output_mutex);
2543
QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2547
vnc_write(vs, "RFB 003.008\n", 12);
2549
vnc_read_when(vs, protocol_version, 12);
2551
if (vs->vd->lock_key_sync)
2552
vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2554
vs->mouse_mode_notifier.notify = check_pointer_type_change;
2555
qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2559
/* vs might be free()ed here */
2562
static void vnc_listen_read(void *opaque)
2564
VncDisplay *vs = opaque;
2565
struct sockaddr_in addr;
2566
socklen_t addrlen = sizeof(addr);
2571
int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2573
vnc_connect(vs, csock, 0);
2577
void vnc_display_init(DisplayState *ds)
2579
VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2581
dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2590
QTAILQ_INIT(&vs->clients);
2591
vs->expires = TIME_MAX;
2593
if (keyboard_layout)
2594
vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2596
vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2598
if (!vs->kbd_layout)
2601
#ifdef CONFIG_VNC_THREAD
2602
qemu_mutex_init(&vs->mutex);
2603
vnc_start_worker_thread();
2606
dcl->dpy_copy = vnc_dpy_copy;
2607
dcl->dpy_update = vnc_dpy_update;
2608
dcl->dpy_resize = vnc_dpy_resize;
2609
dcl->dpy_setdata = vnc_dpy_setdata;
2610
register_displaychangelistener(ds, dcl);
2611
ds->mouse_set = vnc_mouse_set;
2612
ds->cursor_define = vnc_dpy_cursor_define;
2616
void vnc_display_close(DisplayState *ds)
2618
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2623
qemu_free(vs->display);
2626
if (vs->lsock != -1) {
2627
qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2631
vs->auth = VNC_AUTH_INVALID;
2632
#ifdef CONFIG_VNC_TLS
2633
vs->subauth = VNC_AUTH_INVALID;
2634
vs->tls.x509verify = 0;
2638
int vnc_display_disable_login(DisplayState *ds)
2640
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2647
qemu_free(vs->password);
2650
vs->password = NULL;
2651
vs->auth = VNC_AUTH_VNC;
2656
int vnc_display_password(DisplayState *ds, const char *password)
2659
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2667
/* This is not the intention of this interface but err on the side
2669
ret = vnc_display_disable_login(ds);
2674
qemu_free(vs->password);
2675
vs->password = NULL;
2677
vs->password = qemu_strdup(password);
2678
vs->auth = VNC_AUTH_VNC;
2681
qerror_report(QERR_SET_PASSWD_FAILED);
2686
int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2688
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2690
vs->expires = expires;
2694
char *vnc_display_local_addr(DisplayState *ds)
2696
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2698
return vnc_socket_local_addr("%s:%s", vs->lsock);
2701
int vnc_display_open(DisplayState *ds, const char *display)
2703
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2704
const char *options;
2707
#ifdef CONFIG_VNC_TLS
2708
int tls = 0, x509 = 0;
2710
#ifdef CONFIG_VNC_SASL
2714
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2717
int lock_key_sync = 1;
2721
vnc_display_close(ds);
2722
if (strcmp(display, "none") == 0)
2725
if (!(vs->display = strdup(display)))
2729
while ((options = strchr(options, ','))) {
2731
if (strncmp(options, "password", 8) == 0) {
2732
password = 1; /* Require password auth */
2733
} else if (strncmp(options, "reverse", 7) == 0) {
2735
} else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2737
#ifdef CONFIG_VNC_SASL
2738
} else if (strncmp(options, "sasl", 4) == 0) {
2739
sasl = 1; /* Require SASL auth */
2741
#ifdef CONFIG_VNC_TLS
2742
} else if (strncmp(options, "tls", 3) == 0) {
2743
tls = 1; /* Require TLS */
2744
} else if (strncmp(options, "x509", 4) == 0) {
2746
x509 = 1; /* Require x509 certificates */
2747
if (strncmp(options, "x509verify", 10) == 0)
2748
vs->tls.x509verify = 1; /* ...and verify client certs */
2750
/* Now check for 'x509=/some/path' postfix
2751
* and use that to setup x509 certificate/key paths */
2752
start = strchr(options, '=');
2753
end = strchr(options, ',');
2754
if (start && (!end || (start < end))) {
2755
int len = end ? end-(start+1) : strlen(start+1);
2756
