2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
33 #include "qemu-objects.h"
35 #define VNC_REFRESH_INTERVAL_BASE 30
36 #define VNC_REFRESH_INTERVAL_INC 50
37 #define VNC_REFRESH_INTERVAL_MAX 2000
39 #include "vnc_keysym.h"
42 #define count_bits(c, v) { \
43 for (c = 0; v; v >>= 1) \
49 static VncDisplay *vnc_display; /* needed for info vnc */
50 static DisplayChangeListener *dcl;
52 static int vnc_cursor_define(VncState *vs);
54 static char *addr_to_string(const char *format,
55 struct sockaddr_storage *sa,
58 char host[NI_MAXHOST];
59 char serv[NI_MAXSERV];
63 if ((err = getnameinfo((struct sockaddr *)sa, salen,
66 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
67 VNC_DEBUG("Cannot resolve address %d: %s\n",
68 err, gai_strerror(err));
72 /* Enough for the existing format + the 2 vars we're
74 addrlen = strlen(format) + strlen(host) + strlen(serv);
75 addr = qemu_malloc(addrlen + 1);
76 snprintf(addr, addrlen, format, host, serv);
83 char *vnc_socket_local_addr(const char *format, int fd) {
84 struct sockaddr_storage sa;
88 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0)
91 return addr_to_string(format, &sa, salen);
94 char *vnc_socket_remote_addr(const char *format, int fd) {
95 struct sockaddr_storage sa;
99 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0)
102 return addr_to_string(format, &sa, salen);
105 static int put_addr_qdict(QDict *qdict, struct sockaddr_storage *sa,
108 char host[NI_MAXHOST];
109 char serv[NI_MAXSERV];
112 if ((err = getnameinfo((struct sockaddr *)sa, salen,
115 NI_NUMERICHOST | NI_NUMERICSERV)) != 0) {
116 VNC_DEBUG("Cannot resolve address %d: %s\n",
117 err, gai_strerror(err));
121 qdict_put(qdict, "host", qstring_from_str(host));
122 qdict_put(qdict, "service", qstring_from_str(serv));
123 qdict_put(qdict, "family",qstring_from_str(inet_strfamily(sa->ss_family)));
128 static int vnc_server_addr_put(QDict *qdict, int fd)
130 struct sockaddr_storage sa;
134 if (getsockname(fd, (struct sockaddr*)&sa, &salen) < 0) {
138 return put_addr_qdict(qdict, &sa, salen);
141 static int vnc_qdict_remote_addr(QDict *qdict, int fd)
143 struct sockaddr_storage sa;
147 if (getpeername(fd, (struct sockaddr*)&sa, &salen) < 0) {
151 return put_addr_qdict(qdict, &sa, salen);
154 static const char *vnc_auth_name(VncDisplay *vd) {
156 case VNC_AUTH_INVALID:
172 case VNC_AUTH_VENCRYPT:
173 #ifdef CONFIG_VNC_TLS
174 switch (vd->subauth) {
175 case VNC_AUTH_VENCRYPT_PLAIN:
176 return "vencrypt+plain";
177 case VNC_AUTH_VENCRYPT_TLSNONE:
178 return "vencrypt+tls+none";
179 case VNC_AUTH_VENCRYPT_TLSVNC:
180 return "vencrypt+tls+vnc";
181 case VNC_AUTH_VENCRYPT_TLSPLAIN:
182 return "vencrypt+tls+plain";
183 case VNC_AUTH_VENCRYPT_X509NONE:
184 return "vencrypt+x509+none";
185 case VNC_AUTH_VENCRYPT_X509VNC:
186 return "vencrypt+x509+vnc";
187 case VNC_AUTH_VENCRYPT_X509PLAIN:
188 return "vencrypt+x509+plain";
189 case VNC_AUTH_VENCRYPT_TLSSASL:
190 return "vencrypt+tls+sasl";
191 case VNC_AUTH_VENCRYPT_X509SASL:
192 return "vencrypt+x509+sasl";
205 static int vnc_server_info_put(QDict *qdict)
207 if (vnc_server_addr_put(qdict, vnc_display->lsock) < 0) {
211 qdict_put(qdict, "auth", qstring_from_str(vnc_auth_name(vnc_display)));
215 static void vnc_client_cache_auth(VncState *client)
217 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
225 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
226 qdict = qobject_to_qdict(client->info);
229 #ifdef CONFIG_VNC_TLS
230 if (client->tls.session &&
232 qdict_put(qdict, "x509_dname", qstring_from_str(client->tls.dname));
235 #ifdef CONFIG_VNC_SASL
236 if (client->sasl.conn &&
237 client->sasl.username) {
238 qdict_put(qdict, "sasl_username",
239 qstring_from_str(client->sasl.username));
244 static void vnc_client_cache_addr(VncState *client)
249 if (vnc_qdict_remote_addr(qdict, client->csock) < 0) {
251 /* XXX: how to report the error? */
255 client->info = QOBJECT(qdict);
258 static void vnc_qmp_event(VncState *vs, MonitorEvent event)
267 server = qdict_new();
268 if (vnc_server_info_put(server) < 0) {
273 data = qobject_from_jsonf("{ 'client': %p, 'server': %p }",
274 vs->info, QOBJECT(server));
276 monitor_protocol_event(event, data);
278 qobject_incref(vs->info);
279 qobject_decref(data);
282 static void info_vnc_iter(QObject *obj, void *opaque)
285 Monitor *mon = opaque;
287 client = qobject_to_qdict(obj);
288 monitor_printf(mon, "Client:\n");
289 monitor_printf(mon, " address: %s:%s\n",
290 qdict_get_str(client, "host"),
291 qdict_get_str(client, "service"));
293 #ifdef CONFIG_VNC_TLS
294 monitor_printf(mon, " x509_dname: %s\n",
295 qdict_haskey(client, "x509_dname") ?
296 qdict_get_str(client, "x509_dname") : "none");
298 #ifdef CONFIG_VNC_SASL
299 monitor_printf(mon, " username: %s\n",
300 qdict_haskey(client, "sasl_username") ?
301 qdict_get_str(client, "sasl_username") : "none");
305 void do_info_vnc_print(Monitor *mon, const QObject *data)
310 server = qobject_to_qdict(data);
311 if (qdict_get_bool(server, "enabled") == 0) {
312 monitor_printf(mon, "Server: disabled\n");
316 monitor_printf(mon, "Server:\n");
317 monitor_printf(mon, " address: %s:%s\n",
318 qdict_get_str(server, "host"),
319 qdict_get_str(server, "service"));
320 monitor_printf(mon, " auth: %s\n", qdict_get_str(server, "auth"));
322 clients = qdict_get_qlist(server, "clients");
323 if (qlist_empty(clients)) {
324 monitor_printf(mon, "Client: none\n");
326 qlist_iter(clients, info_vnc_iter, mon);
330 void do_info_vnc(Monitor *mon, QObject **ret_data)
332 if (vnc_display == NULL || vnc_display->display == NULL) {
333 *ret_data = qobject_from_jsonf("{ 'enabled': false }");
339 QTAILQ_FOREACH(client, &vnc_display->clients, next) {
341 /* incref so that it's not freed by upper layers */
342 qobject_incref(client->info);
343 qlist_append_obj(clist, client->info);
347 *ret_data = qobject_from_jsonf("{ 'enabled': true, 'clients': %p }",
349 assert(*ret_data != NULL);
351 if (vnc_server_info_put(qobject_to_qdict(*ret_data)) < 0) {
352 qobject_decref(*ret_data);
359 1) Get the queue working for IO.
