2 * QEMU VNC display driver
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
34 #include "qmp-commands.h"
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
43 #include "vnc_keysym.h"
46 static VncDisplay *vnc_display; /* needed for info vnc */
47 static DisplayChangeListener *dcl;
49 static int vnc_cursor_define(VncState *vs);
50 static void vnc_release_modifiers(VncState *vs);
52 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
55 static const char *mn[] = {
57 [VNC_SHARE_MODE_CONNECTING] = "connecting",
58 [VNC_SHARE_MODE_SHARED] = "shared",
59 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
60 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
62 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
63 vs->csock, mn[vs->share_mode], mn[mode]);
66 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
67 vs->vd->num_exclusive--;
69 vs->share_mode = mode;
70 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
71 vs->vd->num_exclusive++;
75 static char *addr_to_string(const char *format,
76 struct sockaddr_storage *sa,
79 char host[NI_MAXHOST];
80 char serv[NI_MAXSERV];
84 if ((err = getnameinfo((struct sockaddr *)sa, salen,
87 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
88 VNC_DEBUG("Cannot resolve address %d: %s\n",
89 err, gai_strerror(err));
93 /* Enough for the existing format + the 2 vars we're
95 addrlen = strlen(format) + strlen(host) + strlen(serv);
96 addr = g_malloc(addrlen + 1);
97 snprintf(addr, addrlen, format, host, serv);
104 char *vnc_socket_local_addr(const char *format, int fd) {
105 struct sockaddr_storage sa;
109 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
112 return addr_to_string(format, &sa, salen);
115 char *vnc_socket_remote_addr(const char *format, int fd) {
116 struct sockaddr_storage sa;
120 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
123 return addr_to_string(format, &sa, salen);
126 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
129 char host[NI_MAXHOST];
130 char serv[NI_MAXSERV];
133 if ((err = getnameinfo((struct sockaddr *)sa, salen,
136 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
137 VNC_DEBUG("Cannot resolve address %d: %s\n",
138 err, gai_strerror(err));
142 qdict_put(qdict, "host", qstring_from_str(host));
143 qdict_put(qdict, "service", qstring_from_str(serv));
144 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
149 static int vnc_server_addr_put(QDict *qdict, int fd)
151 struct sockaddr_storage sa;
155 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
159 return put_addr_qdict(qdict, &sa, salen);
162 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
164 struct sockaddr_storage sa;
168 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
172 return put_addr_qdict(qdict, &sa, salen);
175 static const char *vnc_auth_name(VncDisplay *vd) {
177 case VNC_AUTH_INVALID:
193 case VNC_AUTH_VENCRYPT:
194 #ifdef CONFIG_VNC_TLS
195 switch (vd->subauth) {
196 case VNC_AUTH_VENCRYPT_PLAIN:
197 return "vencrypt+plain";
198 case VNC_AUTH_VENCRYPT_TLSNONE:
199 return "vencrypt+tls+none";
200 case VNC_AUTH_VENCRYPT_TLSVNC:
201 return "vencrypt+tls+vnc";
202 case VNC_AUTH_VENCRYPT_TLSPLAIN:
203 return "vencrypt+tls+plain";
204 case VNC_AUTH_VENCRYPT_X509NONE:
205 return "vencrypt+x509+none";
206 case VNC_AUTH_VENCRYPT_X509VNC:
207 return "vencrypt+x509+vnc";
208 case VNC_AUTH_VENCRYPT_X509PLAIN:
209 return "vencrypt+x509+plain";
210 case VNC_AUTH_VENCRYPT_TLSSASL:
211 return "vencrypt+tls+sasl";
212 case VNC_AUTH_VENCRYPT_X509SASL:
213 return "vencrypt+x509+sasl";
226 static int vnc_server_info_put(QDict *qdict)
228 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
232 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
236 static void vnc_client_cache_auth(VncState *client)
238 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
247 qdict = qobject_to_qdict(client->info);
250 #ifdef CONFIG_VNC_TLS
251 if (client->tls.session &&
253 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
256 #ifdef CONFIG_VNC_SASL
257 if (client->sasl.conn &&
258 client->sasl.username) {
259 qdict_put(qdict, "sasl_username",
260 qstring_from_str(client->sasl.username));
265 static void vnc_client_cache_addr(VncState *client)
270 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
272 /* XXX: how to report the error? */
276 client->info = QOBJECT(qdict);
279 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
288 server = qdict_new();
289 if (vnc_server_info_put(server) < 0) {
294 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
295 vs->info, QOBJECT(server));
297 monitor_protocol_event(event, data);
299 qobject_incref(vs->info);
300 qobject_decref(data);
303 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
305 struct sockaddr_storage sa;
306 socklen_t salen = sizeof(sa);
307 char host[NI_MAXHOST];
308 char serv[NI_MAXSERV];
311 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
315 if (getnameinfo((struct sockaddr *)&sa, salen,
318 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
322 info = g_malloc0(sizeof(*info));
323 info->host = g_strdup(host);
324 info->service = g_strdup(serv);
325 info->family = g_strdup(inet_strfamily(sa.ss_family));
327 #ifdef CONFIG_VNC_TLS
328 if (client->tls.session && client->tls.dname) {
329 info->has_x509_dname = true;
330 info->x509_dname = g_strdup(client->tls.dname);
333 #ifdef CONFIG_VNC_SASL
334 if (client->sasl.conn && client->sasl.username) {
335 info->has_sasl_username = true;
336 info->sasl_username = g_strdup(client->sasl.username);
343 VncInfo *qmp_query_vnc(Error **errp)
345 VncInfo *info = g_malloc0(sizeof(*info));
347 if (vnc_display == NULL || vnc_display->display == NULL) {
348 info->enabled = false;
350 VncClientInfoList *cur_item = NULL;
351 struct sockaddr_storage sa;
352 socklen_t salen = sizeof(sa);
353 char host[NI_MAXHOST];
354 char serv[NI_MAXSERV];
357 info->enabled = true;
359 /* for compatibility with the original command */
360 info->has_clients = true;
362 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
363 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
364 cinfo->value = qmp_query_vnc_client(client);
366 /* XXX: waiting for the qapi to support GSList */
368 info->clients = cur_item = cinfo;
370 cur_item->next = cinfo;
375 if (vnc_display->lsock == -1) {
379 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
381 error_set(errp, QERR_UNDEFINED_ERROR);
385 if (getnameinfo((struct sockaddr *)&sa, salen,
388 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
389 error_set(errp, QERR_UNDEFINED_ERROR);
393 info->has_host = true;
394 info->host = g_strdup(host);
396 info->has_service = true;
397 info->service = g_strdup(serv);
399 info->has_family = true;
400 info->family = g_strdup(inet_strfamily(sa.ss_family));
402 info->has_auth = true;
403 info->auth = g_strdup(vnc_auth_name(vnc_display));
409 qapi_free_VncInfo(info);
414 1) Get the queue working for IO.
