2 * QEMU VNC display driver
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
27 #include "qemu/osdep.h"
31 #include "sysemu/sysemu.h"
32 #include "qemu/error-report.h"
33 #include "qemu/option.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qapi-events.h"
39 #include "qapi/error.h"
40 #include "qapi/qapi-commands-ui.h"
42 #include "crypto/hash.h"
43 #include "crypto/tlscredsanon.h"
44 #include "crypto/tlscredsx509.h"
45 #include "qom/object_interfaces.h"
46 #include "qemu/cutils.h"
47 #include "io/dns-resolver.h"
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63 static void vnc_update_throttle_offset(VncState *vs);
65 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
68 static const char *mn[] = {
70 [VNC_SHARE_MODE_CONNECTING] = "connecting",
71 [VNC_SHARE_MODE_SHARED] = "shared",
72 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
73 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
75 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
76 vs->ioc, mn[vs->share_mode], mn[mode]);
79 switch (vs->share_mode) {
80 case VNC_SHARE_MODE_CONNECTING:
81 vs->vd->num_connecting--;
83 case VNC_SHARE_MODE_SHARED:
86 case VNC_SHARE_MODE_EXCLUSIVE:
87 vs->vd->num_exclusive--;
93 vs->share_mode = mode;
95 switch (vs->share_mode) {
96 case VNC_SHARE_MODE_CONNECTING:
97 vs->vd->num_connecting++;
99 case VNC_SHARE_MODE_SHARED:
100 vs->vd->num_shared++;
102 case VNC_SHARE_MODE_EXCLUSIVE:
103 vs->vd->num_exclusive++;
111 static void vnc_init_basic_info(SocketAddress *addr,
115 switch (addr->type) {
116 case SOCKET_ADDRESS_TYPE_INET:
117 info->host = g_strdup(addr->u.inet.host);
118 info->service = g_strdup(addr->u.inet.port);
119 if (addr->u.inet.ipv6) {
120 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
122 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
126 case SOCKET_ADDRESS_TYPE_UNIX:
127 info->host = g_strdup("");
128 info->service = g_strdup(addr->u.q_unix.path);
129 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
132 case SOCKET_ADDRESS_TYPE_VSOCK:
133 case SOCKET_ADDRESS_TYPE_FD:
134 error_setg(errp, "Unsupported socket address type %s",
135 SocketAddressType_str(addr->type));
144 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
148 SocketAddress *addr = NULL;
151 error_setg(errp, "No listener socket available");
155 addr = qio_channel_socket_get_local_address(ioc, errp);
160 vnc_init_basic_info(addr, info, errp);
161 qapi_free_SocketAddress(addr);
164 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
168 SocketAddress *addr = NULL;
170 addr = qio_channel_socket_get_remote_address(ioc, errp);
175 vnc_init_basic_info(addr, info, errp);
176 qapi_free_SocketAddress(addr);
179 static const char *vnc_auth_name(VncDisplay *vd) {
181 case VNC_AUTH_INVALID:
197 case VNC_AUTH_VENCRYPT:
198 switch (vd->subauth) {
199 case VNC_AUTH_VENCRYPT_PLAIN:
200 return "vencrypt+plain";
201 case VNC_AUTH_VENCRYPT_TLSNONE:
202 return "vencrypt+tls+none";
203 case VNC_AUTH_VENCRYPT_TLSVNC:
204 return "vencrypt+tls+vnc";
205 case VNC_AUTH_VENCRYPT_TLSPLAIN:
206 return "vencrypt+tls+plain";
207 case VNC_AUTH_VENCRYPT_X509NONE:
208 return "vencrypt+x509+none";
209 case VNC_AUTH_VENCRYPT_X509VNC:
210 return "vencrypt+x509+vnc";
211 case VNC_AUTH_VENCRYPT_X509PLAIN:
212 return "vencrypt+x509+plain";
213 case VNC_AUTH_VENCRYPT_TLSSASL:
214 return "vencrypt+tls+sasl";
215 case VNC_AUTH_VENCRYPT_X509SASL:
216 return "vencrypt+x509+sasl";
226 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
231 if (!vd->listener || !vd->listener->nsioc) {
235 info = g_malloc0(sizeof(*info));
236 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
237 qapi_VncServerInfo_base(info), &err);
238 info->has_auth = true;
239 info->auth = g_strdup(vnc_auth_name(vd));
241 qapi_free_VncServerInfo(info);
248 static void vnc_client_cache_auth(VncState *client)
255 client->info->x509_dname =
256 qcrypto_tls_session_get_peer_name(client->tls);
257 client->info->has_x509_dname =
258 client->info->x509_dname != NULL;
260 #ifdef CONFIG_VNC_SASL
261 if (client->sasl.conn &&
262 client->sasl.username) {
263 client->info->has_sasl_username = true;
264 client->info->sasl_username = g_strdup(client->sasl.username);
269 static void vnc_client_cache_addr(VncState *client)
273 client->info = g_malloc0(sizeof(*client->info));
274 vnc_init_basic_info_from_remote_addr(client->sioc,
275 qapi_VncClientInfo_base(client->info),
278 qapi_free_VncClientInfo(client->info);
284 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
292 si = vnc_server_info_get(vs->vd);
298 case QAPI_EVENT_VNC_CONNECTED:
299 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
302 case QAPI_EVENT_VNC_INITIALIZED:
303 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
305 case QAPI_EVENT_VNC_DISCONNECTED:
306 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
312 qapi_free_VncServerInfo(si);
315 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
320 info = g_malloc0(sizeof(*info));
322 vnc_init_basic_info_from_remote_addr(client->sioc,
323 qapi_VncClientInfo_base(info),
327 qapi_free_VncClientInfo(info);
331 info->websocket = client->websocket;
334 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
335 info->has_x509_dname = info->x509_dname != NULL;
337 #ifdef CONFIG_VNC_SASL
338 if (client->sasl.conn && client->sasl.username) {
339 info->has_sasl_username = true;
340 info->sasl_username = g_strdup(client->sasl.username);
347 static VncDisplay *vnc_display_find(const char *id)
352 return QTAILQ_FIRST(&vnc_displays);
354 QTAILQ_FOREACH(vd, &vnc_displays, next) {
355 if (strcmp(id, vd->id) == 0) {
362 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
364 VncClientInfoList *cinfo, *prev = NULL;
367 QTAILQ_FOREACH(client, &vd->clients, next) {
368 cinfo = g_new0(VncClientInfoList, 1);
369 cinfo->value = qmp_query_vnc_client(client);
376 VncInfo *qmp_query_vnc(Error **errp)
378 VncInfo *info = g_malloc0(sizeof(*info));
379 VncDisplay *vd = vnc_display_find(NULL);
380 SocketAddress *addr = NULL;
382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
383 info->enabled = false;
385 info->enabled = true;
387 /* for compatibility with the original command */
388 info->has_clients = true;
389 info->clients = qmp_query_client_list(vd);
391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
397 switch (addr->type) {
398 case SOCKET_ADDRESS_TYPE_INET:
399 info->host = g_strdup(addr->u.inet.host);
400 info->service = g_strdup(addr->u.inet.port);
401 if (addr->u.inet.ipv6) {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
404 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
408 case SOCKET_ADDRESS_TYPE_UNIX:
409 info->host = g_strdup("");
410 info->service = g_strdup(addr->u.q_unix.path);
411 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
414 case SOCKET_ADDRESS_TYPE_VSOCK:
415 case SOCKET_ADDRESS_TYPE_FD:
416 error_setg(errp, "Unsupported socket address type %s",
417 SocketAddressType_str(addr->type));
423 info->has_host = true;
424 info->has_service = true;
425 info->has_family = true;
427 info->has_auth = true;
428 info->auth = g_strdup(vnc_auth_name(vd));
431 qapi_free_SocketAddress(addr);
435 qapi_free_SocketAddress(addr);
436 qapi_free_VncInfo(info);
441 static void qmp_query_auth(int auth, int subauth,
442 VncPrimaryAuth *qmp_auth,
443 VncVencryptSubAuth *qmp_vencrypt,
444 bool *qmp_has_vencrypt);
446 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
450 VncServerInfo2List *prev)
452 VncServerInfo2List *list;
453 VncServerInfo2 *info;
457 addr = qio_channel_socket_get_local_address(ioc, &err);
463 info = g_new0(VncServerInfo2, 1);
464 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
465 qapi_free_SocketAddress(addr);
467 qapi_free_VncServerInfo2(info);
471 info->websocket = websocket;
473 qmp_query_auth(auth, subauth, &info->auth,
474 &info->vencrypt, &info->has_vencrypt);
476 list = g_new0(VncServerInfo2List, 1);
482 static void qmp_query_auth(int auth, int subauth,
483 VncPrimaryAuth *qmp_auth,
484 VncVencryptSubAuth *qmp_vencrypt,
485 bool *qmp_has_vencrypt)
489 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
492 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
495 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
498 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
501 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
504 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
506 case VNC_AUTH_VENCRYPT:
507 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
508 *qmp_has_vencrypt = true;
510 case VNC_AUTH_VENCRYPT_PLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
513 case VNC_AUTH_VENCRYPT_TLSNONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
516 case VNC_AUTH_VENCRYPT_TLSVNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
519 case VNC_AUTH_VENCRYPT_TLSPLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
522 case VNC_AUTH_VENCRYPT_X509NONE:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
525 case VNC_AUTH_VENCRYPT_X509VNC:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
528 case VNC_AUTH_VENCRYPT_X509PLAIN:
529 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
531 case VNC_AUTH_VENCRYPT_TLSSASL:
532 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
534 case VNC_AUTH_VENCRYPT_X509SASL:
535 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
538 *qmp_has_vencrypt = false;
543 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
547 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
552 VncInfo2List *qmp_query_vnc_servers(Error **errp)
554 VncInfo2List *item, *prev = NULL;
560 QTAILQ_FOREACH(vd, &vnc_displays, next) {
561 info = g_new0(VncInfo2, 1);
562 info->id = g_strdup(vd->id);
563 info->clients = qmp_query_client_list(vd);
564 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
565 &info->vencrypt, &info->has_vencrypt);
567 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
569 info->has_display = true;
570 info->display = g_strdup(dev->id);
572 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
573 info->server = qmp_query_server_entry(
574 vd->listener->sioc[i], false, vd->auth, vd->subauth,
577 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
578 info->server = qmp_query_server_entry(
579 vd->wslistener->sioc[i], true, vd->ws_auth,
580 vd->ws_subauth, info->server);
583 item = g_new0(VncInfo2List, 1);
592 1) Get the queue working for IO.
