2 * QEMU VNC display driver
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-events.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-commands-ui.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63 static void vnc_update_throttle_offset(VncState *vs);
65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
68 static const char *mn[] = {
70 [VNC_SHARE_MODE_CONNECTING] = "connecting",
71 [VNC_SHARE_MODE_SHARED] = "shared",
72 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
73 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
75 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
76 vs->ioc, mn[vs->share_mode], mn[mode]);
79 switch (vs->share_mode) {
80 case VNC_SHARE_MODE_CONNECTING:
81 vs->vd->num_connecting--;
83 case VNC_SHARE_MODE_SHARED:
86 case VNC_SHARE_MODE_EXCLUSIVE:
87 vs->vd->num_exclusive--;
93 vs->share_mode = mode;
95 switch (vs->share_mode) {
96 case VNC_SHARE_MODE_CONNECTING:
97 vs->vd->num_connecting++;
99 case VNC_SHARE_MODE_SHARED:
100 vs->vd->num_shared++;
102 case VNC_SHARE_MODE_EXCLUSIVE:
103 vs->vd->num_exclusive++;
111 static void vnc_init_basic_info(SocketAddress *addr,
115 switch (addr->type) {
116 case SOCKET_ADDRESS_TYPE_INET:
117 info->host = g_strdup(addr->u.inet.host);
118 info->service = g_strdup(addr->u.inet.port);
119 if (addr->u.inet.ipv6) {
120 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
122 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
126 case SOCKET_ADDRESS_TYPE_UNIX:
127 info->host = g_strdup("");
128 info->service = g_strdup(addr->u.q_unix.path);
129 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
132 case SOCKET_ADDRESS_TYPE_VSOCK:
133 case SOCKET_ADDRESS_TYPE_FD:
134 error_setg(errp, "Unsupported socket address type %s",
135 SocketAddressType_str(addr->type));
144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
148 SocketAddress *addr = NULL;
151 error_setg(errp, "No listener socket available");
155 addr = qio_channel_socket_get_local_address(ioc, errp);
160 vnc_init_basic_info(addr, info, errp);
161 qapi_free_SocketAddress(addr);
164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
168 SocketAddress *addr = NULL;
170 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 vnc_init_basic_info(addr, info, errp);
176 qapi_free_SocketAddress(addr);
179 static const char *vnc_auth_name(VncDisplay *vd) {
181 case VNC_AUTH_INVALID:
197 case VNC_AUTH_VENCRYPT:
198 switch (vd->subauth) {
199 case VNC_AUTH_VENCRYPT_PLAIN:
200 return "vencrypt+plain";
201 case VNC_AUTH_VENCRYPT_TLSNONE:
202 return "vencrypt+tls+none";
203 case VNC_AUTH_VENCRYPT_TLSVNC:
204 return "vencrypt+tls+vnc";
205 case VNC_AUTH_VENCRYPT_TLSPLAIN:
206 return "vencrypt+tls+plain";
207 case VNC_AUTH_VENCRYPT_X509NONE:
208 return "vencrypt+x509+none";
209 case VNC_AUTH_VENCRYPT_X509VNC:
210 return "vencrypt+x509+vnc";
211 case VNC_AUTH_VENCRYPT_X509PLAIN:
212 return "vencrypt+x509+plain";
213 case VNC_AUTH_VENCRYPT_TLSSASL:
214 return "vencrypt+tls+sasl";
215 case VNC_AUTH_VENCRYPT_X509SASL:
216 return "vencrypt+x509+sasl";
226 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
231 if (!vd->listener || !vd->listener->nsioc) {
235 info = g_malloc0(sizeof(*info));
236 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
237 qapi_VncServerInfo_base(info), &err);
238 info->has_auth = true;
239 info->auth = g_strdup(vnc_auth_name(vd));
241 qapi_free_VncServerInfo(info);
248 static void vnc_client_cache_auth(VncState *client)
255 client->info->x509_dname =
256 qcrypto_tls_session_get_peer_name(client->tls);
257 client->info->has_x509_dname =
258 client->info->x509_dname != NULL;
260 #ifdef CONFIG_VNC_SASL
261 if (client->sasl.conn &&
262 client->sasl.username) {
263 client->info->has_sasl_username = true;
264 client->info->sasl_username = g_strdup(client->sasl.username);
269 static void vnc_client_cache_addr(VncState *client)
273 client->info = g_malloc0(sizeof(*client->info));
274 vnc_init_basic_info_from_remote_addr(client->sioc,
275 qapi_VncClientInfo_base(client->info),
278 qapi_free_VncClientInfo(client->info);
284 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
292 si = vnc_server_info_get(vs->vd);
298 case QAPI_EVENT_VNC_CONNECTED:
299 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
302 case QAPI_EVENT_VNC_INITIALIZED:
303 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
305 case QAPI_EVENT_VNC_DISCONNECTED:
306 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
312 qapi_free_VncServerInfo(si);
315 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320 info = g_malloc0(sizeof(*info));
322 vnc_init_basic_info_from_remote_addr(client->sioc,
323 qapi_VncClientInfo_base(info),
327 qapi_free_VncClientInfo(info);
331 info->websocket = client->websocket;
334 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
335 info->has_x509_dname = info->x509_dname != NULL;
337 #ifdef CONFIG_VNC_SASL
338 if (client->sasl.conn && client->sasl.username) {
339 info->has_sasl_username = true;
340 info->sasl_username = g_strdup(client->sasl.username);
347 static VncDisplay *vnc_display_find(const char *id)
352 return QTAILQ_FIRST(&vnc_displays);
354 QTAILQ_FOREACH(vd, &vnc_displays, next) {
355 if (strcmp(id, vd->id) == 0) {
362 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
364 VncClientInfoList *cinfo, *prev = NULL;
367 QTAILQ_FOREACH(client, &vd->clients, next) {
368 cinfo = g_new0(VncClientInfoList, 1);
369 cinfo->value = qmp_query_vnc_client(client);
376 VncInfo *qmp_query_vnc(Error **errp)
378 VncInfo *info = g_malloc0(sizeof(*info));
379 VncDisplay *vd = vnc_display_find(NULL);
380 SocketAddress *addr = NULL;
382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
383 info->enabled = false;
385 info->enabled = true;
387 /* for compatibility with the original command */
388 info->has_clients = true;
389 info->clients = qmp_query_client_list(vd);
391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
397 switch (addr->type) {
398 case SOCKET_ADDRESS_TYPE_INET:
399 info->host = g_strdup(addr->u.inet.host);
400 info->service = g_strdup(addr->u.inet.port);
401 if (addr->u.inet.ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
408 case SOCKET_ADDRESS_TYPE_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 case SOCKET_ADDRESS_TYPE_VSOCK:
415 case SOCKET_ADDRESS_TYPE_FD:
416 error_setg(errp, "Unsupported socket address type %s",
417 SocketAddressType_str(addr->type));
423 info->has_host = true;
424 info->has_service = true;
425 info->has_family = true;
427 info->has_auth = true;
428 info->auth = g_strdup(vnc_auth_name(vd));
431 qapi_free_SocketAddress(addr);
435 qapi_free_SocketAddress(addr);
436 qapi_free_VncInfo(info);
441 static void qmp_query_auth(int auth, int subauth,
442 VncPrimaryAuth *qmp_auth,
443 VncVencryptSubAuth *qmp_vencrypt,
444 bool *qmp_has_vencrypt);
446 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
450 VncServerInfo2List *prev)
452 VncServerInfo2List *list;
453 VncServerInfo2 *info;
457 addr = qio_channel_socket_get_local_address(ioc, &err);
463 info = g_new0(VncServerInfo2, 1);
464 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
465 qapi_free_SocketAddress(addr);
467 qapi_free_VncServerInfo2(info);
471 info->websocket = websocket;
473 qmp_query_auth(auth, subauth, &info->auth,
474 &info->vencrypt, &info->has_vencrypt);
476 list = g_new0(VncServerInfo2List, 1);
482 static void qmp_query_auth(int auth, int subauth,
483 VncPrimaryAuth *qmp_auth,
484 VncVencryptSubAuth *qmp_vencrypt,
485 bool *qmp_has_vencrypt)
489 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
506 case VNC_AUTH_VENCRYPT:
507 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
508 *qmp_has_vencrypt = true;
510 case VNC_AUTH_VENCRYPT_PLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
513 case VNC_AUTH_VENCRYPT_TLSNONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
516 case VNC_AUTH_VENCRYPT_TLSVNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
522 case VNC_AUTH_VENCRYPT_X509NONE:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
525 case VNC_AUTH_VENCRYPT_X509VNC:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
528 case VNC_AUTH_VENCRYPT_X509PLAIN:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
531 case VNC_AUTH_VENCRYPT_TLSSASL:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
534 case VNC_AUTH_VENCRYPT_X509SASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 *qmp_has_vencrypt = false;
543 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
547 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
552 VncInfo2List *qmp_query_vnc_servers(Error **errp)
554 VncInfo2List *item, *prev = NULL;
560 QTAILQ_FOREACH(vd, &vnc_displays, next) {
561 info = g_new0(VncInfo2, 1);
562 info->id = g_strdup(vd->id);
563 info->clients = qmp_query_client_list(vd);
564 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
565 &info->vencrypt, &info->has_vencrypt);
567 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
569 info->has_display = true;
570 info->display = g_strdup(dev->id);
572 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
573 info->server = qmp_query_server_entry(
574 vd->listener->sioc[i], false, vd->auth, vd->subauth,
577 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
578 info->server = qmp_query_server_entry(
579 vd->wslistener->sioc[i], true, vd->ws_auth,
580 vd->ws_subauth, info->server);
583 item = g_new0(VncInfo2List, 1);
592 1) Get the queue working for IO.