360 2) there is some weirdness when using the -S option (the screen is grey
361 and not totally invalidated
362 3) resolutions > 1024
365 static int vnc_update_client(VncState *vs, int has_dirty);
366 static int vnc_update_client_sync(VncState *vs, int has_dirty);
367 static void vnc_disconnect_start(VncState *vs);
368 static void vnc_disconnect_finish(VncState *vs);
369 static void vnc_init_timer(VncDisplay *vd);
370 static void vnc_remove_timer(VncDisplay *vd);
372 static void vnc_colordepth(VncState *vs);
373 static void framebuffer_update_request(VncState *vs, int incremental,
374 int x_position, int y_position,
376 static void vnc_refresh(void *opaque);
377 static int vnc_refresh_server_surface(VncDisplay *vd);
379 static inline void vnc_set_bit(uint32_t *d, int k)
381 d[k >> 5] |= 1 << (k & 0x1f);
384 static inline void vnc_clear_bit(uint32_t *d, int k)
386 d[k >> 5] &= ~(1 << (k & 0x1f));
389 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
399 d[j++] = (1 << n) - 1;
404 static inline int vnc_get_bit(const uint32_t *d, int k)
406 return (d[k >> 5] >> (k & 0x1f)) & 1;
409 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
413 for(i = 0; i < nb_words; i++) {
414 if ((d1[i] & d2[i]) != 0)
420 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
423 VncDisplay *vd = ds->opaque;
424 struct VncSurface *s = &vd->guest;
428 /* round x down to ensure the loop only spans one 16-pixel block per,
429 iteration. otherwise, if (x % 16) != 0, the last iteration may span
430 two 16-pixel blocks but we only mark the first as dirty
435 x = MIN(x, s->ds->width);
436 y = MIN(y, s->ds->height);
437 w = MIN(x + w, s->ds->width) - x;
438 h = MIN(h, s->ds->height);
441 for (i = 0; i < w; i += 16)
442 vnc_set_bit(s->dirty[y], (x + i) / 16);
445 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
448 vnc_write_u16(vs, x);
449 vnc_write_u16(vs, y);
450 vnc_write_u16(vs, w);
451 vnc_write_u16(vs, h);
453 vnc_write_s32(vs, encoding);
456 void buffer_reserve(Buffer *buffer, size_t len)
458 if ((buffer->capacity - buffer->offset) < len) {
459 buffer->capacity += (len + 1024);
460 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
461 if (buffer->buffer == NULL) {
462 fprintf(stderr, "vnc: out of memory\n");
468 int buffer_empty(Buffer *buffer)
470 return buffer->offset == 0;
473 uint8_t *buffer_end(Buffer *buffer)
475 return buffer->buffer + buffer->offset;
478 void buffer_reset(Buffer *buffer)
483 void buffer_free(Buffer *buffer)
485 qemu_free(buffer->buffer);
487 buffer->capacity = 0;
488 buffer->buffer = NULL;
491 void buffer_append(Buffer *buffer, const void *data, size_t len)
493 memcpy(buffer->buffer + buffer->offset, data, len);
494 buffer->offset += len;
497 static void vnc_desktop_resize(VncState *vs)
499 DisplayState *ds = vs->ds;
501 if (vs->csock == -1 || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
504 if (vs->client_width == ds_get_width(ds) &&
505 vs->client_height == ds_get_height(ds)) {
508 vs->client_width = ds_get_width(ds);
509 vs->client_height = ds_get_height(ds);
511 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
513 vnc_write_u16(vs, 1); /* number of rects */
514 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
515 VNC_ENCODING_DESKTOPRESIZE);
516 vnc_unlock_output(vs);
520 #ifdef CONFIG_VNC_THREAD
521 static void vnc_abort_display_jobs(VncDisplay *vd)
525 QTAILQ_FOREACH(vs, &vd->clients, next) {
528 vnc_unlock_output(vs);
530 QTAILQ_FOREACH(vs, &vd->clients, next) {
533 QTAILQ_FOREACH(vs, &vd->clients, next) {
536 vnc_unlock_output(vs);
540 static void vnc_abort_display_jobs(VncDisplay *vd)
545 static void vnc_dpy_resize(DisplayState *ds)
547 VncDisplay *vd = ds->opaque;
550 vnc_abort_display_jobs(vd);
554 vd->server = qemu_mallocz(sizeof(*vd->server));
555 if (vd->server->data)
556 qemu_free(vd->server->data);
557 *(vd->server) = *(ds->surface);
558 vd->server->data = qemu_mallocz(vd->server->linesize *
563 vd->guest.ds = qemu_mallocz(sizeof(*vd->guest.ds));
564 if (ds_get_bytes_per_pixel(ds) != vd->guest.ds->pf.bytes_per_pixel)
565 console_color_init(ds);
566 *(vd->guest.ds) = *(ds->surface);
567 memset(vd->guest.dirty, 0xFF, sizeof(vd->guest.dirty));
569 QTAILQ_FOREACH(vs, &vd->clients, next) {
571 vnc_desktop_resize(vs);
572 if (vs->vd->cursor) {
573 vnc_cursor_define(vs);
575 memset(vs->dirty, 0xFF, sizeof(vs->dirty));
580 static void vnc_write_pixels_copy(VncState *vs, struct PixelFormat *pf,
581 void *pixels, int size)
583 vnc_write(vs, pixels, size);
586 /* slowest but generic code. */
587 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
590 VncDisplay *vd = vs->vd;
592 r = ((((v & vd->server->pf.rmask) >> vd->server->pf.rshift) << vs->clientds.pf.rbits) >>
593 vd->server->pf.rbits);
594 g = ((((v & vd->server->pf.gmask) >> vd->server->pf.gshift) << vs->clientds.pf.gbits) >>
595 vd->server->pf.gbits);
596 b = ((((v & vd->server->pf.bmask) >> vd->server->pf.bshift) << vs->clientds.pf.bbits) >>
597 vd->server->pf.bbits);
598 v = (r << vs->clientds.pf.rshift) |
599 (g << vs->clientds.pf.gshift) |
600 (b << vs->clientds.pf.bshift);
601 switch(vs->clientds.pf.bytes_per_pixel) {
606 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
616 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
631 static void vnc_write_pixels_generic(VncState *vs, struct PixelFormat *pf,
632 void *pixels1, int size)
636 if (pf->bytes_per_pixel == 4) {
637 uint32_t *pixels = pixels1;
640 for(i = 0; i < n; i++) {
641 vnc_convert_pixel(vs, buf, pixels[i]);
642 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
644 } else if (pf->bytes_per_pixel == 2) {
645 uint16_t *pixels = pixels1;
648 for(i = 0; i < n; i++) {
649 vnc_convert_pixel(vs, buf, pixels[i]);
650 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
652 } else if (pf->bytes_per_pixel == 1) {
653 uint8_t *pixels = pixels1;
656 for(i = 0; i < n; i++) {
657 vnc_convert_pixel(vs, buf, pixels[i]);
658 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
661 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
665 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
669 VncDisplay *vd = vs->vd;
671 row = vd->server->data + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
672 for (i = 0; i < h; i++) {
673 vs->write_pixels(vs, &vd->server->pf, row, w * ds_get_bytes_per_pixel(vs->ds));
674 row += ds_get_linesize(vs->ds);
679 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
683 switch(vs->vnc_encoding) {
684 case VNC_ENCODING_ZLIB:
685 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
687 case VNC_ENCODING_HEXTILE:
688 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
689 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
691 case VNC_ENCODING_TIGHT:
692 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
694 case VNC_ENCODING_TIGHT_PNG:
695 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
698 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
699 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
705 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
707 /* send bitblit op to the vnc client */
709 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
711 vnc_write_u16(vs, 1); /* number of rects */
712 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
713 vnc_write_u16(vs, src_x);
714 vnc_write_u16(vs, src_y);
715 vnc_unlock_output(vs);
719 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
721 VncDisplay *vd = ds->opaque;
725 int i,x,y,pitch,depth,inc,w_lim,s;
728 vnc_refresh_server_surface(vd);
729 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
730 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
731 vs->force_update = 1;
