2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
29 #include "sysemu/sysemu.h"
30 #include "qemu/sockets.h"
31 #include "qemu/timer.h"
33 #include "qapi/qmp/types.h"
34 #include "qmp-commands.h"
35 #include "qemu/osdep.h"
37 #define VNC_REFRESH_INTERVAL_BASE 30
38 #define VNC_REFRESH_INTERVAL_INC 50
39 #define VNC_REFRESH_INTERVAL_MAX 2000
40 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
41 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
43 #include "vnc_keysym.h"
46 static VncDisplay *vnc_display; /* needed for info vnc */
48 static int vnc_cursor_define(VncState *vs);
49 static void vnc_release_modifiers(VncState *vs);
51 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
54 static const char *mn[] = {
56 [VNC_SHARE_MODE_CONNECTING] = "connecting",
57 [VNC_SHARE_MODE_SHARED] = "shared",
58 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
59 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
61 fprintf(stderr, "%s/%d: %s -> %s\n", __func__,
62 vs->csock, mn[vs->share_mode], mn[mode]);
65 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
66 vs->vd->num_exclusive--;
68 vs->share_mode = mode;
69 if (vs->share_mode == VNC_SHARE_MODE_EXCLUSIVE) {
70 vs->vd->num_exclusive++;
74 static char *addr_to_string(const char *format,
75 struct sockaddr_storage *sa,
78 char host[NI_MAXHOST];
79 char serv[NI_MAXSERV];
83 if ((err = getnameinfo((struct sockaddr *)sa, salen,
86 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
87 VNC_DEBUG("Cannot resolve address %d: %s\n",
88 err, gai_strerror(err));
92 /* Enough for the existing format + the 2 vars we're
94 addrlen = strlen(format) + strlen(host) + strlen(serv);
95 addr = g_malloc(addrlen + 1);
96 snprintf(addr, addrlen, format, host, serv);
103 char *vnc_socket_local_addr(const char *format, int fd) {
104 struct sockaddr_storage sa;
108 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
111 return addr_to_string(format, &sa, salen);
114 char *vnc_socket_remote_addr(const char *format, int fd) {
115 struct sockaddr_storage sa;
119 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
122 return addr_to_string(format, &sa, salen);
125 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
128 char host[NI_MAXHOST];
129 char serv[NI_MAXSERV];
132 if ((err = getnameinfo((struct sockaddr *)sa, salen,
135 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
136 VNC_DEBUG("Cannot resolve address %d: %s\n",
137 err, gai_strerror(err));
141 qdict_put(qdict, "host", qstring_from_str(host));
142 qdict_put(qdict, "service", qstring_from_str(serv));
143 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
148 static int vnc_server_addr_put(QDict *qdict, int fd)
150 struct sockaddr_storage sa;
154 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
158 return put_addr_qdict(qdict, &sa, salen);
161 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
163 struct sockaddr_storage sa;
167 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
171 return put_addr_qdict(qdict, &sa, salen);
174 static const char *vnc_auth_name(VncDisplay *vd) {
176 case VNC_AUTH_INVALID:
192 case VNC_AUTH_VENCRYPT:
193 #ifdef CONFIG_VNC_TLS
194 switch (vd->subauth) {
195 case VNC_AUTH_VENCRYPT_PLAIN:
196 return "vencrypt+plain";
197 case VNC_AUTH_VENCRYPT_TLSNONE:
198 return "vencrypt+tls+none";
199 case VNC_AUTH_VENCRYPT_TLSVNC:
200 return "vencrypt+tls+vnc";
201 case VNC_AUTH_VENCRYPT_TLSPLAIN:
202 return "vencrypt+tls+plain";
203 case VNC_AUTH_VENCRYPT_X509NONE:
204 return "vencrypt+x509+none";
205 case VNC_AUTH_VENCRYPT_X509VNC:
206 return "vencrypt+x509+vnc";
207 case VNC_AUTH_VENCRYPT_X509PLAIN:
208 return "vencrypt+x509+plain";
209 case VNC_AUTH_VENCRYPT_TLSSASL:
210 return "vencrypt+tls+sasl";
211 case VNC_AUTH_VENCRYPT_X509SASL:
212 return "vencrypt+x509+sasl";
225 static int vnc_server_info_put(QDict *qdict)
227 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
231 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
235 static void vnc_client_cache_auth(VncState *client)
237 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
245 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
246 qdict = qobject_to_qdict(client->info);
249 #ifdef CONFIG_VNC_TLS
250 if (client->tls.session &&
252 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
255 #ifdef CONFIG_VNC_SASL
256 if (client->sasl.conn &&
257 client->sasl.username) {
258 qdict_put(qdict, "sasl_username",
259 qstring_from_str(client->sasl.username));
264 static void vnc_client_cache_addr(VncState *client)
269 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
271 /* XXX: how to report the error? */
275 client->info = QOBJECT(qdict);
278 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
287 server = qdict_new();
288 if (vnc_server_info_put(server) < 0) {
293 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
294 vs->info, QOBJECT(server));
296 monitor_protocol_event(event, data);
298 qobject_incref(vs->info);
299 qobject_decref(data);
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
304 struct sockaddr_storage sa;
305 socklen_t salen = sizeof(sa);
306 char host[NI_MAXHOST];
307 char serv[NI_MAXSERV];
310 if (getpeername(client->csock, (struct sockaddr *)&sa, &salen) < 0) {
314 if (getnameinfo((struct sockaddr *)&sa, salen,
317 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
321 info = g_malloc0(sizeof(*info));
322 info->host = g_strdup(host);
323 info->service = g_strdup(serv);
324 info->family = g_strdup(inet_strfamily(sa.ss_family));
326 #ifdef CONFIG_VNC_TLS
327 if (client->tls.session && client->tls.dname) {
328 info->has_x509_dname = true;
329 info->x509_dname = g_strdup(client->tls.dname);
332 #ifdef CONFIG_VNC_SASL
333 if (client->sasl.conn && client->sasl.username) {
334 info->has_sasl_username = true;
335 info->sasl_username = g_strdup(client->sasl.username);
342 VncInfo *qmp_query_vnc(Error **errp)
344 VncInfo *info = g_malloc0(sizeof(*info));
346 if (vnc_display == NULL || vnc_display->display == NULL) {
347 info->enabled = false;
349 VncClientInfoList *cur_item = NULL;
350 struct sockaddr_storage sa;
351 socklen_t salen = sizeof(sa);
352 char host[NI_MAXHOST];
353 char serv[NI_MAXSERV];
356 info->enabled = true;
358 /* for compatibility with the original command */
359 info->has_clients = true;
361 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
362 VncClientInfoList *cinfo = g_malloc0(sizeof(*info));
363 cinfo->value = qmp_query_vnc_client(client);
365 /* XXX: waiting for the qapi to support GSList */
367 info->clients = cur_item = cinfo;
369 cur_item->next = cinfo;
374 if (vnc_display->lsock == -1) {
378 if (getsockname(vnc_display->lsock, (struct sockaddr *)&sa,
380 error_set(errp, QERR_UNDEFINED_ERROR);
384 if (getnameinfo((struct sockaddr *)&sa, salen,
387 NI_NUMERICHOST | NI_NUMERICSERV) < 0) {
388 error_set(errp, QERR_UNDEFINED_ERROR);
392 info->has_host = true;
393 info->host = g_strdup(host);
395 info->has_service = true;
396 info->service = g_strdup(serv);
398 info->has_family = true;
399 info->family = g_strdup(inet_strfamily(sa.ss_family));
401 info->has_auth = true;
402 info->auth = g_strdup(vnc_auth_name(vnc_display));
408 qapi_free_VncInfo(info);
413 1) Get the queue working for IO.