415 2) there is some weirdness when using the -S option (the screen is grey
416 and not totally invalidated
417 3) resolutions > 1024
420 static int vnc_update_client(VncState *vs, int has_dirty);
421 static int vnc_update_client_sync(VncState *vs, int has_dirty);
422 static void vnc_disconnect_start(VncState *vs);
423 static void vnc_disconnect_finish(VncState *vs);
424 static void vnc_init_timer(VncDisplay *vd);
425 static void vnc_remove_timer(VncDisplay *vd);
427 static void vnc_colordepth(VncState *vs);
428 static void framebuffer_update_request(VncState *vs, int incremental,
429 int x_position, int y_position,
431 static void vnc_refresh(void *opaque);
432 static int vnc_refresh_server_surface(VncDisplay *vd);
434 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
437 VncDisplay *vd = ds->opaque;
438 struct VncSurface *s = &vd->guest;
442 /* round x down to ensure the loop only spans one 16-pixel block per,
443 iteration. otherwise, if (x % 16) != 0, the last iteration may span
444 two 16-pixel blocks but we only mark the first as dirty
449 x = MIN(x, s->ds->width);
450 y = MIN(y, s->ds->height);
451 w = MIN(x + w, s->ds->width) - x;
452 h = MIN(h, s->ds->height);
455 for (i = 0; i < w; i += 16)
456 set_bit((x + i) / 16, s->dirty[y]);
459 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
462 vnc_write_u16(vs, x);
463 vnc_write_u16(vs, y);
464 vnc_write_u16(vs, w);
465 vnc_write_u16(vs, h);
467 vnc_write_s32(vs, encoding);
470 void buffer_reserve(Buffer *buffer, size_t len)
472 if ((buffer->capacity - buffer->offset) < len) {
473 buffer->capacity += (len + 1024);
474 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
475 if (buffer->buffer == NULL) {
476 fprintf(stderr, "vnc: out of memory\n");
482 int buffer_empty(Buffer *buffer)
484 return buffer->offset == 0;
487 uint8_t *buffer_end(Buffer *buffer)
489 return buffer->buffer + buffer->offset;
492 void buffer_reset(Buffer *buffer)
497 void buffer_free(Buffer *buffer)
499 g_free(buffer->buffer);
501 buffer->capacity = 0;
502 buffer->buffer = NULL;
505 void buffer_append(Buffer *buffer, const void *data, size_t len)
507 memcpy(buffer->buffer + buffer->offset, data, len);
508 buffer->offset += len;
511 static void vnc_desktop_resize(VncState *vs)
513 DisplayState *ds = vs->ds;
515 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
518 if (vs->client_width == ds_get_width(ds) &&
519 vs->client_height == ds_get_height(ds)) {
522 vs->client_width = ds_get_width(ds);
523 vs->client_height = ds_get_height(ds);
525 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
527 vnc_write_u16(vs, 1); /* number of rects */
528 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
529 VNC_ENCODING_DESKTOPRESIZE);
530 vnc_unlock_output(vs);
534 static void vnc_abort_display_jobs(VncDisplay *vd)
538 QTAILQ_FOREACH(vs, &vd->clients, next) {
541 vnc_unlock_output(vs);
543 QTAILQ_FOREACH(vs, &vd->clients, next) {
546 QTAILQ_FOREACH(vs, &vd->clients, next) {
549 vnc_unlock_output(vs);
553 static void vnc_dpy_resize(DisplayState *ds)
555 VncDisplay *vd = ds->opaque;
558 vnc_abort_display_jobs(vd);
562 vd->server = g_malloc0(sizeof(*vd->server));
563 if (vd->server->data)
564 g_free(vd->server->data);
565 *(vd->server) = *(ds->surface);
566 vd->server->data = g_malloc0(vd->server->linesize *
571 vd->guest.ds = g_malloc0(sizeof(*vd->guest.ds));
572 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
573 console_color_init(ds);
574 *(vd->guest.ds) = *(ds->surface);
575 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
577 QTAILQ_FOREACH(vs, &vd->clients, next) {
579 vnc_desktop_resize(vs);
580 if (vs->vd->cursor) {
581 vnc_cursor_define(vs);
583 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
588 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
589 void *pixels, int size)
591 vnc_write(vs, pixels, size);
594 /* slowest but generic code. */
595 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
598 VncDisplay *vd = vs->vd;
600 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
601 vd->server->pf.rbits);
602 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
603 vd->server->pf.gbits);
604 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
605 vd->server->pf.bbits);
606 v = (r << vs->clientds.pf.rshift) |
607 (g << vs->clientds.pf.gshift) |
608 (b << vs->clientds.pf.bshift);
609 switch(vs->clientds.pf.bytes_per_pixel) {
614 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
624 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
639 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
640 void *pixels1, int size)
644 if (pf->bytes_per_pixel == 4) {
645 uint32_t *pixels = pixels1;
648 for(i = 0; i < n; i++) {
649 vnc_convert_pixel(vs, buf, pixels[i]);
650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
652 } else if (pf->bytes_per_pixel == 2) {
653 uint16_t *pixels = pixels1;
656 for(i = 0; i < n; i++) {
657 vnc_convert_pixel(vs, buf, pixels[i]);
658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
660 } else if (pf->bytes_per_pixel == 1) {
661 uint8_t *pixels = pixels1;
664 for(i = 0; i < n; i++) {
665 vnc_convert_pixel(vs, buf, pixels[i]);
666 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
669 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
673 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
677 VncDisplay *vd = vs->vd;
679 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
680 for (i = 0; i < h; i++) {
681 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
682 row += ds_get_linesize(vs->ds);
687 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
691 switch(vs->vnc_encoding) {
692 case VNC_ENCODING_ZLIB:
693 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
695 case VNC_ENCODING_HEXTILE:
696 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
697 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
699 case VNC_ENCODING_TIGHT:
700 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
702 case VNC_ENCODING_TIGHT_PNG:
703 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
705 case VNC_ENCODING_ZRLE:
706 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
708 case VNC_ENCODING_ZYWRLE:
709 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
712 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
713 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
719 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
721 /* send bitblit op to the vnc client */
723 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
725 vnc_write_u16(vs, 1); /* number of rects */
726 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
727 vnc_write_u16(vs, src_x);
728 vnc_write_u16(vs, src_y);
729 vnc_unlock_output(vs);
733 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
735 VncDisplay *vd = ds->opaque;
739 int i,x,y,pitch,depth,inc,w_lim,s;
742 vnc_refresh_server_surface(vd);
743 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
744 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
745 vs->force_update = 1;
746 vnc_update_client_sync(vs, 1);
747 /* vs might be free()ed here */
751 /* do bitblit op on the local surface too */
752 pitch = ds_get_linesize(vd->ds);
753 depth = ds_get_bytes_per_pixel(vd->ds);
754 src_row = vd->server->data + pitch * src_y + depth * src_x;
755 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
760 src_row += pitch * (h-1);
761 dst_row += pitch * (h-1);
766 w_lim = w - (16 - (dst_x % 16));
770 w_lim = w - (w_lim % 16);
771 for (i = 0; i < h; i++) {
772 for (x = 0; x <= w_lim;
773 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
775 if ((s = w - w_lim) == 0)
778 s = (16 - (dst_x % 16));
783 cmp_bytes = s * depth;
784 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
786 memmove(dst_row, src_row, cmp_bytes);
787 QTAILQ_FOREACH(vs, &vd->clients, next) {
788 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
789 set_bit(((x + dst_x) / 16), vs->dirty[y]);
793 src_row += pitch - w * depth;
794 dst_row += pitch - w * depth;
798 QTAILQ_FOREACH(vs, &vd->clients, next) {
799 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
800 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
805 static void vnc_mouse_set(int x, int y, int visible)
807 /* can we ask the client(s) to move the pointer ??? */
810 static int vnc_cursor_define(VncState *vs)
812 QEMUCursor *c = vs->vd->cursor;
813 PixelFormat pf = qemu_default_pixelformat(32);
816 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
818 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
819 vnc_write_u8(vs, 0); /* padding */
820 vnc_write_u16(vs, 1); /* # of rects */
821 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
822 VNC_ENCODING_RICH_CURSOR);
823 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
824 vnc_write_pixels_generic(vs, &pf, c->data, isize);
825 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
826 vnc_unlock_output(vs);
832 static void vnc_dpy_cursor_define(QEMUCursor *c)
834 VncDisplay *vd = vnc_display;
837 cursor_put(vd->cursor);
838 g_free(vd->cursor_mask);
841 cursor_get(vd->cursor);
842 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
843 vd->cursor_mask = g_malloc0(vd->cursor_msize);
844 cursor_get_mono_mask(c, 0, vd->cursor_mask);
846 QTAILQ_FOREACH(vs, &vd->clients, next) {
847 vnc_cursor_define(vs);
851 static int find_and_clear_dirty_height(struct VncState *vs,
852 int y, int last_x, int x, int height)
856 for (h = 1; h < (height - y); h++) {
858 if (!test_bit(last_x, vs->dirty[y + h])) {
861 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
862 clear_bit(tmp_x, vs->dirty[y + h]);
869 static int vnc_update_client_sync(VncState *vs, int has_dirty)
871 int ret = vnc_update_client(vs, has_dirty);
876 static int vnc_update_client(VncState *vs, int has_dirty)
878 if (vs->need_update && vs->csock != -1) {
879 VncDisplay *vd = vs->vd;
886 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
887 /* kernel send buffers are full -> drop frames to throttle */
890 if (!has_dirty && !vs->audio_cap && !vs->force_update)
894 * Send screen updates to the vnc client using the server
895 * surface and server dirty map. guest surface updates
896 * happening in parallel don't disturb us, the next pass will
897 * send them to the client.