593 2) there is some weirdness when using the -S option (the screen is grey
594 and not totally invalidated
595 3) resolutions > 1024
598 static int vnc_update_client(VncState *vs, int has_dirty);
599 static void vnc_disconnect_start(VncState *vs);
601 static void vnc_colordepth(VncState *vs);
602 static void framebuffer_update_request(VncState *vs, int incremental,
603 int x_position, int y_position,
605 static void vnc_refresh(DisplayChangeListener *dcl);
606 static int vnc_refresh_server_surface(VncDisplay *vd);
608 static int vnc_width(VncDisplay *vd)
610 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
611 VNC_DIRTY_PIXELS_PER_BIT));
614 static int vnc_height(VncDisplay *vd)
616 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
619 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
620 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
622 int x, int y, int w, int h)
624 int width = vnc_width(vd);
625 int height = vnc_height(vd);
627 /* this is needed this to ensure we updated all affected
628 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
629 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
630 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
634 w = MIN(x + w, width) - x;
635 h = MIN(y + h, height);
638 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
639 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
643 static void vnc_dpy_update(DisplayChangeListener *dcl,
644 int x, int y, int w, int h)
646 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
647 struct VncSurface *s = &vd->guest;
649 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
652 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
655 vnc_write_u16(vs, x);
656 vnc_write_u16(vs, y);
657 vnc_write_u16(vs, w);
658 vnc_write_u16(vs, h);
660 vnc_write_s32(vs, encoding);
664 static void vnc_desktop_resize(VncState *vs)
666 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
669 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
670 vs->client_height == pixman_image_get_height(vs->vd->server)) {
674 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
675 pixman_image_get_width(vs->vd->server) >= 0);
676 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
677 pixman_image_get_height(vs->vd->server) >= 0);
678 vs->client_width = pixman_image_get_width(vs->vd->server);
679 vs->client_height = pixman_image_get_height(vs->vd->server);
681 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
683 vnc_write_u16(vs, 1); /* number of rects */
684 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
685 VNC_ENCODING_DESKTOPRESIZE);
686 vnc_unlock_output(vs);
690 static void vnc_abort_display_jobs(VncDisplay *vd)
694 QTAILQ_FOREACH(vs, &vd->clients, next) {
697 vnc_unlock_output(vs);
699 QTAILQ_FOREACH(vs, &vd->clients, next) {
702 QTAILQ_FOREACH(vs, &vd->clients, next) {
705 vnc_unlock_output(vs);
709 int vnc_server_fb_stride(VncDisplay *vd)
711 return pixman_image_get_stride(vd->server);
714 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
718 ptr = (uint8_t *)pixman_image_get_data(vd->server);
719 ptr += y * vnc_server_fb_stride(vd);
720 ptr += x * VNC_SERVER_FB_BYTES;
724 static void vnc_update_server_surface(VncDisplay *vd)
728 qemu_pixman_image_unref(vd->server);
731 if (QTAILQ_EMPTY(&vd->clients)) {
735 width = vnc_width(vd);
736 height = vnc_height(vd);
737 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
741 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
742 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
746 static void vnc_dpy_switch(DisplayChangeListener *dcl,
747 DisplaySurface *surface)
749 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
752 vnc_abort_display_jobs(vd);
756 vnc_update_server_surface(vd);
759 qemu_pixman_image_unref(vd->guest.fb);
760 vd->guest.fb = pixman_image_ref(surface->image);
761 vd->guest.format = surface->format;
763 QTAILQ_FOREACH(vs, &vd->clients, next) {
765 vnc_desktop_resize(vs);
766 if (vs->vd->cursor) {
767 vnc_cursor_define(vs);
769 memset(vs->dirty, 0x00, sizeof(vs->dirty));
770 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
773 vnc_update_throttle_offset(vs);
778 static void vnc_write_pixels_copy(VncState *vs,
779 void *pixels, int size)
781 vnc_write(vs, pixels, size);
784 /* slowest but generic code. */
785 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
789 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
790 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
791 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
792 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
794 # error need some bits here if you change VNC_SERVER_FB_FORMAT
796 v = (r << vs->client_pf.rshift) |
797 (g << vs->client_pf.gshift) |
798 (b << vs->client_pf.bshift);
799 switch (vs->client_pf.bytes_per_pixel) {
829 static void vnc_write_pixels_generic(VncState *vs,
830 void *pixels1, int size)
834 if (VNC_SERVER_FB_BYTES == 4) {
835 uint32_t *pixels = pixels1;
838 for (i = 0; i < n; i++) {
839 vnc_convert_pixel(vs, buf, pixels[i]);
840 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
845 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
849 VncDisplay *vd = vs->vd;
851 row = vnc_server_fb_ptr(vd, x, y);
852 for (i = 0; i < h; i++) {
853 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
854 row += vnc_server_fb_stride(vd);
859 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
862 bool encode_raw = false;
863 size_t saved_offs = vs->output.offset;
865 switch(vs->vnc_encoding) {
866 case VNC_ENCODING_ZLIB:
867 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
869 case VNC_ENCODING_HEXTILE:
870 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
871 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
873 case VNC_ENCODING_TIGHT:
874 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
876 case VNC_ENCODING_TIGHT_PNG:
877 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
879 case VNC_ENCODING_ZRLE:
880 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
882 case VNC_ENCODING_ZYWRLE:
883 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
890 /* If the client has the same pixel format as our internal buffer and
891 * a RAW encoding would need less space fall back to RAW encoding to
892 * save bandwidth and processing power in the client. */
893 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
894 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
895 vs->output.offset = saved_offs;
900 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
901 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
907 static void vnc_mouse_set(DisplayChangeListener *dcl,
908 int x, int y, int visible)
910 /* can we ask the client(s) to move the pointer ??? */
913 static int vnc_cursor_define(VncState *vs)
915 QEMUCursor *c = vs->vd->cursor;
918 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
920 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
921 vnc_write_u8(vs, 0); /* padding */
922 vnc_write_u16(vs, 1); /* # of rects */
923 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
924 VNC_ENCODING_RICH_CURSOR);
925 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
926 vnc_write_pixels_generic(vs, c->data, isize);
927 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
928 vnc_unlock_output(vs);
934 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
937 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
940 cursor_put(vd->cursor);
941 g_free(vd->cursor_mask);
944 cursor_get(vd->cursor);
945 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
946 vd->cursor_mask = g_malloc0(vd->cursor_msize);
947 cursor_get_mono_mask(c, 0, vd->cursor_mask);
949 QTAILQ_FOREACH(vs, &vd->clients, next) {
950 vnc_cursor_define(vs);
954 static int find_and_clear_dirty_height(VncState *vs,
955 int y, int last_x, int x, int height)
959 for (h = 1; h < (height - y); h++) {
960 if (!test_bit(last_x, vs->dirty[y + h])) {
963 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
970 * Figure out how much pending data we should allow in the output
971 * buffer before we throttle incremental display updates, and/or
972 * drop audio samples.
974 * We allow for equiv of 1 full display's worth of FB updates,
975 * and 1 second of audio samples. If audio backlog was larger
976 * than that the client would already suffering awful audio
977 * glitches, so dropping samples is no worse really).
979 static void vnc_update_throttle_offset(VncState *vs)
982 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
986 switch (vs->as.fmt) {
1001 offset += vs->as.freq * bps * vs->as.nchannels;
1004 /* Put a floor of 1MB on offset, so that if we have a large pending
1005 * buffer and the display is resized to a small size & back again
1006 * we don't suddenly apply a tiny send limit
1008 offset = MAX(offset, 1024 * 1024);
1010 if (vs->throttle_output_offset != offset) {
1011 trace_vnc_client_throttle_threshold(
1012 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1013 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1016 vs->throttle_output_offset = offset;
1019 static bool vnc_should_update(VncState *vs)
1021 switch (vs->update) {
1022 case VNC_STATE_UPDATE_NONE:
1024 case VNC_STATE_UPDATE_INCREMENTAL:
1025 /* Only allow incremental updates if the pending send queue
1026 * is less than the permitted threshold, and the job worker
1027 * is completely idle.
1029 if (vs->output.offset < vs->throttle_output_offset &&
1030 vs->job_update == VNC_STATE_UPDATE_NONE) {
1033 trace_vnc_client_throttle_incremental(
1034 vs, vs->ioc, vs->job_update, vs->output.offset);
1036 case VNC_STATE_UPDATE_FORCE:
1037 /* Only allow forced updates if the pending send queue
1038 * does not contain a previous forced update, and the
1039 * job worker is completely idle.
1041 * Note this means we'll queue a forced update, even if
1042 * the output buffer size is otherwise over the throttle
1045 if (vs->force_update_offset == 0 &&
1046 vs->job_update == VNC_STATE_UPDATE_NONE) {
1049 trace_vnc_client_throttle_forced(
1050 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1056 static int vnc_update_client(VncState *vs, int has_dirty)
1058 VncDisplay *vd = vs->vd;
1064 if (vs->disconnecting) {
1065 vnc_disconnect_finish(vs);
1069 vs->has_dirty += has_dirty;
1070 if (!vnc_should_update(vs)) {
1074 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1079 * Send screen updates to the vnc client using the server
1080 * surface and server dirty map. guest surface updates
1081 * happening in parallel don't disturb us, the next pass will
1082 * send them to the client.