char *path = qemu_strndup(start + 1, len);
2758
VNC_DEBUG("Trying certificate path '%s'\n", path);
2759
if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2760
fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2762
qemu_free(vs->display);
2768
fprintf(stderr, "No certificate path provided\n");
2769
qemu_free(vs->display);
2774
#if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2775
} else if (strncmp(options, "acl", 3) == 0) {
2778
} else if (strncmp(options, "lossy", 5) == 0) {
2780
} else if (strncmp(options, "non-adapative", 13) == 0) {
2781
vs->non_adaptive = true;
2785
#ifdef CONFIG_VNC_TLS
2786
if (acl && x509 && vs->tls.x509verify) {
2787
if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2788
fprintf(stderr, "Failed to create x509 dname ACL\n");
2793
#ifdef CONFIG_VNC_SASL
2795
if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2796
fprintf(stderr, "Failed to create username ACL\n");
2803
* Combinations we support here:
2805
* - no-auth (clear text, no auth)
2806
* - password (clear text, weak auth)
2807
* - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2808
* - tls (encrypt, weak anonymous creds, no auth)
2809
* - tls + password (encrypt, weak anonymous creds, weak auth)
2810
* - tls + sasl (encrypt, weak anonymous creds, good auth)
2811
* - tls + x509 (encrypt, good x509 creds, no auth)
2812
* - tls + x509 + password (encrypt, good x509 creds, weak auth)
2813
* - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2815
* NB1. TLS is a stackable auth scheme.
2816
* NB2. the x509 schemes have option to validate a client cert dname
2819
#ifdef CONFIG_VNC_TLS
2821
vs->auth = VNC_AUTH_VENCRYPT;
2823
VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2824
vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2826
VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2827
vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2830
#endif /* CONFIG_VNC_TLS */
2831
VNC_DEBUG("Initializing VNC server with password auth\n");
2832
vs->auth = VNC_AUTH_VNC;
2833
#ifdef CONFIG_VNC_TLS
2834
vs->subauth = VNC_AUTH_INVALID;
2836
#endif /* CONFIG_VNC_TLS */
2837
#ifdef CONFIG_VNC_SASL
2839
#ifdef CONFIG_VNC_TLS
2841
vs->auth = VNC_AUTH_VENCRYPT;
2843
VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2844
vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2846
VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2847
vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2850
#endif /* CONFIG_VNC_TLS */
2851
VNC_DEBUG("Initializing VNC server with SASL auth\n");
2852
vs->auth = VNC_AUTH_SASL;
2853
#ifdef CONFIG_VNC_TLS
2854
vs->subauth = VNC_AUTH_INVALID;
2856
#endif /* CONFIG_VNC_TLS */
2857
#endif /* CONFIG_VNC_SASL */
2859
#ifdef CONFIG_VNC_TLS
2861
vs->auth = VNC_AUTH_VENCRYPT;
2863
VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2864
vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2866
VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2867
vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2871
VNC_DEBUG("Initializing VNC server with no auth\n");
2872
vs->auth = VNC_AUTH_NONE;
2873
#ifdef CONFIG_VNC_TLS
2874
vs->subauth = VNC_AUTH_INVALID;
2879
#ifdef CONFIG_VNC_SASL
2880
if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2881
fprintf(stderr, "Failed to initialize SASL auth %s",
2882
sasl_errstring(saslErr, NULL, NULL));
2888
vs->lock_key_sync = lock_key_sync;
2891
/* connect to viewer */
2892
if (strncmp(display, "unix:", 5) == 0)
2893
vs->lsock = unix_connect(display+5);
2895
vs->lsock = inet_connect(display, SOCK_STREAM);
2896
if (-1 == vs->lsock) {
2901
int csock = vs->lsock;
2903
vnc_connect(vs, csock, 0);
2908
/* listen for connects */
2910
dpy = qemu_malloc(256);
2911
if (strncmp(display, "unix:", 5) == 0) {
2912
pstrcpy(dpy, 256, "unix:");
2913
vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2915
vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2917
if (-1 == vs->lsock) {
2925
return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
2928
void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
2930
VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2932
return vnc_connect(vs, csock, skipauth);