899 job = vnc_job_new(vs);
901 width = MIN(vd->server->width, vs->client_width);
902 height = MIN(vd->server->height, vs->client_height);
904 for (y = 0; y < height; y++) {
907 for (x = 0; x < width / 16; x++) {
908 if (test_and_clear_bit(x, vs->dirty[y])) {
914 int h = find_and_clear_dirty_height(vs, y, last_x, x,
917 n += vnc_job_add_rect(job, last_x * 16, y,
918 (x - last_x) * 16, h);
924 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
925 n += vnc_job_add_rect(job, last_x * 16, y,
926 (x - last_x) * 16, h);
931 vs->force_update = 0;
936 vnc_disconnect_finish(vs);
942 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
944 VncState *vs = opaque;
947 case AUD_CNOTIFY_DISABLE:
949 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
950 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
951 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
952 vnc_unlock_output(vs);
956 case AUD_CNOTIFY_ENABLE:
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
961 vnc_unlock_output(vs);
967 static void audio_capture_destroy(void *opaque)
971 static void audio_capture(void *opaque, void *buf, int size)
973 VncState *vs = opaque;
976 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
977 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
978 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
979 vnc_write_u32(vs, size);
980 vnc_write(vs, buf, size);
981 vnc_unlock_output(vs);
985 static void audio_add(VncState *vs)
987 struct audio_capture_ops ops;
990 monitor_printf(default_mon, "audio already running\n");
994 ops.notify = audio_capture_notify;
995 ops.destroy = audio_capture_destroy;
996 ops.capture = audio_capture;
998 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
999 if (!vs->audio_cap) {
1000 monitor_printf(default_mon, "Failed to add audio capture\n");
1004 static void audio_del(VncState *vs)
1006 if (vs->audio_cap) {
1007 AUD_del_capture(vs->audio_cap, vs);
1008 vs->audio_cap = NULL;
1012 static void vnc_disconnect_start(VncState *vs)
1014 if (vs->csock == -1)
1016 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1017 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1018 closesocket(vs->csock);
1022 static void vnc_disconnect_finish(VncState *vs)
1026 vnc_jobs_join(vs); /* Wait encoding jobs */
1028 vnc_lock_output(vs);
1029 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1031 buffer_free(&vs->input);
1032 buffer_free(&vs->output);
1034 qobject_decref(vs->info);
1037 vnc_tight_clear(vs);
1040 #ifdef CONFIG_VNC_TLS
1041 vnc_tls_client_cleanup(vs);
1042 #endif /* CONFIG_VNC_TLS */
1043 #ifdef CONFIG_VNC_SASL
1044 vnc_sasl_client_cleanup(vs);
1045 #endif /* CONFIG_VNC_SASL */
1047 vnc_release_modifiers(vs);
1049 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1051 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1055 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1056 vnc_remove_timer(vs->vd);
1057 if (vs->vd->lock_key_sync)
1058 qemu_remove_led_event_handler(vs->led);
1059 vnc_unlock_output(vs);
1061 qemu_mutex_destroy(&vs->output_mutex);
1062 qemu_bh_delete(vs->bh);
1063 buffer_free(&vs->jobs_buffer);
1065 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1066 g_free(vs->lossy_rect[i]);
1068 g_free(vs->lossy_rect);
1072 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1074 if (ret == 0 || ret == -1) {
1076 switch (last_errno) {
1080 case WSAEWOULDBLOCK:
1088 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1089 ret, ret < 0 ? last_errno : 0);
1090 vnc_disconnect_start(vs);
1098 void vnc_client_error(VncState *vs)
1100 VNC_DEBUG("Closing down client sock: protocol error\n");
1101 vnc_disconnect_start(vs);
1106 * Called to write a chunk of data to the client socket. The data may
1107 * be the raw data, or may have already been encoded by SASL.
1108 * The data will be written either straight onto the socket, or
1109 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1111 * NB, it is theoretically possible to have 2 layers of encryption,
1112 * both SASL, and this TLS layer. It is highly unlikely in practice
1113 * though, since SASL encryption will typically be a no-op if TLS
1116 * Returns the number of bytes written, which may be less than
1117 * the requested 'datalen' if the socket would block. Returns
1118 * -1 on error, and disconnects the client socket.
1120 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1123 #ifdef CONFIG_VNC_TLS
1124 if (vs->tls.session) {
1125 ret = gnutls_write(vs->tls.session, data, datalen);
1127 if (ret == GNUTLS_E_AGAIN)
1134 #endif /* CONFIG_VNC_TLS */
1135 ret = send(vs->csock, (const void *)data, datalen, 0);
1136 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1137 return vnc_client_io_error(vs, ret, socket_error());
1142 * Called to write buffered data to the client socket, when not
1143 * using any SASL SSF encryption layers. Will write as much data
1144 * as possible without blocking. If all buffered data is written,
1145 * will switch the FD poll() handler back to read monitoring.
1147 * Returns the number of bytes written, which may be less than
1148 * the buffered output data if the socket would block. Returns
1149 * -1 on error, and disconnects the client socket.
1151 static long vnc_client_write_plain(VncState *vs)
1155 #ifdef CONFIG_VNC_SASL
1156 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1157 vs->output.buffer, vs->output.capacity, vs->output.offset,
1158 vs->sasl.waitWriteSSF);
1160 if (vs->sasl.conn &&
1162 vs->sasl.waitWriteSSF) {
1163 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1165 vs->sasl.waitWriteSSF -= ret;
1167 #endif /* CONFIG_VNC_SASL */
1168 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1172 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1173 vs->output.offset -= ret;
1175 if (vs->output.offset == 0) {
1176 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1184 * First function called whenever there is data to be written to
1185 * the client socket. Will delegate actual work according to whether
1186 * SASL SSF layers are enabled (thus requiring encryption calls)
1188 static void vnc_client_write_locked(void *opaque)
1190 VncState *vs = opaque;
1192 #ifdef CONFIG_VNC_SASL
1193 if (vs->sasl.conn &&
1195 !vs->sasl.waitWriteSSF) {
1196 vnc_client_write_sasl(vs);
1198 #endif /* CONFIG_VNC_SASL */
1199 vnc_client_write_plain(vs);
1202 void vnc_client_write(void *opaque)
1204 VncState *vs = opaque;
1206 vnc_lock_output(vs);
1207 if (vs->output.offset) {
1208 vnc_client_write_locked(opaque);
1209 } else if (vs->csock != -1) {
1210 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1212 vnc_unlock_output(vs);
1215 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1217 vs->read_handler = func;
1218 vs->read_handler_expect = expecting;
1223 * Called to read a chunk of data from the client socket. The data may
1224 * be the raw data, or may need to be further decoded by SASL.
1225 * The data will be read either straight from to the socket, or
1226 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1228 * NB, it is theoretically possible to have 2 layers of encryption,
1229 * both SASL, and this TLS layer. It is highly unlikely in practice
1230 * though, since SASL encryption will typically be a no-op if TLS
1233 * Returns the number of bytes read, which may be less than
1234 * the requested 'datalen' if the socket would block. Returns
1235 * -1 on error, and disconnects the client socket.
1237 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1240 #ifdef CONFIG_VNC_TLS
1241 if (vs->tls.session) {
1242 ret = gnutls_read(vs->tls.session, data, datalen);
1244 if (ret == GNUTLS_E_AGAIN)
1251 #endif /* CONFIG_VNC_TLS */
1252 ret = qemu_recv(vs->csock, data, datalen, 0);
1253 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1254 return vnc_client_io_error(vs, ret, socket_error());
1259 * Called to read data from the client socket to the input buffer,
1260 * when not using any SASL SSF encryption layers. Will read as much
1261 * data as possible without blocking.