1084 job = vnc_job_new(vs);
1086 height = pixman_image_get_height(vd->server);
1087 width = pixman_image_get_width(vd->server);
1093 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1094 height * VNC_DIRTY_BPL(vs),
1095 y * VNC_DIRTY_BPL(vs));
1096 if (offset == height * VNC_DIRTY_BPL(vs)) {
1097 /* no more dirty bits */
1100 y = offset / VNC_DIRTY_BPL(vs);
1101 x = offset % VNC_DIRTY_BPL(vs);
1102 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1103 VNC_DIRTY_BPL(vs), x);
1104 bitmap_clear(vs->dirty[y], x, x2 - x);
1105 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1106 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1108 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1109 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1111 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1119 vs->job_update = vs->update;
1120 vs->update = VNC_STATE_UPDATE_NONE;
1127 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1129 VncState *vs = opaque;
1132 case AUD_CNOTIFY_DISABLE:
1133 vnc_lock_output(vs);
1134 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1135 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1136 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1137 vnc_unlock_output(vs);
1141 case AUD_CNOTIFY_ENABLE:
1142 vnc_lock_output(vs);
1143 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1144 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1145 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1146 vnc_unlock_output(vs);
1152 static void audio_capture_destroy(void *opaque)
1156 static void audio_capture(void *opaque, void *buf, int size)
1158 VncState *vs = opaque;
1160 vnc_lock_output(vs);
1161 if (vs->output.offset < vs->throttle_output_offset) {
1162 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1163 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1164 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1165 vnc_write_u32(vs, size);
1166 vnc_write(vs, buf, size);
1168 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1170 vnc_unlock_output(vs);
1174 static void audio_add(VncState *vs)
1176 struct audio_capture_ops ops;
1178 if (vs->audio_cap) {
1179 error_report("audio already running");
1183 ops.notify = audio_capture_notify;
1184 ops.destroy = audio_capture_destroy;
1185 ops.capture = audio_capture;
1187 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1188 if (!vs->audio_cap) {
1189 error_report("Failed to add audio capture");
1193 static void audio_del(VncState *vs)
1195 if (vs->audio_cap) {
1196 AUD_del_capture(vs->audio_cap, vs);
1197 vs->audio_cap = NULL;
1201 static void vnc_disconnect_start(VncState *vs)
1203 if (vs->disconnecting) {
1206 trace_vnc_client_disconnect_start(vs, vs->ioc);
1207 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1209 g_source_remove(vs->ioc_tag);
1212 qio_channel_close(vs->ioc, NULL);
1213 vs->disconnecting = TRUE;
1216 void vnc_disconnect_finish(VncState *vs)
1220 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1222 vnc_jobs_join(vs); /* Wait encoding jobs */
1224 vnc_lock_output(vs);
1225 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1227 buffer_free(&vs->input);
1228 buffer_free(&vs->output);
1230 qapi_free_VncClientInfo(vs->info);
1233 vnc_tight_clear(vs);
1236 #ifdef CONFIG_VNC_SASL
1237 vnc_sasl_client_cleanup(vs);
1238 #endif /* CONFIG_VNC_SASL */
1240 vnc_release_modifiers(vs);
1242 if (vs->mouse_mode_notifier.notify != NULL) {
1243 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1245 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1246 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1247 /* last client gone */
1248 vnc_update_server_surface(vs->vd);
1251 vnc_unlock_output(vs);
1253 qemu_mutex_destroy(&vs->output_mutex);
1254 if (vs->bh != NULL) {
1255 qemu_bh_delete(vs->bh);
1257 buffer_free(&vs->jobs_buffer);
1259 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1260 g_free(vs->lossy_rect[i]);
1262 g_free(vs->lossy_rect);
1264 object_unref(OBJECT(vs->ioc));
1266 object_unref(OBJECT(vs->sioc));
1271 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1275 trace_vnc_client_eof(vs, vs->ioc);
1276 vnc_disconnect_start(vs);
1277 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1278 trace_vnc_client_io_error(vs, vs->ioc,
1279 errp ? error_get_pretty(*errp) :
1281 vnc_disconnect_start(vs);
1294 void vnc_client_error(VncState *vs)
1296 VNC_DEBUG("Closing down client sock: protocol error\n");
1297 vnc_disconnect_start(vs);
1302 * Called to write a chunk of data to the client socket. The data may
1303 * be the raw data, or may have already been encoded by SASL.
1304 * The data will be written either straight onto the socket, or
1305 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1307 * NB, it is theoretically possible to have 2 layers of encryption,
1308 * both SASL, and this TLS layer. It is highly unlikely in practice
1309 * though, since SASL encryption will typically be a no-op if TLS
1312 * Returns the number of bytes written, which may be less than
1313 * the requested 'datalen' if the socket would block. Returns
1314 * 0 on I/O error, and disconnects the client socket.
1316 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1320 ret = qio_channel_write(
1321 vs->ioc, (const char *)data, datalen, &err);
1322 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1323 return vnc_client_io_error(vs, ret, &err);
1328 * Called to write buffered data to the client socket, when not
1329 * using any SASL SSF encryption layers. Will write as much data
1330 * as possible without blocking. If all buffered data is written,
1331 * will switch the FD poll() handler back to read monitoring.
1333 * Returns the number of bytes written, which may be less than
1334 * the buffered output data if the socket would block. Returns
1335 * 0 on I/O error, and disconnects the client socket.
1337 static size_t vnc_client_write_plain(VncState *vs)
1342 #ifdef CONFIG_VNC_SASL
1343 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1344 vs->output.buffer, vs->output.capacity, vs->output.offset,
1345 vs->sasl.waitWriteSSF);
1347 if (vs->sasl.conn &&
1349 vs->sasl.waitWriteSSF) {
1350 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1352 vs->sasl.waitWriteSSF -= ret;
1354 #endif /* CONFIG_VNC_SASL */
1355 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1359 if (ret >= vs->force_update_offset) {
1360 if (vs->force_update_offset != 0) {
1361 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1363 vs->force_update_offset = 0;
1365 vs->force_update_offset -= ret;
1367 offset = vs->output.offset;
1368 buffer_advance(&vs->output, ret);
1369 if (offset >= vs->throttle_output_offset &&
1370 vs->output.offset < vs->throttle_output_offset) {
1371 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1374 if (vs->output.offset == 0) {
1376 g_source_remove(vs->ioc_tag);
1378 vs->ioc_tag = qio_channel_add_watch(
1379 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1387 * First function called whenever there is data to be written to
1388 * the client socket. Will delegate actual work according to whether
1389 * SASL SSF layers are enabled (thus requiring encryption calls)
1391 static void vnc_client_write_locked(VncState *vs)
1393 #ifdef CONFIG_VNC_SASL
1394 if (vs->sasl.conn &&
1396 !vs->sasl.waitWriteSSF) {
1397 vnc_client_write_sasl(vs);
1399 #endif /* CONFIG_VNC_SASL */
1401 vnc_client_write_plain(vs);
1405 static void vnc_client_write(VncState *vs)
1408 vnc_lock_output(vs);
1409 if (vs->output.offset) {
1410 vnc_client_write_locked(vs);
1411 } else if (vs->ioc != NULL) {
1413 g_source_remove(vs->ioc_tag);
1415 vs->ioc_tag = qio_channel_add_watch(
1416 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1418 vnc_unlock_output(vs);
1421 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1423 vs->read_handler = func;
1424 vs->read_handler_expect = expecting;
1429 * Called to read a chunk of data from the client socket. The data may
1430 * be the raw data, or may need to be further decoded by SASL.
1431 * The data will be read either straight from to the socket, or
1432 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1434 * NB, it is theoretically possible to have 2 layers of encryption,
1435 * both SASL, and this TLS layer. It is highly unlikely in practice
1436 * though, since SASL encryption will typically be a no-op if TLS
1439 * Returns the number of bytes read, which may be less than
1440 * the requested 'datalen' if the socket would block. Returns
1441 * 0 on I/O error or EOF, and disconnects the client socket.
1443 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1447 ret = qio_channel_read(
1448 vs->ioc, (char *)data, datalen, &err);
1449 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1450 return vnc_client_io_error(vs, ret, &err);
1455 * Called to read data from the client socket to the input buffer,
1456 * when not using any SASL SSF encryption layers. Will read as much
1457 * data as possible without blocking.
1459 * Returns the number of bytes read, which may be less than
1460 * the requested 'datalen' if the socket would block. Returns
1461 * 0 on I/O error or EOF, and disconnects the client socket.
1463 static size_t vnc_client_read_plain(VncState *vs)
1466 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1467 vs->input.buffer, vs->input.capacity, vs->input.offset);
1468 buffer_reserve(&vs->input, 4096);
1469 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1472 vs->input.offset += ret;
1476 static void vnc_jobs_bh(void *opaque)
1478 VncState *vs = opaque;
1480 vnc_jobs_consume_buffer(vs);
1484 * First function called whenever there is more data to be read from
1485 * the client socket. Will delegate actual work according to whether
1486 * SASL SSF layers are enabled (thus requiring decryption calls)
1487 * Returns 0 on success, -1 if client disconnected
1489 static int vnc_client_read(VncState *vs)
1493 #ifdef CONFIG_VNC_SASL
1494 if (vs->sasl.conn && vs->sasl.runSSF)
1495 ret = vnc_client_read_sasl(vs);
1497 #endif /* CONFIG_VNC_SASL */
1498 ret = vnc_client_read_plain(vs);
1500 if (vs->disconnecting) {
1501 vnc_disconnect_finish(vs);
1507 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1508 size_t len = vs->read_handler_expect;
1511 ret = vs->read_handler(vs, vs->input.buffer, len);
1512 if (vs->disconnecting) {
1513 vnc_disconnect_finish(vs);
1518 buffer_advance(&vs->input, len);
1520 vs->read_handler_expect = ret;
1526 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1527 GIOCondition condition, void *opaque)
1529 VncState *vs = opaque;
1530 if (condition & G_IO_IN) {
1531 if (vnc_client_read(vs) < 0) {
1535 if (condition & G_IO_OUT) {
1536 vnc_client_write(vs);
1539 if (vs->disconnecting) {
1540 if (vs->ioc_tag != 0) {
1541 g_source_remove(vs->ioc_tag);
1550 * Scale factor to apply to vs->throttle_output_offset when checking for
1551 * hard limit. Worst case normal usage could be x2, if we have a complete
1552 * incremental update and complete forced update in the output buffer.
1553 * So x3 should be good enough, but we pick x5 to be conservative and thus
1554 * (hopefully) never trigger incorrectly.
1556 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1558 void vnc_write(VncState *vs, const void *data, size_t len)
1560 if (vs->disconnecting) {
1563 /* Protection against malicious client/guest to prevent our output
1564 * buffer growing without bound if client stops reading data. This
1565 * should rarely trigger, because we have earlier throttling code
1566 * which stops issuing framebuffer updates and drops audio data
1567 * if the throttle_output_offset value is exceeded. So we only reach
1568 * this higher level if a huge number of pseudo-encodings get
1569 * triggered while data can't be sent on the socket.