732 vnc_update_client_sync(vs, 1);
733 /* vs might be free()ed here */
737 /* do bitblit op on the local surface too */
738 pitch = ds_get_linesize(vd->ds);
739 depth = ds_get_bytes_per_pixel(vd->ds);
740 src_row = vd->server->data + pitch * src_y + depth * src_x;
741 dst_row = vd->server->data + pitch * dst_y + depth * dst_x;
746 src_row += pitch * (h-1);
747 dst_row += pitch * (h-1);
752 w_lim = w - (16 - (dst_x % 16));
756 w_lim = w - (w_lim % 16);
757 for (i = 0; i < h; i++) {
758 for (x = 0; x <= w_lim;
759 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
761 if ((s = w - w_lim) == 0)
764 s = (16 - (dst_x % 16));
769 cmp_bytes = s * depth;
770 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
772 memmove(dst_row, src_row, cmp_bytes);
773 QTAILQ_FOREACH(vs, &vd->clients, next) {
774 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
775 vnc_set_bit(vs->dirty[y], ((x + dst_x) / 16));
779 src_row += pitch - w * depth;
780 dst_row += pitch - w * depth;
784 QTAILQ_FOREACH(vs, &vd->clients, next) {
785 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
786 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
791 static void vnc_mouse_set(int x, int y, int visible)
793 /* can we ask the client(s) to move the pointer ??? */
796 static int vnc_cursor_define(VncState *vs)
798 QEMUCursor *c = vs->vd->cursor;
799 PixelFormat pf = qemu_default_pixelformat(32);
802 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
804 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
805 vnc_write_u8(vs, 0); /* padding */
806 vnc_write_u16(vs, 1); /* # of rects */
807 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
808 VNC_ENCODING_RICH_CURSOR);
809 isize = c->width * c->height * vs->clientds.pf.bytes_per_pixel;
810 vnc_write_pixels_generic(vs, &pf, c->data, isize);
811 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
812 vnc_unlock_output(vs);
818 static void vnc_dpy_cursor_define(QEMUCursor *c)
820 VncDisplay *vd = vnc_display;
823 cursor_put(vd->cursor);
824 qemu_free(vd->cursor_mask);
827 cursor_get(vd->cursor);
828 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
829 vd->cursor_mask = qemu_mallocz(vd->cursor_msize);
830 cursor_get_mono_mask(c, 0, vd->cursor_mask);
832 QTAILQ_FOREACH(vs, &vd->clients, next) {
833 vnc_cursor_define(vs);
837 static int find_and_clear_dirty_height(struct VncState *vs,
838 int y, int last_x, int x)
841 VncDisplay *vd = vs->vd;
843 for (h = 1; h < (vd->server->height - y); h++) {
845 if (!vnc_get_bit(vs->dirty[y + h], last_x))
847 for (tmp_x = last_x; tmp_x < x; tmp_x++)
848 vnc_clear_bit(vs->dirty[y + h], tmp_x);
854 #ifdef CONFIG_VNC_THREAD
855 static int vnc_update_client_sync(VncState *vs, int has_dirty)
857 int ret = vnc_update_client(vs, has_dirty);
862 static int vnc_update_client_sync(VncState *vs, int has_dirty)
864 return vnc_update_client(vs, has_dirty);
868 static int vnc_update_client(VncState *vs, int has_dirty)
870 if (vs->need_update && vs->csock != -1) {
871 VncDisplay *vd = vs->vd;
878 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
879 /* kernel send buffers are full -> drop frames to throttle */
882 if (!has_dirty && !vs->audio_cap && !vs->force_update)
886 * Send screen updates to the vnc client using the server
887 * surface and server dirty map. guest surface updates
888 * happening in parallel don't disturb us, the next pass will
889 * send them to the client.
891 job = vnc_job_new(vs);
893 width = MIN(vd->server->width, vs->client_width);
894 height = MIN(vd->server->height, vs->client_height);
896 for (y = 0; y < height; y++) {
899 for (x = 0; x < width / 16; x++) {
900 if (vnc_get_bit(vs->dirty[y], x)) {
904 vnc_clear_bit(vs->dirty[y], x);
907 int h = find_and_clear_dirty_height(vs, y, last_x, x);
909 n += vnc_job_add_rect(job, last_x * 16, y,
910 (x - last_x) * 16, h);
916 int h = find_and_clear_dirty_height(vs, y, last_x, x);
917 n += vnc_job_add_rect(job, last_x * 16, y,
918 (x - last_x) * 16, h);
923 vs->force_update = 0;
928 vnc_disconnect_finish(vs);
934 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
936 VncState *vs = opaque;
939 case AUD_CNOTIFY_DISABLE:
941 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
942 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
943 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
944 vnc_unlock_output(vs);
948 case AUD_CNOTIFY_ENABLE:
950 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
951 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
952 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
953 vnc_unlock_output(vs);
959 static void audio_capture_destroy(void *opaque)
963 static void audio_capture(void *opaque, void *buf, int size)
965 VncState *vs = opaque;
968 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
969 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
970 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
971 vnc_write_u32(vs, size);
972 vnc_write(vs, buf, size);
973 vnc_unlock_output(vs);
977 static void audio_add(VncState *vs)
979 struct audio_capture_ops ops;
982 monitor_printf(default_mon, "audio already running\n");
986 ops.notify = audio_capture_notify;
987 ops.destroy = audio_capture_destroy;
988 ops.capture = audio_capture;
990 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
991 if (!vs->audio_cap) {
992 monitor_printf(default_mon, "Failed to add audio capture\n");
996 static void audio_del(VncState *vs)
999 AUD_del_capture(vs->audio_cap, vs);
1000 vs->audio_cap = NULL;
1004 static void vnc_disconnect_start(VncState *vs)
1006 if (vs->csock == -1)
1008 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
1009 closesocket(vs->csock);
1013 static void vnc_disconnect_finish(VncState *vs)
1015 vnc_jobs_join(vs); /* Wait encoding jobs */
1017 vnc_lock_output(vs);
1018 vnc_qmp_event(vs, QEVENT_VNC_DISCONNECTED);
1020 buffer_free(&vs->input);
1021 buffer_free(&vs->output);
1023 qobject_decref(vs->info);
1026 vnc_tight_clear(vs);
1028 #ifdef CONFIG_VNC_TLS
1029 vnc_tls_client_cleanup(vs);
1030 #endif /* CONFIG_VNC_TLS */
1031 #ifdef CONFIG_VNC_SASL
1032 vnc_sasl_client_cleanup(vs);
1033 #endif /* CONFIG_VNC_SASL */
1036 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1038 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1042 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1043 vnc_remove_timer(vs->vd);
1044 if (vs->vd->lock_key_sync)
1045 qemu_remove_led_event_handler(vs->led);
1046 vnc_unlock_output(vs);
1048 #ifdef CONFIG_VNC_THREAD
1049 qemu_mutex_destroy(&vs->output_mutex);
1054 int vnc_client_io_error(VncState *vs, int ret, int last_errno)
1056 if (ret == 0 || ret == -1) {
1058 switch (last_errno) {
1062 case WSAEWOULDBLOCK:
1070 VNC_DEBUG("Closing down client sock: ret %d, errno %d\n",
1071 ret, ret < 0 ? last_errno : 0);
1072 vnc_disconnect_start(vs);
1080 void vnc_client_error(VncState *vs)
1082 VNC_DEBUG("Closing down client sock: protocol error\n");
1083 vnc_disconnect_start(vs);
1088 * Called to write a chunk of data to the client socket. The data may
1089 * be the raw data, or may have already been encoded by SASL.
1090 * The data will be written either straight onto the socket, or
1091 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1093 * NB, it is theoretically possible to have 2 layers of encryption,
1094 * both SASL, and this TLS layer. It is highly unlikely in practice
1095 * though, since SASL encryption will typically be a no-op if TLS
1098 * Returns the number of bytes written, which may be less than
1099 * the requested 'datalen' if the socket would block. Returns
1100 * -1 on error, and disconnects the client socket.