414 2) there is some weirdness when using the -S option (the screen is grey
415 and not totally invalidated
416 3) resolutions > 1024
419 static int vnc_update_client(VncState *vs, int has_dirty);
420 static int vnc_update_client_sync(VncState *vs, int has_dirty);
421 static void vnc_disconnect_start(VncState *vs);
422 static void vnc_init_timer(VncDisplay *vd);
423 static void vnc_remove_timer(VncDisplay *vd);
425 static void vnc_colordepth(VncState *vs);
426 static void framebuffer_update_request(VncState *vs, int incremental,
427 int x_position, int y_position,
429 static void vnc_refresh(void *opaque);
430 static int vnc_refresh_server_surface(VncDisplay *vd);
432 static void vnc_dpy_update(DisplayChangeListener *dcl,
433 int x, int y, int w, int h)
436 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
437 struct VncSurface *s = &vd->guest;
438 int width = surface_width(vd->ds);
439 int height = surface_height(vd->ds);
443 /* round x down to ensure the loop only spans one 16-pixel block per,
444 iteration. otherwise, if (x % 16) != 0, the last iteration may span
445 two 16-pixel blocks but we only mark the first as dirty
452 w = MIN(x + w, width) - x;
456 for (i = 0; i < w; i += 16)
457 set_bit((x + i) / 16, s->dirty[y]);
460 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
463 vnc_write_u16(vs, x);
464 vnc_write_u16(vs, y);
465 vnc_write_u16(vs, w);
466 vnc_write_u16(vs, h);
468 vnc_write_s32(vs, encoding);
471 void buffer_reserve(Buffer *buffer, size_t len)
473 if ((buffer->capacity - buffer->offset) < len) {
474 buffer->capacity += (len + 1024);
475 buffer->buffer = g_realloc(buffer->buffer, buffer->capacity);
476 if (buffer->buffer == NULL) {
477 fprintf(stderr, "vnc: out of memory\n");
483 static int buffer_empty(Buffer *buffer)
485 return buffer->offset == 0;
488 uint8_t *buffer_end(Buffer *buffer)
490 return buffer->buffer + buffer->offset;
493 void buffer_reset(Buffer *buffer)
498 void buffer_free(Buffer *buffer)
500 g_free(buffer->buffer);
502 buffer->capacity = 0;
503 buffer->buffer = NULL;
506 void buffer_append(Buffer *buffer, const void *data, size_t len)
508 memcpy(buffer->buffer + buffer->offset, data, len);
509 buffer->offset += len;
512 void buffer_advance(Buffer *buf, size_t len)
514 memmove(buf->buffer, buf->buffer + len,
515 (buf->offset - len));
519 static void vnc_desktop_resize(VncState *vs)
521 DisplaySurface *ds = vs->vd->ds;
523 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
526 if (vs->client_width == surface_width(ds) &&
527 vs->client_height == surface_height(ds)) {
530 vs->client_width = surface_width(ds);
531 vs->client_height = surface_height(ds);
533 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
535 vnc_write_u16(vs, 1); /* number of rects */
536 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
537 VNC_ENCODING_DESKTOPRESIZE);
538 vnc_unlock_output(vs);
542 static void vnc_abort_display_jobs(VncDisplay *vd)
546 QTAILQ_FOREACH(vs, &vd->clients, next) {
549 vnc_unlock_output(vs);
551 QTAILQ_FOREACH(vs, &vd->clients, next) {
554 QTAILQ_FOREACH(vs, &vd->clients, next) {
557 vnc_unlock_output(vs);
561 int vnc_server_fb_stride(VncDisplay *vd)
563 return pixman_image_get_stride(vd->server);
566 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
570 ptr = (uint8_t *)pixman_image_get_data(vd->server);
571 ptr += y * vnc_server_fb_stride(vd);
572 ptr += x * VNC_SERVER_FB_BYTES;
576 static void vnc_dpy_switch(DisplayChangeListener *dcl,
577 DisplaySurface *surface)
579 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
582 vnc_abort_display_jobs(vd);
585 qemu_pixman_image_unref(vd->server);
587 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
588 surface_width(vd->ds),
589 surface_height(vd->ds),
594 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
595 console_color_init(ds);
597 qemu_pixman_image_unref(vd->guest.fb);
598 vd->guest.fb = pixman_image_ref(surface->image);
599 vd->guest.format = surface->format;
600 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
602 QTAILQ_FOREACH(vs, &vd->clients, next) {
604 vnc_desktop_resize(vs);
605 if (vs->vd->cursor) {
606 vnc_cursor_define(vs);
608 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
613 static void vnc_write_pixels_copy(VncState *vs,
614 void *pixels, int size)
616 vnc_write(vs, pixels, size);
619 /* slowest but generic code. */
620 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
624 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
625 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
626 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
627 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
629 # error need some bits here if you change VNC_SERVER_FB_FORMAT
631 v = (r << vs->client_pf.rshift) |
632 (g << vs->client_pf.gshift) |
633 (b << vs->client_pf.bshift);
634 switch (vs->client_pf.bytes_per_pixel) {
664 static void vnc_write_pixels_generic(VncState *vs,
665 void *pixels1, int size)
669 if (VNC_SERVER_FB_BYTES == 4) {
670 uint32_t *pixels = pixels1;
673 for (i = 0; i < n; i++) {
674 vnc_convert_pixel(vs, buf, pixels[i]);
675 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
680 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
684 VncDisplay *vd = vs->vd;
686 row = vnc_server_fb_ptr(vd, x, y);
687 for (i = 0; i < h; i++) {
688 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
689 row += vnc_server_fb_stride(vd);
694 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
698 switch(vs->vnc_encoding) {
699 case VNC_ENCODING_ZLIB:
700 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
702 case VNC_ENCODING_HEXTILE:
703 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
704 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
706 case VNC_ENCODING_TIGHT:
707 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
709 case VNC_ENCODING_TIGHT_PNG:
710 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
712 case VNC_ENCODING_ZRLE:
713 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
715 case VNC_ENCODING_ZYWRLE:
716 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
719 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
720 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
726 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
728 /* send bitblit op to the vnc client */
730 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
732 vnc_write_u16(vs, 1); /* number of rects */
733 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
734 vnc_write_u16(vs, src_x);
735 vnc_write_u16(vs, src_y);
736 vnc_unlock_output(vs);
740 static void vnc_dpy_copy(DisplayChangeListener *dcl,
741 int src_x, int src_y,
742 int dst_x, int dst_y, int w, int h)
744 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
748 int i, x, y, pitch, inc, w_lim, s;
751 vnc_refresh_server_surface(vd);
752 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
753 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
754 vs->force_update = 1;
755 vnc_update_client_sync(vs, 1);
756 /* vs might be free()ed here */
760 /* do bitblit op on the local surface too */
761 pitch = vnc_server_fb_stride(vd);
762 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
763 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
768 src_row += pitch * (h-1);
769 dst_row += pitch * (h-1);
774 w_lim = w - (16 - (dst_x % 16));
778 w_lim = w - (w_lim % 16);
779 for (i = 0; i < h; i++) {
780 for (x = 0; x <= w_lim;
781 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
783 if ((s = w - w_lim) == 0)
786 s = (16 - (dst_x % 16));
791 cmp_bytes = s * VNC_SERVER_FB_BYTES;
792 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
794 memmove(dst_row, src_row, cmp_bytes);
795 QTAILQ_FOREACH(vs, &vd->clients, next) {
796 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
797 set_bit(((x + dst_x) / 16), vs->dirty[y]);
801 src_row += pitch - w * VNC_SERVER_FB_BYTES;
802 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
806 QTAILQ_FOREACH(vs, &vd->clients, next) {
807 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
808 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
813 static void vnc_mouse_set(DisplayChangeListener *dcl,
814 int x, int y, int visible)
816 /* can we ask the client(s) to move the pointer ??? */
819 static int vnc_cursor_define(VncState *vs)
821 QEMUCursor *c = vs->vd->cursor;
824 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
826 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
827 vnc_write_u8(vs, 0); /* padding */
828 vnc_write_u16(vs, 1); /* # of rects */
829 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
830 VNC_ENCODING_RICH_CURSOR);
831 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
832 vnc_write_pixels_generic(vs, c->data, isize);
833 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
834 vnc_unlock_output(vs);
840 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
843 VncDisplay *vd = vnc_display;
846 cursor_put(vd->cursor);
847 g_free(vd->cursor_mask);
850 cursor_get(vd->cursor);
851 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
852 vd->cursor_mask = g_malloc0(vd->cursor_msize);
853 cursor_get_mono_mask(c, 0, vd->cursor_mask);
855 QTAILQ_FOREACH(vs, &vd->clients, next) {
856 vnc_cursor_define(vs);
860 static int find_and_clear_dirty_height(struct VncState *vs,
861 int y, int last_x, int x, int height)
865 for (h = 1; h < (height - y); h++) {
867 if (!test_bit(last_x, vs->dirty[y + h])) {
870 for (tmp_x = last_x; tmp_x < x; tmp_x++) {
871 clear_bit(tmp_x, vs->dirty[y + h]);
878 static int vnc_update_client_sync(VncState *vs, int has_dirty)
880 int ret = vnc_update_client(vs, has_dirty);
885 static int vnc_update_client(VncState *vs, int has_dirty)
887 if (vs->need_update && vs->csock != -1) {
888 VncDisplay *vd = vs->vd;
895 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
896 /* kernel send buffers are full -> drop frames to throttle */
899 if (!has_dirty && !vs->audio_cap && !vs->force_update)
903 * Send screen updates to the vnc client using the server
904 * surface and server dirty map. guest surface updates
905 * happening in parallel don't disturb us, the next pass will
906 * send them to the client.