593 2) there is some weirdness when using the -S option (the screen is grey
594 and not totally invalidated
595 3) resolutions > 1024
598 static int vnc_update_client(VncState *vs, int has_dirty);
599 static void vnc_disconnect_start(VncState *vs);
601 static void vnc_colordepth(VncState *vs);
602 static void framebuffer_update_request(VncState *vs, int incremental,
603 int x_position, int y_position,
605 static void vnc_refresh(DisplayChangeListener *dcl);
606 static int vnc_refresh_server_surface(VncDisplay *vd);
608 static int vnc_width(VncDisplay *vd)
610 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
611 VNC_DIRTY_PIXELS_PER_BIT));
614 static int vnc_height(VncDisplay *vd)
616 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
619 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
620 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 int x, int y, int w, int h)
624 int width = vnc_width(vd);
625 int height = vnc_height(vd);
627 /* this is needed this to ensure we updated all affected
628 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
629 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
630 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
634 w = MIN(x + w, width) - x;
635 h = MIN(y + h, height);
638 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
639 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
643 static void vnc_dpy_update(DisplayChangeListener *dcl,
644 int x, int y, int w, int h)
646 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
647 struct VncSurface *s = &vd->guest;
649 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
652 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
655 vnc_write_u16(vs, x);
656 vnc_write_u16(vs, y);
657 vnc_write_u16(vs, w);
658 vnc_write_u16(vs, h);
660 vnc_write_s32(vs, encoding);
664 static void vnc_desktop_resize(VncState *vs)
666 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
669 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
670 vs->client_height == pixman_image_get_height(vs->vd->server)) {
674 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
675 pixman_image_get_width(vs->vd->server) >= 0);
676 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
677 pixman_image_get_height(vs->vd->server) >= 0);
678 vs->client_width = pixman_image_get_width(vs->vd->server);
679 vs->client_height = pixman_image_get_height(vs->vd->server);
681 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
683 vnc_write_u16(vs, 1); /* number of rects */
684 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
685 VNC_ENCODING_DESKTOPRESIZE);
686 vnc_unlock_output(vs);
690 static void vnc_abort_display_jobs(VncDisplay *vd)
694 QTAILQ_FOREACH(vs, &vd->clients, next) {
697 vnc_unlock_output(vs);
699 QTAILQ_FOREACH(vs, &vd->clients, next) {
702 QTAILQ_FOREACH(vs, &vd->clients, next) {
705 vnc_unlock_output(vs);
709 int vnc_server_fb_stride(VncDisplay *vd)
711 return pixman_image_get_stride(vd->server);
714 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
718 ptr = (uint8_t *)pixman_image_get_data(vd->server);
719 ptr += y * vnc_server_fb_stride(vd);
720 ptr += x * VNC_SERVER_FB_BYTES;
724 static void vnc_update_server_surface(VncDisplay *vd)
728 qemu_pixman_image_unref(vd->server);
731 if (QTAILQ_EMPTY(&vd->clients)) {
735 width = vnc_width(vd);
736 height = vnc_height(vd);
737 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
741 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
742 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
746 static void vnc_dpy_switch(DisplayChangeListener *dcl,
747 DisplaySurface *surface)
749 static const char placeholder_msg[] =
750 "Display output is not active.";
751 static DisplaySurface *placeholder;
752 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
755 if (surface == NULL) {
756 if (placeholder == NULL) {
757 placeholder = qemu_create_message_surface(640, 480, placeholder_msg);
759 surface = placeholder;
762 vnc_abort_display_jobs(vd);
766 vnc_update_server_surface(vd);
769 qemu_pixman_image_unref(vd->guest.fb);
770 vd->guest.fb = pixman_image_ref(surface->image);
771 vd->guest.format = surface->format;
773 QTAILQ_FOREACH(vs, &vd->clients, next) {
775 vnc_desktop_resize(vs);
776 if (vs->vd->cursor) {
777 vnc_cursor_define(vs);
779 memset(vs->dirty, 0x00, sizeof(vs->dirty));
780 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
783 vnc_update_throttle_offset(vs);
788 static void vnc_write_pixels_copy(VncState *vs,
789 void *pixels, int size)
791 vnc_write(vs, pixels, size);
794 /* slowest but generic code. */
795 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
799 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
800 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
801 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
802 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
804 # error need some bits here if you change VNC_SERVER_FB_FORMAT
806 v = (r << vs->client_pf.rshift) |
807 (g << vs->client_pf.gshift) |
808 (b << vs->client_pf.bshift);
809 switch (vs->client_pf.bytes_per_pixel) {
839 static void vnc_write_pixels_generic(VncState *vs,
840 void *pixels1, int size)
844 if (VNC_SERVER_FB_BYTES == 4) {
845 uint32_t *pixels = pixels1;
848 for (i = 0; i < n; i++) {
849 vnc_convert_pixel(vs, buf, pixels[i]);
850 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
855 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
859 VncDisplay *vd = vs->vd;
861 row = vnc_server_fb_ptr(vd, x, y);
862 for (i = 0; i < h; i++) {
863 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
864 row += vnc_server_fb_stride(vd);
869 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
872 bool encode_raw = false;
873 size_t saved_offs = vs->output.offset;
875 switch(vs->vnc_encoding) {
876 case VNC_ENCODING_ZLIB:
877 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
879 case VNC_ENCODING_HEXTILE:
880 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
881 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
883 case VNC_ENCODING_TIGHT:
884 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
886 case VNC_ENCODING_TIGHT_PNG:
887 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
889 case VNC_ENCODING_ZRLE:
890 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
892 case VNC_ENCODING_ZYWRLE:
893 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
900 /* If the client has the same pixel format as our internal buffer and
901 * a RAW encoding would need less space fall back to RAW encoding to
902 * save bandwidth and processing power in the client. */
903 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
904 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
905 vs->output.offset = saved_offs;
910 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
911 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
917 static void vnc_mouse_set(DisplayChangeListener *dcl,
918 int x, int y, int visible)
920 /* can we ask the client(s) to move the pointer ??? */
923 static int vnc_cursor_define(VncState *vs)
925 QEMUCursor *c = vs->vd->cursor;
928 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
930 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
931 vnc_write_u8(vs, 0); /* padding */
932 vnc_write_u16(vs, 1); /* # of rects */
933 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
934 VNC_ENCODING_RICH_CURSOR);
935 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
936 vnc_write_pixels_generic(vs, c->data, isize);
937 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
938 vnc_unlock_output(vs);
944 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
947 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
950 cursor_put(vd->cursor);
951 g_free(vd->cursor_mask);
954 cursor_get(vd->cursor);
955 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
956 vd->cursor_mask = g_malloc0(vd->cursor_msize);
957 cursor_get_mono_mask(c, 0, vd->cursor_mask);
959 QTAILQ_FOREACH(vs, &vd->clients, next) {
960 vnc_cursor_define(vs);
964 static int find_and_clear_dirty_height(VncState *vs,
965 int y, int last_x, int x, int height)
969 for (h = 1; h < (height - y); h++) {
970 if (!test_bit(last_x, vs->dirty[y + h])) {
973 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
980 * Figure out how much pending data we should allow in the output
981 * buffer before we throttle incremental display updates, and/or
982 * drop audio samples.
984 * We allow for equiv of 1 full display's worth of FB updates,
985 * and 1 second of audio samples. If audio backlog was larger
986 * than that the client would already suffering awful audio
987 * glitches, so dropping samples is no worse really).
989 static void vnc_update_throttle_offset(VncState *vs)
992 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
996 switch (vs->as.fmt) {
1011 offset += vs->as.freq * bps * vs->as.nchannels;
1014 /* Put a floor of 1MB on offset, so that if we have a large pending
1015 * buffer and the display is resized to a small size & back again
1016 * we don't suddenly apply a tiny send limit
1018 offset = MAX(offset, 1024 * 1024);
1020 if (vs->throttle_output_offset != offset) {
1021 trace_vnc_client_throttle_threshold(
1022 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1023 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1026 vs->throttle_output_offset = offset;
1029 static bool vnc_should_update(VncState *vs)
1031 switch (vs->update) {
1032 case VNC_STATE_UPDATE_NONE:
1034 case VNC_STATE_UPDATE_INCREMENTAL:
1035 /* Only allow incremental updates if the pending send queue
1036 * is less than the permitted threshold, and the job worker
1037 * is completely idle.
1039 if (vs->output.offset < vs->throttle_output_offset &&
1040 vs->job_update == VNC_STATE_UPDATE_NONE) {
1043 trace_vnc_client_throttle_incremental(
1044 vs, vs->ioc, vs->job_update, vs->output.offset);
1046 case VNC_STATE_UPDATE_FORCE:
1047 /* Only allow forced updates if the pending send queue
1048 * does not contain a previous forced update, and the
1049 * job worker is completely idle.
1051 * Note this means we'll queue a forced update, even if
1052 * the output buffer size is otherwise over the throttle
1055 if (vs->force_update_offset == 0 &&
1056 vs->job_update == VNC_STATE_UPDATE_NONE) {
1059 trace_vnc_client_throttle_forced(
1060 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1066 static int vnc_update_client(VncState *vs, int has_dirty)
1068 VncDisplay *vd = vs->vd;
1074 if (vs->disconnecting) {
1075 vnc_disconnect_finish(vs);
1079 vs->has_dirty += has_dirty;
1080 if (!vnc_should_update(vs)) {
1084 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1089 * Send screen updates to the vnc client using the server
1090 * surface and server dirty map. guest surface updates
1091 * happening in parallel don't disturb us, the next pass will
1092 * send them to the client.