1102 long vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1105 #ifdef CONFIG_VNC_TLS
1106 if (vs->tls.session) {
1107 ret = gnutls_write(vs->tls.session, data, datalen);
1109 if (ret == GNUTLS_E_AGAIN)
1116 #endif /* CONFIG_VNC_TLS */
1117 ret = send(vs->csock, (const void *)data, datalen, 0);
1118 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1119 return vnc_client_io_error(vs, ret, socket_error());
1124 * Called to write buffered data to the client socket, when not
1125 * using any SASL SSF encryption layers. Will write as much data
1126 * as possible without blocking. If all buffered data is written,
1127 * will switch the FD poll() handler back to read monitoring.
1129 * Returns the number of bytes written, which may be less than
1130 * the buffered output data if the socket would block. Returns
1131 * -1 on error, and disconnects the client socket.
1133 static long vnc_client_write_plain(VncState *vs)
1137 #ifdef CONFIG_VNC_SASL
1138 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1139 vs->output.buffer, vs->output.capacity, vs->output.offset,
1140 vs->sasl.waitWriteSSF);
1142 if (vs->sasl.conn &&
1144 vs->sasl.waitWriteSSF) {
1145 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1147 vs->sasl.waitWriteSSF -= ret;
1149 #endif /* CONFIG_VNC_SASL */
1150 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1154 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
1155 vs->output.offset -= ret;
1157 if (vs->output.offset == 0) {
1158 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1166 * First function called whenever there is data to be written to
1167 * the client socket. Will delegate actual work according to whether
1168 * SASL SSF layers are enabled (thus requiring encryption calls)
1170 static void vnc_client_write_locked(void *opaque)
1172 VncState *vs = opaque;
1174 #ifdef CONFIG_VNC_SASL
1175 if (vs->sasl.conn &&
1177 !vs->sasl.waitWriteSSF) {
1178 vnc_client_write_sasl(vs);
1180 #endif /* CONFIG_VNC_SASL */
1181 vnc_client_write_plain(vs);
1184 void vnc_client_write(void *opaque)
1186 VncState *vs = opaque;
1188 vnc_lock_output(vs);
1189 if (vs->output.offset) {
1190 vnc_client_write_locked(opaque);
1191 } else if (vs->csock != -1) {
1192 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1194 vnc_unlock_output(vs);
1197 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1199 vs->read_handler = func;
1200 vs->read_handler_expect = expecting;
1205 * Called to read a chunk of data from the client socket. The data may
1206 * be the raw data, or may need to be further decoded by SASL.
1207 * The data will be read either straight from to the socket, or
1208 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1210 * NB, it is theoretically possible to have 2 layers of encryption,
1211 * both SASL, and this TLS layer. It is highly unlikely in practice
1212 * though, since SASL encryption will typically be a no-op if TLS
1215 * Returns the number of bytes read, which may be less than
1216 * the requested 'datalen' if the socket would block. Returns
1217 * -1 on error, and disconnects the client socket.
1219 long vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1222 #ifdef CONFIG_VNC_TLS
1223 if (vs->tls.session) {
1224 ret = gnutls_read(vs->tls.session, data, datalen);
1226 if (ret == GNUTLS_E_AGAIN)
1233 #endif /* CONFIG_VNC_TLS */
1234 ret = recv(vs->csock, (void *)data, datalen, 0);
1235 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1236 return vnc_client_io_error(vs, ret, socket_error());
1241 * Called to read data from the client socket to the input buffer,
1242 * when not using any SASL SSF encryption layers. Will read as much
1243 * data as possible without blocking.
1245 * Returns the number of bytes read. Returns -1 on error, and
1246 * disconnects the client socket.
1248 static long vnc_client_read_plain(VncState *vs)
1251 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1252 vs->input.buffer, vs->input.capacity, vs->input.offset);
1253 buffer_reserve(&vs->input, 4096);
1254 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1257 vs->input.offset += ret;
1263 * First function called whenever there is more data to be read from
1264 * the client socket. Will delegate actual work according to whether
1265 * SASL SSF layers are enabled (thus requiring decryption calls)
1267 void vnc_client_read(void *opaque)
1269 VncState *vs = opaque;
1272 #ifdef CONFIG_VNC_SASL
1273 if (vs->sasl.conn && vs->sasl.runSSF)
1274 ret = vnc_client_read_sasl(vs);
1276 #endif /* CONFIG_VNC_SASL */
1277 ret = vnc_client_read_plain(vs);
1279 if (vs->csock == -1)
1280 vnc_disconnect_finish(vs);
1284 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1285 size_t len = vs->read_handler_expect;
1288 ret = vs->read_handler(vs, vs->input.buffer, len);
1289 if (vs->csock == -1) {
1290 vnc_disconnect_finish(vs);
1295 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
1296 vs->input.offset -= len;
1298 vs->read_handler_expect = ret;
1303 void vnc_write(VncState *vs, const void *data, size_t len)
1305 buffer_reserve(&vs->output, len);
1307 if (vs->csock != -1 && buffer_empty(&vs->output)) {
1308 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1311 buffer_append(&vs->output, data, len);
1314 void vnc_write_s32(VncState *vs, int32_t value)
1316 vnc_write_u32(vs, *(uint32_t *)&value);
1319 void vnc_write_u32(VncState *vs, uint32_t value)
1323 buf[0] = (value >> 24) & 0xFF;
1324 buf[1] = (value >> 16) & 0xFF;
1325 buf[2] = (value >> 8) & 0xFF;
1326 buf[3] = value & 0xFF;
1328 vnc_write(vs, buf, 4);
1331 void vnc_write_u16(VncState *vs, uint16_t value)
1335 buf[0] = (value >> 8) & 0xFF;
1336 buf[1] = value & 0xFF;
1338 vnc_write(vs, buf, 2);
1341 void vnc_write_u8(VncState *vs, uint8_t value)
1343 vnc_write(vs, (char *)&value, 1);
1346 void vnc_flush(VncState *vs)
1348 vnc_lock_output(vs);
1349 if (vs->csock != -1 && vs->output.offset) {
1350 vnc_client_write_locked(vs);
1352 vnc_unlock_output(vs);
1355 uint8_t read_u8(uint8_t *data, size_t offset)
1357 return data[offset];
1360 uint16_t read_u16(uint8_t *data, size_t offset)
1362 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1365 int32_t read_s32(uint8_t *data, size_t offset)
1367 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1368 (data[offset + 2] << 8) | data[offset + 3]);
1371 uint32_t read_u32(uint8_t *data, size_t offset)
1373 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1374 (data[offset + 2] << 8) | data[offset + 3]);
1377 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1381 static void check_pointer_type_change(Notifier *notifier)
1383 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1384 int absolute = kbd_mouse_is_absolute();
1386 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1387 vnc_lock_output(vs);
1388 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1389 vnc_write_u8(vs, 0);
1390 vnc_write_u16(vs, 1);
1391 vnc_framebuffer_update(vs, absolute, 0,
1392 ds_get_width(vs->ds), ds_get_height(vs->ds),
1393 VNC_ENCODING_POINTER_TYPE_CHANGE);
1394 vnc_unlock_output(vs);
1397 vs->absolute = absolute;
1400 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1405 if (button_mask & 0x01)
1406 buttons |= MOUSE_EVENT_LBUTTON;
1407 if (button_mask & 0x02)
1408 buttons |= MOUSE_EVENT_MBUTTON;
1409 if (button_mask & 0x04)
1410 buttons |= MOUSE_EVENT_RBUTTON;
1411 if (button_mask & 0x08)
1413 if (button_mask & 0x10)
1417 kbd_mouse_event(ds_get_width(vs->ds) > 1 ?
1418 x * 0x7FFF / (ds_get_width(vs->ds) - 1) : 0x4000,
1419 ds_get_height(vs->ds) > 1 ?