908 job = vnc_job_new(vs);
910 width = MIN(pixman_image_get_width(vd->server), vs->client_width);
911 height = MIN(pixman_image_get_height(vd->server), vs->client_height);
913 for (y = 0; y < height; y++) {
916 for (x = 0; x < width / 16; x++) {
917 if (test_and_clear_bit(x, vs->dirty[y])) {
923 int h = find_and_clear_dirty_height(vs, y, last_x, x,
926 n += vnc_job_add_rect(job, last_x * 16, y,
927 (x - last_x) * 16, h);
933 int h = find_and_clear_dirty_height(vs, y, last_x, x, height);
934 n += vnc_job_add_rect(job, last_x * 16, y,
935 (x - last_x) * 16, h);
940 vs->force_update = 0;
945 vnc_disconnect_finish(vs);
951 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
953 VncState *vs = opaque;
956 case AUD_CNOTIFY_DISABLE:
958 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
959 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
960 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
961 vnc_unlock_output(vs);
965 case AUD_CNOTIFY_ENABLE:
967 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
968 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
969 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
970 vnc_unlock_output(vs);
976 static void audio_capture_destroy(void *opaque)
980 static void audio_capture(void *opaque, void *buf, int size)
982 VncState *vs = opaque;
985 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
986 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
987 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
988 vnc_write_u32(vs, size);
989 vnc_write(vs, buf, size);
990 vnc_unlock_output(vs);
994 static void audio_add(VncState *vs)
996 struct audio_capture_ops ops;
999 monitor_printf(default_mon, "audio already running\n");
1003 ops.notify = audio_capture_notify;
1004 ops.destroy = audio_capture_destroy;
1005 ops.capture = audio_capture;
1007 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1008 if (!vs->audio_cap) {
1009 monitor_printf(default_mon, "Failed to add audio capture\n");
1013 static void audio_del(VncState *vs)
1015 if (vs->audio_cap) {
1016 AUD_del_capture(vs->audio_cap, vs);
1017 vs->audio_cap = NULL;
1021 static void vnc_disconnect_start(VncState *vs)
1023 if (vs->csock == -1)
1025 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1026 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1027 closesocket(vs->csock);
1031 void vnc_disconnect_finish(VncState *vs)
1035 vnc_jobs_join(vs); /* Wait encoding jobs */
1037 vnc_lock_output(vs);
1038 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1040 buffer_free(&vs->input);
1041 buffer_free(&vs->output);
1042 #ifdef CONFIG_VNC_WS
1043 buffer_free(&vs->ws_input);
1044 buffer_free(&vs->ws_output);
1045 #endif /* CONFIG_VNC_WS */
1047 qobject_decref(vs->info);
1050 vnc_tight_clear(vs);
1053 #ifdef CONFIG_VNC_TLS
1054 vnc_tls_client_cleanup(vs);
1055 #endif /* CONFIG_VNC_TLS */
1056 #ifdef CONFIG_VNC_SASL
1057 vnc_sasl_client_cleanup(vs);
1058 #endif /* CONFIG_VNC_SASL */
1060 vnc_release_modifiers(vs);
1062 if (vs->initialized) {
1063 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1064 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1067 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1068 vs->vd->dcl.idle = 1;
1071 vnc_remove_timer(vs->vd);
1072 if (vs->vd->lock_key_sync)
1073 qemu_remove_led_event_handler(vs->led);
1074 vnc_unlock_output(vs);
1076 qemu_mutex_destroy(&vs->output_mutex);
1077 if (vs->bh != NULL) {
1078 qemu_bh_delete(vs->bh);
1080 buffer_free(&vs->jobs_buffer);
1082 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1083 g_free(vs->lossy_rect[i]);
1085 g_free(vs->lossy_rect);
1089 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1091 if (ret == 0 || ret == -1) {
1093 switch (last_errno) {
1097 case WSAEWOULDBLOCK:
1105 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1106 ret, ret < 0 ? last_errno : 0);
1107 vnc_disconnect_start(vs);
1115 void vnc_client_error(VncState *vs)
1117 VNC_DEBUG("Closing down client sock: protocol error\n");
1118 vnc_disconnect_start(vs);
1123 * Called to write a chunk of data to the client socket. The data may
1124 * be the raw data, or may have already been encoded by SASL.
1125 * The data will be written either straight onto the socket, or
1126 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1128 * NB, it is theoretically possible to have 2 layers of encryption,
1129 * both SASL, and this TLS layer. It is highly unlikely in practice
1130 * though, since SASL encryption will typically be a no-op if TLS
1133 * Returns the number of bytes written, which may be less than
1134 * the requested 'datalen' if the socket would block. Returns
1135 * -1 on error, and disconnects the client socket.
1137 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1140 #ifdef CONFIG_VNC_TLS
1141 if (vs->tls.session) {
1142 ret = gnutls_write(vs->tls.session, data, datalen);
1144 if (ret == GNUTLS_E_AGAIN)
1151 #endif /* CONFIG_VNC_TLS */
1152 ret = send(vs->csock, (const void *)data, datalen, 0);
1153 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1154 return vnc_client_io_error(vs, ret, socket_error());
1159 * Called to write buffered data to the client socket, when not
1160 * using any SASL SSF encryption layers. Will write as much data
1161 * as possible without blocking. If all buffered data is written,
1162 * will switch the FD poll() handler back to read monitoring.
1164 * Returns the number of bytes written, which may be less than
1165 * the buffered output data if the socket would block. Returns
1166 * -1 on error, and disconnects the client socket.
1168 static long vnc_client_write_plain(VncState *vs)
1172 #ifdef CONFIG_VNC_SASL
1173 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1174 vs->output.buffer, vs->output.capacity, vs->output.offset,
1175 vs->sasl.waitWriteSSF);
1177 if (vs->sasl.conn &&
1179 vs->sasl.waitWriteSSF) {
1180 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1182 vs->sasl.waitWriteSSF -= ret;
1184 #endif /* CONFIG_VNC_SASL */
1185 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1189 buffer_advance(&vs->output, ret);
1191 if (vs->output.offset == 0) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1200 * First function called whenever there is data to be written to
1201 * the client socket. Will delegate actual work according to whether
1202 * SASL SSF layers are enabled (thus requiring encryption calls)
1204 static void vnc_client_write_locked(void *opaque)
1206 VncState *vs = opaque;
1208 #ifdef CONFIG_VNC_SASL
1209 if (vs->sasl.conn &&
1211 !vs->sasl.waitWriteSSF) {
1212 vnc_client_write_sasl(vs);
1214 #endif /* CONFIG_VNC_SASL */
1216 #ifdef CONFIG_VNC_WS
1217 if (vs->encode_ws) {
1218 vnc_client_write_ws(vs);
1220 #endif /* CONFIG_VNC_WS */
1222 vnc_client_write_plain(vs);
1227 void vnc_client_write(void *opaque)
1229 VncState *vs = opaque;
1231 vnc_lock_output(vs);
1232 if (vs->output.offset
1233 #ifdef CONFIG_VNC_WS
1234 || vs->ws_output.offset
1237 vnc_client_write_locked(opaque);
1238 } else if (vs->csock != -1) {
1239 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1241 vnc_unlock_output(vs);
1244 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1246 vs->read_handler = func;
1247 vs->read_handler_expect = expecting;
1252 * Called to read a chunk of data from the client socket. The data may
1253 * be the raw data, or may need to be further decoded by SASL.
1254 * The data will be read either straight from to the socket, or
1255 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1257 * NB, it is theoretically possible to have 2 layers of encryption,
1258 * both SASL, and this TLS layer. It is highly unlikely in practice
1259 * though, since SASL encryption will typically be a no-op if TLS
1262 * Returns the number of bytes read, which may be less than
1263 * the requested 'datalen' if the socket would block. Returns
1264 * -1 on error, and disconnects the client socket.
1266 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1269 #ifdef CONFIG_VNC_TLS
1270 if (vs->tls.session) {
1271 ret = gnutls_read(vs->tls.session, data, datalen);
1273 if (ret == GNUTLS_E_AGAIN)
1280 #endif /* CONFIG_VNC_TLS */
1281 ret = qemu_recv(vs->csock, data, datalen, 0);
1282 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1283 return vnc_client_io_error(vs, ret, socket_error());
1288 * Called to read data from the client socket to the input buffer,
1289 * when not using any SASL SSF encryption layers. Will read as much
1290 * data as possible without blocking.
1292 * Returns the number of bytes read. Returns -1 on error, and
1293 * disconnects the client socket.