1094 job = vnc_job_new(vs);
1096 height = pixman_image_get_height(vd->server);
1097 width = pixman_image_get_width(vd->server);
1103 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1104 height * VNC_DIRTY_BPL(vs),
1105 y * VNC_DIRTY_BPL(vs));
1106 if (offset == height * VNC_DIRTY_BPL(vs)) {
1107 /* no more dirty bits */
1110 y = offset / VNC_DIRTY_BPL(vs);
1111 x = offset % VNC_DIRTY_BPL(vs);
1112 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1113 VNC_DIRTY_BPL(vs), x);
1114 bitmap_clear(vs->dirty[y], x, x2 - x);
1115 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1116 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1118 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1119 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1121 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1129 vs->job_update = vs->update;
1130 vs->update = VNC_STATE_UPDATE_NONE;
1137 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1139 VncState *vs = opaque;
1142 case AUD_CNOTIFY_DISABLE:
1143 vnc_lock_output(vs);
1144 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1145 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1146 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1147 vnc_unlock_output(vs);
1151 case AUD_CNOTIFY_ENABLE:
1152 vnc_lock_output(vs);
1153 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1154 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1155 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1156 vnc_unlock_output(vs);
1162 static void audio_capture_destroy(void *opaque)
1166 static void audio_capture(void *opaque, void *buf, int size)
1168 VncState *vs = opaque;
1170 vnc_lock_output(vs);
1171 if (vs->output.offset < vs->throttle_output_offset) {
1172 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1173 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1174 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1175 vnc_write_u32(vs, size);
1176 vnc_write(vs, buf, size);
1178 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1180 vnc_unlock_output(vs);
1184 static void audio_add(VncState *vs)
1186 struct audio_capture_ops ops;
1188 if (vs->audio_cap) {
1189 error_report("audio already running");
1193 ops.notify = audio_capture_notify;
1194 ops.destroy = audio_capture_destroy;
1195 ops.capture = audio_capture;
1197 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1198 if (!vs->audio_cap) {
1199 error_report("Failed to add audio capture");
1203 static void audio_del(VncState *vs)
1205 if (vs->audio_cap) {
1206 AUD_del_capture(vs->audio_cap, vs);
1207 vs->audio_cap = NULL;
1211 static void vnc_disconnect_start(VncState *vs)
1213 if (vs->disconnecting) {
1216 trace_vnc_client_disconnect_start(vs, vs->ioc);
1217 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1219 g_source_remove(vs->ioc_tag);
1222 qio_channel_close(vs->ioc, NULL);
1223 vs->disconnecting = TRUE;
1226 void vnc_disconnect_finish(VncState *vs)
1230 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1232 vnc_jobs_join(vs); /* Wait encoding jobs */
1234 vnc_lock_output(vs);
1235 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1237 buffer_free(&vs->input);
1238 buffer_free(&vs->output);
1240 qapi_free_VncClientInfo(vs->info);
1243 vnc_tight_clear(vs);
1246 #ifdef CONFIG_VNC_SASL
1247 vnc_sasl_client_cleanup(vs);
1248 #endif /* CONFIG_VNC_SASL */
1250 vnc_release_modifiers(vs);
1252 if (vs->mouse_mode_notifier.notify != NULL) {
1253 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1255 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1256 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1257 /* last client gone */
1258 vnc_update_server_surface(vs->vd);
1261 vnc_unlock_output(vs);
1263 qemu_mutex_destroy(&vs->output_mutex);
1264 if (vs->bh != NULL) {
1265 qemu_bh_delete(vs->bh);
1267 buffer_free(&vs->jobs_buffer);
1269 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1270 g_free(vs->lossy_rect[i]);
1272 g_free(vs->lossy_rect);
1274 object_unref(OBJECT(vs->ioc));
1276 object_unref(OBJECT(vs->sioc));
1281 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1285 trace_vnc_client_eof(vs, vs->ioc);
1286 vnc_disconnect_start(vs);
1287 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1288 trace_vnc_client_io_error(vs, vs->ioc,
1289 errp ? error_get_pretty(*errp) :
1291 vnc_disconnect_start(vs);
1304 void vnc_client_error(VncState *vs)
1306 VNC_DEBUG("Closing down client sock: protocol error\n");
1307 vnc_disconnect_start(vs);
1312 * Called to write a chunk of data to the client socket. The data may
1313 * be the raw data, or may have already been encoded by SASL.
1314 * The data will be written either straight onto the socket, or
1315 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1317 * NB, it is theoretically possible to have 2 layers of encryption,
1318 * both SASL, and this TLS layer. It is highly unlikely in practice
1319 * though, since SASL encryption will typically be a no-op if TLS
1322 * Returns the number of bytes written, which may be less than
1323 * the requested 'datalen' if the socket would block. Returns
1324 * 0 on I/O error, and disconnects the client socket.
1326 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1330 ret = qio_channel_write(
1331 vs->ioc, (const char *)data, datalen, &err);
1332 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1333 return vnc_client_io_error(vs, ret, &err);
1338 * Called to write buffered data to the client socket, when not
1339 * using any SASL SSF encryption layers. Will write as much data
1340 * as possible without blocking. If all buffered data is written,
1341 * will switch the FD poll() handler back to read monitoring.
1343 * Returns the number of bytes written, which may be less than
1344 * the buffered output data if the socket would block. Returns
1345 * 0 on I/O error, and disconnects the client socket.
1347 static size_t vnc_client_write_plain(VncState *vs)
1352 #ifdef CONFIG_VNC_SASL
1353 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1354 vs->output.buffer, vs->output.capacity, vs->output.offset,
1355 vs->sasl.waitWriteSSF);
1357 if (vs->sasl.conn &&
1359 vs->sasl.waitWriteSSF) {
1360 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1362 vs->sasl.waitWriteSSF -= ret;
1364 #endif /* CONFIG_VNC_SASL */
1365 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1369 if (ret >= vs->force_update_offset) {
1370 if (vs->force_update_offset != 0) {
1371 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1373 vs->force_update_offset = 0;
1375 vs->force_update_offset -= ret;
1377 offset = vs->output.offset;
1378 buffer_advance(&vs->output, ret);
1379 if (offset >= vs->throttle_output_offset &&
1380 vs->output.offset < vs->throttle_output_offset) {
1381 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1384 if (vs->output.offset == 0) {
1386 g_source_remove(vs->ioc_tag);
1388 vs->ioc_tag = qio_channel_add_watch(
1389 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1397 * First function called whenever there is data to be written to
1398 * the client socket. Will delegate actual work according to whether
1399 * SASL SSF layers are enabled (thus requiring encryption calls)
1401 static void vnc_client_write_locked(VncState *vs)
1403 #ifdef CONFIG_VNC_SASL
1404 if (vs->sasl.conn &&
1406 !vs->sasl.waitWriteSSF) {
1407 vnc_client_write_sasl(vs);
1409 #endif /* CONFIG_VNC_SASL */
1411 vnc_client_write_plain(vs);
1415 static void vnc_client_write(VncState *vs)
1418 vnc_lock_output(vs);
1419 if (vs->output.offset) {
1420 vnc_client_write_locked(vs);
1421 } else if (vs->ioc != NULL) {
1423 g_source_remove(vs->ioc_tag);
1425 vs->ioc_tag = qio_channel_add_watch(
1426 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1428 vnc_unlock_output(vs);
1431 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1433 vs->read_handler = func;
1434 vs->read_handler_expect = expecting;
1439 * Called to read a chunk of data from the client socket. The data may
1440 * be the raw data, or may need to be further decoded by SASL.
1441 * The data will be read either straight from to the socket, or
1442 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1444 * NB, it is theoretically possible to have 2 layers of encryption,
1445 * both SASL, and this TLS layer. It is highly unlikely in practice
1446 * though, since SASL encryption will typically be a no-op if TLS
1449 * Returns the number of bytes read, which may be less than
1450 * the requested 'datalen' if the socket would block. Returns
1451 * 0 on I/O error or EOF, and disconnects the client socket.
1453 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1457 ret = qio_channel_read(
1458 vs->ioc, (char *)data, datalen, &err);
1459 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1460 return vnc_client_io_error(vs, ret, &err);
1465 * Called to read data from the client socket to the input buffer,
1466 * when not using any SASL SSF encryption layers. Will read as much
1467 * data as possible without blocking.
1469 * Returns the number of bytes read, which may be less than
1470 * the requested 'datalen' if the socket would block. Returns
1471 * 0 on I/O error or EOF, and disconnects the client socket.
1473 static size_t vnc_client_read_plain(VncState *vs)
1476 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1477 vs->input.buffer, vs->input.capacity, vs->input.offset);
1478 buffer_reserve(&vs->input, 4096);
1479 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1482 vs->input.offset += ret;
1486 static void vnc_jobs_bh(void *opaque)
1488 VncState *vs = opaque;
1490 vnc_jobs_consume_buffer(vs);
1494 * First function called whenever there is more data to be read from
1495 * the client socket. Will delegate actual work according to whether
1496 * SASL SSF layers are enabled (thus requiring decryption calls)
1497 * Returns 0 on success, -1 if client disconnected
1499 static int vnc_client_read(VncState *vs)
1503 #ifdef CONFIG_VNC_SASL
1504 if (vs->sasl.conn && vs->sasl.runSSF)
1505 ret = vnc_client_read_sasl(vs);
1507 #endif /* CONFIG_VNC_SASL */
1508 ret = vnc_client_read_plain(vs);
1510 if (vs->disconnecting) {
1511 vnc_disconnect_finish(vs);
1517 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1518 size_t len = vs->read_handler_expect;
1521 ret = vs->read_handler(vs, vs->input.buffer, len);
1522 if (vs->disconnecting) {
1523 vnc_disconnect_finish(vs);
1528 buffer_advance(&vs->input, len);
1530 vs->read_handler_expect = ret;
1536 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1537 GIOCondition condition, void *opaque)
1539 VncState *vs = opaque;
1540 if (condition & G_IO_IN) {
1541 if (vnc_client_read(vs) < 0) {
1542 /* vs is free()ed here */
1546 if (condition & G_IO_OUT) {
1547 vnc_client_write(vs);
1550 if (vs->disconnecting) {
1551 if (vs->ioc_tag != 0) {
1552 g_source_remove(vs->ioc_tag);
1561 * Scale factor to apply to vs->throttle_output_offset when checking for
1562 * hard limit. Worst case normal usage could be x2, if we have a complete
1563 * incremental update and complete forced update in the output buffer.
1564 * So x3 should be good enough, but we pick x5 to be conservative and thus
1565 * (hopefully) never trigger incorrectly.
1567 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1569 void vnc_write(VncState *vs, const void *data, size_t len)
1571 if (vs->disconnecting) {
1574 /* Protection against malicious client/guest to prevent our output
1575 * buffer growing without bound if client stops reading data. This
1576 * should rarely trigger, because we have earlier throttling code
1577 * which stops issuing framebuffer updates and drops audio data
1578 * if the throttle_output_offset value is exceeded. So we only reach
1579 * this higher level if a huge number of pseudo-encodings get
1580 * triggered while data can't be sent on the socket.