1263 * Returns the number of bytes read. Returns -1 on error, and
1264 * disconnects the client socket.
1266 static long vnc_client_read_plain(VncState *vs)
1269 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1270 vs->input.buffer, vs->input.capacity, vs->input.offset);
1271 buffer_reserve(&vs->input, 4096);
1272 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1275 vs->input.offset += ret;
1279 static void vnc_jobs_bh(void *opaque)
1281 VncState *vs = opaque;
1283 vnc_jobs_consume_buffer(vs);
1287 * First function called whenever there is more data to be read from
1288 * the client socket. Will delegate actual work according to whether
1289 * SASL SSF layers are enabled (thus requiring decryption calls)
1291 void vnc_client_read(void *opaque)
1293 VncState *vs = opaque;
1296 #ifdef CONFIG_VNC_SASL
1297 if (vs->sasl.conn && vs->sasl.runSSF)
1298 ret = vnc_client_read_sasl(vs);
1300 #endif /* CONFIG_VNC_SASL */
1301 ret = vnc_client_read_plain(vs);
1303 if (vs->csock == -1)
1304 vnc_disconnect_finish(vs);
1308 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1309 size_t len = vs->read_handler_expect;
1312 ret = vs->read_handler(vs, vs->input.buffer, len);
1313 if (vs->csock == -1) {
1314 vnc_disconnect_finish(vs);
1319 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1320 vs->input.offset -= len;
1322 vs->read_handler_expect = ret;
1327 void vnc_write(VncState *vs, const void *data, size_t len)
1329 buffer_reserve(&vs->output, len);
1331 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1332 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1335 buffer_append(&vs->output, data, len);
1338 void vnc_write_s32(VncState *vs, int32_t value)
1340 vnc_write_u32(vs, *(uint32_t *)&value);
1343 void vnc_write_u32(VncState *vs, uint32_t value)
1347 buf[0] = (value >> 24) & 0xFF;
1348 buf[1] = (value >> 16) & 0xFF;
1349 buf[2] = (value >> 8) & 0xFF;
1350 buf[3] = value & 0xFF;
1352 vnc_write(vs, buf, 4);
1355 void vnc_write_u16(VncState *vs, uint16_t value)
1359 buf[0] = (value >> 8) & 0xFF;
1360 buf[1] = value & 0xFF;
1362 vnc_write(vs, buf, 2);
1365 void vnc_write_u8(VncState *vs, uint8_t value)
1367 vnc_write(vs, (char *)&value, 1);
1370 void vnc_flush(VncState *vs)
1372 vnc_lock_output(vs);
1373 if (vs->csock != -1 && vs->output.offset) {
1374 vnc_client_write_locked(vs);
1376 vnc_unlock_output(vs);
1379 uint8_t read_u8(uint8_t *data, size_t offset)
1381 return data[offset];
1384 uint16_t read_u16(uint8_t *data, size_t offset)
1386 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1389 int32_t read_s32(uint8_t *data, size_t offset)
1391 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1392 (data[offset + 2] << 8) | data[offset + 3]);
1395 uint32_t read_u32(uint8_t *data, size_t offset)
1397 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1398 (data[offset + 2] << 8) | data[offset + 3]);
1401 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1405 static void check_pointer_type_change(Notifier *notifier, void *data)
1407 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1408 int absolute = kbd_mouse_is_absolute();
1410 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1411 vnc_lock_output(vs);
1412 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1413 vnc_write_u8(vs, 0);
1414 vnc_write_u16(vs, 1);
1415 vnc_framebuffer_update(vs, absolute, 0,
1416 ds_get_width(vs->ds), ds_get_height(vs->ds),
1417 VNC_ENCODING_POINTER_TYPE_CHANGE);
1418 vnc_unlock_output(vs);
1421 vs->absolute = absolute;
1424 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1429 if (button_mask & 0x01)
1430 buttons |= MOUSE_EVENT_LBUTTON;
1431 if (button_mask & 0x02)
1432 buttons |= MOUSE_EVENT_MBUTTON;
1433 if (button_mask & 0x04)
1434 buttons |= MOUSE_EVENT_RBUTTON;
1435 if (button_mask & 0x08)
1437 if (button_mask & 0x10)
1441 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1442 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1443 ds_get_height(vs->ds) > 1 ?
1444 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1446 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1450 kbd_mouse_event(x, y, dz, buttons);
1452 if (vs->last_x != -1)
1453 kbd_mouse_event(x - vs->last_x,
1461 static void reset_keys(VncState *vs)
1464 for(i = 0; i < 256; i++) {
1465 if (vs->modifiers_state[i]) {
1466 if (i & SCANCODE_GREY)
1467 kbd_put_keycode(SCANCODE_EMUL0);
1468 kbd_put_keycode(i | SCANCODE_UP);
1469 vs->modifiers_state[i] = 0;
1474 static void press_key(VncState *vs, int keysym)
1476 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1477 if (keycode & SCANCODE_GREY)
1478 kbd_put_keycode(SCANCODE_EMUL0);
1479 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1480 if (keycode & SCANCODE_GREY)
1481 kbd_put_keycode(SCANCODE_EMUL0);
1482 kbd_put_keycode(keycode | SCANCODE_UP);
1485 static void kbd_leds(void *opaque, int ledstate)
1487 VncState *vs = opaque;
1490 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1491 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1493 if (vs->modifiers_state[0x3a] != caps) {
1494 vs->modifiers_state[0x3a] = caps;
1496 if (vs->modifiers_state[0x45] != num) {
1497 vs->modifiers_state[0x45] = num;
1501 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1503 /* QEMU console switch */
1505 case 0x2a: /* Left Shift */
1506 case 0x36: /* Right Shift */
1507 case 0x1d: /* Left CTRL */
1508 case 0x9d: /* Right CTRL */
1509 case 0x38: /* Left ALT */
1510 case 0xb8: /* Right ALT */
1512 vs->modifiers_state[keycode] = 1;
1514 vs->modifiers_state[keycode] = 0;
1516 case 0x02 ... 0x0a: /* '1' to '9' keys */
1517 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1518 /* Reset the modifiers sent to the current console */
1520 console_select(keycode - 0x02);
1524 case 0x3a: /* CapsLock */
1525 case 0x45: /* NumLock */
1527 vs->modifiers_state[keycode] ^= 1;
1531 if (down && vs->vd->lock_key_sync &&
1532 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1533 /* If the numlock state needs to change then simulate an additional
1534 keypress before sending this one. This will happen if the user
1535 toggles numlock away from the VNC window.
1537 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1538 if (!vs->modifiers_state[0x45]) {
1539 vs->modifiers_state[0x45] = 1;
1540 press_key(vs, 0xff7f);
1543 if (vs->modifiers_state[0x45]) {
1544 vs->modifiers_state[0x45] = 0;
1545 press_key(vs, 0xff7f);
1550 if (down && vs->vd->lock_key_sync &&
1551 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1552 /* If the capslock state needs to change then simulate an additional
1553 keypress before sending this one. This will happen if the user
1554 toggles capslock away from the VNC window.