1295 static long vnc_client_read_plain(VncState *vs)
1298 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1299 vs->input.buffer, vs->input.capacity, vs->input.offset);
1300 buffer_reserve(&vs->input, 4096);
1301 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1304 vs->input.offset += ret;
1308 static void vnc_jobs_bh(void *opaque)
1310 VncState *vs = opaque;
1312 vnc_jobs_consume_buffer(vs);
1316 * First function called whenever there is more data to be read from
1317 * the client socket. Will delegate actual work according to whether
1318 * SASL SSF layers are enabled (thus requiring decryption calls)
1320 void vnc_client_read(void *opaque)
1322 VncState *vs = opaque;
1325 #ifdef CONFIG_VNC_SASL
1326 if (vs->sasl.conn && vs->sasl.runSSF)
1327 ret = vnc_client_read_sasl(vs);
1329 #endif /* CONFIG_VNC_SASL */
1330 #ifdef CONFIG_VNC_WS
1331 if (vs->encode_ws) {
1332 ret = vnc_client_read_ws(vs);
1334 vnc_disconnect_start(vs);
1336 } else if (ret == -2) {
1337 vnc_client_error(vs);
1341 #endif /* CONFIG_VNC_WS */
1343 ret = vnc_client_read_plain(vs);
1346 if (vs->csock == -1)
1347 vnc_disconnect_finish(vs);
1351 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1352 size_t len = vs->read_handler_expect;
1355 ret = vs->read_handler(vs, vs->input.buffer, len);
1356 if (vs->csock == -1) {
1357 vnc_disconnect_finish(vs);
1362 buffer_advance(&vs->input, len);
1364 vs->read_handler_expect = ret;
1369 void vnc_write(VncState *vs, const void *data, size_t len)
1371 buffer_reserve(&vs->output, len);
1373 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1374 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1377 buffer_append(&vs->output, data, len);
1380 void vnc_write_s32(VncState *vs, int32_t value)
1382 vnc_write_u32(vs, *(uint32_t *)&value);
1385 void vnc_write_u32(VncState *vs, uint32_t value)
1389 buf[0] = (value >> 24) & 0xFF;
1390 buf[1] = (value >> 16) & 0xFF;
1391 buf[2] = (value >> 8) & 0xFF;
1392 buf[3] = value & 0xFF;
1394 vnc_write(vs, buf, 4);
1397 void vnc_write_u16(VncState *vs, uint16_t value)
1401 buf[0] = (value >> 8) & 0xFF;
1402 buf[1] = value & 0xFF;
1404 vnc_write(vs, buf, 2);
1407 void vnc_write_u8(VncState *vs, uint8_t value)
1409 vnc_write(vs, (char *)&value, 1);
1412 void vnc_flush(VncState *vs)
1414 vnc_lock_output(vs);
1415 if (vs->csock != -1 && (vs->output.offset
1416 #ifdef CONFIG_VNC_WS
1417 || vs->ws_output.offset
1420 vnc_client_write_locked(vs);
1422 vnc_unlock_output(vs);
1425 static uint8_t read_u8(uint8_t *data, size_t offset)
1427 return data[offset];
1430 static uint16_t read_u16(uint8_t *data, size_t offset)
1432 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1435 static int32_t read_s32(uint8_t *data, size_t offset)
1437 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1438 (data[offset + 2] << 8) | data[offset + 3]);
1441 uint32_t read_u32(uint8_t *data, size_t offset)
1443 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1444 (data[offset + 2] << 8) | data[offset + 3]);
1447 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1451 static void check_pointer_type_change(Notifier *notifier, void *data)
1453 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1454 int absolute = kbd_mouse_is_absolute();
1456 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1457 vnc_lock_output(vs);
1458 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1459 vnc_write_u8(vs, 0);
1460 vnc_write_u16(vs, 1);
1461 vnc_framebuffer_update(vs, absolute, 0,
1462 surface_width(vs->vd->ds),
1463 surface_height(vs->vd->ds),
1464 VNC_ENCODING_POINTER_TYPE_CHANGE);
1465 vnc_unlock_output(vs);
1468 vs->absolute = absolute;
1471 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1475 int width = surface_width(vs->vd->ds);
1476 int height = surface_height(vs->vd->ds);
1478 if (button_mask & 0x01)
1479 buttons |= MOUSE_EVENT_LBUTTON;
1480 if (button_mask & 0x02)
1481 buttons |= MOUSE_EVENT_MBUTTON;
1482 if (button_mask & 0x04)
1483 buttons |= MOUSE_EVENT_RBUTTON;
1484 if (button_mask & 0x08)
1486 if (button_mask & 0x10)
1490 kbd_mouse_event(width > 1 ? x * 0x7FFF / (width - 1) : 0x4000,
1491 height > 1 ? y * 0x7FFF / (height - 1) : 0x4000,
1493 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1497 kbd_mouse_event(x, y, dz, buttons);
1499 if (vs->last_x != -1)
1500 kbd_mouse_event(x - vs->last_x,
1508 static void reset_keys(VncState *vs)
1511 for(i = 0; i < 256; i++) {
1512 if (vs->modifiers_state[i]) {
1513 if (i & SCANCODE_GREY)
1514 kbd_put_keycode(SCANCODE_EMUL0);
1515 kbd_put_keycode(i | SCANCODE_UP);
1516 vs->modifiers_state[i] = 0;
1521 static void press_key(VncState *vs, int keysym)
1523 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1524 if (keycode & SCANCODE_GREY)
1525 kbd_put_keycode(SCANCODE_EMUL0);
1526 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1527 if (keycode & SCANCODE_GREY)
1528 kbd_put_keycode(SCANCODE_EMUL0);
1529 kbd_put_keycode(keycode | SCANCODE_UP);
1532 static void kbd_leds(void *opaque, int ledstate)
1534 VncState *vs = opaque;
1537 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1538 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1540 if (vs->modifiers_state[0x3a] != caps) {
1541 vs->modifiers_state[0x3a] = caps;
1543 if (vs->modifiers_state[0x45] != num) {
1544 vs->modifiers_state[0x45] = num;
1548 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1550 /* QEMU console switch */
1552 case 0x2a: /* Left Shift */
1553 case 0x36: /* Right Shift */
1554 case 0x1d: /* Left CTRL */
1555 case 0x9d: /* Right CTRL */
1556 case 0x38: /* Left ALT */
1557 case 0xb8: /* Right ALT */
1559 vs->modifiers_state[keycode] = 1;
1561 vs->modifiers_state[keycode] = 0;
1563 case 0x02 ... 0x0a: /* '1' to '9' keys */
1564 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1565 /* Reset the modifiers sent to the current console */
1567 console_select(keycode - 0x02);
1571 case 0x3a: /* CapsLock */
1572 case 0x45: /* NumLock */
1574 vs->modifiers_state[keycode] ^= 1;
1578 if (down && vs->vd->lock_key_sync &&
1579 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1580 /* If the numlock state needs to change then simulate an additional
1581 keypress before sending this one. This will happen if the user
1582 toggles numlock away from the VNC window.
1584 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1585 if (!vs->modifiers_state[0x45]) {
1586 vs->modifiers_state[0x45] = 1;
1587 press_key(vs, 0xff7f);
1590 if (vs->modifiers_state[0x45]) {
1591 vs->modifiers_state[0x45] = 0;
1592 press_key(vs, 0xff7f);
1597 if (down && vs->vd->lock_key_sync &&
1598 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1599 /* If the capslock state needs to change then simulate an additional
1600 keypress before sending this one. This will happen if the user
1601 toggles capslock away from the VNC window.
1603 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1604 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1605 int capslock = !!(vs->modifiers_state[0x3a]);
1607 if (uppercase == shift) {
1608 vs->modifiers_state[0x3a] = 0;
1609 press_key(vs, 0xffe5);
1612 if (uppercase != shift) {
1613 vs->modifiers_state[0x3a] = 1;
1614 press_key(vs, 0xffe5);
1619 if (is_graphic_console()) {
1620 if (keycode & SCANCODE_GREY)
1621 kbd_put_keycode(SCANCODE_EMUL0);
1623 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1625 kbd_put_keycode(keycode | SCANCODE_UP);
1627 bool numlock = vs->modifiers_state[0x45];
1628 bool control = (vs->modifiers_state[0x1d] ||
1629 vs->modifiers_state[0x9d]);
1630 /* QEMU console emulation */
1633 case 0x2a: /* Left Shift */
1634 case 0x36: /* Right Shift */
1635 case 0x1d: /* Left CTRL */
1636 case 0x9d: /* Right CTRL */
1637 case 0x38: /* Left ALT */
1638 case 0xb8: /* Right ALT */
1641 kbd_put_keysym(QEMU_KEY_UP);
1644 kbd_put_keysym(QEMU_KEY_DOWN);
1647 kbd_put_keysym(QEMU_KEY_LEFT);
1650 kbd_put_keysym(QEMU_KEY_RIGHT);
1653 kbd_put_keysym(QEMU_KEY_DELETE);
1656 kbd_put_keysym(QEMU_KEY_HOME);
1659 kbd_put_keysym(QEMU_KEY_END);
1662 kbd_put_keysym(QEMU_KEY_PAGEUP);
1665 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1669 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1672 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1675 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1678 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1681 kbd_put_keysym('5');
1684 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1687 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1690 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1693 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1696 kbd_put_keysym('0');
1699 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1703 kbd_put_keysym('/');
1706 kbd_put_keysym('*');
1709 kbd_put_keysym('-');
1712 kbd_put_keysym('+');
1715 kbd_put_keysym('\n');
1720 kbd_put_keysym(sym & 0x1f);
1722 kbd_put_keysym(sym);
1730 static void vnc_release_modifiers(VncState *vs)
1732 static const int keycodes[] = {
1733 /* shift, control, alt keys, both left & right */
1734 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1738 if (!is_graphic_console()) {
1741 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1742 keycode = keycodes[i];
1743 if (!vs->modifiers_state[keycode]) {
1746 if (keycode & SCANCODE_GREY) {
1747 kbd_put_keycode(SCANCODE_EMUL0);
1749 kbd_put_keycode(keycode | SCANCODE_UP);
1753 static void key_event(VncState *vs, int down, uint32_t sym)
1758 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1759 lsym = lsym - 'A' + 'a';
1762 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1763 do_key_event(vs, down, keycode, sym);
1766 static void ext_key_event(VncState *vs, int down,
1767 uint32_t sym, uint16_t keycode)
1769 /* if the user specifies a keyboard layout, always use it */
1770 if (keyboard_layout)
1771 key_event(vs, down, sym);
1773 do_key_event(vs, down, keycode, sym);
1776 static void framebuffer_update_request(VncState *vs, int incremental,
1777 int x_position, int y_position,
1781 const size_t width = surface_width(vs->vd->ds) / 16;
1782 const size_t height = surface_height(vs->vd->ds);
1784 if (y_position > height) {
1785 y_position = height;
1787 if (y_position + h >= height) {
1788 h = height - y_position;
1791 vs->need_update = 1;
1793 vs->force_update = 1;
1794 for (i = 0; i < h; i++) {
1795 bitmap_set(vs->dirty[y_position + i], 0, width);
1796 bitmap_clear(vs->dirty[y_position + i], width,
1797 VNC_DIRTY_BITS - width);
1802 static void send_ext_key_event_ack(VncState *vs)
1804 vnc_lock_output(vs);
1805 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1806 vnc_write_u8(vs, 0);
1807 vnc_write_u16(vs, 1);
1808 vnc_framebuffer_update(vs, 0, 0,
1809 surface_width(vs->vd->ds),
1810 surface_height(vs->vd->ds),
1811 VNC_ENCODING_EXT_KEY_EVENT);
1812 vnc_unlock_output(vs);
1816 static void send_ext_audio_ack(VncState *vs)
1818 vnc_lock_output(vs);
1819 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1820 vnc_write_u8(vs, 0);
1821 vnc_write_u16(vs, 1);
1822 vnc_framebuffer_update(vs, 0, 0,
1823 surface_width(vs->vd->ds),
1824 surface_height(vs->vd->ds),
1825 VNC_ENCODING_AUDIO);
1826 vnc_unlock_output(vs);
1830 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1833 unsigned int enc = 0;
1836 vs->vnc_encoding = 0;
1837 vs->tight.compression = 9;
1838 vs->tight.quality = -1; /* Lossless by default */
1842 * Start from the end because the encodings are sent in order of preference.