1582 * NB throttle_output_offset can be zero during early protocol
1583 * handshake, or from the job thread's VncState clone
1585 if (vs->throttle_output_offset != 0 &&
1586 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1587 vs->throttle_output_offset) {
1588 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1589 vs->throttle_output_offset);
1590 vnc_disconnect_start(vs);
1593 buffer_reserve(&vs->output, len);
1595 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1597 g_source_remove(vs->ioc_tag);
1599 vs->ioc_tag = qio_channel_add_watch(
1600 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1603 buffer_append(&vs->output, data, len);
1606 void vnc_write_s32(VncState *vs, int32_t value)
1608 vnc_write_u32(vs, *(uint32_t *)&value);
1611 void vnc_write_u32(VncState *vs, uint32_t value)
1615 buf[0] = (value >> 24) & 0xFF;
1616 buf[1] = (value >> 16) & 0xFF;
1617 buf[2] = (value >> 8) & 0xFF;
1618 buf[3] = value & 0xFF;
1620 vnc_write(vs, buf, 4);
1623 void vnc_write_u16(VncState *vs, uint16_t value)
1627 buf[0] = (value >> 8) & 0xFF;
1628 buf[1] = value & 0xFF;
1630 vnc_write(vs, buf, 2);
1633 void vnc_write_u8(VncState *vs, uint8_t value)
1635 vnc_write(vs, (char *)&value, 1);
1638 void vnc_flush(VncState *vs)
1640 vnc_lock_output(vs);
1641 if (vs->ioc != NULL && vs->output.offset) {
1642 vnc_client_write_locked(vs);
1644 if (vs->disconnecting) {
1645 if (vs->ioc_tag != 0) {
1646 g_source_remove(vs->ioc_tag);
1650 vnc_unlock_output(vs);
1653 static uint8_t read_u8(uint8_t *data, size_t offset)
1655 return data[offset];
1658 static uint16_t read_u16(uint8_t *data, size_t offset)
1660 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1663 static int32_t read_s32(uint8_t *data, size_t offset)
1665 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1666 (data[offset + 2] << 8) | data[offset + 3]);
1669 uint32_t read_u32(uint8_t *data, size_t offset)
1671 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1672 (data[offset + 2] << 8) | data[offset + 3]);
1675 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1679 static void check_pointer_type_change(Notifier *notifier, void *data)
1681 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1682 int absolute = qemu_input_is_absolute();
1684 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1685 vnc_lock_output(vs);
1686 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1687 vnc_write_u8(vs, 0);
1688 vnc_write_u16(vs, 1);
1689 vnc_framebuffer_update(vs, absolute, 0,
1690 pixman_image_get_width(vs->vd->server),
1691 pixman_image_get_height(vs->vd->server),
1692 VNC_ENCODING_POINTER_TYPE_CHANGE);
1693 vnc_unlock_output(vs);
1696 vs->absolute = absolute;
1699 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1701 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1702 [INPUT_BUTTON_LEFT] = 0x01,
1703 [INPUT_BUTTON_MIDDLE] = 0x02,
1704 [INPUT_BUTTON_RIGHT] = 0x04,
1705 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1706 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1708 QemuConsole *con = vs->vd->dcl.con;
1709 int width = pixman_image_get_width(vs->vd->server);
1710 int height = pixman_image_get_height(vs->vd->server);
1712 if (vs->last_bmask != button_mask) {
1713 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1714 vs->last_bmask = button_mask;
1718 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1719 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1720 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1721 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1722 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1724 if (vs->last_x != -1) {
1725 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1726 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1731 qemu_input_event_sync();
1734 static void reset_keys(VncState *vs)
1737 for(i = 0; i < 256; i++) {
1738 if (vs->modifiers_state[i]) {
1739 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1740 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1741 vs->modifiers_state[i] = 0;
1746 static void press_key(VncState *vs, int keysym)
1748 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym,
1749 false, false, false) & SCANCODE_KEYMASK;
1750 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1751 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1752 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1753 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1756 static void vnc_led_state_change(VncState *vs)
1758 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1762 vnc_lock_output(vs);
1763 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1764 vnc_write_u8(vs, 0);
1765 vnc_write_u16(vs, 1);
1766 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1767 vnc_write_u8(vs, vs->vd->ledstate);
1768 vnc_unlock_output(vs);
1772 static void kbd_leds(void *opaque, int ledstate)
1774 VncDisplay *vd = opaque;
1777 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1778 (ledstate & QEMU_NUM_LOCK_LED),
1779 (ledstate & QEMU_SCROLL_LOCK_LED));
1781 if (ledstate == vd->ledstate) {
1785 vd->ledstate = ledstate;
1787 QTAILQ_FOREACH(client, &vd->clients, next) {
1788 vnc_led_state_change(client);
1792 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1794 /* QEMU console switch */
1796 case 0x2a: /* Left Shift */
1797 case 0x36: /* Right Shift */
1798 case 0x1d: /* Left CTRL */
1799 case 0x9d: /* Right CTRL */
1800 case 0x38: /* Left ALT */
1801 case 0xb8: /* Right ALT */
1803 vs->modifiers_state[keycode] = 1;
1805 vs->modifiers_state[keycode] = 0;
1807 case 0x02 ... 0x0a: /* '1' to '9' keys */
1808 if (vs->vd->dcl.con == NULL &&
1809 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1810 /* Reset the modifiers sent to the current console */
1812 console_select(keycode - 0x02);
1816 case 0x3a: /* CapsLock */
1817 case 0x45: /* NumLock */
1819 vs->modifiers_state[keycode] ^= 1;
1823 /* Turn off the lock state sync logic if the client support the led
1826 if (down && vs->vd->lock_key_sync &&
1827 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1828 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1829 /* If the numlock state needs to change then simulate an additional
1830 keypress before sending this one. This will happen if the user
1831 toggles numlock away from the VNC window.
1833 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1834 if (!vs->modifiers_state[0x45]) {
1835 trace_vnc_key_sync_numlock(true);
1836 vs->modifiers_state[0x45] = 1;
1837 press_key(vs, 0xff7f);
1840 if (vs->modifiers_state[0x45]) {
1841 trace_vnc_key_sync_numlock(false);
1842 vs->modifiers_state[0x45] = 0;
1843 press_key(vs, 0xff7f);
1848 if (down && vs->vd->lock_key_sync &&
1849 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1850 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1851 /* If the capslock state needs to change then simulate an additional
1852 keypress before sending this one. This will happen if the user
1853 toggles capslock away from the VNC window.
1855 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1856 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1857 int capslock = !!(vs->modifiers_state[0x3a]);
1859 if (uppercase == shift) {
1860 trace_vnc_key_sync_capslock(false);
1861 vs->modifiers_state[0x3a] = 0;
1862 press_key(vs, 0xffe5);
1865 if (uppercase != shift) {
1866 trace_vnc_key_sync_capslock(true);
1867 vs->modifiers_state[0x3a] = 1;
1868 press_key(vs, 0xffe5);
1873 if (qemu_console_is_graphic(NULL)) {
1874 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1875 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1877 bool numlock = vs->modifiers_state[0x45];
1878 bool control = (vs->modifiers_state[0x1d] ||
1879 vs->modifiers_state[0x9d]);
1880 /* QEMU console emulation */
1883 case 0x2a: /* Left Shift */
1884 case 0x36: /* Right Shift */
1885 case 0x1d: /* Left CTRL */
1886 case 0x9d: /* Right CTRL */
1887 case 0x38: /* Left ALT */
1888 case 0xb8: /* Right ALT */
1891 kbd_put_keysym(QEMU_KEY_UP);
1894 kbd_put_keysym(QEMU_KEY_DOWN);
1897 kbd_put_keysym(QEMU_KEY_LEFT);
1900 kbd_put_keysym(QEMU_KEY_RIGHT);
1903 kbd_put_keysym(QEMU_KEY_DELETE);
1906 kbd_put_keysym(QEMU_KEY_HOME);
1909 kbd_put_keysym(QEMU_KEY_END);
1912 kbd_put_keysym(QEMU_KEY_PAGEUP);
1915 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1919 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1922 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1925 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1928 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1931 kbd_put_keysym('5');
1934 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1937 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1940 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1943 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1946 kbd_put_keysym('0');
1949 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1953 kbd_put_keysym('/');
1956 kbd_put_keysym('*');
1959 kbd_put_keysym('-');
1962 kbd_put_keysym('+');
1965 kbd_put_keysym('\n');
1970 kbd_put_keysym(sym & 0x1f);
1972 kbd_put_keysym(sym);
1980 static void vnc_release_modifiers(VncState *vs)
1982 static const int keycodes[] = {
1983 /* shift, control, alt keys, both left & right */
1984 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1988 if (!qemu_console_is_graphic(NULL)) {
1991 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1992 keycode = keycodes[i];
1993 if (!vs->modifiers_state[keycode]) {
1996 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1997 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
2001 static const char *code2name(int keycode)
2003 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2006 static void key_event(VncState *vs, int down, uint32_t sym)
2008 bool shift = vs->modifiers_state[0x2a] || vs->modifiers_state[0x36];
2009 bool altgr = vs->modifiers_state[0xb8];
2010 bool ctrl = vs->modifiers_state[0x1d] || vs->modifiers_state[0x9d];
2014 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2015 lsym = lsym - 'A' + 'a';
2018 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2019 shift, altgr, ctrl) & SCANCODE_KEYMASK;
2020 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2021 do_key_event(vs, down, keycode, sym);
2024 static void ext_key_event(VncState *vs, int down,
2025 uint32_t sym, uint16_t keycode)
2027 /* if the user specifies a keyboard layout, always use it */
2028 if (keyboard_layout) {
2029 key_event(vs, down, sym);
2031 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2032 do_key_event(vs, down, keycode, sym);
2036 static void framebuffer_update_request(VncState *vs, int incremental,
2037 int x, int y, int w, int h)
2040 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2041 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2044 vs->update = VNC_STATE_UPDATE_FORCE;
2045 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2049 static void send_ext_key_event_ack(VncState *vs)
2051 vnc_lock_output(vs);
2052 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2053 vnc_write_u8(vs, 0);
2054 vnc_write_u16(vs, 1);
2055 vnc_framebuffer_update(vs, 0, 0,
2056 pixman_image_get_width(vs->vd->server),
2057 pixman_image_get_height(vs->vd->server),
2058 VNC_ENCODING_EXT_KEY_EVENT);
2059 vnc_unlock_output(vs);
2063 static void send_ext_audio_ack(VncState *vs)
2065 vnc_lock_output(vs);
2066 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2067 vnc_write_u8(vs, 0);
2068 vnc_write_u16(vs, 1);
2069 vnc_framebuffer_update(vs, 0, 0,
2070 pixman_image_get_width(vs->vd->server),
2071 pixman_image_get_height(vs->vd->server),
2072 VNC_ENCODING_AUDIO);
2073 vnc_unlock_output(vs);
2077 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2080 unsigned int enc = 0;
2083 vs->vnc_encoding = 0;
2084 vs->tight.compression = 9;
2085 vs->tight.quality = -1; /* Lossless by default */
2089 * Start from the end because the encodings are sent in order of preference.
2090 * This way the preferred encoding (first encoding defined in the array)
2091 * will be set at the end of the loop.