1420 y * 0x7FFF / (ds_get_height(vs->ds) - 1) : 0x4000,
1422 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1426 kbd_mouse_event(x, y, dz, buttons);
1428 if (vs->last_x != -1)
1429 kbd_mouse_event(x - vs->last_x,
1437 static void reset_keys(VncState *vs)
1440 for(i = 0; i < 256; i++) {
1441 if (vs->modifiers_state[i]) {
1442 if (i & SCANCODE_GREY)
1443 kbd_put_keycode(SCANCODE_EMUL0);
1444 kbd_put_keycode(i | SCANCODE_UP);
1445 vs->modifiers_state[i] = 0;
1450 static void press_key(VncState *vs, int keysym)
1452 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1453 if (keycode & SCANCODE_GREY)
1454 kbd_put_keycode(SCANCODE_EMUL0);
1455 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1456 if (keycode & SCANCODE_GREY)
1457 kbd_put_keycode(SCANCODE_EMUL0);
1458 kbd_put_keycode(keycode | SCANCODE_UP);
1461 static void kbd_leds(void *opaque, int ledstate)
1463 VncState *vs = opaque;
1466 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1467 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1469 if (vs->modifiers_state[0x3a] != caps) {
1470 vs->modifiers_state[0x3a] = caps;
1472 if (vs->modifiers_state[0x45] != num) {
1473 vs->modifiers_state[0x45] = num;
1477 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1479 /* QEMU console switch */
1481 case 0x2a: /* Left Shift */
1482 case 0x36: /* Right Shift */
1483 case 0x1d: /* Left CTRL */
1484 case 0x9d: /* Right CTRL */
1485 case 0x38: /* Left ALT */
1486 case 0xb8: /* Right ALT */
1488 vs->modifiers_state[keycode] = 1;
1490 vs->modifiers_state[keycode] = 0;
1492 case 0x02 ... 0x0a: /* '1' to '9' keys */
1493 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1494 /* Reset the modifiers sent to the current console */
1496 console_select(keycode - 0x02);
1500 case 0x3a: /* CapsLock */
1501 case 0x45: /* NumLock */
1503 vs->modifiers_state[keycode] ^= 1;
1507 if (down && vs->vd->lock_key_sync &&
1508 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1509 /* If the numlock state needs to change then simulate an additional
1510 keypress before sending this one. This will happen if the user
1511 toggles numlock away from the VNC window.
1513 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1514 if (!vs->modifiers_state[0x45]) {
1515 vs->modifiers_state[0x45] = 1;
1516 press_key(vs, 0xff7f);
1519 if (vs->modifiers_state[0x45]) {
1520 vs->modifiers_state[0x45] = 0;
1521 press_key(vs, 0xff7f);
1526 if (down && vs->vd->lock_key_sync &&
1527 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1528 /* If the capslock state needs to change then simulate an additional
1529 keypress before sending this one. This will happen if the user
1530 toggles capslock away from the VNC window.
1532 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1533 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1534 int capslock = !!(vs->modifiers_state[0x3a]);
1536 if (uppercase == shift) {
1537 vs->modifiers_state[0x3a] = 0;
1538 press_key(vs, 0xffe5);
1541 if (uppercase != shift) {
1542 vs->modifiers_state[0x3a] = 1;
1543 press_key(vs, 0xffe5);
1548 if (is_graphic_console()) {
1549 if (keycode & SCANCODE_GREY)
1550 kbd_put_keycode(SCANCODE_EMUL0);
1552 kbd_put_keycode(keycode & SCANCODE_KEYCODEMASK);
1554 kbd_put_keycode(keycode | SCANCODE_UP);
1556 /* QEMU console emulation */
1558 int numlock = vs->modifiers_state[0x45];
1560 case 0x2a: /* Left Shift */
1561 case 0x36: /* Right Shift */
1562 case 0x1d: /* Left CTRL */
1563 case 0x9d: /* Right CTRL */
1564 case 0x38: /* Left ALT */
1565 case 0xb8: /* Right ALT */
1568 kbd_put_keysym(QEMU_KEY_UP);
1571 kbd_put_keysym(QEMU_KEY_DOWN);
1574 kbd_put_keysym(QEMU_KEY_LEFT);
1577 kbd_put_keysym(QEMU_KEY_RIGHT);
1580 kbd_put_keysym(QEMU_KEY_DELETE);
1583 kbd_put_keysym(QEMU_KEY_HOME);
1586 kbd_put_keysym(QEMU_KEY_END);
1589 kbd_put_keysym(QEMU_KEY_PAGEUP);
1592 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1596 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1599 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1602 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1605 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1608 kbd_put_keysym('5');
1611 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1614 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1617 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1620 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1623 kbd_put_keysym('0');
1626 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1630 kbd_put_keysym('/');
1633 kbd_put_keysym('*');
1636 kbd_put_keysym('-');
1639 kbd_put_keysym('+');
1642 kbd_put_keysym('\n');
1646 kbd_put_keysym(sym);
1653 static void key_event(VncState *vs, int down, uint32_t sym)
1658 if (lsym >= 'A' && lsym <= 'Z' && is_graphic_console()) {
1659 lsym = lsym - 'A' + 'a';
1662 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1663 do_key_event(vs, down, keycode, sym);
1666 static void ext_key_event(VncState *vs, int down,
1667 uint32_t sym, uint16_t keycode)
1669 /* if the user specifies a keyboard layout, always use it */
1670 if (keyboard_layout)
1671 key_event(vs, down, sym);
1673 do_key_event(vs, down, keycode, sym);
1676 static void framebuffer_update_request(VncState *vs, int incremental,
1677 int x_position, int y_position,
1680 if (y_position > ds_get_height(vs->ds))
1681 y_position = ds_get_height(vs->ds);
1682 if (y_position + h >= ds_get_height(vs->ds))
1683 h = ds_get_height(vs->ds) - y_position;
1686 vs->need_update = 1;
1688 vs->force_update = 1;
1689 for (i = 0; i < h; i++) {
1690 vnc_set_bits(vs->dirty[y_position + i],
1691 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1696 static void send_ext_key_event_ack(VncState *vs)
1698 vnc_lock_output(vs);
1699 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1700 vnc_write_u8(vs, 0);
1701 vnc_write_u16(vs, 1);
1702 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1703 VNC_ENCODING_EXT_KEY_EVENT);
1704 vnc_unlock_output(vs);
1708 static void send_ext_audio_ack(VncState *vs)
1710 vnc_lock_output(vs);
1711 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1712 vnc_write_u8(vs, 0);
1713 vnc_write_u16(vs, 1);
1714 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1715 VNC_ENCODING_AUDIO);
1716 vnc_unlock_output(vs);
1720 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1723 unsigned int enc = 0;
1726 vs->vnc_encoding = 0;
1727 vs->tight.compression = 9;
1728 vs->tight.quality = -1; /* Lossless by default */
1732 * Start from the end because the encodings are sent in order of preference.
1733 * This way the prefered encoding (first encoding defined in the array)
1734 * will be set at the end of the loop.