1556 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1557 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1558 int capslock = !!(vs->modifiers_state[0x3a]);
1560 if (uppercase == shift) {
1561 vs->modifiers_state[0x3a] = 0;
1562 press_key(vs, 0xffe5);
1565 if (uppercase != shift) {
1566 vs->modifiers_state[0x3a] = 1;
1567 press_key(vs, 0xffe5);
1572 if (is_graphic_console()) {
1573 if (keycode & SCANCODE_GREY)
1574 kbd_put_keycode(SCANCODE_EMUL0);
1576 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1578 kbd_put_keycode(keycode | SCANCODE_UP);
1580 bool numlock = vs->modifiers_state[0x45];
1581 bool control = (vs->modifiers_state[0x1d] ||
1582 vs->modifiers_state[0x9d]);
1583 /* QEMU console emulation */
1586 case 0x2a: /* Left Shift */
1587 case 0x36: /* Right Shift */
1588 case 0x1d: /* Left CTRL */
1589 case 0x9d: /* Right CTRL */
1590 case 0x38: /* Left ALT */
1591 case 0xb8: /* Right ALT */
1594 kbd_put_keysym(QEMU_KEY_UP);
1597 kbd_put_keysym(QEMU_KEY_DOWN);
1600 kbd_put_keysym(QEMU_KEY_LEFT);
1603 kbd_put_keysym(QEMU_KEY_RIGHT);
1606 kbd_put_keysym(QEMU_KEY_DELETE);
1609 kbd_put_keysym(QEMU_KEY_HOME);
1612 kbd_put_keysym(QEMU_KEY_END);
1615 kbd_put_keysym(QEMU_KEY_PAGEUP);
1618 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1622 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1625 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1628 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1631 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1634 kbd_put_keysym('5');
1637 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1640 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1643 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1646 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1649 kbd_put_keysym('0');
1652 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1656 kbd_put_keysym('/');
1659 kbd_put_keysym('*');
1662 kbd_put_keysym('-');
1665 kbd_put_keysym('+');
1668 kbd_put_keysym('\n');
1673 kbd_put_keysym(sym & 0x1f);
1675 kbd_put_keysym(sym);
1683 static void vnc_release_modifiers(VncState *vs)
1685 static const int keycodes[] = {
1686 /* shift, control, alt keys, both left & right */
1687 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1691 if (!is_graphic_console()) {
1694 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1695 keycode = keycodes[i];
1696 if (!vs->modifiers_state[keycode]) {
1699 if (keycode & SCANCODE_GREY) {
1700 kbd_put_keycode(SCANCODE_EMUL0);
1702 kbd_put_keycode(keycode | SCANCODE_UP);
1706 static void key_event(VncState *vs, int down, uint32_t sym)
1711 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1712 lsym = lsym - 'A' + 'a';
1715 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1716 do_key_event(vs, down, keycode, sym);
1719 static void ext_key_event(VncState *vs, int down,
1720 uint32_t sym, uint16_t keycode)
1722 /* if the user specifies a keyboard layout, always use it */
1723 if (keyboard_layout)
1724 key_event(vs, down, sym);
1726 do_key_event(vs, down, keycode, sym);
1729 static void framebuffer_update_request(VncState *vs, int incremental,
1730 int x_position, int y_position,
1734 const size_t width = ds_get_width(vs->ds) / 16;
1736 if (y_position > ds_get_height(vs->ds))
1737 y_position = ds_get_height(vs->ds);
1738 if (y_position + h >= ds_get_height(vs->ds))
1739 h = ds_get_height(vs->ds) - y_position;
1741 vs->need_update = 1;
1743 vs->force_update = 1;
1744 for (i = 0; i < h; i++) {
1745 bitmap_set(vs->dirty[y_position + i], 0, width);
1746 bitmap_clear(vs->dirty[y_position + i], width,
1747 VNC_DIRTY_BITS - width);
1752 static void send_ext_key_event_ack(VncState *vs)
1754 vnc_lock_output(vs);
1755 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1756 vnc_write_u8(vs, 0);
1757 vnc_write_u16(vs, 1);
1758 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1759 VNC_ENCODING_EXT_KEY_EVENT);
1760 vnc_unlock_output(vs);
1764 static void send_ext_audio_ack(VncState *vs)
1766 vnc_lock_output(vs);
1767 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1768 vnc_write_u8(vs, 0);
1769 vnc_write_u16(vs, 1);
1770 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1771 VNC_ENCODING_AUDIO);
1772 vnc_unlock_output(vs);
1776 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1779 unsigned int enc = 0;
1782 vs->vnc_encoding = 0;
1783 vs->tight.compression = 9;
1784 vs->tight.quality = -1; /* Lossless by default */
1788 * Start from the end because the encodings are sent in order of preference.
1789 * This way the preferred encoding (first encoding defined in the array)
1790 * will be set at the end of the loop.
1792 for (i = n_encodings - 1; i >= 0; i--) {
1795 case VNC_ENCODING_RAW:
1796 vs->vnc_encoding = enc;
1798 case VNC_ENCODING_COPYRECT:
1799 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1801 case VNC_ENCODING_HEXTILE:
1802 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1803 vs->vnc_encoding = enc;
1805 case VNC_ENCODING_TIGHT:
1806 vs->features |= VNC_FEATURE_TIGHT_MASK;
1807 vs->vnc_encoding = enc;
1809 #ifdef CONFIG_VNC_PNG
1810 case VNC_ENCODING_TIGHT_PNG:
1811 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1812 vs->vnc_encoding = enc;
1815 case VNC_ENCODING_ZLIB:
1816 vs->features |= VNC_FEATURE_ZLIB_MASK;
1817 vs->vnc_encoding = enc;
1819 case VNC_ENCODING_ZRLE:
1820 vs->features |= VNC_FEATURE_ZRLE_MASK;
1821 vs->vnc_encoding = enc;
1823 case VNC_ENCODING_ZYWRLE:
1824 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1825 vs->vnc_encoding = enc;
1827 case VNC_ENCODING_DESKTOPRESIZE:
1828 vs->features |= VNC_FEATURE_RESIZE_MASK;
1830 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1831 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1833 case VNC_ENCODING_RICH_CURSOR:
1834 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1836 case VNC_ENCODING_EXT_KEY_EVENT:
1837 send_ext_key_event_ack(vs);
1839 case VNC_ENCODING_AUDIO:
1840 send_ext_audio_ack(vs);
1842 case VNC_ENCODING_WMVi:
1843 vs->features |= VNC_FEATURE_WMVI_MASK;
1845 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1846 vs->tight.compression = (enc & 0x0F);
1848 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1849 if (vs->vd->lossy) {
1850 vs->tight.quality = (enc & 0x0F);
1854 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1858 vnc_desktop_resize(vs);
1859 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1862 static void set_pixel_conversion(VncState *vs)
1864 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1865 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1866 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1867 vs->write_pixels = vnc_write_pixels_copy;
1868 vnc_hextile_set_pixel_conversion(vs, 0);
1870 vs->write_pixels = vnc_write_pixels_generic;
1871 vnc_hextile_set_pixel_conversion(vs, 1);
1875 static void set_pixel_format(VncState *vs,
1876 int bits_per_pixel, int depth,
1877 int big_endian_flag, int true_color_flag,
1878 int red_max, int green_max, int blue_max,
1879 int red_shift, int green_shift, int blue_shift)
1881 if (!true_color_flag) {
1882 vnc_client_error(vs);
1886 vs->clientds = *(vs->vd->guest.ds);
1887 vs->clientds.pf.rmax = red_max;
1888 vs->clientds.pf.rbits = hweight_long(red_max);
1889 vs->clientds.pf.rshift = red_shift;
1890 vs->clientds.pf.rmask = red_max << red_shift;
1891 vs->clientds.pf.gmax = green_max;
1892 vs->clientds.pf.gbits = hweight_long(green_max);
1893 vs->clientds.pf.gshift = green_shift;
1894 vs->clientds.pf.gmask = green_max << green_shift;
1895 vs->clientds.pf.bmax = blue_max;
1896 vs->clientds.pf.bbits = hweight_long(blue_max);
1897 vs->clientds.pf.bshift = blue_shift;
1898 vs->clientds.pf.bmask = blue_max << blue_shift;
1899 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1900 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1901 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1902 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1904 set_pixel_conversion(vs);
1906 vga_hw_invalidate();
1910 static void pixel_format_message (VncState *vs) {
1911 char pad[3] = { 0, 0, 0 };
1913 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1914 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1916 #ifdef HOST_WORDS_BIGENDIAN
1917 vnc_write_u8(vs, 1); /* big-endian-flag */
1919 vnc_write_u8(vs, 0); /* big-endian-flag */
1921 vnc_write_u8(vs, 1); /* true-color-flag */
1922 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1923 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1924 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1925 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1926 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1927 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1929 vnc_hextile_set_pixel_conversion(vs, 0);