2093 for (i = n_encodings - 1; i >= 0; i--) {
2096 case VNC_ENCODING_RAW:
2097 vs->vnc_encoding = enc;
2099 case VNC_ENCODING_COPYRECT:
2100 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2102 case VNC_ENCODING_HEXTILE:
2103 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2104 vs->vnc_encoding = enc;
2106 case VNC_ENCODING_TIGHT:
2107 vs->features |= VNC_FEATURE_TIGHT_MASK;
2108 vs->vnc_encoding = enc;
2110 #ifdef CONFIG_VNC_PNG
2111 case VNC_ENCODING_TIGHT_PNG:
2112 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2113 vs->vnc_encoding = enc;
2116 case VNC_ENCODING_ZLIB:
2117 vs->features |= VNC_FEATURE_ZLIB_MASK;
2118 vs->vnc_encoding = enc;
2120 case VNC_ENCODING_ZRLE:
2121 vs->features |= VNC_FEATURE_ZRLE_MASK;
2122 vs->vnc_encoding = enc;
2124 case VNC_ENCODING_ZYWRLE:
2125 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2126 vs->vnc_encoding = enc;
2128 case VNC_ENCODING_DESKTOPRESIZE:
2129 vs->features |= VNC_FEATURE_RESIZE_MASK;
2131 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2132 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2134 case VNC_ENCODING_RICH_CURSOR:
2135 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2136 if (vs->vd->cursor) {
2137 vnc_cursor_define(vs);
2140 case VNC_ENCODING_EXT_KEY_EVENT:
2141 send_ext_key_event_ack(vs);
2143 case VNC_ENCODING_AUDIO:
2144 send_ext_audio_ack(vs);
2146 case VNC_ENCODING_WMVi:
2147 vs->features |= VNC_FEATURE_WMVI_MASK;
2149 case VNC_ENCODING_LED_STATE:
2150 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2152 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2153 vs->tight.compression = (enc & 0x0F);
2155 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2156 if (vs->vd->lossy) {
2157 vs->tight.quality = (enc & 0x0F);
2161 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2165 vnc_desktop_resize(vs);
2166 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2167 vnc_led_state_change(vs);
2170 static void set_pixel_conversion(VncState *vs)
2172 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2174 if (fmt == VNC_SERVER_FB_FORMAT) {
2175 vs->write_pixels = vnc_write_pixels_copy;
2176 vnc_hextile_set_pixel_conversion(vs, 0);
2178 vs->write_pixels = vnc_write_pixels_generic;
2179 vnc_hextile_set_pixel_conversion(vs, 1);
2183 static void send_color_map(VncState *vs)
2187 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2188 vnc_write_u8(vs, 0); /* padding */
2189 vnc_write_u16(vs, 0); /* first color */
2190 vnc_write_u16(vs, 256); /* # of colors */
2192 for (i = 0; i < 256; i++) {
2193 PixelFormat *pf = &vs->client_pf;
2195 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2196 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2197 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2201 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2202 int big_endian_flag, int true_color_flag,
2203 int red_max, int green_max, int blue_max,
2204 int red_shift, int green_shift, int blue_shift)
2206 if (!true_color_flag) {
2207 /* Expose a reasonable default 256 color map */
2217 switch (bits_per_pixel) {
2223 vnc_client_error(vs);
2227 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2228 vs->client_pf.rbits = ctpopl(red_max);
2229 vs->client_pf.rshift = red_shift;
2230 vs->client_pf.rmask = red_max << red_shift;
2231 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2232 vs->client_pf.gbits = ctpopl(green_max);
2233 vs->client_pf.gshift = green_shift;
2234 vs->client_pf.gmask = green_max << green_shift;
2235 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2236 vs->client_pf.bbits = ctpopl(blue_max);
2237 vs->client_pf.bshift = blue_shift;
2238 vs->client_pf.bmask = blue_max << blue_shift;
2239 vs->client_pf.bits_per_pixel = bits_per_pixel;
2240 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2241 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2242 vs->client_be = big_endian_flag;
2244 if (!true_color_flag) {
2248 set_pixel_conversion(vs);
2250 graphic_hw_invalidate(vs->vd->dcl.con);
2251 graphic_hw_update(vs->vd->dcl.con);
2254 static void pixel_format_message (VncState *vs) {
2255 char pad[3] = { 0, 0, 0 };
2257 vs->client_pf = qemu_default_pixelformat(32);
2259 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2260 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2262 #ifdef HOST_WORDS_BIGENDIAN
2263 vnc_write_u8(vs, 1); /* big-endian-flag */
2265 vnc_write_u8(vs, 0); /* big-endian-flag */
2267 vnc_write_u8(vs, 1); /* true-color-flag */
2268 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2269 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2270 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2271 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2272 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2273 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2274 vnc_write(vs, pad, 3); /* padding */
2276 vnc_hextile_set_pixel_conversion(vs, 0);
2277 vs->write_pixels = vnc_write_pixels_copy;
2280 static void vnc_colordepth(VncState *vs)
2282 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2283 /* Sending a WMVi message to notify the client*/
2284 vnc_lock_output(vs);
2285 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2286 vnc_write_u8(vs, 0);
2287 vnc_write_u16(vs, 1); /* number of rects */
2288 vnc_framebuffer_update(vs, 0, 0,
2289 pixman_image_get_width(vs->vd->server),
2290 pixman_image_get_height(vs->vd->server),
2292 pixel_format_message(vs);
2293 vnc_unlock_output(vs);
2296 set_pixel_conversion(vs);
2300 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2305 VncDisplay *vd = vs->vd;
2308 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2312 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2316 set_pixel_format(vs, read_u8(data, 4),
2317 read_u8(data, 6), read_u8(data, 7),
2318 read_u16(data, 8), read_u16(data, 10),
2319 read_u16(data, 12), read_u8(data, 14),
2320 read_u8(data, 15), read_u8(data, 16));
2322 case VNC_MSG_CLIENT_SET_ENCODINGS:
2327 limit = read_u16(data, 2);
2329 return 4 + (limit * 4);
2331 limit = read_u16(data, 2);
2333 for (i = 0; i < limit; i++) {
2334 int32_t val = read_s32(data, 4 + (i * 4));
2335 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2338 set_encodings(vs, (int32_t *)(data + 4), limit);
2340 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2344 framebuffer_update_request(vs,
2345 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2346 read_u16(data, 6), read_u16(data, 8));
2348 case VNC_MSG_CLIENT_KEY_EVENT:
2352 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2354 case VNC_MSG_CLIENT_POINTER_EVENT:
2358 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2360 case VNC_MSG_CLIENT_CUT_TEXT:
2365 uint32_t dlen = read_u32(data, 4);
2366 if (dlen > (1 << 20)) {
2367 error_report("vnc: client_cut_text msg payload has %u bytes"
2368 " which exceeds our limit of 1MB.", dlen);
2369 vnc_client_error(vs);
2377 client_cut_text(vs, read_u32(data, 4), data + 8);
2379 case VNC_MSG_CLIENT_QEMU:
2383 switch (read_u8(data, 1)) {
2384 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2388 ext_key_event(vs, read_u16(data, 2),
2389 read_u32(data, 4), read_u32(data, 8));
2391 case VNC_MSG_CLIENT_QEMU_AUDIO:
2395 switch (read_u16 (data, 2)) {
2396 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2399 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2402 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2405 switch (read_u8(data, 4)) {
2406 case 0: vs->as.fmt = AUD_FMT_U8; break;
2407 case 1: vs->as.fmt = AUD_FMT_S8; break;
2408 case 2: vs->as.fmt = AUD_FMT_U16; break;
2409 case 3: vs->as.fmt = AUD_FMT_S16; break;
2410 case 4: vs->as.fmt = AUD_FMT_U32; break;
2411 case 5: vs->as.fmt = AUD_FMT_S32; break;
2413 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2414 vnc_client_error(vs);
2417 vs->as.nchannels = read_u8(data, 5);
2418 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2419 VNC_DEBUG("Invalid audio channel count %d\n",
2421 vnc_client_error(vs);
2424 freq = read_u32(data, 6);
2425 /* No official limit for protocol, but 48khz is a sensible
2426 * upper bound for trustworthy clients, and this limit
2427 * protects calculations involving 'vs->as.freq' later.
2430 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2431 vnc_client_error(vs);
2437 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2438 vnc_client_error(vs);
2444 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2445 vnc_client_error(vs);
2450 VNC_DEBUG("Msg: %d\n", data[0]);
2451 vnc_client_error(vs);
2455 vnc_update_throttle_offset(vs);
2456 vnc_read_when(vs, protocol_client_msg, 1);
2460 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2466 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2467 switch (vs->vd->share_policy) {
2468 case VNC_SHARE_POLICY_IGNORE:
2470 * Ignore the shared flag. Nothing to do here.
2472 * Doesn't conform to the rfb spec but is traditional qemu
2473 * behavior, thus left here as option for compatibility
2477 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2479 * Policy: Allow clients ask for exclusive access.
2481 * Implementation: When a client asks for exclusive access,
2482 * disconnect all others. Shared connects are allowed as long
2483 * as no exclusive connection exists.
2485 * This is how the rfb spec suggests to handle the shared flag.
2487 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2489 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2493 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2494 client->share_mode != VNC_SHARE_MODE_SHARED) {
2497 vnc_disconnect_start(client);
2500 if (mode == VNC_SHARE_MODE_SHARED) {
2501 if (vs->vd->num_exclusive > 0) {
2502 vnc_disconnect_start(vs);
2507 case VNC_SHARE_POLICY_FORCE_SHARED:
2509 * Policy: Shared connects only.
2510 * Implementation: Disallow clients asking for exclusive access.
2512 * Useful for shared desktop sessions where you don't want
2513 * someone forgetting to say -shared when running the vnc
2514 * client disconnect everybody else.