1571 * NB throttle_output_offset can be zero during early protocol
1572 * handshake, or from the job thread's VncState clone
1574 if (vs->throttle_output_offset != 0 &&
1575 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1576 vs->throttle_output_offset) {
1577 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1578 vs->throttle_output_offset);
1579 vnc_disconnect_start(vs);
1582 buffer_reserve(&vs->output, len);
1584 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1586 g_source_remove(vs->ioc_tag);
1588 vs->ioc_tag = qio_channel_add_watch(
1589 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1592 buffer_append(&vs->output, data, len);
1595 void vnc_write_s32(VncState *vs, int32_t value)
1597 vnc_write_u32(vs, *(uint32_t *)&value);
1600 void vnc_write_u32(VncState *vs, uint32_t value)
1604 buf[0] = (value >> 24) & 0xFF;
1605 buf[1] = (value >> 16) & 0xFF;
1606 buf[2] = (value >> 8) & 0xFF;
1607 buf[3] = value & 0xFF;
1609 vnc_write(vs, buf, 4);
1612 void vnc_write_u16(VncState *vs, uint16_t value)
1616 buf[0] = (value >> 8) & 0xFF;
1617 buf[1] = value & 0xFF;
1619 vnc_write(vs, buf, 2);
1622 void vnc_write_u8(VncState *vs, uint8_t value)
1624 vnc_write(vs, (char *)&value, 1);
1627 void vnc_flush(VncState *vs)
1629 vnc_lock_output(vs);
1630 if (vs->ioc != NULL && vs->output.offset) {
1631 vnc_client_write_locked(vs);
1633 if (vs->disconnecting) {
1634 if (vs->ioc_tag != 0) {
1635 g_source_remove(vs->ioc_tag);
1639 vnc_unlock_output(vs);
1642 static uint8_t read_u8(uint8_t *data, size_t offset)
1644 return data[offset];
1647 static uint16_t read_u16(uint8_t *data, size_t offset)
1649 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1652 static int32_t read_s32(uint8_t *data, size_t offset)
1654 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1655 (data[offset + 2] << 8) | data[offset + 3]);
1658 uint32_t read_u32(uint8_t *data, size_t offset)
1660 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1661 (data[offset + 2] << 8) | data[offset + 3]);
1664 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1668 static void check_pointer_type_change(Notifier *notifier, void *data)
1670 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1671 int absolute = qemu_input_is_absolute();
1673 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1674 vnc_lock_output(vs);
1675 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1676 vnc_write_u8(vs, 0);
1677 vnc_write_u16(vs, 1);
1678 vnc_framebuffer_update(vs, absolute, 0,
1679 pixman_image_get_width(vs->vd->server),
1680 pixman_image_get_height(vs->vd->server),
1681 VNC_ENCODING_POINTER_TYPE_CHANGE);
1682 vnc_unlock_output(vs);
1685 vs->absolute = absolute;
1688 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1690 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1691 [INPUT_BUTTON_LEFT] = 0x01,
1692 [INPUT_BUTTON_MIDDLE] = 0x02,
1693 [INPUT_BUTTON_RIGHT] = 0x04,
1694 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1695 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1697 QemuConsole *con = vs->vd->dcl.con;
1698 int width = pixman_image_get_width(vs->vd->server);
1699 int height = pixman_image_get_height(vs->vd->server);
1701 if (vs->last_bmask != button_mask) {
1702 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1703 vs->last_bmask = button_mask;
1707 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1708 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1709 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1710 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1711 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1713 if (vs->last_x != -1) {
1714 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1715 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1720 qemu_input_event_sync();
1723 static void reset_keys(VncState *vs)
1726 for(i = 0; i < 256; i++) {
1727 if (vs->modifiers_state[i]) {
1728 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1729 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1730 vs->modifiers_state[i] = 0;
1735 static void press_key(VncState *vs, int keysym)
1737 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym,
1738 false, false, false) & SCANCODE_KEYMASK;
1739 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1740 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1741 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1742 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1745 static void vnc_led_state_change(VncState *vs)
1747 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1751 vnc_lock_output(vs);
1752 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1753 vnc_write_u8(vs, 0);
1754 vnc_write_u16(vs, 1);
1755 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1756 vnc_write_u8(vs, vs->vd->ledstate);
1757 vnc_unlock_output(vs);
1761 static void kbd_leds(void *opaque, int ledstate)
1763 VncDisplay *vd = opaque;
1766 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1767 (ledstate & QEMU_NUM_LOCK_LED),
1768 (ledstate & QEMU_SCROLL_LOCK_LED));
1770 if (ledstate == vd->ledstate) {
1774 vd->ledstate = ledstate;
1776 QTAILQ_FOREACH(client, &vd->clients, next) {
1777 vnc_led_state_change(client);
1781 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1783 /* QEMU console switch */
1785 case 0x2a: /* Left Shift */
1786 case 0x36: /* Right Shift */
1787 case 0x1d: /* Left CTRL */
1788 case 0x9d: /* Right CTRL */
1789 case 0x38: /* Left ALT */
1790 case 0xb8: /* Right ALT */
1792 vs->modifiers_state[keycode] = 1;
1794 vs->modifiers_state[keycode] = 0;
1796 case 0x02 ... 0x0a: /* '1' to '9' keys */
1797 if (vs->vd->dcl.con == NULL &&
1798 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1799 /* Reset the modifiers sent to the current console */
1801 console_select(keycode - 0x02);
1805 case 0x3a: /* CapsLock */
1806 case 0x45: /* NumLock */
1808 vs->modifiers_state[keycode] ^= 1;
1812 /* Turn off the lock state sync logic if the client support the led
1815 if (down && vs->vd->lock_key_sync &&
1816 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1817 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1818 /* If the numlock state needs to change then simulate an additional
1819 keypress before sending this one. This will happen if the user
1820 toggles numlock away from the VNC window.
1822 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1823 if (!vs->modifiers_state[0x45]) {
1824 trace_vnc_key_sync_numlock(true);
1825 vs->modifiers_state[0x45] = 1;
1826 press_key(vs, 0xff7f);
1829 if (vs->modifiers_state[0x45]) {
1830 trace_vnc_key_sync_numlock(false);
1831 vs->modifiers_state[0x45] = 0;
1832 press_key(vs, 0xff7f);
1837 if (down && vs->vd->lock_key_sync &&
1838 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1839 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1840 /* If the capslock state needs to change then simulate an additional
1841 keypress before sending this one. This will happen if the user
1842 toggles capslock away from the VNC window.
1844 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1845 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1846 int capslock = !!(vs->modifiers_state[0x3a]);
1848 if (uppercase == shift) {
1849 trace_vnc_key_sync_capslock(false);
1850 vs->modifiers_state[0x3a] = 0;
1851 press_key(vs, 0xffe5);
1854 if (uppercase != shift) {
1855 trace_vnc_key_sync_capslock(true);
1856 vs->modifiers_state[0x3a] = 1;
1857 press_key(vs, 0xffe5);
1862 if (qemu_console_is_graphic(NULL)) {
1863 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1864 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1866 bool numlock = vs->modifiers_state[0x45];
1867 bool control = (vs->modifiers_state[0x1d] ||
1868 vs->modifiers_state[0x9d]);
1869 /* QEMU console emulation */
1872 case 0x2a: /* Left Shift */
1873 case 0x36: /* Right Shift */
1874 case 0x1d: /* Left CTRL */
1875 case 0x9d: /* Right CTRL */
1876 case 0x38: /* Left ALT */
1877 case 0xb8: /* Right ALT */
1880 kbd_put_keysym(QEMU_KEY_UP);
1883 kbd_put_keysym(QEMU_KEY_DOWN);
1886 kbd_put_keysym(QEMU_KEY_LEFT);
1889 kbd_put_keysym(QEMU_KEY_RIGHT);
1892 kbd_put_keysym(QEMU_KEY_DELETE);
1895 kbd_put_keysym(QEMU_KEY_HOME);
1898 kbd_put_keysym(QEMU_KEY_END);
1901 kbd_put_keysym(QEMU_KEY_PAGEUP);
1904 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1908 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1911 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1914 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1917 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1920 kbd_put_keysym('5');
1923 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1926 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1929 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1932 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1935 kbd_put_keysym('0');
1938 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1942 kbd_put_keysym('/');
1945 kbd_put_keysym('*');
1948 kbd_put_keysym('-');
1951 kbd_put_keysym('+');
1954 kbd_put_keysym('\n');
1959 kbd_put_keysym(sym & 0x1f);
1961 kbd_put_keysym(sym);
1969 static void vnc_release_modifiers(VncState *vs)
1971 static const int keycodes[] = {
1972 /* shift, control, alt keys, both left & right */
1973 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1977 if (!qemu_console_is_graphic(NULL)) {
1980 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1981 keycode = keycodes[i];
1982 if (!vs->modifiers_state[keycode]) {
1985 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1986 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1990 static const char *code2name(int keycode)
1992 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
1995 static void key_event(VncState *vs, int down, uint32_t sym)
1997 bool shift = vs->modifiers_state[0x2a] || vs->modifiers_state[0x36];
1998 bool altgr = vs->modifiers_state[0xb8];
1999 bool ctrl = vs->modifiers_state[0x1d] || vs->modifiers_state[0x9d];
2003 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
2004 lsym = lsym - 'A' + 'a';
2007 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2008 shift, altgr, ctrl) & SCANCODE_KEYMASK;
2009 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2010 do_key_event(vs, down, keycode, sym);
2013 static void ext_key_event(VncState *vs, int down,
2014 uint32_t sym, uint16_t keycode)
2016 /* if the user specifies a keyboard layout, always use it */
2017 if (keyboard_layout) {
2018 key_event(vs, down, sym);
2020 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2021 do_key_event(vs, down, keycode, sym);
2025 static void framebuffer_update_request(VncState *vs, int incremental,
2026 int x, int y, int w, int h)
2029 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2030 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2033 vs->update = VNC_STATE_UPDATE_FORCE;
2034 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2038 static void send_ext_key_event_ack(VncState *vs)
2040 vnc_lock_output(vs);
2041 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2042 vnc_write_u8(vs, 0);
2043 vnc_write_u16(vs, 1);
2044 vnc_framebuffer_update(vs, 0, 0,
2045 pixman_image_get_width(vs->vd->server),
2046 pixman_image_get_height(vs->vd->server),
2047 VNC_ENCODING_EXT_KEY_EVENT);
2048 vnc_unlock_output(vs);
2052 static void send_ext_audio_ack(VncState *vs)
2054 vnc_lock_output(vs);
2055 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2056 vnc_write_u8(vs, 0);
2057 vnc_write_u16(vs, 1);
2058 vnc_framebuffer_update(vs, 0, 0,
2059 pixman_image_get_width(vs->vd->server),
2060 pixman_image_get_height(vs->vd->server),
2061 VNC_ENCODING_AUDIO);
2062 vnc_unlock_output(vs);
2066 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2069 unsigned int enc = 0;
2072 vs->vnc_encoding = 0;
2073 vs->tight.compression = 9;
2074 vs->tight.quality = -1; /* Lossless by default */
2078 * Start from the end because the encodings are sent in order of preference.
2079 * This way the preferred encoding (first encoding defined in the array)
2080 * will be set at the end of the loop.