1931 vs->clientds = *(vs->ds->surface);
1932 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1933 vs->write_pixels = vnc_write_pixels_copy;
1935 vnc_write(vs, pad, 3); /* padding */
1938 static void vnc_dpy_setdata(DisplayState *ds)
1940 VncDisplay *vd = ds->opaque;
1942 *(vd->guest.ds) = *(ds->surface);
1943 vnc_dpy_update(ds, 0, 0, ds_get_width(ds), ds_get_height(ds));
1946 static void vnc_colordepth(VncState *vs)
1948 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1949 /* Sending a WMVi message to notify the client*/
1950 vnc_lock_output(vs);
1951 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1952 vnc_write_u8(vs, 0);
1953 vnc_write_u16(vs, 1); /* number of rects */
1954 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1955 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1956 pixel_format_message(vs);
1957 vnc_unlock_output(vs);
1960 set_pixel_conversion(vs);
1964 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1968 VncDisplay *vd = vs->vd;
1971 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1972 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
1973 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
1977 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1981 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1982 read_u8(data, 6), read_u8(data, 7),
1983 read_u16(data, 8), read_u16(data, 10),
1984 read_u16(data, 12), read_u8(data, 14),
1985 read_u8(data, 15), read_u8(data, 16));
1987 case VNC_MSG_CLIENT_SET_ENCODINGS:
1992 limit = read_u16(data, 2);
1994 return 4 + (limit * 4);
1996 limit = read_u16(data, 2);
1998 for (i = 0; i < limit; i++) {
1999 int32_t val = read_s32(data, 4 + (i * 4));
2000 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2003 set_encodings(vs, (int32_t *)(data + 4), limit);
2005 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2009 framebuffer_update_request(vs,
2010 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2011 read_u16(data, 6), read_u16(data, 8));
2013 case VNC_MSG_CLIENT_KEY_EVENT:
2017 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2019 case VNC_MSG_CLIENT_POINTER_EVENT:
2023 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2025 case VNC_MSG_CLIENT_CUT_TEXT:
2030 uint32_t dlen = read_u32(data, 4);
2035 client_cut_text(vs, read_u32(data, 4), data + 8);
2037 case VNC_MSG_CLIENT_QEMU:
2041 switch (read_u8(data, 1)) {
2042 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2046 ext_key_event(vs, read_u16(data, 2),
2047 read_u32(data, 4), read_u32(data, 8));
2049 case VNC_MSG_CLIENT_QEMU_AUDIO:
2053 switch (read_u16 (data, 2)) {
2054 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2057 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2060 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2063 switch (read_u8(data, 4)) {
2064 case 0: vs->as.fmt = AUD_FMT_U8; break;
2065 case 1: vs->as.fmt = AUD_FMT_S8; break;
2066 case 2: vs->as.fmt = AUD_FMT_U16; break;
2067 case 3: vs->as.fmt = AUD_FMT_S16; break;
2068 case 4: vs->as.fmt = AUD_FMT_U32; break;
2069 case 5: vs->as.fmt = AUD_FMT_S32; break;
2071 printf("Invalid audio format %d\n", read_u8(data, 4));
2072 vnc_client_error(vs);
2075 vs->as.nchannels = read_u8(data, 5);
2076 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2077 printf("Invalid audio channel coount %d\n",
2079 vnc_client_error(vs);
2082 vs->as.freq = read_u32(data, 6);
2085 printf ("Invalid audio message %d\n", read_u8(data, 4));
2086 vnc_client_error(vs);
2092 printf("Msg: %d\n", read_u16(data, 0));
2093 vnc_client_error(vs);
2098 printf("Msg: %d\n", data[0]);
2099 vnc_client_error(vs);
2103 vnc_read_when(vs, protocol_client_msg, 1);
2107 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2113 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2114 switch (vs->vd->share_policy) {
2115 case VNC_SHARE_POLICY_IGNORE:
2117 * Ignore the shared flag. Nothing to do here.
2119 * Doesn't conform to the rfb spec but is traditional qemu
2120 * behavior, thus left here as option for compatibility
2124 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2126 * Policy: Allow clients ask for exclusive access.
2128 * Implementation: When a client asks for exclusive access,
2129 * disconnect all others. Shared connects are allowed as long
2130 * as no exclusive connection exists.
2132 * This is how the rfb spec suggests to handle the shared flag.
2134 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2136 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2140 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2141 client->share_mode != VNC_SHARE_MODE_SHARED) {
2144 vnc_disconnect_start(client);
2147 if (mode == VNC_SHARE_MODE_SHARED) {
2148 if (vs->vd->num_exclusive > 0) {
2149 vnc_disconnect_start(vs);
2154 case VNC_SHARE_POLICY_FORCE_SHARED:
2156 * Policy: Shared connects only.
2157 * Implementation: Disallow clients asking for exclusive access.
2159 * Useful for shared desktop sessions where you don't want
2160 * someone forgetting to say -shared when running the vnc
2161 * client disconnect everybody else.
2163 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2164 vnc_disconnect_start(vs);
2169 vnc_set_share_mode(vs, mode);
2171 vs->client_width = ds_get_width(vs->ds);
2172 vs->client_height = ds_get_height(vs->ds);
2173 vnc_write_u16(vs, vs->client_width);
2174 vnc_write_u16(vs, vs->client_height);
2176 pixel_format_message(vs);
2179 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2181 size = snprintf(buf, sizeof(buf), "QEMU");
2183 vnc_write_u32(vs, size);
2184 vnc_write(vs, buf, size);
2187 vnc_client_cache_auth(vs);
2188 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2190 vnc_read_when(vs, protocol_client_msg, 1);
2195 void start_client_init(VncState *vs)
2197 vnc_read_when(vs, protocol_client_init, 1);
2200 static void make_challenge(VncState *vs)
2204 srand(time(NULL)+getpid()+getpid()*987654+rand());
2206 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2207 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2210 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2212 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2214 unsigned char key[8];
2215 time_t now = time(NULL);
2217 if (!vs->vd->password) {
2218 VNC_DEBUG("No password configured on server");
2221 if (vs->vd->expires < now) {
2222 VNC_DEBUG("Password is expired");
2226 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2228 /* Calculate the expected challenge response */
2229 pwlen = strlen(vs->vd->password);
2230 for (i=0; i<sizeof(key); i++)
2231 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2233 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2234 des(response+j, response+j);
2236 /* Compare expected vs actual challenge response */
2237 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2238 VNC_DEBUG("Client challenge response did not match\n");
2241 VNC_DEBUG("Accepting VNC challenge response\n");
2242 vnc_write_u32(vs, 0); /* Accept auth */
2245 start_client_init(vs);
2250 vnc_write_u32(vs, 1); /* Reject auth */
2251 if (vs->minor >= 8) {
2252 static const char err[] = "Authentication failed";
2253 vnc_write_u32(vs, sizeof(err));
2254 vnc_write(vs, err, sizeof(err));
2257 vnc_client_error(vs);
2261 void start_auth_vnc(VncState *vs)
2264 /* Send client a 'random' challenge */
2265 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2268 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2272 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2274 /* We only advertise 1 auth scheme at a time, so client
2275 * must pick the one we sent. Verify this */
2276 if (data[0] != vs->auth) { /* Reject auth */
2277 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2278 vnc_write_u32(vs, 1);
2279 if (vs->minor >= 8) {
2280 static const char err[] = "Authentication failed";
2281 vnc_write_u32(vs, sizeof(err));
2282 vnc_write(vs, err, sizeof(err));
2284 vnc_client_error(vs);
2285 } else { /* Accept requested auth */
2286 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2289 VNC_DEBUG("Accept auth none\n");
2290 if (vs->minor >= 8) {
2291 vnc_write_u32(vs, 0); /* Accept auth completion */
2294 start_client_init(vs);
2298 VNC_DEBUG("Start VNC auth\n");
2302 #ifdef CONFIG_VNC_TLS
2303 case VNC_AUTH_VENCRYPT:
2304 VNC_DEBUG("Accept VeNCrypt auth\n");
2305 start_auth_vencrypt(vs);
2307 #endif /* CONFIG_VNC_TLS */
2309 #ifdef CONFIG_VNC_SASL