2516 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2517 vnc_disconnect_start(vs);
2522 vnc_set_share_mode(vs, mode);
2524 if (vs->vd->num_shared > vs->vd->connections_limit) {
2525 vnc_disconnect_start(vs);
2529 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2530 pixman_image_get_width(vs->vd->server) >= 0);
2531 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2532 pixman_image_get_height(vs->vd->server) >= 0);
2533 vs->client_width = pixman_image_get_width(vs->vd->server);
2534 vs->client_height = pixman_image_get_height(vs->vd->server);
2535 vnc_write_u16(vs, vs->client_width);
2536 vnc_write_u16(vs, vs->client_height);
2538 pixel_format_message(vs);
2541 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2542 if (size > sizeof(buf)) {
2546 size = snprintf(buf, sizeof(buf), "QEMU");
2549 vnc_write_u32(vs, size);
2550 vnc_write(vs, buf, size);
2553 vnc_client_cache_auth(vs);
2554 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2556 vnc_read_when(vs, protocol_client_msg, 1);
2561 void start_client_init(VncState *vs)
2563 vnc_read_when(vs, protocol_client_init, 1);
2566 static void make_challenge(VncState *vs)
2570 srand(time(NULL)+getpid()+getpid()*987654+rand());
2572 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2573 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2576 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2578 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2580 unsigned char key[8];
2581 time_t now = time(NULL);
2582 QCryptoCipher *cipher = NULL;
2585 if (!vs->vd->password) {
2586 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2589 if (vs->vd->expires < now) {
2590 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2594 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2596 /* Calculate the expected challenge response */
2597 pwlen = strlen(vs->vd->password);
2598 for (i=0; i<sizeof(key); i++)
2599 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2601 cipher = qcrypto_cipher_new(
2602 QCRYPTO_CIPHER_ALG_DES_RFB,
2603 QCRYPTO_CIPHER_MODE_ECB,
2604 key, G_N_ELEMENTS(key),
2607 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2608 error_get_pretty(err));
2613 if (qcrypto_cipher_encrypt(cipher,
2616 VNC_AUTH_CHALLENGE_SIZE,
2618 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2619 error_get_pretty(err));
2624 /* Compare expected vs actual challenge response */
2625 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2626 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2629 trace_vnc_auth_pass(vs, vs->auth);
2630 vnc_write_u32(vs, 0); /* Accept auth */
2633 start_client_init(vs);
2636 qcrypto_cipher_free(cipher);
2640 vnc_write_u32(vs, 1); /* Reject auth */
2641 if (vs->minor >= 8) {
2642 static const char err[] = "Authentication failed";
2643 vnc_write_u32(vs, sizeof(err));
2644 vnc_write(vs, err, sizeof(err));
2647 vnc_client_error(vs);
2648 qcrypto_cipher_free(cipher);
2652 void start_auth_vnc(VncState *vs)
2655 /* Send client a 'random' challenge */
2656 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2659 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2663 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2665 /* We only advertise 1 auth scheme at a time, so client
2666 * must pick the one we sent. Verify this */
2667 if (data[0] != vs->auth) { /* Reject auth */
2668 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2669 vnc_write_u32(vs, 1);
2670 if (vs->minor >= 8) {
2671 static const char err[] = "Authentication failed";
2672 vnc_write_u32(vs, sizeof(err));
2673 vnc_write(vs, err, sizeof(err));
2675 vnc_client_error(vs);
2676 } else { /* Accept requested auth */
2677 trace_vnc_auth_start(vs, vs->auth);
2680 if (vs->minor >= 8) {
2681 vnc_write_u32(vs, 0); /* Accept auth completion */
2684 trace_vnc_auth_pass(vs, vs->auth);
2685 start_client_init(vs);
2692 case VNC_AUTH_VENCRYPT:
2693 start_auth_vencrypt(vs);
2696 #ifdef CONFIG_VNC_SASL
2698 start_auth_sasl(vs);
2700 #endif /* CONFIG_VNC_SASL */
2702 default: /* Should not be possible, but just in case */
2703 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2704 vnc_write_u8(vs, 1);
2705 if (vs->minor >= 8) {
2706 static const char err[] = "Authentication failed";
2707 vnc_write_u32(vs, sizeof(err));
2708 vnc_write(vs, err, sizeof(err));
2710 vnc_client_error(vs);
2716 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2720 memcpy(local, version, 12);
2723 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2724 VNC_DEBUG("Malformed protocol version %s\n", local);
2725 vnc_client_error(vs);
2728 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2729 if (vs->major != 3 ||
2735 VNC_DEBUG("Unsupported client version\n");
2736 vnc_write_u32(vs, VNC_AUTH_INVALID);
2738 vnc_client_error(vs);
2741 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2742 * as equivalent to v3.3 by servers
2744 if (vs->minor == 4 || vs->minor == 5)
2747 if (vs->minor == 3) {
2748 trace_vnc_auth_start(vs, vs->auth);
2749 if (vs->auth == VNC_AUTH_NONE) {
2750 vnc_write_u32(vs, vs->auth);
2752 trace_vnc_auth_pass(vs, vs->auth);
2753 start_client_init(vs);
2754 } else if (vs->auth == VNC_AUTH_VNC) {
2755 VNC_DEBUG("Tell client VNC auth\n");
2756 vnc_write_u32(vs, vs->auth);
2760 trace_vnc_auth_fail(vs, vs->auth,
2761 "Unsupported auth method for v3.3", "");
2762 vnc_write_u32(vs, VNC_AUTH_INVALID);
2764 vnc_client_error(vs);
2767 vnc_write_u8(vs, 1); /* num auth */
2768 vnc_write_u8(vs, vs->auth);
2769 vnc_read_when(vs, protocol_client_auth, 1);
2776 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2778 struct VncSurface *vs = &vd->guest;
2780 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2783 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2787 w = (x + w) / VNC_STAT_RECT;
2788 h = (y + h) / VNC_STAT_RECT;
2792 for (j = y; j <= h; j++) {
2793 for (i = x; i <= w; i++) {
2794 vs->lossy_rect[j][i] = 1;
2799 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2802 int sty = y / VNC_STAT_RECT;
2803 int stx = x / VNC_STAT_RECT;
2806 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2807 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2809 QTAILQ_FOREACH(vs, &vd->clients, next) {
2812 /* kernel send buffers are full -> refresh later */
2813 if (vs->output.offset) {
2817 if (!vs->lossy_rect[sty][stx]) {
2821 vs->lossy_rect[sty][stx] = 0;
2822 for (j = 0; j < VNC_STAT_RECT; ++j) {
2823 bitmap_set(vs->dirty[y + j],
2824 x / VNC_DIRTY_PIXELS_PER_BIT,
2825 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2833 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2835 int width = MIN(pixman_image_get_width(vd->guest.fb),
2836 pixman_image_get_width(vd->server));
2837 int height = MIN(pixman_image_get_height(vd->guest.fb),
2838 pixman_image_get_height(vd->server));
2843 for (y = 0; y < height; y += VNC_STAT_RECT) {
2844 for (x = 0; x < width; x += VNC_STAT_RECT) {
2845 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2847 rect->updated = false;
2851 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2853 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2856 vd->guest.last_freq_check = *tv;
2858 for (y = 0; y < height; y += VNC_STAT_RECT) {
2859 for (x = 0; x < width; x += VNC_STAT_RECT) {
2860 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2861 int count = ARRAY_SIZE(rect->times);
2862 struct timeval min, max;
2864 if (!timerisset(&rect->times[count - 1])) {
2868 max = rect->times[(rect->idx + count - 1) % count];
2869 qemu_timersub(tv, &max, &res);
2871 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2873 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2874 memset(rect->times, 0, sizeof (rect->times));
2878 min = rect->times[rect->idx];
2879 max = rect->times[(rect->idx + count - 1) % count];
2880 qemu_timersub(&max, &min, &res);
2882 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2883 rect->freq /= count;
2884 rect->freq = 1. / rect->freq;
2890 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2896 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2897 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2899 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2900 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2901 total += vnc_stat_rect(vs->vd, i, j)->freq;
2913 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2917 rect = vnc_stat_rect(vd, x, y);
2918 if (rect->updated) {
2921 rect->times[rect->idx] = *tv;
2922 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2923 rect->updated = true;
2926 static int vnc_refresh_server_surface(VncDisplay *vd)
2928 int width = MIN(pixman_image_get_width(vd->guest.fb),
2929 pixman_image_get_width(vd->server));
2930 int height = MIN(pixman_image_get_height(vd->guest.fb),
2931 pixman_image_get_height(vd->server));
2932 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2933 uint8_t *guest_row0 = NULL, *server_row0;
2936 pixman_image_t *tmpbuf = NULL;
2938 struct timeval tv = { 0, 0 };
2940 if (!vd->non_adaptive) {
2941 gettimeofday(&tv, NULL);
2942 has_dirty = vnc_update_stats(vd, &tv);
2946 * Walk through the guest dirty map.
2947 * Check and copy modified bits from guest to server surface.
2948 * Update server dirty map.