1736 for (i = n_encodings - 1; i >= 0; i--) {
1739 case VNC_ENCODING_RAW:
1740 vs->vnc_encoding = enc;
1742 case VNC_ENCODING_COPYRECT:
1743 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1745 case VNC_ENCODING_HEXTILE:
1746 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1747 vs->vnc_encoding = enc;
1749 case VNC_ENCODING_TIGHT:
1750 vs->features |= VNC_FEATURE_TIGHT_MASK;
1751 vs->vnc_encoding = enc;
1753 case VNC_ENCODING_TIGHT_PNG:
1754 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
1755 vs->vnc_encoding = enc;
1757 case VNC_ENCODING_ZLIB:
1758 vs->features |= VNC_FEATURE_ZLIB_MASK;
1759 vs->vnc_encoding = enc;
1761 case VNC_ENCODING_DESKTOPRESIZE:
1762 vs->features |= VNC_FEATURE_RESIZE_MASK;
1764 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1765 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1767 case VNC_ENCODING_RICH_CURSOR:
1768 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
1770 case VNC_ENCODING_EXT_KEY_EVENT:
1771 send_ext_key_event_ack(vs);
1773 case VNC_ENCODING_AUDIO:
1774 send_ext_audio_ack(vs);
1776 case VNC_ENCODING_WMVi:
1777 vs->features |= VNC_FEATURE_WMVI_MASK;
1779 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1780 vs->tight.compression = (enc & 0x0F);
1782 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1783 vs->tight.quality = (enc & 0x0F);
1786 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1790 vnc_desktop_resize(vs);
1791 check_pointer_type_change(&vs->mouse_mode_notifier);
1794 static void set_pixel_conversion(VncState *vs)
1796 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1797 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1798 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1799 vs->write_pixels = vnc_write_pixels_copy;
1800 vnc_hextile_set_pixel_conversion(vs, 0);
1802 vs->write_pixels = vnc_write_pixels_generic;
1803 vnc_hextile_set_pixel_conversion(vs, 1);
1807 static void set_pixel_format(VncState *vs,
1808 int bits_per_pixel, int depth,
1809 int big_endian_flag, int true_color_flag,
1810 int red_max, int green_max, int blue_max,
1811 int red_shift, int green_shift, int blue_shift)
1813 if (!true_color_flag) {
1814 vnc_client_error(vs);
1818 vs->clientds = *(vs->vd->guest.ds);
1819 vs->clientds.pf.rmax = red_max;
1820 count_bits(vs->clientds.pf.rbits, red_max);
1821 vs->clientds.pf.rshift = red_shift;
1822 vs->clientds.pf.rmask = red_max << red_shift;
1823 vs->clientds.pf.gmax = green_max;
1824 count_bits(vs->clientds.pf.gbits, green_max);
1825 vs->clientds.pf.gshift = green_shift;
1826 vs->clientds.pf.gmask = green_max << green_shift;
1827 vs->clientds.pf.bmax = blue_max;
1828 count_bits(vs->clientds.pf.bbits, blue_max);
1829 vs->clientds.pf.bshift = blue_shift;
1830 vs->clientds.pf.bmask = blue_max << blue_shift;
1831 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1832 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1833 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1834 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1836 set_pixel_conversion(vs);
1838 vga_hw_invalidate();
1842 static void pixel_format_message (VncState *vs) {
1843 char pad[3] = { 0, 0, 0 };
1845 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1846 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1848 #ifdef HOST_WORDS_BIGENDIAN
1849 vnc_write_u8(vs, 1); /* big-endian-flag */
1851 vnc_write_u8(vs, 0); /* big-endian-flag */
1853 vnc_write_u8(vs, 1); /* true-color-flag */
1854 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1855 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1856 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1857 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1858 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1859 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1861 vnc_hextile_set_pixel_conversion(vs, 0);
1863 vs->clientds = *(vs->ds->surface);
1864 vs->clientds.flags &= ~QEMU_ALLOCATED_FLAG;
1865 vs->write_pixels = vnc_write_pixels_copy;
1867 vnc_write(vs, pad, 3); /* padding */
1870 static void vnc_dpy_setdata(DisplayState *ds)
1872 /* We don't have to do anything */
1875 static void vnc_colordepth(VncState *vs)
1877 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1878 /* Sending a WMVi message to notify the client*/
1879 vnc_lock_output(vs);
1880 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1881 vnc_write_u8(vs, 0);
1882 vnc_write_u16(vs, 1); /* number of rects */
1883 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1884 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1885 pixel_format_message(vs);
1886 vnc_unlock_output(vs);
1889 set_pixel_conversion(vs);
1893 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1897 VncDisplay *vd = vs->vd;
1900 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
1901 if (!qemu_timer_expired(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval))
1902 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
1906 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
1910 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1911 read_u8(data, 6), read_u8(data, 7),
1912 read_u16(data, 8), read_u16(data, 10),
1913 read_u16(data, 12), read_u8(data, 14),
1914 read_u8(data, 15), read_u8(data, 16));
1916 case VNC_MSG_CLIENT_SET_ENCODINGS:
1921 limit = read_u16(data, 2);
1923 return 4 + (limit * 4);
1925 limit = read_u16(data, 2);
1927 for (i = 0; i < limit; i++) {
1928 int32_t val = read_s32(data, 4 + (i * 4));
1929 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1932 set_encodings(vs, (int32_t *)(data + 4), limit);
1934 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
1938 framebuffer_update_request(vs,
1939 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1940 read_u16(data, 6), read_u16(data, 8));
1942 case VNC_MSG_CLIENT_KEY_EVENT:
1946 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1948 case VNC_MSG_CLIENT_POINTER_EVENT:
1952 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1954 case VNC_MSG_CLIENT_CUT_TEXT:
1959 uint32_t dlen = read_u32(data, 4);
1964 client_cut_text(vs, read_u32(data, 4), data + 8);
1966 case VNC_MSG_CLIENT_QEMU:
1970 switch (read_u8(data, 1)) {
1971 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
1975 ext_key_event(vs, read_u16(data, 2),
1976 read_u32(data, 4), read_u32(data, 8));
1978 case VNC_MSG_CLIENT_QEMU_AUDIO:
1982 switch (read_u16 (data, 2)) {
1983 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
1986 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
1989 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
1992 switch (read_u8(data, 4)) {
1993 case 0: vs->as.fmt = AUD_FMT_U8; break;
1994 case 1: vs->as.fmt = AUD_FMT_S8; break;
1995 case 2: vs->as.fmt = AUD_FMT_U16; break;
1996 case 3: vs->as.fmt = AUD_FMT_S16; break;
1997 case 4: vs->as.fmt = AUD_FMT_U32; break;
1998 case 5: vs->as.fmt = AUD_FMT_S32; break;
2000 printf("Invalid audio format %d\n", read_u8(data, 4));
2001 vnc_client_error(vs);
2004 vs->as.nchannels = read_u8(data, 5);
2005 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2006 printf("Invalid audio channel coount %d\n",
2008 vnc_client_error(vs);
2011 vs->as.freq = read_u32(data, 6);
2014 printf ("Invalid audio message %d\n", read_u8(data, 4));
2015 vnc_client_error(vs);
2021 printf("Msg: %d\n", read_u16(data, 0));
2022 vnc_client_error(vs);
2027 printf("Msg: %d\n", data[0]);
2028 vnc_client_error(vs);
2032 vnc_read_when(vs, protocol_client_msg, 1);
2036 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2041 vs->client_width = ds_get_width(vs->ds);
2042 vs->client_height = ds_get_height(vs->ds);
2043 vnc_write_u16(vs, vs->client_width);
2044 vnc_write_u16(vs, vs->client_height);
2046 pixel_format_message(vs);
2049 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2051 size = snprintf(buf, sizeof(buf), "QEMU");
2053 vnc_write_u32(vs, size);