2082 for (i = n_encodings - 1; i >= 0; i--) {
2085 case VNC_ENCODING_RAW:
2086 vs->vnc_encoding = enc;
2088 case VNC_ENCODING_COPYRECT:
2089 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2091 case VNC_ENCODING_HEXTILE:
2092 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2093 vs->vnc_encoding = enc;
2095 case VNC_ENCODING_TIGHT:
2096 vs->features |= VNC_FEATURE_TIGHT_MASK;
2097 vs->vnc_encoding = enc;
2099 #ifdef CONFIG_VNC_PNG
2100 case VNC_ENCODING_TIGHT_PNG:
2101 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2102 vs->vnc_encoding = enc;
2105 case VNC_ENCODING_ZLIB:
2106 vs->features |= VNC_FEATURE_ZLIB_MASK;
2107 vs->vnc_encoding = enc;
2109 case VNC_ENCODING_ZRLE:
2110 vs->features |= VNC_FEATURE_ZRLE_MASK;
2111 vs->vnc_encoding = enc;
2113 case VNC_ENCODING_ZYWRLE:
2114 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2115 vs->vnc_encoding = enc;
2117 case VNC_ENCODING_DESKTOPRESIZE:
2118 vs->features |= VNC_FEATURE_RESIZE_MASK;
2120 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2121 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2123 case VNC_ENCODING_RICH_CURSOR:
2124 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2125 if (vs->vd->cursor) {
2126 vnc_cursor_define(vs);
2129 case VNC_ENCODING_EXT_KEY_EVENT:
2130 send_ext_key_event_ack(vs);
2132 case VNC_ENCODING_AUDIO:
2133 send_ext_audio_ack(vs);
2135 case VNC_ENCODING_WMVi:
2136 vs->features |= VNC_FEATURE_WMVI_MASK;
2138 case VNC_ENCODING_LED_STATE:
2139 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2141 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2142 vs->tight.compression = (enc & 0x0F);
2144 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2145 if (vs->vd->lossy) {
2146 vs->tight.quality = (enc & 0x0F);
2150 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2154 vnc_desktop_resize(vs);
2155 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2156 vnc_led_state_change(vs);
2159 static void set_pixel_conversion(VncState *vs)
2161 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2163 if (fmt == VNC_SERVER_FB_FORMAT) {
2164 vs->write_pixels = vnc_write_pixels_copy;
2165 vnc_hextile_set_pixel_conversion(vs, 0);
2167 vs->write_pixels = vnc_write_pixels_generic;
2168 vnc_hextile_set_pixel_conversion(vs, 1);
2172 static void send_color_map(VncState *vs)
2176 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2177 vnc_write_u8(vs, 0); /* padding */
2178 vnc_write_u16(vs, 0); /* first color */
2179 vnc_write_u16(vs, 256); /* # of colors */
2181 for (i = 0; i < 256; i++) {
2182 PixelFormat *pf = &vs->client_pf;
2184 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2185 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2186 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2190 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2191 int big_endian_flag, int true_color_flag,
2192 int red_max, int green_max, int blue_max,
2193 int red_shift, int green_shift, int blue_shift)
2195 if (!true_color_flag) {
2196 /* Expose a reasonable default 256 color map */
2206 switch (bits_per_pixel) {
2212 vnc_client_error(vs);
2216 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2217 vs->client_pf.rbits = ctpopl(red_max);
2218 vs->client_pf.rshift = red_shift;
2219 vs->client_pf.rmask = red_max << red_shift;
2220 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2221 vs->client_pf.gbits = ctpopl(green_max);
2222 vs->client_pf.gshift = green_shift;
2223 vs->client_pf.gmask = green_max << green_shift;
2224 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2225 vs->client_pf.bbits = ctpopl(blue_max);
2226 vs->client_pf.bshift = blue_shift;
2227 vs->client_pf.bmask = blue_max << blue_shift;
2228 vs->client_pf.bits_per_pixel = bits_per_pixel;
2229 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2230 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2231 vs->client_be = big_endian_flag;
2233 if (!true_color_flag) {
2237 set_pixel_conversion(vs);
2239 graphic_hw_invalidate(vs->vd->dcl.con);
2240 graphic_hw_update(vs->vd->dcl.con);
2243 static void pixel_format_message (VncState *vs) {
2244 char pad[3] = { 0, 0, 0 };
2246 vs->client_pf = qemu_default_pixelformat(32);
2248 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2249 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2251 #ifdef HOST_WORDS_BIGENDIAN
2252 vnc_write_u8(vs, 1); /* big-endian-flag */
2254 vnc_write_u8(vs, 0); /* big-endian-flag */
2256 vnc_write_u8(vs, 1); /* true-color-flag */
2257 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2258 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2259 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2260 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2261 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2262 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2263 vnc_write(vs, pad, 3); /* padding */
2265 vnc_hextile_set_pixel_conversion(vs, 0);
2266 vs->write_pixels = vnc_write_pixels_copy;
2269 static void vnc_colordepth(VncState *vs)
2271 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2272 /* Sending a WMVi message to notify the client*/
2273 vnc_lock_output(vs);
2274 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2275 vnc_write_u8(vs, 0);
2276 vnc_write_u16(vs, 1); /* number of rects */
2277 vnc_framebuffer_update(vs, 0, 0,
2278 pixman_image_get_width(vs->vd->server),
2279 pixman_image_get_height(vs->vd->server),
2281 pixel_format_message(vs);
2282 vnc_unlock_output(vs);
2285 set_pixel_conversion(vs);
2289 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2294 VncDisplay *vd = vs->vd;
2297 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2301 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2305 set_pixel_format(vs, read_u8(data, 4),
2306 read_u8(data, 6), read_u8(data, 7),
2307 read_u16(data, 8), read_u16(data, 10),
2308 read_u16(data, 12), read_u8(data, 14),
2309 read_u8(data, 15), read_u8(data, 16));
2311 case VNC_MSG_CLIENT_SET_ENCODINGS:
2316 limit = read_u16(data, 2);
2318 return 4 + (limit * 4);
2320 limit = read_u16(data, 2);
2322 for (i = 0; i < limit; i++) {
2323 int32_t val = read_s32(data, 4 + (i * 4));
2324 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2327 set_encodings(vs, (int32_t *)(data + 4), limit);
2329 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2333 framebuffer_update_request(vs,
2334 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2335 read_u16(data, 6), read_u16(data, 8));
2337 case VNC_MSG_CLIENT_KEY_EVENT:
2341 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2343 case VNC_MSG_CLIENT_POINTER_EVENT:
2347 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2349 case VNC_MSG_CLIENT_CUT_TEXT:
2354 uint32_t dlen = read_u32(data, 4);
2355 if (dlen > (1 << 20)) {
2356 error_report("vnc: client_cut_text msg payload has %u bytes"
2357 " which exceeds our limit of 1MB.", dlen);
2358 vnc_client_error(vs);
2366 client_cut_text(vs, read_u32(data, 4), data + 8);
2368 case VNC_MSG_CLIENT_QEMU:
2372 switch (read_u8(data, 1)) {
2373 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2377 ext_key_event(vs, read_u16(data, 2),
2378 read_u32(data, 4), read_u32(data, 8));
2380 case VNC_MSG_CLIENT_QEMU_AUDIO:
2384 switch (read_u16 (data, 2)) {
2385 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2388 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2391 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2394 switch (read_u8(data, 4)) {
2395 case 0: vs->as.fmt = AUD_FMT_U8; break;
2396 case 1: vs->as.fmt = AUD_FMT_S8; break;
2397 case 2: vs->as.fmt = AUD_FMT_U16; break;
2398 case 3: vs->as.fmt = AUD_FMT_S16; break;
2399 case 4: vs->as.fmt = AUD_FMT_U32; break;
2400 case 5: vs->as.fmt = AUD_FMT_S32; break;
2402 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2403 vnc_client_error(vs);
2406 vs->as.nchannels = read_u8(data, 5);
2407 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2408 VNC_DEBUG("Invalid audio channel count %d\n",
2410 vnc_client_error(vs);
2413 freq = read_u32(data, 6);
2414 /* No official limit for protocol, but 48khz is a sensible
2415 * upper bound for trustworthy clients, and this limit
2416 * protects calculations involving 'vs->as.freq' later.
2419 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2420 vnc_client_error(vs);
2426 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2427 vnc_client_error(vs);
2433 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2434 vnc_client_error(vs);
2439 VNC_DEBUG("Msg: %d\n", data[0]);
2440 vnc_client_error(vs);
2444 vnc_update_throttle_offset(vs);
2445 vnc_read_when(vs, protocol_client_msg, 1);
2449 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2455 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2456 switch (vs->vd->share_policy) {
2457 case VNC_SHARE_POLICY_IGNORE:
2459 * Ignore the shared flag. Nothing to do here.
2461 * Doesn't conform to the rfb spec but is traditional qemu
2462 * behavior, thus left here as option for compatibility
2466 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2468 * Policy: Allow clients ask for exclusive access.
2470 * Implementation: When a client asks for exclusive access,
2471 * disconnect all others. Shared connects are allowed as long
2472 * as no exclusive connection exists.
2474 * This is how the rfb spec suggests to handle the shared flag.
2476 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2478 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2482 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2483 client->share_mode != VNC_SHARE_MODE_SHARED) {
2486 vnc_disconnect_start(client);
2489 if (mode == VNC_SHARE_MODE_SHARED) {
2490 if (vs->vd->num_exclusive > 0) {
2491 vnc_disconnect_start(vs);
2496 case VNC_SHARE_POLICY_FORCE_SHARED:
2498 * Policy: Shared connects only.
2499 * Implementation: Disallow clients asking for exclusive access.
2501 * Useful for shared desktop sessions where you don't want
2502 * someone forgetting to say -shared when running the vnc
2503 * client disconnect everybody else.