1843 * This way the preferred encoding (first encoding defined in the array)
1844 * will be set at the end of the loop.
1846 for (i = n_encodings - 1; i >= 0; i--) {
1849 case VNC_ENCODING_RAW:
1850 vs->vnc_encoding = enc;
1852 case VNC_ENCODING_COPYRECT:
1853 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1855 case VNC_ENCODING_HEXTILE:
1856 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1857 vs->vnc_encoding = enc;
1859 case VNC_ENCODING_TIGHT:
1860 vs->features |= VNC_FEATURE_TIGHT_MASK;
1861 vs->vnc_encoding = enc;
1863 #ifdef CONFIG_VNC_PNG
1864 case VNC_ENCODING_TIGHT_PNG:
1865 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1866 vs->vnc_encoding = enc;
1869 case VNC_ENCODING_ZLIB:
1870 vs->features |= VNC_FEATURE_ZLIB_MASK;
1871 vs->vnc_encoding = enc;
1873 case VNC_ENCODING_ZRLE:
1874 vs->features |= VNC_FEATURE_ZRLE_MASK;
1875 vs->vnc_encoding = enc;
1877 case VNC_ENCODING_ZYWRLE:
1878 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
1879 vs->vnc_encoding = enc;
1881 case VNC_ENCODING_DESKTOPRESIZE:
1882 vs->features |= VNC_FEATURE_RESIZE_MASK;
1884 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1885 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1887 case VNC_ENCODING_RICH_CURSOR:
1888 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1890 case VNC_ENCODING_EXT_KEY_EVENT:
1891 send_ext_key_event_ack(vs);
1893 case VNC_ENCODING_AUDIO:
1894 send_ext_audio_ack(vs);
1896 case VNC_ENCODING_WMVi:
1897 vs->features |= VNC_FEATURE_WMVI_MASK;
1899 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1900 vs->tight.compression = (enc & 0x0F);
1902 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1903 if (vs->vd->lossy) {
1904 vs->tight.quality = (enc & 0x0F);
1908 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1912 vnc_desktop_resize(vs);
1913 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
1916 static void set_pixel_conversion(VncState *vs)
1918 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
1920 if (fmt == VNC_SERVER_FB_FORMAT) {
1921 vs->write_pixels = vnc_write_pixels_copy;
1922 vnc_hextile_set_pixel_conversion(vs, 0);
1924 vs->write_pixels = vnc_write_pixels_generic;
1925 vnc_hextile_set_pixel_conversion(vs, 1);
1929 static void set_pixel_format(VncState *vs,
1930 int bits_per_pixel, int depth,
1931 int big_endian_flag, int true_color_flag,
1932 int red_max, int green_max, int blue_max,
1933 int red_shift, int green_shift, int blue_shift)
1935 if (!true_color_flag) {
1936 vnc_client_error(vs);
1940 vs->client_pf.rmax = red_max;
1941 vs->client_pf.rbits = hweight_long(red_max);
1942 vs->client_pf.rshift = red_shift;
1943 vs->client_pf.rmask = red_max << red_shift;
1944 vs->client_pf.gmax = green_max;
1945 vs->client_pf.gbits = hweight_long(green_max);
1946 vs->client_pf.gshift = green_shift;
1947 vs->client_pf.gmask = green_max << green_shift;
1948 vs->client_pf.bmax = blue_max;
1949 vs->client_pf.bbits = hweight_long(blue_max);
1950 vs->client_pf.bshift = blue_shift;
1951 vs->client_pf.bmask = blue_max << blue_shift;
1952 vs->client_pf.bits_per_pixel = bits_per_pixel;
1953 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
1954 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1955 vs->client_be = big_endian_flag;
1957 set_pixel_conversion(vs);
1959 vga_hw_invalidate();
1963 static void pixel_format_message (VncState *vs) {
1964 char pad[3] = { 0, 0, 0 };
1966 vs->client_pf = qemu_default_pixelformat(32);
1968 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
1969 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
1971 #ifdef HOST_WORDS_BIGENDIAN
1972 vnc_write_u8(vs, 1); /* big-endian-flag */
1974 vnc_write_u8(vs, 0); /* big-endian-flag */
1976 vnc_write_u8(vs, 1); /* true-color-flag */
1977 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
1978 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
1979 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
1980 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
1981 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
1982 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
1983 vnc_write(vs, pad, 3); /* padding */
1985 vnc_hextile_set_pixel_conversion(vs, 0);
1986 vs->write_pixels = vnc_write_pixels_copy;
1989 static void vnc_colordepth(VncState *vs)
1991 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1992 /* Sending a WMVi message to notify the client*/
1993 vnc_lock_output(vs);
1994 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1995 vnc_write_u8(vs, 0);
1996 vnc_write_u16(vs, 1); /* number of rects */
1997 vnc_framebuffer_update(vs, 0, 0,
1998 surface_width(vs->vd->ds),
1999 surface_height(vs->vd->ds),
2001 pixel_format_message(vs);
2002 vnc_unlock_output(vs);
2005 set_pixel_conversion(vs);
2009 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2013 VncDisplay *vd = vs->vd;
2016 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2017 if (!qemu_timer_expired(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval))
2018 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2022 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2026 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
2027 read_u8(data, 6), read_u8(data, 7),
2028 read_u16(data, 8), read_u16(data, 10),
2029 read_u16(data, 12), read_u8(data, 14),
2030 read_u8(data, 15), read_u8(data, 16));
2032 case VNC_MSG_CLIENT_SET_ENCODINGS:
2037 limit = read_u16(data, 2);
2039 return 4 + (limit * 4);
2041 limit = read_u16(data, 2);
2043 for (i = 0; i < limit; i++) {
2044 int32_t val = read_s32(data, 4 + (i * 4));
2045 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2048 set_encodings(vs, (int32_t *)(data + 4), limit);
2050 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2054 framebuffer_update_request(vs,
2055 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2056 read_u16(data, 6), read_u16(data, 8));
2058 case VNC_MSG_CLIENT_KEY_EVENT:
2062 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2064 case VNC_MSG_CLIENT_POINTER_EVENT:
2068 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2070 case VNC_MSG_CLIENT_CUT_TEXT:
2075 uint32_t dlen = read_u32(data, 4);
2080 client_cut_text(vs, read_u32(data, 4), data + 8);
2082 case VNC_MSG_CLIENT_QEMU:
2086 switch (read_u8(data, 1)) {
2087 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2091 ext_key_event(vs, read_u16(data, 2),
2092 read_u32(data, 4), read_u32(data, 8));
2094 case VNC_MSG_CLIENT_QEMU_AUDIO:
2098 switch (read_u16 (data, 2)) {
2099 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2102 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2105 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2108 switch (read_u8(data, 4)) {
2109 case 0: vs->as.fmt = AUD_FMT_U8; break;
2110 case 1: vs->as.fmt = AUD_FMT_S8; break;
2111 case 2: vs->as.fmt = AUD_FMT_U16; break;
2112 case 3: vs->as.fmt = AUD_FMT_S16; break;
2113 case 4: vs->as.fmt = AUD_FMT_U32; break;
2114 case 5: vs->as.fmt = AUD_FMT_S32; break;
2116 printf("Invalid audio format %d\n", read_u8(data, 4));
2117 vnc_client_error(vs);
2120 vs->as.nchannels = read_u8(data, 5);
2121 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2122 printf("Invalid audio channel coount %d\n",
2124 vnc_client_error(vs);
2127 vs->as.freq = read_u32(data, 6);
2130 printf ("Invalid audio message %d\n", read_u8(data, 4));
2131 vnc_client_error(vs);
2137 printf("Msg: %d\n", read_u16(data, 0));
2138 vnc_client_error(vs);
2143 printf("Msg: %d\n", data[0]);
2144 vnc_client_error(vs);
2148 vnc_read_when(vs, protocol_client_msg, 1);
2152 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2158 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2159 switch (vs->vd->share_policy) {
2160 case VNC_SHARE_POLICY_IGNORE:
2162 * Ignore the shared flag. Nothing to do here.