2054 vnc_write(vs, buf, size);
2057 vnc_client_cache_auth(vs);
2058 vnc_qmp_event(vs, QEVENT_VNC_INITIALIZED);
2060 vnc_read_when(vs, protocol_client_msg, 1);
2065 void start_client_init(VncState *vs)
2067 vnc_read_when(vs, protocol_client_init, 1);
2070 static void make_challenge(VncState *vs)
2074 srand(time(NULL)+getpid()+getpid()*987654+rand());
2076 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2077 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2080 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2082 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2084 unsigned char key[8];
2085 time_t now = time(NULL);
2087 if (!vs->vd->password) {
2088 VNC_DEBUG("No password configured on server");
2091 if (vs->vd->expires < now) {
2092 VNC_DEBUG("Password is expired");
2096 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2098 /* Calculate the expected challenge response */
2099 pwlen = strlen(vs->vd->password);
2100 for (i=0; i<sizeof(key); i++)
2101 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2103 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
2104 des(response+j, response+j);
2106 /* Compare expected vs actual challenge response */
2107 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2108 VNC_DEBUG("Client challenge reponse did not match\n");
2111 VNC_DEBUG("Accepting VNC challenge response\n");
2112 vnc_write_u32(vs, 0); /* Accept auth */
2115 start_client_init(vs);
2120 vnc_write_u32(vs, 1); /* Reject auth */
2121 if (vs->minor >= 8) {
2122 static const char err[] = "Authentication failed";
2123 vnc_write_u32(vs, sizeof(err));
2124 vnc_write(vs, err, sizeof(err));
2127 vnc_client_error(vs);
2131 void start_auth_vnc(VncState *vs)
2134 /* Send client a 'random' challenge */
2135 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2138 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2142 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2144 /* We only advertise 1 auth scheme at a time, so client
2145 * must pick the one we sent. Verify this */
2146 if (data[0] != vs->vd->auth) { /* Reject auth */
2147 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2148 vnc_write_u32(vs, 1);
2149 if (vs->minor >= 8) {
2150 static const char err[] = "Authentication failed";
2151 vnc_write_u32(vs, sizeof(err));
2152 vnc_write(vs, err, sizeof(err));
2154 vnc_client_error(vs);
2155 } else { /* Accept requested auth */
2156 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2157 switch (vs->vd->auth) {
2159 VNC_DEBUG("Accept auth none\n");
2160 if (vs->minor >= 8) {
2161 vnc_write_u32(vs, 0); /* Accept auth completion */
2164 start_client_init(vs);
2168 VNC_DEBUG("Start VNC auth\n");
2172 #ifdef CONFIG_VNC_TLS
2173 case VNC_AUTH_VENCRYPT:
2174 VNC_DEBUG("Accept VeNCrypt auth\n");;
2175 start_auth_vencrypt(vs);
2177 #endif /* CONFIG_VNC_TLS */
2179 #ifdef CONFIG_VNC_SASL
2181 VNC_DEBUG("Accept SASL auth\n");
2182 start_auth_sasl(vs);
2184 #endif /* CONFIG_VNC_SASL */
2186 default: /* Should not be possible, but just in case */
2187 VNC_DEBUG("Reject auth %d server code bug\n", vs->vd->auth);
2188 vnc_write_u8(vs, 1);
2189 if (vs->minor >= 8) {
2190 static const char err[] = "Authentication failed";
2191 vnc_write_u32(vs, sizeof(err));
2192 vnc_write(vs, err, sizeof(err));
2194 vnc_client_error(vs);
2200 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2204 memcpy(local, version, 12);
2207 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2208 VNC_DEBUG("Malformed protocol version %s\n", local);
2209 vnc_client_error(vs);
2212 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2213 if (vs->major != 3 ||
2219 VNC_DEBUG("Unsupported client version\n");
2220 vnc_write_u32(vs, VNC_AUTH_INVALID);
2222 vnc_client_error(vs);
2225 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2226 * as equivalent to v3.3 by servers
2228 if (vs->minor == 4 || vs->minor == 5)
2231 if (vs->minor == 3) {
2232 if (vs->vd->auth == VNC_AUTH_NONE) {
2233 VNC_DEBUG("Tell client auth none\n");
2234 vnc_write_u32(vs, vs->vd->auth);
2236 start_client_init(vs);
2237 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2238 VNC_DEBUG("Tell client VNC auth\n");
2239 vnc_write_u32(vs, vs->vd->auth);
2243 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2244 vnc_write_u32(vs, VNC_AUTH_INVALID);
2246 vnc_client_error(vs);
2249 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2250 vnc_write_u8(vs, 1); /* num auth */
2251 vnc_write_u8(vs, vs->vd->auth);
2252 vnc_read_when(vs, protocol_client_auth, 1);
2259 static int vnc_refresh_server_surface(VncDisplay *vd)
2263 uint8_t *server_row;
2265 uint32_t width_mask[VNC_DIRTY_WORDS];
2270 * Walk through the guest dirty map.
2271 * Check and copy modified bits from guest to server surface.
2272 * Update server dirty map.
2274 vnc_set_bits(width_mask, (ds_get_width(vd->ds) / 16), VNC_DIRTY_WORDS);
2275 cmp_bytes = 16 * ds_get_bytes_per_pixel(vd->ds);
2276 guest_row = vd->guest.ds->data;
2277 server_row = vd->server->data;
2278 for (y = 0; y < vd->guest.ds->height; y++) {
2279 if (vnc_and_bits(vd->guest.dirty[y], width_mask, VNC_DIRTY_WORDS)) {
2282 uint8_t *server_ptr;
2284 guest_ptr = guest_row;
2285 server_ptr = server_row;
2287 for (x = 0; x < vd->guest.ds->width;
2288 x += 16, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2289 if (!vnc_get_bit(vd->guest.dirty[y], (x / 16)))
2291 vnc_clear_bit(vd->guest.dirty[y], (x / 16));
2292 if (memcmp(server_ptr, guest_ptr, cmp_bytes) == 0)
2294 memcpy(server_ptr, guest_ptr, cmp_bytes);
2295 QTAILQ_FOREACH(vs, &vd->clients, next) {
2296 vnc_set_bit(vs->dirty[y], (x / 16));
2301 guest_row += ds_get_linesize(vd->ds);
2302 server_row += ds_get_linesize(vd->ds);
2307 static void vnc_refresh(void *opaque)
2309 VncDisplay *vd = opaque;
2311 int has_dirty, rects = 0;
2315 if (vnc_trylock_display(vd)) {
2316 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2317 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) +
2318 vd->timer_interval);
2322 has_dirty = vnc_refresh_server_surface(vd);
2323 vnc_unlock_display(vd);
2325 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2326 rects += vnc_update_client(vs, has_dirty);
2327 /* vs might be free()ed here */
2330 /* vd->timer could be NULL now if the last client disconnected,
2331 * in this case don't update the timer */
2332 if (vd->timer == NULL)
2335 if (has_dirty && rects) {
2336 vd->timer_interval /= 2;
2337 if (vd->timer_interval < VNC_REFRESH_INTERVAL_BASE)
2338 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2340 vd->timer_interval += VNC_REFRESH_INTERVAL_INC;
2341 if (vd->timer_interval > VNC_REFRESH_INTERVAL_MAX)
2342 vd->timer_interval = VNC_REFRESH_INTERVAL_MAX;
2344 qemu_mod_timer(vd->timer, qemu_get_clock(rt_clock) + vd->timer_interval);
2347 static void vnc_init_timer(VncDisplay *vd)
2349 vd->timer_interval = VNC_REFRESH_INTERVAL_BASE;
2350 if (vd->timer == NULL && !QTAILQ_EMPTY(&vd->clients)) {
2351 vd->timer = qemu_new_timer(rt_clock, vnc_refresh, vd);
2352 vnc_dpy_resize(vd->ds);
2357 static void vnc_remove_timer(VncDisplay *vd)
2359 if (vd->timer != NULL && QTAILQ_EMPTY(&vd->clients)) {
2360 qemu_del_timer(vd->timer);
2361 qemu_free_timer(vd->timer);
2366 static void vnc_connect(VncDisplay *vd, int csock)
2368 VncState *vs = qemu_mallocz(sizeof(VncState));
2371 VNC_DEBUG("New client on socket %d\n", csock);
2373 socket_set_nonblock(vs->csock);
2374 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2376 vnc_client_cache_addr(vs);
2377 vnc_qmp_event(vs, QEVENT_VNC_CONNECTED);
2384 vs->as.freq = 44100;
2385 vs->as.nchannels = 2;
2386 vs->as.fmt = AUD_FMT_S16;
2387 vs->as.endianness = 0;
2389 #ifdef CONFIG_VNC_THREAD
2390 qemu_mutex_init(&vs->output_mutex);
2393 QTAILQ_INSERT_HEAD(&vd->clients, vs, next);
2397 vnc_write(vs, "RFB 003.008\n", 12);
2399 vnc_read_when(vs, protocol_version, 12);