2505 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2506 vnc_disconnect_start(vs);
2511 vnc_set_share_mode(vs, mode);
2513 if (vs->vd->num_shared > vs->vd->connections_limit) {
2514 vnc_disconnect_start(vs);
2518 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2519 pixman_image_get_width(vs->vd->server) >= 0);
2520 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2521 pixman_image_get_height(vs->vd->server) >= 0);
2522 vs->client_width = pixman_image_get_width(vs->vd->server);
2523 vs->client_height = pixman_image_get_height(vs->vd->server);
2524 vnc_write_u16(vs, vs->client_width);
2525 vnc_write_u16(vs, vs->client_height);
2527 pixel_format_message(vs);
2530 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2531 if (size > sizeof(buf)) {
2535 size = snprintf(buf, sizeof(buf), "QEMU");
2538 vnc_write_u32(vs, size);
2539 vnc_write(vs, buf, size);
2542 vnc_client_cache_auth(vs);
2543 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2545 vnc_read_when(vs, protocol_client_msg, 1);
2550 void start_client_init(VncState *vs)
2552 vnc_read_when(vs, protocol_client_init, 1);
2555 static void make_challenge(VncState *vs)
2559 srand(time(NULL)+getpid()+getpid()*987654+rand());
2561 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2562 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2565 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2567 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2569 unsigned char key[8];
2570 time_t now = time(NULL);
2571 QCryptoCipher *cipher = NULL;
2574 if (!vs->vd->password) {
2575 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2578 if (vs->vd->expires < now) {
2579 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2583 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2585 /* Calculate the expected challenge response */
2586 pwlen = strlen(vs->vd->password);
2587 for (i=0; i<sizeof(key); i++)
2588 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2590 cipher = qcrypto_cipher_new(
2591 QCRYPTO_CIPHER_ALG_DES_RFB,
2592 QCRYPTO_CIPHER_MODE_ECB,
2593 key, G_N_ELEMENTS(key),
2596 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2597 error_get_pretty(err));
2602 if (qcrypto_cipher_encrypt(cipher,
2605 VNC_AUTH_CHALLENGE_SIZE,
2607 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2608 error_get_pretty(err));
2613 /* Compare expected vs actual challenge response */
2614 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2615 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2618 trace_vnc_auth_pass(vs, vs->auth);
2619 vnc_write_u32(vs, 0); /* Accept auth */
2622 start_client_init(vs);
2625 qcrypto_cipher_free(cipher);
2629 vnc_write_u32(vs, 1); /* Reject auth */
2630 if (vs->minor >= 8) {
2631 static const char err[] = "Authentication failed";
2632 vnc_write_u32(vs, sizeof(err));
2633 vnc_write(vs, err, sizeof(err));
2636 vnc_client_error(vs);
2637 qcrypto_cipher_free(cipher);
2641 void start_auth_vnc(VncState *vs)
2644 /* Send client a 'random' challenge */
2645 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2648 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2652 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2654 /* We only advertise 1 auth scheme at a time, so client
2655 * must pick the one we sent. Verify this */
2656 if (data[0] != vs->auth) { /* Reject auth */
2657 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2658 vnc_write_u32(vs, 1);
2659 if (vs->minor >= 8) {
2660 static const char err[] = "Authentication failed";
2661 vnc_write_u32(vs, sizeof(err));
2662 vnc_write(vs, err, sizeof(err));
2664 vnc_client_error(vs);
2665 } else { /* Accept requested auth */
2666 trace_vnc_auth_start(vs, vs->auth);
2669 if (vs->minor >= 8) {
2670 vnc_write_u32(vs, 0); /* Accept auth completion */
2673 trace_vnc_auth_pass(vs, vs->auth);
2674 start_client_init(vs);
2681 case VNC_AUTH_VENCRYPT:
2682 start_auth_vencrypt(vs);
2685 #ifdef CONFIG_VNC_SASL
2687 start_auth_sasl(vs);
2689 #endif /* CONFIG_VNC_SASL */
2691 default: /* Should not be possible, but just in case */
2692 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2693 vnc_write_u8(vs, 1);
2694 if (vs->minor >= 8) {
2695 static const char err[] = "Authentication failed";
2696 vnc_write_u32(vs, sizeof(err));
2697 vnc_write(vs, err, sizeof(err));
2699 vnc_client_error(vs);
2705 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2709 memcpy(local, version, 12);
2712 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2713 VNC_DEBUG("Malformed protocol version %s\n", local);
2714 vnc_client_error(vs);
2717 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2718 if (vs->major != 3 ||
2724 VNC_DEBUG("Unsupported client version\n");
2725 vnc_write_u32(vs, VNC_AUTH_INVALID);
2727 vnc_client_error(vs);
2730 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2731 * as equivalent to v3.3 by servers
2733 if (vs->minor == 4 || vs->minor == 5)
2736 if (vs->minor == 3) {
2737 trace_vnc_auth_start(vs, vs->auth);
2738 if (vs->auth == VNC_AUTH_NONE) {
2739 vnc_write_u32(vs, vs->auth);
2741 trace_vnc_auth_pass(vs, vs->auth);
2742 start_client_init(vs);
2743 } else if (vs->auth == VNC_AUTH_VNC) {
2744 VNC_DEBUG("Tell client VNC auth\n");
2745 vnc_write_u32(vs, vs->auth);
2749 trace_vnc_auth_fail(vs, vs->auth,
2750 "Unsupported auth method for v3.3", "");
2751 vnc_write_u32(vs, VNC_AUTH_INVALID);
2753 vnc_client_error(vs);
2756 vnc_write_u8(vs, 1); /* num auth */
2757 vnc_write_u8(vs, vs->auth);
2758 vnc_read_when(vs, protocol_client_auth, 1);
2765 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2767 struct VncSurface *vs = &vd->guest;
2769 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2772 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2776 w = (x + w) / VNC_STAT_RECT;
2777 h = (y + h) / VNC_STAT_RECT;
2781 for (j = y; j <= h; j++) {
2782 for (i = x; i <= w; i++) {
2783 vs->lossy_rect[j][i] = 1;
2788 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2791 int sty = y / VNC_STAT_RECT;
2792 int stx = x / VNC_STAT_RECT;
2795 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2796 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2798 QTAILQ_FOREACH(vs, &vd->clients, next) {
2801 /* kernel send buffers are full -> refresh later */
2802 if (vs->output.offset) {
2806 if (!vs->lossy_rect[sty][stx]) {
2810 vs->lossy_rect[sty][stx] = 0;
2811 for (j = 0; j < VNC_STAT_RECT; ++j) {
2812 bitmap_set(vs->dirty[y + j],
2813 x / VNC_DIRTY_PIXELS_PER_BIT,
2814 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2822 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2824 int width = MIN(pixman_image_get_width(vd->guest.fb),
2825 pixman_image_get_width(vd->server));
2826 int height = MIN(pixman_image_get_height(vd->guest.fb),
2827 pixman_image_get_height(vd->server));
2832 for (y = 0; y < height; y += VNC_STAT_RECT) {
2833 for (x = 0; x < width; x += VNC_STAT_RECT) {
2834 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2836 rect->updated = false;
2840 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2842 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2845 vd->guest.last_freq_check = *tv;
2847 for (y = 0; y < height; y += VNC_STAT_RECT) {
2848 for (x = 0; x < width; x += VNC_STAT_RECT) {
2849 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2850 int count = ARRAY_SIZE(rect->times);
2851 struct timeval min, max;
2853 if (!timerisset(&rect->times[count - 1])) {
2857 max = rect->times[(rect->idx + count - 1) % count];
2858 qemu_timersub(tv, &max, &res);
2860 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2862 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2863 memset(rect->times, 0, sizeof (rect->times));
2867 min = rect->times[rect->idx];
2868 max = rect->times[(rect->idx + count - 1) % count];
2869 qemu_timersub(&max, &min, &res);
2871 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2872 rect->freq /= count;
2873 rect->freq = 1. / rect->freq;
2879 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2885 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2886 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2888 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2889 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2890 total += vnc_stat_rect(vs->vd, i, j)->freq;
2902 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2906 rect = vnc_stat_rect(vd, x, y);
2907 if (rect->updated) {
2910 rect->times[rect->idx] = *tv;
2911 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2912 rect->updated = true;
2915 static int vnc_refresh_server_surface(VncDisplay *vd)
2917 int width = MIN(pixman_image_get_width(vd->guest.fb),
2918 pixman_image_get_width(vd->server));
2919 int height = MIN(pixman_image_get_height(vd->guest.fb),
2920 pixman_image_get_height(vd->server));
2921 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2922 uint8_t *guest_row0 = NULL, *server_row0;
2925 pixman_image_t *tmpbuf = NULL;
2927 struct timeval tv = { 0, 0 };
2929 if (!vd->non_adaptive) {
2930 gettimeofday(&tv, NULL);
2931 has_dirty = vnc_update_stats(vd, &tv);
2935 * Walk through the guest dirty map.
2936 * Check and copy modified bits from guest to server surface.
2937 * Update server dirty map.
2939 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2940 server_stride = guest_stride = guest_ll =
2941 pixman_image_get_stride(vd->server);
2942 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2944 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2945 int width = pixman_image_get_width(vd->server);
2946 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2949 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2950 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2951 guest_stride = pixman_image_get_stride(vd->guest.fb);
2952 guest_ll = pixman_image_get_width(vd->guest.fb) * (DIV_ROUND_UP(guest_bpp, 8));
2954 line_bytes = MIN(server_stride, guest_ll);
2958 uint8_t *guest_ptr, *server_ptr;
2959 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2960 height * VNC_DIRTY_BPL(&vd->guest),
2961 y * VNC_DIRTY_BPL(&vd->guest));
2962 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2963 /* no more dirty bits */
2966 y = offset / VNC_DIRTY_BPL(&vd->guest);
2967 x = offset % VNC_DIRTY_BPL(&vd->guest);