2164 * Doesn't conform to the rfb spec but is traditional qemu
2165 * behavior, thus left here as option for compatibility
2169 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2171 * Policy: Allow clients ask for exclusive access.
2173 * Implementation: When a client asks for exclusive access,
2174 * disconnect all others. Shared connects are allowed as long
2175 * as no exclusive connection exists.
2177 * This is how the rfb spec suggests to handle the shared flag.
2179 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2181 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2185 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2186 client->share_mode != VNC_SHARE_MODE_SHARED) {
2189 vnc_disconnect_start(client);
2192 if (mode == VNC_SHARE_MODE_SHARED) {
2193 if (vs->vd->num_exclusive > 0) {
2194 vnc_disconnect_start(vs);
2199 case VNC_SHARE_POLICY_FORCE_SHARED:
2201 * Policy: Shared connects only.
2202 * Implementation: Disallow clients asking for exclusive access.
2204 * Useful for shared desktop sessions where you don't want
2205 * someone forgetting to say -shared when running the vnc
2206 * client disconnect everybody else.
2208 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2209 vnc_disconnect_start(vs);
2214 vnc_set_share_mode(vs, mode);
2216 vs->client_width = surface_width(vs->vd->ds);
2217 vs->client_height = surface_height(vs->vd->ds);
2218 vnc_write_u16(vs, vs->client_width);
2219 vnc_write_u16(vs, vs->client_height);
2221 pixel_format_message(vs);
2224 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2226 size = snprintf(buf, sizeof(buf), "QEMU");
2228 vnc_write_u32(vs, size);
2229 vnc_write(vs, buf, size);
2232 vnc_client_cache_auth(vs);
2233 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2235 vnc_read_when(vs, protocol_client_msg, 1);
2240 void start_client_init(VncState *vs)
2242 vnc_read_when(vs, protocol_client_init, 1);
2245 static void make_challenge(VncState *vs)
2249 srand(time(NULL)+getpid()+getpid()*987654+rand());
2251 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2252 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2255 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2257 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2259 unsigned char key[8];
2260 time_t now = time(NULL);
2262 if (!vs->vd->password) {
2263 VNC_DEBUG("No password configured on server");
2266 if (vs->vd->expires < now) {
2267 VNC_DEBUG("Password is expired");
2271 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2273 /* Calculate the expected challenge response */
2274 pwlen = strlen(vs->vd->password);
2275 for (i=0; i<sizeof(key); i++)
2276 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2278 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2279 des(response+j, response+j);
2281 /* Compare expected vs actual challenge response */
2282 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2283 VNC_DEBUG("Client challenge response did not match\n");
2286 VNC_DEBUG("Accepting VNC challenge response\n");
2287 vnc_write_u32(vs, 0); /* Accept auth */
2290 start_client_init(vs);
2295 vnc_write_u32(vs, 1); /* Reject auth */
2296 if (vs->minor >= 8) {
2297 static const char err[] = "Authentication failed";
2298 vnc_write_u32(vs, sizeof(err));
2299 vnc_write(vs, err, sizeof(err));
2302 vnc_client_error(vs);
2306 void start_auth_vnc(VncState *vs)
2309 /* Send client a 'random' challenge */
2310 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2313 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2317 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2319 /* We only advertise 1 auth scheme at a time, so client
2320 * must pick the one we sent. Verify this */
2321 if (data[0] != vs->auth) { /* Reject auth */
2322 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2323 vnc_write_u32(vs, 1);
2324 if (vs->minor >= 8) {
2325 static const char err[] = "Authentication failed";
2326 vnc_write_u32(vs, sizeof(err));
2327 vnc_write(vs, err, sizeof(err));
2329 vnc_client_error(vs);
2330 } else { /* Accept requested auth */
2331 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2334 VNC_DEBUG("Accept auth none\n");
2335 if (vs->minor >= 8) {
2336 vnc_write_u32(vs, 0); /* Accept auth completion */
2339 start_client_init(vs);
2343 VNC_DEBUG("Start VNC auth\n");
2347 #ifdef CONFIG_VNC_TLS
2348 case VNC_AUTH_VENCRYPT:
2349 VNC_DEBUG("Accept VeNCrypt auth\n");
2350 start_auth_vencrypt(vs);
2352 #endif /* CONFIG_VNC_TLS */
2354 #ifdef CONFIG_VNC_SASL
2356 VNC_DEBUG("Accept SASL auth\n");
2357 start_auth_sasl(vs);
2359 #endif /* CONFIG_VNC_SASL */
2361 default: /* Should not be possible, but just in case */
2362 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2363 vnc_write_u8(vs, 1);
2364 if (vs->minor >= 8) {
2365 static const char err[] = "Authentication failed";
2366 vnc_write_u32(vs, sizeof(err));
2367 vnc_write(vs, err, sizeof(err));
2369 vnc_client_error(vs);
2375 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2379 memcpy(local, version, 12);
2382 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2383 VNC_DEBUG("Malformed protocol version %s\n", local);
2384 vnc_client_error(vs);
2387 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2388 if (vs->major != 3 ||
2394 VNC_DEBUG("Unsupported client version\n");
2395 vnc_write_u32(vs, VNC_AUTH_INVALID);
2397 vnc_client_error(vs);
2400 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2401 * as equivalent to v3.3 by servers
2403 if (vs->minor == 4 || vs->minor == 5)
2406 if (vs->minor == 3) {
2407 if (vs->auth == VNC_AUTH_NONE) {
2408 VNC_DEBUG("Tell client auth none\n");
2409 vnc_write_u32(vs, vs->auth);
2411 start_client_init(vs);
2412 } else if (vs->auth == VNC_AUTH_VNC) {
2413 VNC_DEBUG("Tell client VNC auth\n");
2414 vnc_write_u32(vs, vs->auth);
2418 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2419 vnc_write_u32(vs, VNC_AUTH_INVALID);
2421 vnc_client_error(vs);
2424 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2425 vnc_write_u8(vs, 1); /* num auth */
2426 vnc_write_u8(vs, vs->auth);
2427 vnc_read_when(vs, protocol_client_auth, 1);
2434 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2436 struct VncSurface *vs = &vd->guest;
2438 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2441 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2445 w = (x + w) / VNC_STAT_RECT;
2446 h = (y + h) / VNC_STAT_RECT;
2450 for (j = y; j <= h; j++) {
2451 for (i = x; i <= w; i++) {
2452 vs->lossy_rect[j][i] = 1;
2457 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2460 int sty = y / VNC_STAT_RECT;
2461 int stx = x / VNC_STAT_RECT;
2464 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2465 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2467 QTAILQ_FOREACH(vs, &vd->clients, next) {
2470 /* kernel send buffers are full -> refresh later */
2471 if (vs->output.offset) {
2475 if (!vs->lossy_rect[sty][stx]) {
2479 vs->lossy_rect[sty][stx] = 0;
2480 for (j = 0; j < VNC_STAT_RECT; ++j) {
2481 bitmap_set(vs->dirty[y + j], x / 16, VNC_STAT_RECT / 16);
2489 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2491 int width = pixman_image_get_width(vd->guest.fb);
2492 int height = pixman_image_get_height(vd->guest.fb);
2497 for (y = 0; y < height; y += VNC_STAT_RECT) {
2498 for (x = 0; x < width; x += VNC_STAT_RECT) {
2499 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2501 rect->updated = false;
2505 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2507 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2510 vd->guest.last_freq_check = *tv;
2512 for (y = 0; y < height; y += VNC_STAT_RECT) {
2513 for (x = 0; x < width; x += VNC_STAT_RECT) {
2514 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2515 int count = ARRAY_SIZE(rect->times);
2516 struct timeval min, max;
2518 if (!timerisset(&rect->times[count - 1])) {
2522 max = rect->times[(rect->idx + count - 1) % count];
2523 qemu_timersub(tv, &max, &res);
2525 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2527 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2528 memset(rect->times, 0, sizeof (rect->times));
2532 min = rect->times[rect->idx];
2533 max = rect->times[(rect->idx + count - 1) % count];
2534 qemu_timersub(&max, &min, &res);
2536 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2537 rect->freq /= count;
2538 rect->freq = 1. / rect->freq;
2544 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2550 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2551 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2553 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2554 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2555 total += vnc_stat_rect(vs->vd, i, j)->freq;
2567 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2571 rect = vnc_stat_rect(vd, x, y);
2572 if (rect->updated) {
2575 rect->times[rect->idx] = *tv;
2576 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2577 rect->updated = true;
2580 static int vnc_refresh_server_surface(VncDisplay *vd)
2582 int width = pixman_image_get_width(vd->guest.fb);
2583 int height = pixman_image_get_height(vd->guest.fb);
2586 uint8_t *server_row;
2590 pixman_image_t *tmpbuf = NULL;
2592 struct timeval tv = { 0, 0 };
2594 if (!vd->non_adaptive) {
2595 gettimeofday(&tv, NULL);
2596 has_dirty = vnc_update_stats(vd, &tv);
2600 * Walk through the guest dirty map.