2950 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2951 server_stride = guest_stride = guest_ll =
2952 pixman_image_get_stride(vd->server);
2953 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2955 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2956 int width = pixman_image_get_width(vd->server);
2957 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2960 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2961 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2962 guest_stride = pixman_image_get_stride(vd->guest.fb);
2963 guest_ll = pixman_image_get_width(vd->guest.fb) * (DIV_ROUND_UP(guest_bpp, 8));
2965 line_bytes = MIN(server_stride, guest_ll);
2969 uint8_t *guest_ptr, *server_ptr;
2970 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2971 height * VNC_DIRTY_BPL(&vd->guest),
2972 y * VNC_DIRTY_BPL(&vd->guest));
2973 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2974 /* no more dirty bits */
2977 y = offset / VNC_DIRTY_BPL(&vd->guest);
2978 x = offset % VNC_DIRTY_BPL(&vd->guest);
2980 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2982 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2983 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2984 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2986 guest_ptr = guest_row0 + y * guest_stride;
2988 guest_ptr += x * cmp_bytes;
2990 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2991 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2992 int _cmp_bytes = cmp_bytes;
2993 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2996 if ((x + 1) * cmp_bytes > line_bytes) {
2997 _cmp_bytes = line_bytes - x * cmp_bytes;
2999 assert(_cmp_bytes >= 0);
3000 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3003 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3004 if (!vd->non_adaptive) {
3005 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3008 QTAILQ_FOREACH(vs, &vd->clients, next) {
3009 set_bit(x, vs->dirty[y]);
3016 qemu_pixman_image_unref(tmpbuf);
3020 static void vnc_refresh(DisplayChangeListener *dcl)
3022 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3024 int has_dirty, rects = 0;
3026 if (QTAILQ_EMPTY(&vd->clients)) {
3027 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3031 graphic_hw_update(vd->dcl.con);
3033 if (vnc_trylock_display(vd)) {
3034 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3038 has_dirty = vnc_refresh_server_surface(vd);
3039 vnc_unlock_display(vd);
3041 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3042 rects += vnc_update_client(vs, has_dirty);
3043 /* vs might be free()ed here */
3046 if (has_dirty && rects) {
3047 vd->dcl.update_interval /= 2;
3048 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3049 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3052 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3053 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3054 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3059 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3060 bool skipauth, bool websocket)
3062 VncState *vs = g_new0(VncState, 1);
3063 bool first_client = QTAILQ_EMPTY(&vd->clients);
3066 trace_vnc_client_connect(vs, sioc);
3068 object_ref(OBJECT(vs->sioc));
3069 vs->ioc = QIO_CHANNEL(sioc);
3070 object_ref(OBJECT(vs->ioc));
3073 buffer_init(&vs->input, "vnc-input/%p", sioc);
3074 buffer_init(&vs->output, "vnc-output/%p", sioc);
3075 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3077 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
3078 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
3079 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
3080 #ifdef CONFIG_VNC_JPEG
3081 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3083 #ifdef CONFIG_VNC_PNG
3084 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
3086 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3087 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3088 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3089 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3092 vs->auth = VNC_AUTH_NONE;
3093 vs->subauth = VNC_AUTH_INVALID;
3096 vs->auth = vd->ws_auth;
3097 vs->subauth = VNC_AUTH_INVALID;
3099 vs->auth = vd->auth;
3100 vs->subauth = vd->subauth;
3103 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3104 sioc, websocket, vs->auth, vs->subauth);
3106 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3107 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3108 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3111 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3112 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3113 qio_channel_set_blocking(vs->ioc, false, NULL);
3115 g_source_remove(vs->ioc_tag);
3120 vs->ioc_tag = qio_channel_add_watch(
3121 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3123 vs->ioc_tag = qio_channel_add_watch(
3124 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3127 vs->ioc_tag = qio_channel_add_watch(
3128 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3131 vnc_client_cache_addr(vs);
3132 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3133 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3138 vs->as.freq = 44100;
3139 vs->as.nchannels = 2;
3140 vs->as.fmt = AUD_FMT_S16;
3141 vs->as.endianness = 0;
3143 qemu_mutex_init(&vs->output_mutex);
3144 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3146 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3148 vnc_update_server_surface(vd);
3151 graphic_hw_update(vd->dcl.con);
3153 if (!vs->websocket) {
3154 vnc_start_protocol(vs);
3157 if (vd->num_connecting > vd->connections_limit) {
3158 QTAILQ_FOREACH(vs, &vd->clients, next) {
3159 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3160 vnc_disconnect_start(vs);
3167 void vnc_start_protocol(VncState *vs)
3169 vnc_write(vs, "RFB 003.008\n", 12);
3171 vnc_read_when(vs, protocol_version, 12);
3173 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3174 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3177 static void vnc_listen_io(QIONetListener *listener,
3178 QIOChannelSocket *cioc,
3181 VncDisplay *vd = opaque;
3182 bool isWebsock = listener == vd->wslistener;
3184 qio_channel_set_name(QIO_CHANNEL(cioc),
3185 isWebsock ? "vnc-ws-server" : "vnc-server");
3186 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3187 vnc_connect(vd, cioc, false, isWebsock);
3190 static const DisplayChangeListenerOps dcl_ops = {
3192 .dpy_refresh = vnc_refresh,
3193 .dpy_gfx_update = vnc_dpy_update,
3194 .dpy_gfx_switch = vnc_dpy_switch,
3195 .dpy_gfx_check_format = qemu_pixman_check_format,
3196 .dpy_mouse_set = vnc_mouse_set,
3197 .dpy_cursor_define = vnc_dpy_cursor_define,
3200 void vnc_display_init(const char *id)
3204 if (vnc_display_find(id) != NULL) {
3207 vd = g_malloc0(sizeof(*vd));
3209 vd->id = strdup(id);
3210 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3212 QTAILQ_INIT(&vd->clients);
3213 vd->expires = TIME_MAX;
3215 if (keyboard_layout) {
3216 trace_vnc_key_map_init(keyboard_layout);
3217 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3219 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3222 if (!vd->kbd_layout) {
3226 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3227 vd->connections_limit = 32;
3229 qemu_mutex_init(&vd->mutex);
3230 vnc_start_worker_thread();
3232 vd->dcl.ops = &dcl_ops;
3233 register_displaychangelistener(&vd->dcl);
3237 static void vnc_display_close(VncDisplay *vd)
3242 vd->is_unix = false;
3245 qio_net_listener_disconnect(vd->listener);
3246 object_unref(OBJECT(vd->listener));
3248 vd->listener = NULL;
3250 if (vd->wslistener) {
3251 qio_net_listener_disconnect(vd->wslistener);
3252 object_unref(OBJECT(vd->wslistener));
3254 vd->wslistener = NULL;
3256 vd->auth = VNC_AUTH_INVALID;
3257 vd->subauth = VNC_AUTH_INVALID;
3259 object_unparent(OBJECT(vd->tlscreds));
3260 vd->tlscreds = NULL;
3262 g_free(vd->tlsaclname);
3263 vd->tlsaclname = NULL;
3264 if (vd->lock_key_sync) {
3265 qemu_remove_led_event_handler(vd->led);
3270 int vnc_display_password(const char *id, const char *password)
3272 VncDisplay *vd = vnc_display_find(id);
3277 if (vd->auth == VNC_AUTH_NONE) {
3278 error_printf_unless_qmp("If you want use passwords please enable "
3279 "password auth using '-vnc ${dpy},password'.\n");
3283 g_free(vd->password);
3284 vd->password = g_strdup(password);
3289 int vnc_display_pw_expire(const char *id, time_t expires)
3291 VncDisplay *vd = vnc_display_find(id);
3297 vd->expires = expires;
3301 static void vnc_display_print_local_addr(VncDisplay *vd)
3303 SocketAddress *addr;
3306 if (!vd->listener || !vd->listener->nsioc) {
3310 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3315 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3316 qapi_free_SocketAddress(addr);
3319 error_printf_unless_qmp("VNC server running on %s:%s\n",
3322 qapi_free_SocketAddress(addr);
3325 static QemuOptsList qemu_vnc_opts = {
3327 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3328 .implied_opt_name = "vnc",
3332 .type = QEMU_OPT_STRING,
3334 .name = "websocket",
3335 .type = QEMU_OPT_STRING,
3337 .name = "tls-creds",
3338 .type = QEMU_OPT_STRING,
3340 /* Deprecated in favour of tls-creds */
3342 .type = QEMU_OPT_STRING,
3345 .type = QEMU_OPT_STRING,
3348 .type = QEMU_OPT_STRING,
3351 .type = QEMU_OPT_NUMBER,
3353 .name = "connections",
3354 .type = QEMU_OPT_NUMBER,
3357 .type = QEMU_OPT_NUMBER,
3360 .type = QEMU_OPT_BOOL,
3363 .type = QEMU_OPT_BOOL,
3366 .type = QEMU_OPT_BOOL,
3369 .type = QEMU_OPT_BOOL,
3371 .name = "lock-key-sync",
3372 .type = QEMU_OPT_BOOL,
3374 .name = "key-delay-ms",
3375 .type = QEMU_OPT_NUMBER,
3378 .type = QEMU_OPT_BOOL,
3380 /* Deprecated in favour of tls-creds */
3382 .type = QEMU_OPT_BOOL,
3384 /* Deprecated in favour of tls-creds */
3385 .name = "x509verify",
3386 .type = QEMU_OPT_STRING,
3389 .type = QEMU_OPT_BOOL,
3392 .type = QEMU_OPT_BOOL,
3394 .name = "non-adaptive",
3395 .type = QEMU_OPT_BOOL,
3397 { /* end of list */ }
3403 vnc_display_setup_auth(int *auth,
3405 QCryptoTLSCreds *tlscreds,
3412 * We have a choice of 3 authentication options
3418 * The channel can be run in 2 modes
3423 * And TLS can use 2 types of credentials
3428 * We thus have 9 possible logical combinations
3433 * 4. tls + anon + none
3434 * 5. tls + anon + vnc
3435 * 6. tls + anon + sasl
3436 * 7. tls + x509 + none
3437 * 8. tls + x509 + vnc
3438 * 9. tls + x509 + sasl
3440 * These need to be mapped into the VNC auth schemes
3441 * in an appropriate manner. In regular VNC, all the
3442 * TLS options get mapped into VNC_AUTH_VENCRYPT
3445 * In websockets, the https:// protocol already provides
3446 * TLS support, so there is no need to make use of the
3447 * VeNCrypt extension. Furthermore, websockets browser
3448 * clients could not use VeNCrypt even if they wanted to,
3449 * as they cannot control when the TLS handshake takes
3450 * place. Thus there is no option but to rely on https://,
3451 * meaning combinations 4->6 and 7->9 will be mapped to
3452 * VNC auth schemes in the same way as combos 1->3.
3454 * Regardless of fact that we have a different mapping to
3455 * VNC auth mechs for plain VNC vs websockets VNC, the end
3456 * result has the same security characteristics.