2969 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2971 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2972 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2973 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2975 guest_ptr = guest_row0 + y * guest_stride;
2977 guest_ptr += x * cmp_bytes;
2979 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2980 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2981 int _cmp_bytes = cmp_bytes;
2982 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2985 if ((x + 1) * cmp_bytes > line_bytes) {
2986 _cmp_bytes = line_bytes - x * cmp_bytes;
2988 assert(_cmp_bytes >= 0);
2989 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2992 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2993 if (!vd->non_adaptive) {
2994 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2997 QTAILQ_FOREACH(vs, &vd->clients, next) {
2998 set_bit(x, vs->dirty[y]);
3005 qemu_pixman_image_unref(tmpbuf);
3009 static void vnc_refresh(DisplayChangeListener *dcl)
3011 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3013 int has_dirty, rects = 0;
3015 if (QTAILQ_EMPTY(&vd->clients)) {
3016 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3020 graphic_hw_update(vd->dcl.con);
3022 if (vnc_trylock_display(vd)) {
3023 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3027 has_dirty = vnc_refresh_server_surface(vd);
3028 vnc_unlock_display(vd);
3030 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3031 rects += vnc_update_client(vs, has_dirty);
3032 /* vs might be free()ed here */
3035 if (has_dirty && rects) {
3036 vd->dcl.update_interval /= 2;
3037 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3038 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3041 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3042 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3043 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3048 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3049 bool skipauth, bool websocket)
3051 VncState *vs = g_new0(VncState, 1);
3052 bool first_client = QTAILQ_EMPTY(&vd->clients);
3055 trace_vnc_client_connect(vs, sioc);
3057 object_ref(OBJECT(vs->sioc));
3058 vs->ioc = QIO_CHANNEL(sioc);
3059 object_ref(OBJECT(vs->ioc));
3062 buffer_init(&vs->input, "vnc-input/%p", sioc);
3063 buffer_init(&vs->output, "vnc-output/%p", sioc);
3064 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3066 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
3067 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
3068 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
3069 #ifdef CONFIG_VNC_JPEG
3070 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
3072 #ifdef CONFIG_VNC_PNG
3073 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
3075 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3076 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
3077 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
3078 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
3081 vs->auth = VNC_AUTH_NONE;
3082 vs->subauth = VNC_AUTH_INVALID;
3085 vs->auth = vd->ws_auth;
3086 vs->subauth = VNC_AUTH_INVALID;
3088 vs->auth = vd->auth;
3089 vs->subauth = vd->subauth;
3092 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3093 sioc, websocket, vs->auth, vs->subauth);
3095 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3096 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3097 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3100 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3101 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3102 qio_channel_set_blocking(vs->ioc, false, NULL);
3104 g_source_remove(vs->ioc_tag);
3109 vs->ioc_tag = qio_channel_add_watch(
3110 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3112 vs->ioc_tag = qio_channel_add_watch(
3113 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3116 vs->ioc_tag = qio_channel_add_watch(
3117 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3120 vnc_client_cache_addr(vs);
3121 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3122 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3127 vs->as.freq = 44100;
3128 vs->as.nchannels = 2;
3129 vs->as.fmt = AUD_FMT_S16;
3130 vs->as.endianness = 0;
3132 qemu_mutex_init(&vs->output_mutex);
3133 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3135 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3137 vnc_update_server_surface(vd);
3140 graphic_hw_update(vd->dcl.con);
3142 if (!vs->websocket) {
3143 vnc_start_protocol(vs);
3146 if (vd->num_connecting > vd->connections_limit) {
3147 QTAILQ_FOREACH(vs, &vd->clients, next) {
3148 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3149 vnc_disconnect_start(vs);
3156 void vnc_start_protocol(VncState *vs)
3158 vnc_write(vs, "RFB 003.008\n", 12);
3160 vnc_read_when(vs, protocol_version, 12);
3162 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3163 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3166 static void vnc_listen_io(QIONetListener *listener,
3167 QIOChannelSocket *cioc,
3170 VncDisplay *vd = opaque;
3171 bool isWebsock = listener == vd->wslistener;
3173 qio_channel_set_name(QIO_CHANNEL(cioc),
3174 isWebsock ? "vnc-ws-server" : "vnc-server");
3175 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3176 vnc_connect(vd, cioc, false, isWebsock);
3179 static const DisplayChangeListenerOps dcl_ops = {
3181 .dpy_refresh = vnc_refresh,
3182 .dpy_gfx_update = vnc_dpy_update,
3183 .dpy_gfx_switch = vnc_dpy_switch,
3184 .dpy_gfx_check_format = qemu_pixman_check_format,
3185 .dpy_mouse_set = vnc_mouse_set,
3186 .dpy_cursor_define = vnc_dpy_cursor_define,
3189 void vnc_display_init(const char *id)
3193 if (vnc_display_find(id) != NULL) {
3196 vd = g_malloc0(sizeof(*vd));
3198 vd->id = strdup(id);
3199 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3201 QTAILQ_INIT(&vd->clients);
3202 vd->expires = TIME_MAX;
3204 if (keyboard_layout) {
3205 trace_vnc_key_map_init(keyboard_layout);
3206 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3208 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3211 if (!vd->kbd_layout) {
3215 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3216 vd->connections_limit = 32;
3218 qemu_mutex_init(&vd->mutex);
3219 vnc_start_worker_thread();
3221 vd->dcl.ops = &dcl_ops;
3222 register_displaychangelistener(&vd->dcl);
3226 static void vnc_display_close(VncDisplay *vd)
3231 vd->is_unix = false;
3234 qio_net_listener_disconnect(vd->listener);
3235 object_unref(OBJECT(vd->listener));
3237 vd->listener = NULL;
3239 if (vd->wslistener) {
3240 qio_net_listener_disconnect(vd->wslistener);
3241 object_unref(OBJECT(vd->wslistener));
3243 vd->wslistener = NULL;
3245 vd->auth = VNC_AUTH_INVALID;
3246 vd->subauth = VNC_AUTH_INVALID;
3248 object_unparent(OBJECT(vd->tlscreds));
3249 vd->tlscreds = NULL;
3251 g_free(vd->tlsaclname);
3252 vd->tlsaclname = NULL;
3253 if (vd->lock_key_sync) {
3254 qemu_remove_led_event_handler(vd->led);
3259 int vnc_display_password(const char *id, const char *password)
3261 VncDisplay *vd = vnc_display_find(id);
3266 if (vd->auth == VNC_AUTH_NONE) {
3267 error_printf_unless_qmp("If you want use passwords please enable "
3268 "password auth using '-vnc ${dpy},password'.\n");
3272 g_free(vd->password);
3273 vd->password = g_strdup(password);
3278 int vnc_display_pw_expire(const char *id, time_t expires)
3280 VncDisplay *vd = vnc_display_find(id);
3286 vd->expires = expires;
3290 static void vnc_display_print_local_addr(VncDisplay *vd)
3292 SocketAddress *addr;
3295 if (!vd->listener || !vd->listener->nsioc) {
3299 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], &err);
3304 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3305 qapi_free_SocketAddress(addr);
3308 error_printf_unless_qmp("VNC server running on %s:%s\n",
3311 qapi_free_SocketAddress(addr);
3314 static QemuOptsList qemu_vnc_opts = {
3316 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3317 .implied_opt_name = "vnc",
3321 .type = QEMU_OPT_STRING,
3323 .name = "websocket",
3324 .type = QEMU_OPT_STRING,
3326 .name = "tls-creds",
3327 .type = QEMU_OPT_STRING,
3329 /* Deprecated in favour of tls-creds */
3331 .type = QEMU_OPT_STRING,
3334 .type = QEMU_OPT_STRING,
3337 .type = QEMU_OPT_STRING,
3340 .type = QEMU_OPT_NUMBER,
3342 .name = "connections",
3343 .type = QEMU_OPT_NUMBER,
3346 .type = QEMU_OPT_NUMBER,
3349 .type = QEMU_OPT_BOOL,
3352 .type = QEMU_OPT_BOOL,
3355 .type = QEMU_OPT_BOOL,
3358 .type = QEMU_OPT_BOOL,
3360 .name = "lock-key-sync",
3361 .type = QEMU_OPT_BOOL,
3363 .name = "key-delay-ms",
3364 .type = QEMU_OPT_NUMBER,
3367 .type = QEMU_OPT_BOOL,
3369 /* Deprecated in favour of tls-creds */
3371 .type = QEMU_OPT_BOOL,
3373 /* Deprecated in favour of tls-creds */
3374 .name = "x509verify",
3375 .type = QEMU_OPT_STRING,
3378 .type = QEMU_OPT_BOOL,
3381 .type = QEMU_OPT_BOOL,
3383 .name = "non-adaptive",
3384 .type = QEMU_OPT_BOOL,
3386 { /* end of list */ }
3392 vnc_display_setup_auth(int *auth,
3394 QCryptoTLSCreds *tlscreds,
3401 * We have a choice of 3 authentication options
3407 * The channel can be run in 2 modes
3412 * And TLS can use 2 types of credentials
3417 * We thus have 9 possible logical combinations
3422 * 4. tls + anon + none
3423 * 5. tls + anon + vnc
3424 * 6. tls + anon + sasl
3425 * 7. tls + x509 + none
3426 * 8. tls + x509 + vnc
3427 * 9. tls + x509 + sasl
3429 * These need to be mapped into the VNC auth schemes
3430 * in an appropriate manner. In regular VNC, all the
3431 * TLS options get mapped into VNC_AUTH_VENCRYPT
3434 * In websockets, the https:// protocol already provides
3435 * TLS support, so there is no need to make use of the
3436 * VeNCrypt extension. Furthermore, websockets browser
3437 * clients could not use VeNCrypt even if they wanted to,
3438 * as they cannot control when the TLS handshake takes
3439 * place. Thus there is no option but to rely on https://,
3440 * meaning combinations 4->6 and 7->9 will be mapped to
3441 * VNC auth schemes in the same way as combos 1->3.
3443 * Regardless of fact that we have a different mapping to
3444 * VNC auth mechs for plain VNC vs websockets VNC, the end
3445 * result has the same security characteristics.