2601 * Check and copy modified bits from guest to server surface.
2602 * Update server dirty map.
2605 if (cmp_bytes > vnc_server_fb_stride(vd)) {
2606 cmp_bytes = vnc_server_fb_stride(vd);
2608 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2609 int width = pixman_image_get_width(vd->server);
2610 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2612 guest_row = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2613 server_row = (uint8_t *)pixman_image_get_data(vd->server);
2614 for (y = 0; y < height; y++) {
2615 if (!bitmap_empty(vd->guest.dirty[y], VNC_DIRTY_BITS)) {
2618 uint8_t *server_ptr;
2620 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2621 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2622 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2624 guest_ptr = guest_row;
2626 server_ptr = server_row;
2628 for (x = 0; x + 15 < width;
2629 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2630 if (!test_and_clear_bit((x / 16), vd->guest.dirty[y]))
2632 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2634 memcpy(server_ptr, guest_ptr, cmp_bytes);
2635 if (!vd->non_adaptive)
2636 vnc_rect_updated(vd, x, y, &tv);
2637 QTAILQ_FOREACH(vs, &vd->clients, next) {
2638 set_bit((x / 16), vs->dirty[y]);
2643 guest_row += pixman_image_get_stride(vd->guest.fb);
2644 server_row += pixman_image_get_stride(vd->server);
2646 qemu_pixman_image_unref(tmpbuf);
2650 static void vnc_refresh(void *opaque)
2652 VncDisplay *vd = opaque;
2654 int has_dirty, rects = 0;
2658 if (vnc_trylock_display(vd)) {
2659 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2660 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) +
2661 vd->timer_interval);
2665 has_dirty = vnc_refresh_server_surface(vd);
2666 vnc_unlock_display(vd);
2668 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2669 rects += vnc_update_client(vs, has_dirty);
2670 /* vs might be free()ed here */
2673 /* vd->timer could be NULL now if the last client disconnected,
2674 * in this case don't update the timer */
2675 if (vd->timer == NULL)
2678 if (has_dirty && rects) {
2679 vd->timer_interval /= 2;
2680 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2681 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2683 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2684 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2685 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2687 qemu_mod_timer(vd->timer, qemu_get_clock_ms(rt_clock) + vd->timer_interval);
2690 static void vnc_init_timer(VncDisplay *vd)
2692 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2693 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2694 vd->timer = qemu_new_timer_ms(rt_clock, vnc_refresh, vd);
2700 static void vnc_remove_timer(VncDisplay *vd)
2702 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2703 qemu_del_timer(vd->timer);
2704 qemu_free_timer(vd->timer);
2709 static void vnc_connect(VncDisplay *vd, int csock, int skipauth, bool websocket)
2711 VncState *vs = g_malloc0(sizeof(VncState));
2717 vs->auth = VNC_AUTH_NONE;
2718 #ifdef CONFIG_VNC_TLS
2719 vs->subauth = VNC_AUTH_INVALID;
2722 vs->auth = vd->auth;
2723 #ifdef CONFIG_VNC_TLS
2724 vs->subauth = vd->subauth;
2728 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
2729 for (i = 0; i < VNC_STAT_ROWS; ++i) {
2730 vs->lossy_rect[i] = g_malloc0(VNC_STAT_COLS * sizeof (uint8_t));
2733 VNC_DEBUG("New client on socket %d\n", csock);
2735 socket_set_nonblock(vs->csock);
2736 #ifdef CONFIG_VNC_WS
2739 qemu_set_fd_handler2(vs->csock, NULL, vncws_handshake_read, NULL, vs);
2741 #endif /* CONFIG_VNC_WS */
2743 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2746 vnc_client_cache_addr(vs);
2747 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2748 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
2752 #ifdef CONFIG_VNC_WS
2760 void vnc_init_state(VncState *vs)
2762 vs->initialized = true;
2763 VncDisplay *vd = vs->vd;
2768 vs->as.freq = 44100;
2769 vs->as.nchannels = 2;
2770 vs->as.fmt = AUD_FMT_S16;
2771 vs->as.endianness = 0;
2773 qemu_mutex_init(&vs->output_mutex);
2774 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
2776 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2780 vnc_write(vs, "RFB 003.008\n", 12);
2782 vnc_read_when(vs, protocol_version, 12);
2784 if (vs->vd->lock_key_sync)
2785 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2787 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2788 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2792 /* vs might be free()ed here */
2795 static void vnc_listen_read(void *opaque, bool websocket)
2797 VncDisplay *vs = opaque;
2798 struct sockaddr_in addr;
2799 socklen_t addrlen = sizeof(addr);
2804 #ifdef CONFIG_VNC_WS
2806 csock = qemu_accept(vs->lwebsock, (struct sockaddr *)&addr, &addrlen);
2808 #endif /* CONFIG_VNC_WS */
2810 csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2814 vnc_connect(vs, csock, 0, websocket);
2818 static void vnc_listen_regular_read(void *opaque)
2820 vnc_listen_read(opaque, 0);
2823 #ifdef CONFIG_VNC_WS
2824 static void vnc_listen_websocket_read(void *opaque)
2826 vnc_listen_read(opaque, 1);
2828 #endif /* CONFIG_VNC_WS */
2830 static const DisplayChangeListenerOps dcl_ops = {
2832 .dpy_gfx_copy = vnc_dpy_copy,
2833 .dpy_gfx_update = vnc_dpy_update,
2834 .dpy_gfx_switch = vnc_dpy_switch,
2835 .dpy_mouse_set = vnc_mouse_set,
2836 .dpy_cursor_define = vnc_dpy_cursor_define,
2839 void vnc_display_init(DisplayState *ds)
2841 VncDisplay *vs = g_malloc0(sizeof(*vs));
2847 #ifdef CONFIG_VNC_WS
2851 QTAILQ_INIT(&vs->clients);
2852 vs->expires = TIME_MAX;
2854 if (keyboard_layout)
2855 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2857 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2859 if (!vs->kbd_layout)
2862 qemu_mutex_init(&vs->mutex);
2863 vnc_start_worker_thread();
2865 vs->dcl.ops = &dcl_ops;
2866 register_displaychangelistener(ds, &vs->dcl);
2870 static void vnc_display_close(DisplayState *ds)
2872 VncDisplay *vs = vnc_display;
2877 g_free(vs->display);
2880 if (vs->lsock != -1) {
2881 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2885 #ifdef CONFIG_VNC_WS
2886 g_free(vs->ws_display);
2887 vs->ws_display = NULL;
2888 if (vs->lwebsock != -1) {
2889 qemu_set_fd_handler2(vs->lwebsock, NULL, NULL, NULL, NULL);
2890 close(vs->lwebsock);
2893 #endif /* CONFIG_VNC_WS */
2894 vs->auth = VNC_AUTH_INVALID;
2895 #ifdef CONFIG_VNC_TLS
2896 vs->subauth = VNC_AUTH_INVALID;
2897 vs->tls.x509verify = 0;
2901 static int vnc_display_disable_login(DisplayState *ds)
2903 VncDisplay *vs = vnc_display;
2910 g_free(vs->password);
2913 vs->password = NULL;
2914 if (vs->auth == VNC_AUTH_NONE) {
2915 vs->auth = VNC_AUTH_VNC;
2921 int vnc_display_password(DisplayState *ds, const char *password)
2923 VncDisplay *vs = vnc_display;
2930 /* This is not the intention of this interface but err on the side
2932 return vnc_display_disable_login(ds);
2936 g_free(vs->password);
2937 vs->password = NULL;
2939 vs->password = g_strdup(password);
2940 if (vs->auth == VNC_AUTH_NONE) {
2941 vs->auth = VNC_AUTH_VNC;
2947 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2949 VncDisplay *vs = vnc_display;
2955 vs->expires = expires;
2959 char *vnc_display_local_addr(DisplayState *ds)
2961 VncDisplay *vs = vnc_display;
2963 return vnc_socket_local_addr("%s:%s", vs->lsock);
2966 void vnc_display_open(DisplayState *ds, const char *display, Error **errp)
2968 VncDisplay *vs = vnc_display;
2969 const char *options;