2311 VNC_DEBUG("Accept SASL auth\n");
2312 start_auth_sasl(vs);
2314 #endif /* CONFIG_VNC_SASL */
2316 default: /* Should not be possible, but just in case */
2317 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2318 vnc_write_u8(vs, 1);
2319 if (vs->minor >= 8) {
2320 static const char err[] = "Authentication failed";
2321 vnc_write_u32(vs, sizeof(err));
2322 vnc_write(vs, err, sizeof(err));
2324 vnc_client_error(vs);
2330 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2334 memcpy(local, version, 12);
2337 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2338 VNC_DEBUG("Malformed protocol version %s\n", local);
2339 vnc_client_error(vs);
2342 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2343 if (vs->major != 3 ||
2349 VNC_DEBUG("Unsupported client version\n");
2350 vnc_write_u32(vs, VNC_AUTH_INVALID);
2352 vnc_client_error(vs);
2355 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2356 * as equivalent to v3.3 by servers
2358 if (vs->minor == 4 || vs->minor == 5)
2361 if (vs->minor == 3) {
2362 if (vs->auth == VNC_AUTH_NONE) {
2363 VNC_DEBUG("Tell client auth none\n");
2364 vnc_write_u32(vs, vs->auth);
2366 start_client_init(vs);
2367 } else if (vs->auth == VNC_AUTH_VNC) {
2368 VNC_DEBUG("Tell client VNC auth\n");
2369 vnc_write_u32(vs, vs->auth);
2373 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2374 vnc_write_u32(vs, VNC_AUTH_INVALID);
2376 vnc_client_error(vs);
2379 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2380 vnc_write_u8(vs, 1); /* num auth */
2381 vnc_write_u8(vs, vs->auth);
2382 vnc_read_when(vs, protocol_client_auth, 1);
2389 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2391 struct VncSurface *vs = &vd->guest;
2393 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2396 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2400 w = (x + w) / VNC_STAT_RECT;
2401 h = (y + h) / VNC_STAT_RECT;
2405 for (j = y; j <= h; j++) {
2406 for (i = x; i <= w; i++) {
2407 vs->lossy_rect[j][i] = 1;
2412 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2415 int sty = y / VNC_STAT_RECT;
2416 int stx = x / VNC_STAT_RECT;
2419 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2420 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2422 QTAILQ_FOREACH(vs, &vd->clients, next) {
2425 /* kernel send buffers are full -> refresh later */
2426 if (vs->output.offset) {
2430 if (!vs->lossy_rect[sty][stx]) {
2434 vs->lossy_rect[sty][stx] = 0;
2435 for (j = 0; j < VNC_STAT_RECT; ++j) {
2436 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2444 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2450 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2451 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2452 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2454 rect->updated = false;
2458 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2460 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2463 vd->guest.last_freq_check = *tv;
2465 for (y = 0; y < vd->guest.ds->height; y += VNC_STAT_RECT) {
2466 for (x = 0; x < vd->guest.ds->width; x += VNC_STAT_RECT) {
2467 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2468 int count = ARRAY_SIZE(rect->times);
2469 struct timeval min, max;
2471 if (!timerisset(&rect->times[count - 1])) {
2475 max = rect->times[(rect->idx + count - 1) % count];
2476 qemu_timersub(tv, &max, &res);
2478 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2480 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2481 memset(rect->times, 0, sizeof (rect->times));
2485 min = rect->times[rect->idx];
2486 max = rect->times[(rect->idx + count - 1) % count];
2487 qemu_timersub(&max, &min, &res);
2489 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2490 rect->freq /= count;
2491 rect->freq = 1. / rect->freq;
2497 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2503 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2504 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2506 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2507 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2508 total += vnc_stat_rect(vs->vd, i, j)->freq;
2520 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2524 rect = vnc_stat_rect(vd, x, y);
2525 if (rect->updated) {
2528 rect->times[rect->idx] = *tv;
2529 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2530 rect->updated = true;
2533 static int vnc_refresh_server_surface(VncDisplay *vd)
2537 uint8_t *server_row;
2542 struct timeval tv = { 0, 0 };
2544 if (!vd->non_adaptive) {
2545 gettimeofday(&tv, NULL);
2546 has_dirty = vnc_update_stats(vd, &tv);
2550 * Walk through the guest dirty map.
2551 * Check and copy modified bits from guest to server surface.
2552 * Update server dirty map.
2554 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2555 if (cmp_bytes > vd->ds->surface->linesize) {
2556 cmp_bytes = vd->ds->surface->linesize;
2558 guest_row = vd->guest.ds->data;
2559 server_row = vd->server->data;
2560 for (y = 0; y < vd->guest.ds->height; y++) {
2561 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2564 uint8_t *server_ptr;
2566 guest_ptr = guest_row;
2567 server_ptr = server_row;
2569 for (x = 0; x + 15 < vd->guest.ds->width;
2570 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2571 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2573 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2575 memcpy(server_ptr, guest_ptr, cmp_bytes);
2576 if (!vd->non_adaptive)
2577 vnc_rect_updated(vd, x, y, &tv);
2578 QTAILQ_FOREACH(vs, &vd->clients, next) {
2579 set_bit((x / 16), vs->dirty[y]);
2584 guest_row += ds_get_linesize(vd->ds);
2585 server_row += ds_get_linesize(vd->ds);
2590 static void vnc_refresh(void *opaque)
2592 VncDisplay *vd = opaque;
2594 int has_dirty, rects = 0;
2598 if (vnc_trylock_display(vd)) {
2599 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2600 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2601 vd->timer_interval);
2605 has_dirty = vnc_refresh_server_surface(vd);
2606 vnc_unlock_display(vd);
2608 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2609 rects += vnc_update_client(vs, has_dirty);
2610 /* vs might be free()ed here */
2613 /* vd->timer could be NULL now if the last client disconnected,
2614 * in this case don't update the timer */
2615 if (vd->timer == NULL)
2618 if (has_dirty && rects) {
2619 vd->timer_interval /= 2;
2620 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2621 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2623 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2624 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2625 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2627 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2630 static void vnc_init_timer(VncDisplay *vd)
2632 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2633 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2634 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2635 vnc_dpy_resize(vd->ds);
2640 static void vnc_remove_timer(VncDisplay *vd)
2642 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2643 qemu_del_timer(vd->timer);
2644 qemu_free_timer(vd->timer);
2649 static void vnc_connect(VncDisplay *vd, int csock, int skipauth)
2651 VncState *vs = g_malloc0(sizeof(VncState));
2657 vs->auth = VNC_AUTH_NONE;
2658 #ifdef CONFIG_VNC_TLS
2659 vs->subauth = VNC_AUTH_INVALID;
2662 vs->auth = vd->auth;
2663 #ifdef CONFIG_VNC_TLS
2664 vs->subauth = vd->subauth;
2668 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2669 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2670 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2673 VNC_DEBUG("New client on socket %d\n", csock);
2675 socket_set_nonblock(vs->csock);
2676 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2678 vnc_client_cache_addr(vs);
2679 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2680 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2687 vs->as.freq = 44100;
2688 vs->as.nchannels = 2;
2689 vs->as.fmt = AUD_FMT_S16;
2690 vs->as.endianness = 0;
2692 qemu_mutex_init(&vs->output_mutex);
2693 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2695 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2699 vnc_write(vs, "RFB 003.008\n", 12);
2701 vnc_read_when(vs, protocol_version, 12);
2703 if (vs->vd->lock_key_sync)
2704 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2706 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2707 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2711 /* vs might be free()ed here */
2714 static void vnc_listen_read(void *opaque)