3458 if (websocket || !tlscreds) {
3460 VNC_DEBUG("Initializing VNC server with password auth\n");
3461 *auth = VNC_AUTH_VNC;
3463 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3464 *auth = VNC_AUTH_SASL;
3466 VNC_DEBUG("Initializing VNC server with no auth\n");
3467 *auth = VNC_AUTH_NONE;
3469 *subauth = VNC_AUTH_INVALID;
3471 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3472 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3473 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3474 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3476 if (!is_x509 && !is_anon) {
3478 "Unsupported TLS cred type %s",
3479 object_get_typename(OBJECT(tlscreds)));
3482 *auth = VNC_AUTH_VENCRYPT;
3485 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3486 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3488 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3489 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3494 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3495 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3497 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3498 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3502 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3503 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3505 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3506 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3515 * Handle back compat with old CLI syntax by creating some
3516 * suitable QCryptoTLSCreds objects
3518 static QCryptoTLSCreds *
3519 vnc_display_create_creds(bool x509,
3525 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3526 Object *parent = object_get_objects_root();
3531 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3535 "endpoint", "server",
3537 "verify-peer", x509verify ? "yes" : "no",
3540 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3544 "endpoint", "server",
3551 error_propagate(errp, err);
3555 return QCRYPTO_TLS_CREDS(creds);
3559 static int vnc_display_get_address(const char *addrstr,
3568 SocketAddress **retaddr,
3572 SocketAddress *addr = NULL;
3574 addr = g_new0(SocketAddress, 1);
3576 if (strncmp(addrstr, "unix:", 5) == 0) {
3577 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3578 addr->u.q_unix.path = g_strdup(addrstr + 5);
3581 error_setg(errp, "UNIX sockets not supported with websock");
3586 error_setg(errp, "Port range not support with UNIX socket");
3593 unsigned long long baseport = 0;
3594 InetSocketAddress *inet;
3596 port = strrchr(addrstr, ':');
3602 error_setg(errp, "no vnc port specified");
3606 hostlen = port - addrstr;
3608 if (*port == '\0') {
3609 error_setg(errp, "vnc port cannot be empty");
3614 addr->type = SOCKET_ADDRESS_TYPE_INET;
3615 inet = &addr->u.inet;
3616 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3617 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3619 inet->host = g_strndup(addrstr, hostlen);
3621 /* plain VNC port is just an offset, for websocket
3622 * port is absolute */
3624 if (g_str_equal(addrstr, "") ||
3625 g_str_equal(addrstr, "on")) {
3626 if (displaynum == -1) {
3627 error_setg(errp, "explicit websocket port is required");
3630 inet->port = g_strdup_printf(
3631 "%d", displaynum + 5700);
3633 inet->has_to = true;
3634 inet->to = to + 5700;
3637 inet->port = g_strdup(port);
3640 int offset = reverse ? 0 : 5900;
3641 if (parse_uint_full(port, &baseport, 10) < 0) {
3642 error_setg(errp, "can't convert to a number: %s", port);
3645 if (baseport > 65535 ||
3646 baseport + offset > 65535) {
3647 error_setg(errp, "port %s out of range", port);
3650 inet->port = g_strdup_printf(
3651 "%d", (int)baseport + offset);
3654 inet->has_to = true;
3655 inet->to = to + offset;
3660 inet->has_ipv4 = has_ipv4;
3662 inet->has_ipv6 = has_ipv6;
3671 qapi_free_SocketAddress(addr);
3676 static void vnc_free_addresses(SocketAddress ***retsaddr,
3681 for (i = 0; i < *retnsaddr; i++) {
3682 qapi_free_SocketAddress((*retsaddr)[i]);
3690 static int vnc_display_get_addresses(QemuOpts *opts,
3692 SocketAddress ***retsaddr,
3694 SocketAddress ***retwsaddr,
3698 SocketAddress *saddr = NULL;
3699 SocketAddress *wsaddr = NULL;
3700 QemuOptsIter addriter;
3702 int to = qemu_opt_get_number(opts, "to", 0);
3703 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3704 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3705 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3706 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3707 int displaynum = -1;
3715 addr = qemu_opt_get(opts, "vnc");
3716 if (addr == NULL || g_str_equal(addr, "none")) {
3720 if (qemu_opt_get(opts, "websocket") &&
3721 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3723 "SHA1 hash support is required for websockets");
3727 qemu_opt_iter_init(&addriter, opts, "vnc");
3728 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3730 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3737 /* Historical compat - first listen address can be used
3738 * to set the default websocket port
3740 if (displaynum == -1) {
3743 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3744 (*retsaddr)[(*retnsaddr)++] = saddr;
3747 /* If we had multiple primary displays, we don't do defaults
3748 * for websocket, and require explicit config instead. */
3749 if (*retnsaddr > 1) {
3753 qemu_opt_iter_init(&addriter, opts, "websocket");
3754 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3755 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3758 &wsaddr, errp) < 0) {
3762 /* Historical compat - if only a single listen address was
3763 * provided, then this is used to set the default listen
3764 * address for websocket too
3766 if (*retnsaddr == 1 &&
3767 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3768 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3769 g_str_equal(wsaddr->u.inet.host, "") &&
3770 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3771 g_free(wsaddr->u.inet.host);
3772 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3775 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3776 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3782 vnc_free_addresses(retsaddr, retnsaddr);
3783 vnc_free_addresses(retwsaddr, retnwsaddr);
3788 static int vnc_display_connect(VncDisplay *vd,
3789 SocketAddress **saddr,
3791 SocketAddress **wsaddr,
3795 /* connect to viewer */
3796 QIOChannelSocket *sioc = NULL;
3798 error_setg(errp, "Cannot use websockets in reverse mode");
3802 error_setg(errp, "Expected a single address in reverse mode");
3805 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3806 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3807 sioc = qio_channel_socket_new();
3808 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3809 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3812 vnc_connect(vd, sioc, false, false);
3813 object_unref(OBJECT(sioc));
3818 static int vnc_display_listen(VncDisplay *vd,
3819 SocketAddress **saddr,
3821 SocketAddress **wsaddr,
3828 vd->listener = qio_net_listener_new();
3829 qio_net_listener_set_name(vd->listener, "vnc-listen");
3830 for (i = 0; i < nsaddr; i++) {
3831 if (qio_net_listener_open_sync(vd->listener,
3838 qio_net_listener_set_client_func(vd->listener,
3839 vnc_listen_io, vd, NULL);
3843 vd->wslistener = qio_net_listener_new();
3844 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3845 for (i = 0; i < nwsaddr; i++) {
3846 if (qio_net_listener_open_sync(vd->wslistener,
3853 qio_net_listener_set_client_func(vd->wslistener,
3854 vnc_listen_io, vd, NULL);
3861 void vnc_display_open(const char *id, Error **errp)
3863 VncDisplay *vd = vnc_display_find(id);
3864 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3865 SocketAddress **saddr = NULL, **wsaddr = NULL;
3866 size_t nsaddr, nwsaddr;
3867 const char *share, *device_id;
3869 bool password = false;
3870 bool reverse = false;
3873 #ifdef CONFIG_VNC_SASL
3877 int lock_key_sync = 1;
3881 error_setg(errp, "VNC display not active");
3884 vnc_display_close(vd);
3890 reverse = qemu_opt_get_bool(opts, "reverse", false);
3891 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3892 &wsaddr, &nwsaddr, errp) < 0) {
3896 password = qemu_opt_get_bool(opts, "password", false);
3898 if (fips_get_state()) {
3900 "VNC password auth disabled due to FIPS mode, "
3901 "consider using the VeNCrypt or SASL authentication "
3902 "methods as an alternative");
3905 if (!qcrypto_cipher_supports(
3906 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3908 "Cipher backend does not support DES RFB algorithm");
3913 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3914 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3915 sasl = qemu_opt_get_bool(opts, "sasl", false);
3916 #ifndef CONFIG_VNC_SASL
3918 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3921 #endif /* CONFIG_VNC_SASL */
3922 credid = qemu_opt_get(opts, "tls-creds");
3925 if (qemu_opt_get(opts, "tls") ||
3926 qemu_opt_get(opts, "x509") ||
3927 qemu_opt_get(opts, "x509verify")) {
3929 "'tls-creds' parameter is mutually exclusive with "
3930 "'tls', 'x509' and 'x509verify' parameters");
3934 creds = object_resolve_path_component(
3935 object_get_objects_root(), credid);
3937 error_setg(errp, "No TLS credentials with id '%s'",
3941 vd->tlscreds = (QCryptoTLSCreds *)
3942 object_dynamic_cast(creds,
3943 TYPE_QCRYPTO_TLS_CREDS);
3944 if (!vd->tlscreds) {
3945 error_setg(errp, "Object with id '%s' is not TLS credentials",
3949 object_ref(OBJECT(vd->tlscreds));
3951 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3953 "Expecting TLS credentials with a server endpoint");
3958 bool tls = false, x509 = false, x509verify = false;
3959 tls = qemu_opt_get_bool(opts, "tls", false);
3961 path = qemu_opt_get(opts, "x509");
3966 path = qemu_opt_get(opts, "x509verify");
3972 vd->tlscreds = vnc_display_create_creds(x509,
3977 if (!vd->tlscreds) {
3982 acl = qemu_opt_get_bool(opts, "acl", false);
3984 share = qemu_opt_get(opts, "share");
3986 if (strcmp(share, "ignore") == 0) {
3987 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3988 } else if (strcmp(share, "allow-exclusive") == 0) {
3989 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3990 } else if (strcmp(share, "force-shared") == 0) {
3991 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3993 error_setg(errp, "unknown vnc share= option");
3997 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3999 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4001 #ifdef CONFIG_VNC_JPEG
4002 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4004 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4005 /* adaptive updates are only used with tight encoding and
4006 * if lossy updates are enabled so we can disable all the
4007 * calculations otherwise */
4009 vd->non_adaptive = true;
4013 if (strcmp(vd->id, "default") == 0) {
4014 vd->tlsaclname = g_strdup("vnc.x509dname");
4016 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
4018 qemu_acl_init(vd->tlsaclname);
4020 #ifdef CONFIG_VNC_SASL
4024 if (strcmp(vd->id, "default") == 0) {
4025 aclname = g_strdup("vnc.username");
4027 aclname = g_strdup_printf("vnc.%s.username", vd->id);
4029 vd->sasl.acl = qemu_acl_init(aclname);
4034 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4035 vd->tlscreds, password,
4036 sasl, false, errp) < 0) {
4039 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4041 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4042 vd->tlscreds, password,
4043 sasl, true, errp) < 0) {
4046 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4048 #ifdef CONFIG_VNC_SASL
4049 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
4050 error_setg(errp, "Failed to initialize SASL auth: %s",
4051 sasl_errstring(saslErr, NULL, NULL));
4055 vd->lock_key_sync = lock_key_sync;
4056 if (lock_key_sync) {
4057 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4060 vd->key_delay_ms = key_delay_ms;
4062 device_id = qemu_opt_get(opts, "display");
4064 int head = qemu_opt_get_number(opts, "head", 0);
4067 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4069 error_propagate(errp, err);
4076 if (con != vd->dcl.con) {
4077 unregister_displaychangelistener(&vd->dcl);
4079 register_displaychangelistener(&vd->dcl);
4082 if (saddr == NULL) {
4087 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4091 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4096 if (qemu_opt_get(opts, "to")) {
4097 vnc_display_print_local_addr(vd);
4101 vnc_free_addresses(&saddr, &nsaddr);
4102 vnc_free_addresses(&wsaddr, &nwsaddr);
4106 vnc_display_close(vd);
4110 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4112 VncDisplay *vd = vnc_display_find(id);
4113 QIOChannelSocket *sioc;
4119 sioc = qio_channel_socket_new_fd(csock, NULL);
4121 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4122 vnc_connect(vd, sioc, skipauth, false);
4123 object_unref(OBJECT(sioc));
4127 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4132 id = g_strdup("default");
4133 while (qemu_opts_find(olist, id)) {
4135 id = g_strdup_printf("vnc%d", i++);
4137 qemu_opts_set_id(opts, id);
4140 QemuOpts *vnc_parse(const char *str, Error **errp)
4142 QemuOptsList *olist = qemu_find_opts("vnc");
4143 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4150 id = qemu_opts_id(opts);
4152 /* auto-assign id if not present */
4153 vnc_auto_assign_id(olist, opts);
4158 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4160 Error *local_err = NULL;
4161 char *id = (char *)qemu_opts_id(opts);
4164 vnc_display_init(id);
4165 vnc_display_open(id, &local_err);
4166 if (local_err != NULL) {
4167 error_reportf_err(local_err, "Failed to start VNC server: ");
4173 static void vnc_register_config(void)
4175 qemu_add_opts(&qemu_vnc_opts);
4177 opts_init(vnc_register_config);
projects / qemu.git / blob