2972 #ifdef CONFIG_VNC_TLS
2973 int tls = 0, x509 = 0;
2975 #ifdef CONFIG_VNC_SASL
2979 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2982 int lock_key_sync = 1;
2985 error_setg(errp, "VNC display not active");
2988 vnc_display_close(ds);
2989 if (strcmp(display, "none") == 0)
2992 vs->display = g_strdup(display);
2993 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
2996 while ((options = strchr(options, ','))) {
2998 if (strncmp(options, "password", 8) == 0) {
2999 if (fips_get_state()) {
3001 "VNC password auth disabled due to FIPS mode, "
3002 "consider using the VeNCrypt or SASL authentication "
3003 "methods as an alternative");
3006 password = 1; /* Require password auth */
3007 } else if (strncmp(options, "reverse", 7) == 0) {
3009 } else if (strncmp(options, "no-lock-key-sync", 16) == 0) {
3011 #ifdef CONFIG_VNC_SASL
3012 } else if (strncmp(options, "sasl", 4) == 0) {
3013 sasl = 1; /* Require SASL auth */
3015 #ifdef CONFIG_VNC_WS
3016 } else if (strncmp(options, "websocket", 9) == 0) {
3020 /* Check for 'websocket=<port>' */
3021 start = strchr(options, '=');
3022 end = strchr(options, ',');
3023 if (start && (!end || (start < end))) {
3024 int len = end ? end-(start+1) : strlen(start+1);
3026 /* extract the host specification from display */
3027 char *host = NULL, *port = NULL, *host_end = NULL;
3028 port = g_strndup(start + 1, len);
3030 /* ipv6 hosts have colons */
3031 end = strchr(display, ',');
3032 host_end = g_strrstr_len(display, end - display, ":");
3035 host = g_strndup(display, host_end - display + 1);
3037 host = g_strndup(":", 1);
3039 vs->ws_display = g_strconcat(host, port, NULL);
3044 #endif /* CONFIG_VNC_WS */
3045 #ifdef CONFIG_VNC_TLS
3046 } else if (strncmp(options, "tls", 3) == 0) {
3047 tls = 1; /* Require TLS */
3048 } else if (strncmp(options, "x509", 4) == 0) {
3050 x509 = 1; /* Require x509 certificates */
3051 if (strncmp(options, "x509verify", 10) == 0)
3052 vs->tls.x509verify = 1; /* ...and verify client certs */
3054 /* Now check for 'x509=/some/path' postfix
3055 * and use that to setup x509 certificate/key paths */
3056 start = strchr(options, '=');
3057 end = strchr(options, ',');
3058 if (start && (!end || (start < end))) {
3059 int len = end ? end-(start+1) : strlen(start+1);
3060 char *path = g_strndup(start + 1, len);
3062 VNC_DEBUG("Trying certificate path '%s'\n", path);
3063 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
3064 error_setg(errp, "Failed to find x509 certificates/keys in %s", path);
3070 error_setg(errp, "No certificate path provided");
3074 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
3075 } else if (strncmp(options, "acl", 3) == 0) {
3078 } else if (strncmp(options, "lossy", 5) == 0) {
3080 } else if (strncmp(options, "non-adaptive", 12) == 0) {
3081 vs->non_adaptive = true;
3082 } else if (strncmp(options, "share=", 6) == 0) {
3083 if (strncmp(options+6, "ignore", 6) == 0) {
3084 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3085 } else if (strncmp(options+6, "allow-exclusive", 15) == 0) {
3086 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3087 } else if (strncmp(options+6, "force-shared", 12) == 0) {
3088 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3090 error_setg(errp, "unknown vnc share= option");
3096 #ifdef CONFIG_VNC_TLS
3097 if (acl && x509 && vs->tls.x509verify) {
3098 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
3099 fprintf(stderr, "Failed to create x509 dname ACL\n");
3104 #ifdef CONFIG_VNC_SASL
3106 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
3107 fprintf(stderr, "Failed to create username ACL\n");
3114 * Combinations we support here:
3116 * - no-auth (clear text, no auth)
3117 * - password (clear text, weak auth)
3118 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
3119 * - tls (encrypt, weak anonymous creds, no auth)
3120 * - tls + password (encrypt, weak anonymous creds, weak auth)
3121 * - tls + sasl (encrypt, weak anonymous creds, good auth)
3122 * - tls + x509 (encrypt, good x509 creds, no auth)
3123 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
3124 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
3126 * NB1. TLS is a stackable auth scheme.
3127 * NB2. the x509 schemes have option to validate a client cert dname
3130 #ifdef CONFIG_VNC_TLS
3132 vs->auth = VNC_AUTH_VENCRYPT;
3134 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3135 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3137 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3138 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3141 #endif /* CONFIG_VNC_TLS */
3142 VNC_DEBUG("Initializing VNC server with password auth\n");
3143 vs->auth = VNC_AUTH_VNC;
3144 #ifdef CONFIG_VNC_TLS
3145 vs->subauth = VNC_AUTH_INVALID;
3147 #endif /* CONFIG_VNC_TLS */
3148 #ifdef CONFIG_VNC_SASL
3150 #ifdef CONFIG_VNC_TLS
3152 vs->auth = VNC_AUTH_VENCRYPT;
3154 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3155 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3157 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3158 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3161 #endif /* CONFIG_VNC_TLS */
3162 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3163 vs->auth = VNC_AUTH_SASL;
3164 #ifdef CONFIG_VNC_TLS
3165 vs->subauth = VNC_AUTH_INVALID;
3167 #endif /* CONFIG_VNC_TLS */
3168 #endif /* CONFIG_VNC_SASL */
3170 #ifdef CONFIG_VNC_TLS
3172 vs->auth = VNC_AUTH_VENCRYPT;
3174 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3175 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3177 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3178 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3182 VNC_DEBUG("Initializing VNC server with no auth\n");
3183 vs->auth = VNC_AUTH_NONE;
3184 #ifdef CONFIG_VNC_TLS
3185 vs->subauth = VNC_AUTH_INVALID;
3190 #ifdef CONFIG_VNC_SASL
3191 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3192 error_setg(errp, "Failed to initialize SASL auth: %s",
3193 sasl_errstring(saslErr, NULL, NULL));
3197 vs->lock_key_sync = lock_key_sync;
3200 /* connect to viewer */
3203 #ifdef CONFIG_VNC_WS
3206 if (strncmp(display, "unix:", 5) == 0) {
3207 csock = unix_connect(display+5, errp);
3209 csock = inet_connect(display, errp);
3214 vnc_connect(vs, csock, 0, 0);
3216 /* listen for connects */
3218 dpy = g_malloc(256);
3219 if (strncmp(display, "unix:", 5) == 0) {
3220 pstrcpy(dpy, 256, "unix:");
3221 vs->lsock = unix_listen(display+5, dpy+5, 256-5, errp);
3223 vs->lsock = inet_listen(display, dpy, 256,
3224 SOCK_STREAM, 5900, errp);
3225 if (vs->lsock < 0) {
3229 #ifdef CONFIG_VNC_WS
3230 if (vs->websocket) {
3231 if (vs->ws_display) {
3232 vs->lwebsock = inet_listen(vs->ws_display, NULL, 256,
3233 SOCK_STREAM, 0, errp);
3235 vs->lwebsock = inet_listen(vs->display, NULL, 256,
3236 SOCK_STREAM, 5700, errp);
3239 if (vs->lwebsock < 0) {
3248 #endif /* CONFIG_VNC_WS */
3250 g_free(vs->display);
3252 qemu_set_fd_handler2(vs->lsock, NULL,
3253 vnc_listen_regular_read, NULL, vs);
3254 #ifdef CONFIG_VNC_WS
3255 if (vs->websocket) {
3256 qemu_set_fd_handler2(vs->lwebsock, NULL,
3257 vnc_listen_websocket_read, NULL, vs);
3259 #endif /* CONFIG_VNC_WS */
3264 g_free(vs->display);
3266 #ifdef CONFIG_VNC_WS
3267 g_free(vs->ws_display);
3268 vs->ws_display = NULL;
3269 #endif /* CONFIG_VNC_WS */
3272 void vnc_display_add_client(DisplayState *ds, int csock, int skipauth)
3274 VncDisplay *vs = vnc_display;
3276 vnc_connect(vs, csock, skipauth, 0);
projects / sdk / emulator / qemu.git / blob