2716 VncDisplay *vs = opaque;
2717 struct sockaddr_in addr;
2718 socklen_t addrlen = sizeof(addr);
2723 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2725 vnc_connect(vs, csock, 0);
2729 void vnc_display_init(DisplayState *ds)
2731 VncDisplay *vs = g_malloc0(sizeof(*vs));
2733 dcl = g_malloc0(sizeof(DisplayChangeListener));
2742 QTAILQ_INIT(&vs->clients);
2743 vs->expires = TIME_MAX;
2745 if (keyboard_layout)
2746 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2748 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2750 if (!vs->kbd_layout)
2753 qemu_mutex_init(&vs->mutex);
2754 vnc_start_worker_thread();
2756 dcl->dpy_copy = vnc_dpy_copy;
2757 dcl->dpy_update = vnc_dpy_update;
2758 dcl->dpy_resize = vnc_dpy_resize;
2759 dcl->dpy_setdata = vnc_dpy_setdata;
2760 register_displaychangelistener(ds, dcl);
2761 ds->mouse_set = vnc_mouse_set;
2762 ds->cursor_define = vnc_dpy_cursor_define;
2766 void vnc_display_close(DisplayState *ds)
2768 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2773 g_free(vs->display);
2776 if (vs->lsock != -1) {
2777 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2781 vs->auth = VNC_AUTH_INVALID;
2782 #ifdef CONFIG_VNC_TLS
2783 vs->subauth = VNC_AUTH_INVALID;
2784 vs->tls.x509verify = 0;
2788 int vnc_display_disable_login(DisplayState *ds)
2790 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2797 g_free(vs->password);
2800 vs->password = NULL;
2801 if (vs->auth == VNC_AUTH_NONE) {
2802 vs->auth = VNC_AUTH_VNC;
2808 int vnc_display_password(DisplayState *ds, const char *password)
2810 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2817 /* This is not the intention of this interface but err on the side
2819 return vnc_display_disable_login(ds);
2823 g_free(vs->password);
2824 vs->password = NULL;
2826 vs->password = g_strdup(password);
2827 if (vs->auth == VNC_AUTH_NONE) {
2828 vs->auth = VNC_AUTH_VNC;
2834 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2836 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2842 vs->expires = expires;
2846 char *vnc_display_local_addr(DisplayState *ds)
2848 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2850 return vnc_socket_local_addr("%s:%s", vs->lsock);
2853 int vnc_display_open(DisplayState *ds, const char *display)
2855 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2856 const char *options;
2859 #ifdef CONFIG_VNC_TLS
2860 int tls = 0, x509 = 0;
2862 #ifdef CONFIG_VNC_SASL
2866 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2869 int lock_key_sync = 1;
2873 vnc_display_close(ds);
2874 if (strcmp(display, "none") == 0)
2877 if (!(vs->display = strdup(display)))
2879 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2882 while ((options = strchr(options, ','))) {
2884 if (strncmp(options, "password", 8) == 0) {
2885 if (fips_get_state()) {
2887 "VNC password auth disabled due to FIPS mode, "
2888 "consider using the VeNCrypt or SASL authentication "
2889 "methods as an alternative\n");
2890 g_free(vs->display);
2894 password = 1; /* Require password auth */
2895 } else if (strncmp(options, "reverse", 7) == 0) {
2897 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
2899 #ifdef CONFIG_VNC_SASL
2900 } else if (strncmp(options, "sasl", 4) == 0) {
2901 sasl = 1; /* Require SASL auth */
2903 #ifdef CONFIG_VNC_TLS
2904 } else if (strncmp(options, "tls", 3) == 0) {
2905 tls = 1; /* Require TLS */
2906 } else if (strncmp(options, "x509", 4) == 0) {
2908 x509 = 1; /* Require x509 certificates */
2909 if (strncmp(options, "x509verify", 10) == 0)
2910 vs->tls.x509verify = 1; /* ...and verify client certs */
2912 /* Now check for 'x509=/some/path' postfix
2913 * and use that to setup x509 certificate/key paths */
2914 start = strchr(options, '=');
2915 end = strchr(options, ',');
2916 if (start && (!end || (start < end))) {
2917 int len = end ? end-(start+1) : strlen(start+1);
2918 char *path = g_strndup(start + 1, len);
2920 VNC_DEBUG("Trying certificate path '%s'\n", path);
2921 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2922 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2924 g_free(vs->display);
2930 fprintf(stderr, "No certificate path provided\n");
2931 g_free(vs->display);
2936 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2937 } else if (strncmp(options, "acl", 3) == 0) {
2940 } else if (strncmp(options, "lossy", 5) == 0) {
2942 } else if (strncmp(options, "non-adapative", 13) == 0) {
2943 vs->non_adaptive = true;
2944 } else if (strncmp(options, "share=", 6) == 0) {
2945 if (strncmp(options+6, "ignore", 6) == 0) {
2946 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
2947 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
2948 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2949 } else if (strncmp(options+6, "force-shared", 12) == 0) {
2950 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
2952 fprintf(stderr, "unknown vnc share= option\n");
2953 g_free(vs->display);
2960 #ifdef CONFIG_VNC_TLS
2961 if (acl && x509 && vs->tls.x509verify) {
2962 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2963 fprintf(stderr, "Failed to create x509 dname ACL\n");
2968 #ifdef CONFIG_VNC_SASL
2970 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2971 fprintf(stderr, "Failed to create username ACL\n");
2978 * Combinations we support here:
2980 * - no-auth (clear text, no auth)
2981 * - password (clear text, weak auth)
2982 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2983 * - tls (encrypt, weak anonymous creds, no auth)
2984 * - tls + password (encrypt, weak anonymous creds, weak auth)
2985 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2986 * - tls + x509 (encrypt, good x509 creds, no auth)
2987 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2988 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2990 * NB1. TLS is a stackable auth scheme.
2991 * NB2. the x509 schemes have option to validate a client cert dname
2994 #ifdef CONFIG_VNC_TLS
2996 vs->auth = VNC_AUTH_VENCRYPT;
2998 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2999 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3001 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3002 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3005 #endif /* CONFIG_VNC_TLS */
3006 VNC_DEBUG("Initializing VNC server with password auth\n");
3007 vs->auth = VNC_AUTH_VNC;
3008 #ifdef CONFIG_VNC_TLS
3009 vs->subauth = VNC_AUTH_INVALID;
3011 #endif /* CONFIG_VNC_TLS */
3012 #ifdef CONFIG_VNC_SASL
3014 #ifdef CONFIG_VNC_TLS
3016 vs->auth = VNC_AUTH_VENCRYPT;
3018 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3019 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3021 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3022 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3025 #endif /* CONFIG_VNC_TLS */
3026 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3027 vs->auth = VNC_AUTH_SASL;
3028 #ifdef CONFIG_VNC_TLS
3029 vs->subauth = VNC_AUTH_INVALID;
3031 #endif /* CONFIG_VNC_TLS */
3032 #endif /* CONFIG_VNC_SASL */
3034 #ifdef CONFIG_VNC_TLS
3036 vs->auth = VNC_AUTH_VENCRYPT;
3038 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3039 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3041 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3042 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3046 VNC_DEBUG("Initializing VNC server with no auth\n");
3047 vs->auth = VNC_AUTH_NONE;
3048 #ifdef CONFIG_VNC_TLS
3049 vs->subauth = VNC_AUTH_INVALID;
3054 #ifdef CONFIG_VNC_SASL
3055 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3056 fprintf(stderr, "Failed to initialize SASL auth %s",
3057 sasl_errstring(saslErr, NULL, NULL));
3058 g_free(vs->display);
3063 vs->lock_key_sync = lock_key_sync;
3066 /* connect to viewer */
3067 if (strncmp(display, "unix:", 5) == 0)
3068 vs->lsock = unix_connect(display+5);
3070 vs->lsock = inet_connect(display, NULL);
3071 if (-1 == vs->lsock) {
3072 g_free(vs->display);
3076 int csock = vs->lsock;
3078 vnc_connect(vs, csock, 0);
3083 /* listen for connects */
3085 dpy = g_malloc(256);
3086 if (strncmp(display, "unix:", 5) == 0) {
3087 pstrcpy(dpy, 256, "unix:");
3088 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
3090 vs->lsock = inet_listen(display, dpy, 256,
3091 SOCK_STREAM, 5900, NULL);
3093 if (-1 == vs->lsock) {
3097 g_free(vs->display);
3101 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
3104 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3106 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
3108 vnc_connect(vs, csock, skipauth);
projects / qemu.git / blob