3447 if (websocket || !tlscreds) {
3449 VNC_DEBUG("Initializing VNC server with password auth\n");
3450 *auth = VNC_AUTH_VNC;
3452 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3453 *auth = VNC_AUTH_SASL;
3455 VNC_DEBUG("Initializing VNC server with no auth\n");
3456 *auth = VNC_AUTH_NONE;
3458 *subauth = VNC_AUTH_INVALID;
3460 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3461 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3462 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3463 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3465 if (!is_x509 && !is_anon) {
3467 "Unsupported TLS cred type %s",
3468 object_get_typename(OBJECT(tlscreds)));
3471 *auth = VNC_AUTH_VENCRYPT;
3474 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3475 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3477 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3478 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3483 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3484 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3486 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3487 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3491 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3492 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3494 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3495 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3504 * Handle back compat with old CLI syntax by creating some
3505 * suitable QCryptoTLSCreds objects
3507 static QCryptoTLSCreds *
3508 vnc_display_create_creds(bool x509,
3514 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3515 Object *parent = object_get_objects_root();
3520 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3524 "endpoint", "server",
3526 "verify-peer", x509verify ? "yes" : "no",
3529 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3533 "endpoint", "server",
3540 error_propagate(errp, err);
3544 return QCRYPTO_TLS_CREDS(creds);
3548 static int vnc_display_get_address(const char *addrstr,
3557 SocketAddress **retaddr,
3561 SocketAddress *addr = NULL;
3563 addr = g_new0(SocketAddress, 1);
3565 if (strncmp(addrstr, "unix:", 5) == 0) {
3566 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3567 addr->u.q_unix.path = g_strdup(addrstr + 5);
3570 error_setg(errp, "UNIX sockets not supported with websock");
3575 error_setg(errp, "Port range not support with UNIX socket");
3582 unsigned long long baseport = 0;
3583 InetSocketAddress *inet;
3585 port = strrchr(addrstr, ':');
3591 error_setg(errp, "no vnc port specified");
3595 hostlen = port - addrstr;
3597 if (*port == '\0') {
3598 error_setg(errp, "vnc port cannot be empty");
3603 addr->type = SOCKET_ADDRESS_TYPE_INET;
3604 inet = &addr->u.inet;
3605 if (addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3606 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3608 inet->host = g_strndup(addrstr, hostlen);
3610 /* plain VNC port is just an offset, for websocket
3611 * port is absolute */
3613 if (g_str_equal(addrstr, "") ||
3614 g_str_equal(addrstr, "on")) {
3615 if (displaynum == -1) {
3616 error_setg(errp, "explicit websocket port is required");
3619 inet->port = g_strdup_printf(
3620 "%d", displaynum + 5700);
3622 inet->has_to = true;
3623 inet->to = to + 5700;
3626 inet->port = g_strdup(port);
3629 int offset = reverse ? 0 : 5900;
3630 if (parse_uint_full(port, &baseport, 10) < 0) {
3631 error_setg(errp, "can't convert to a number: %s", port);
3634 if (baseport > 65535 ||
3635 baseport + offset > 65535) {
3636 error_setg(errp, "port %s out of range", port);
3639 inet->port = g_strdup_printf(
3640 "%d", (int)baseport + offset);
3643 inet->has_to = true;
3644 inet->to = to + offset;
3649 inet->has_ipv4 = has_ipv4;
3651 inet->has_ipv6 = has_ipv6;
3660 qapi_free_SocketAddress(addr);
3665 static void vnc_free_addresses(SocketAddress ***retsaddr,
3670 for (i = 0; i < *retnsaddr; i++) {
3671 qapi_free_SocketAddress((*retsaddr)[i]);
3679 static int vnc_display_get_addresses(QemuOpts *opts,
3681 SocketAddress ***retsaddr,
3683 SocketAddress ***retwsaddr,
3687 SocketAddress *saddr = NULL;
3688 SocketAddress *wsaddr = NULL;
3689 QemuOptsIter addriter;
3691 int to = qemu_opt_get_number(opts, "to", 0);
3692 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3693 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3694 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3695 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3696 int displaynum = -1;
3704 addr = qemu_opt_get(opts, "vnc");
3705 if (addr == NULL || g_str_equal(addr, "none")) {
3709 if (qemu_opt_get(opts, "websocket") &&
3710 !qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3712 "SHA1 hash support is required for websockets");
3716 qemu_opt_iter_init(&addriter, opts, "vnc");
3717 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3719 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3726 /* Historical compat - first listen address can be used
3727 * to set the default websocket port
3729 if (displaynum == -1) {
3732 *retsaddr = g_renew(SocketAddress *, *retsaddr, *retnsaddr + 1);
3733 (*retsaddr)[(*retnsaddr)++] = saddr;
3736 /* If we had multiple primary displays, we don't do defaults
3737 * for websocket, and require explicit config instead. */
3738 if (*retnsaddr > 1) {
3742 qemu_opt_iter_init(&addriter, opts, "websocket");
3743 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3744 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3747 &wsaddr, errp) < 0) {
3751 /* Historical compat - if only a single listen address was
3752 * provided, then this is used to set the default listen
3753 * address for websocket too
3755 if (*retnsaddr == 1 &&
3756 (*retsaddr)[0]->type == SOCKET_ADDRESS_TYPE_INET &&
3757 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3758 g_str_equal(wsaddr->u.inet.host, "") &&
3759 !g_str_equal((*retsaddr)[0]->u.inet.host, "")) {
3760 g_free(wsaddr->u.inet.host);
3761 wsaddr->u.inet.host = g_strdup((*retsaddr)[0]->u.inet.host);
3764 *retwsaddr = g_renew(SocketAddress *, *retwsaddr, *retnwsaddr + 1);
3765 (*retwsaddr)[(*retnwsaddr)++] = wsaddr;
3771 vnc_free_addresses(retsaddr, retnsaddr);
3772 vnc_free_addresses(retwsaddr, retnwsaddr);
3777 static int vnc_display_connect(VncDisplay *vd,
3778 SocketAddress **saddr,
3780 SocketAddress **wsaddr,
3784 /* connect to viewer */
3785 QIOChannelSocket *sioc = NULL;
3787 error_setg(errp, "Cannot use websockets in reverse mode");
3791 error_setg(errp, "Expected a single address in reverse mode");
3794 /* TODO SOCKET_ADDRESS_TYPE_FD when fd has AF_UNIX */
3795 vd->is_unix = saddr[0]->type == SOCKET_ADDRESS_TYPE_UNIX;
3796 sioc = qio_channel_socket_new();
3797 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3798 if (qio_channel_socket_connect_sync(sioc, saddr[0], errp) < 0) {
3801 vnc_connect(vd, sioc, false, false);
3802 object_unref(OBJECT(sioc));
3807 static int vnc_display_listen(VncDisplay *vd,
3808 SocketAddress **saddr,
3810 SocketAddress **wsaddr,
3817 vd->listener = qio_net_listener_new();
3818 qio_net_listener_set_name(vd->listener, "vnc-listen");
3819 for (i = 0; i < nsaddr; i++) {
3820 if (qio_net_listener_open_sync(vd->listener,
3827 qio_net_listener_set_client_func(vd->listener,
3828 vnc_listen_io, vd, NULL);
3832 vd->wslistener = qio_net_listener_new();
3833 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3834 for (i = 0; i < nwsaddr; i++) {
3835 if (qio_net_listener_open_sync(vd->wslistener,
3842 qio_net_listener_set_client_func(vd->wslistener,
3843 vnc_listen_io, vd, NULL);
3850 void vnc_display_open(const char *id, Error **errp)
3852 VncDisplay *vd = vnc_display_find(id);
3853 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3854 SocketAddress **saddr = NULL, **wsaddr = NULL;
3855 size_t nsaddr, nwsaddr;
3856 const char *share, *device_id;
3858 bool password = false;
3859 bool reverse = false;
3862 #ifdef CONFIG_VNC_SASL
3866 int lock_key_sync = 1;
3870 error_setg(errp, "VNC display not active");
3873 vnc_display_close(vd);
3879 reverse = qemu_opt_get_bool(opts, "reverse", false);
3880 if (vnc_display_get_addresses(opts, reverse, &saddr, &nsaddr,
3881 &wsaddr, &nwsaddr, errp) < 0) {
3885 password = qemu_opt_get_bool(opts, "password", false);
3887 if (fips_get_state()) {
3889 "VNC password auth disabled due to FIPS mode, "
3890 "consider using the VeNCrypt or SASL authentication "
3891 "methods as an alternative");
3894 if (!qcrypto_cipher_supports(
3895 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) {
3897 "Cipher backend does not support DES RFB algorithm");
3902 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3903 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
3904 sasl = qemu_opt_get_bool(opts, "sasl", false);
3905 #ifndef CONFIG_VNC_SASL
3907 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3910 #endif /* CONFIG_VNC_SASL */
3911 credid = qemu_opt_get(opts, "tls-creds");
3914 if (qemu_opt_get(opts, "tls") ||
3915 qemu_opt_get(opts, "x509") ||
3916 qemu_opt_get(opts, "x509verify")) {
3918 "'tls-creds' parameter is mutually exclusive with "
3919 "'tls', 'x509' and 'x509verify' parameters");
3923 creds = object_resolve_path_component(
3924 object_get_objects_root(), credid);
3926 error_setg(errp, "No TLS credentials with id '%s'",
3930 vd->tlscreds = (QCryptoTLSCreds *)
3931 object_dynamic_cast(creds,
3932 TYPE_QCRYPTO_TLS_CREDS);
3933 if (!vd->tlscreds) {
3934 error_setg(errp, "Object with id '%s' is not TLS credentials",
3938 object_ref(OBJECT(vd->tlscreds));
3940 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3942 "Expecting TLS credentials with a server endpoint");
3947 bool tls = false, x509 = false, x509verify = false;
3948 tls = qemu_opt_get_bool(opts, "tls", false);
3950 path = qemu_opt_get(opts, "x509");
3955 path = qemu_opt_get(opts, "x509verify");
3961 vd->tlscreds = vnc_display_create_creds(x509,
3966 if (!vd->tlscreds) {
3971 acl = qemu_opt_get_bool(opts, "acl", false);
3973 share = qemu_opt_get(opts, "share");
3975 if (strcmp(share, "ignore") == 0) {
3976 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
3977 } else if (strcmp(share, "allow-exclusive") == 0) {
3978 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3979 } else if (strcmp(share, "force-shared") == 0) {
3980 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3982 error_setg(errp, "unknown vnc share= option");
3986 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3988 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3990 #ifdef CONFIG_VNC_JPEG
3991 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
3993 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3994 /* adaptive updates are only used with tight encoding and
3995 * if lossy updates are enabled so we can disable all the
3996 * calculations otherwise */
3998 vd->non_adaptive = true;
4002 if (strcmp(vd->id, "default") == 0) {
4003 vd->tlsaclname = g_strdup("vnc.x509dname");
4005 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id);
4007 qemu_acl_init(vd->tlsaclname);
4009 #ifdef CONFIG_VNC_SASL
4013 if (strcmp(vd->id, "default") == 0) {
4014 aclname = g_strdup("vnc.username");
4016 aclname = g_strdup_printf("vnc.%s.username", vd->id);
4018 vd->sasl.acl = qemu_acl_init(aclname);
4023 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4024 vd->tlscreds, password,
4025 sasl, false, errp) < 0) {
4028 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4030 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4031 vd->tlscreds, password,
4032 sasl, true, errp) < 0) {
4035 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4037 #ifdef CONFIG_VNC_SASL
4038 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
4039 error_setg(errp, "Failed to initialize SASL auth: %s",
4040 sasl_errstring(saslErr, NULL, NULL));
4044 vd->lock_key_sync = lock_key_sync;
4045 if (lock_key_sync) {
4046 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4049 vd->key_delay_ms = key_delay_ms;
4051 device_id = qemu_opt_get(opts, "display");
4053 int head = qemu_opt_get_number(opts, "head", 0);
4056 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4058 error_propagate(errp, err);
4065 if (con != vd->dcl.con) {
4066 unregister_displaychangelistener(&vd->dcl);
4068 register_displaychangelistener(&vd->dcl);
4071 if (saddr == NULL) {
4076 if (vnc_display_connect(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4080 if (vnc_display_listen(vd, saddr, nsaddr, wsaddr, nwsaddr, errp) < 0) {
4085 if (qemu_opt_get(opts, "to")) {
4086 vnc_display_print_local_addr(vd);
4090 vnc_free_addresses(&saddr, &nsaddr);
4091 vnc_free_addresses(&wsaddr, &nwsaddr);
4095 vnc_display_close(vd);
4099 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4101 VncDisplay *vd = vnc_display_find(id);
4102 QIOChannelSocket *sioc;
4108 sioc = qio_channel_socket_new_fd(csock, NULL);
4110 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4111 vnc_connect(vd, sioc, skipauth, false);
4112 object_unref(OBJECT(sioc));
4116 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4121 id = g_strdup("default");
4122 while (qemu_opts_find(olist, id)) {
4124 id = g_strdup_printf("vnc%d", i++);
4126 qemu_opts_set_id(opts, id);
4129 QemuOpts *vnc_parse(const char *str, Error **errp)
4131 QemuOptsList *olist = qemu_find_opts("vnc");
4132 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
4139 id = qemu_opts_id(opts);
4141 /* auto-assign id if not present */
4142 vnc_auto_assign_id(olist, opts);
4147 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4149 Error *local_err = NULL;
4150 char *id = (char *)qemu_opts_id(opts);
4153 vnc_display_init(id);
4154 vnc_display_open(id, &local_err);
4155 if (local_err != NULL) {
4156 error_reportf_err(local_err, "Failed to start VNC server: ");
4162 static void vnc_register_config(void)
4164 qemu_add_opts(&qemu_vnc_opts);
4166 opts_init(vnc_register_config);
projects / qemu.git / blob