2401 if (vs->vd->lock_key_sync)
2402 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
2404 vs->mouse_mode_notifier.notify = check_pointer_type_change;
2405 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
2409 /* vs might be free()ed here */
2412 static void vnc_listen_read(void *opaque)
2414 VncDisplay *vs = opaque;
2415 struct sockaddr_in addr;
2416 socklen_t addrlen = sizeof(addr);
2421 int csock = qemu_accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2423 vnc_connect(vs, csock);
2427 void vnc_display_init(DisplayState *ds)
2429 VncDisplay *vs = qemu_mallocz(sizeof(*vs));
2431 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2440 QTAILQ_INIT(&vs->clients);
2441 vs->expires = TIME_MAX;
2443 if (keyboard_layout)
2444 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
2446 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
2448 if (!vs->kbd_layout)
2451 #ifdef CONFIG_VNC_THREAD
2452 qemu_mutex_init(&vs->mutex);
2453 vnc_start_worker_thread();
2456 dcl->dpy_copy = vnc_dpy_copy;
2457 dcl->dpy_update = vnc_dpy_update;
2458 dcl->dpy_resize = vnc_dpy_resize;
2459 dcl->dpy_setdata = vnc_dpy_setdata;
2460 register_displaychangelistener(ds, dcl);
2461 ds->mouse_set = vnc_mouse_set;
2462 ds->cursor_define = vnc_dpy_cursor_define;
2466 void vnc_display_close(DisplayState *ds)
2468 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2473 qemu_free(vs->display);
2476 if (vs->lsock != -1) {
2477 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2481 vs->auth = VNC_AUTH_INVALID;
2482 #ifdef CONFIG_VNC_TLS
2483 vs->subauth = VNC_AUTH_INVALID;
2484 vs->tls.x509verify = 0;
2488 int vnc_display_disable_login(DisplayState *ds)
2490 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2497 qemu_free(vs->password);
2500 vs->password = NULL;
2501 vs->auth = VNC_AUTH_VNC;
2506 int vnc_display_password(DisplayState *ds, const char *password)
2508 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2515 /* This is not the intention of this interface but err on the side
2517 return vnc_display_disable_login(ds);
2521 qemu_free(vs->password);
2522 vs->password = NULL;
2524 vs->password = qemu_strdup(password);
2525 vs->auth = VNC_AUTH_VNC;
2530 int vnc_display_pw_expire(DisplayState *ds, time_t expires)
2532 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2534 vs->expires = expires;
2538 char *vnc_display_local_addr(DisplayState *ds)
2540 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2542 return vnc_socket_local_addr("%s:%s", vs->lsock);
2545 int vnc_display_open(DisplayState *ds, const char *display)
2547 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2548 const char *options;
2551 #ifdef CONFIG_VNC_TLS
2552 int tls = 0, x509 = 0;
2554 #ifdef CONFIG_VNC_SASL
2558 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2561 int lock_key_sync = 1;
2565 vnc_display_close(ds);
2566 if (strcmp(display, "none") == 0)
2569 if (!(vs->display = strdup(display)))
2573 while ((options = strchr(options, ','))) {
2575 if (strncmp(options, "password", 8) == 0) {
2576 password = 1; /* Require password auth */
2577 } else if (strncmp(options, "reverse", 7) == 0) {
2579 } else if (strncmp(options, "no-lock-key-sync", 9) == 0) {
2581 #ifdef CONFIG_VNC_SASL
2582 } else if (strncmp(options, "sasl", 4) == 0) {
2583 sasl = 1; /* Require SASL auth */
2585 #ifdef CONFIG_VNC_TLS
2586 } else if (strncmp(options, "tls", 3) == 0) {
2587 tls = 1; /* Require TLS */
2588 } else if (strncmp(options, "x509", 4) == 0) {
2590 x509 = 1; /* Require x509 certificates */
2591 if (strncmp(options, "x509verify", 10) == 0)
2592 vs->tls.x509verify = 1; /* ...and verify client certs */
2594 /* Now check for 'x509=/some/path' postfix
2595 * and use that to setup x509 certificate/key paths */
2596 start = strchr(options, '=');
2597 end = strchr(options, ',');
2598 if (start && (!end || (start < end))) {
2599 int len = end ? end-(start+1) : strlen(start+1);
2600 char *path = qemu_strndup(start + 1, len);
2602 VNC_DEBUG("Trying certificate path '%s'\n", path);
2603 if (vnc_tls_set_x509_creds_dir(vs, path) < 0) {
2604 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2606 qemu_free(vs->display);
2612 fprintf(stderr, "No certificate path provided\n");
2613 qemu_free(vs->display);
2618 #if defined(CONFIG_VNC_TLS) || defined(CONFIG_VNC_SASL)
2619 } else if (strncmp(options, "acl", 3) == 0) {
2622 } else if (strncmp(options, "lossy", 5) == 0) {
2627 #ifdef CONFIG_VNC_TLS
2628 if (acl && x509 && vs->tls.x509verify) {
2629 if (!(vs->tls.acl = qemu_acl_init("vnc.x509dname"))) {
2630 fprintf(stderr, "Failed to create x509 dname ACL\n");
2635 #ifdef CONFIG_VNC_SASL
2637 if (!(vs->sasl.acl = qemu_acl_init("vnc.username"))) {
2638 fprintf(stderr, "Failed to create username ACL\n");
2645 * Combinations we support here:
2647 * - no-auth (clear text, no auth)
2648 * - password (clear text, weak auth)
2649 * - sasl (encrypt, good auth *IF* using Kerberos via GSSAPI)
2650 * - tls (encrypt, weak anonymous creds, no auth)
2651 * - tls + password (encrypt, weak anonymous creds, weak auth)
2652 * - tls + sasl (encrypt, weak anonymous creds, good auth)
2653 * - tls + x509 (encrypt, good x509 creds, no auth)
2654 * - tls + x509 + password (encrypt, good x509 creds, weak auth)
2655 * - tls + x509 + sasl (encrypt, good x509 creds, good auth)
2657 * NB1. TLS is a stackable auth scheme.
2658 * NB2. the x509 schemes have option to validate a client cert dname
2661 #ifdef CONFIG_VNC_TLS
2663 vs->auth = VNC_AUTH_VENCRYPT;
2665 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2666 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2668 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2669 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2672 #endif /* CONFIG_VNC_TLS */
2673 VNC_DEBUG("Initializing VNC server with password auth\n");
2674 vs->auth = VNC_AUTH_VNC;
2675 #ifdef CONFIG_VNC_TLS
2676 vs->subauth = VNC_AUTH_INVALID;
2678 #endif /* CONFIG_VNC_TLS */
2679 #ifdef CONFIG_VNC_SASL
2681 #ifdef CONFIG_VNC_TLS
2683 vs->auth = VNC_AUTH_VENCRYPT;
2685 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
2686 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
2688 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
2689 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
2692 #endif /* CONFIG_VNC_TLS */
2693 VNC_DEBUG("Initializing VNC server with SASL auth\n");
2694 vs->auth = VNC_AUTH_SASL;
2695 #ifdef CONFIG_VNC_TLS
2696 vs->subauth = VNC_AUTH_INVALID;
2698 #endif /* CONFIG_VNC_TLS */
2699 #endif /* CONFIG_VNC_SASL */
2701 #ifdef CONFIG_VNC_TLS
2703 vs->auth = VNC_AUTH_VENCRYPT;
2705 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2706 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2708 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2709 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2713 VNC_DEBUG("Initializing VNC server with no auth\n");
2714 vs->auth = VNC_AUTH_NONE;
2715 #ifdef CONFIG_VNC_TLS
2716 vs->subauth = VNC_AUTH_INVALID;
2721 #ifdef CONFIG_VNC_SASL
2722 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
2723 fprintf(stderr, "Failed to initialize SASL auth %s",
2724 sasl_errstring(saslErr, NULL, NULL));
2730 vs->lock_key_sync = lock_key_sync;
2733 /* connect to viewer */
2734 if (strncmp(display, "unix:", 5) == 0)
2735 vs->lsock = unix_connect(display+5);
2737 vs->lsock = inet_connect(display, SOCK_STREAM);
2738 if (-1 == vs->lsock) {
2743 int csock = vs->lsock;
2745 vnc_connect(vs, csock);
2750 /* listen for connects */
2752 dpy = qemu_malloc(256);
2753 if (strncmp(display, "unix:", 5) == 0) {
2754 pstrcpy(dpy, 256, "unix:");
2755 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2757 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2759 if (-1 == vs->lsock) {
2767 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / external / qemu.git / blob