1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev.h" 32 #include "sysemu/sysemu.h" 33 #include "qemu/error-report.h" 34 #include "qemu/sockets.h" 35 #include "qemu/timer.h" 36 #include "qemu/acl.h" 37 #include "qemu/config-file.h" 38 #include "qapi/qmp/qerror.h" 39 #include "qapi/qmp/types.h" 40 #include "qmp-commands.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 #include "qemu/cutils.h" 48 49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 50 #define VNC_REFRESH_INTERVAL_INC 50 51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 54 55 #include "vnc_keysym.h" 56 #include "crypto/cipher.h" 57 58 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 59 QTAILQ_HEAD_INITIALIZER(vnc_displays); 60 61 static int vnc_cursor_define(VncState *vs); 62 static void vnc_release_modifiers(VncState *vs); 63 64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 65 { 66 #ifdef _VNC_DEBUG 67 static const char *mn[] = { 68 [0] = "undefined", 69 [VNC_SHARE_MODE_CONNECTING] = "connecting", 70 [VNC_SHARE_MODE_SHARED] = "shared", 71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 73 }; 74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 75 vs->ioc, mn[vs->share_mode], mn[mode]); 76 #endif 77 78 switch (vs->share_mode) { 79 case VNC_SHARE_MODE_CONNECTING: 80 vs->vd->num_connecting--; 81 break; 82 case VNC_SHARE_MODE_SHARED: 83 vs->vd->num_shared--; 84 break; 85 case VNC_SHARE_MODE_EXCLUSIVE: 86 vs->vd->num_exclusive--; 87 break; 88 default: 89 break; 90 } 91 92 vs->share_mode = mode; 93 94 switch (vs->share_mode) { 95 case VNC_SHARE_MODE_CONNECTING: 96 vs->vd->num_connecting++; 97 break; 98 case VNC_SHARE_MODE_SHARED: 99 vs->vd->num_shared++; 100 break; 101 case VNC_SHARE_MODE_EXCLUSIVE: 102 vs->vd->num_exclusive++; 103 break; 104 default: 105 break; 106 } 107 } 108 109 110 static void vnc_init_basic_info(SocketAddress *addr, 111 VncBasicInfo *info, 112 Error **errp) 113 { 114 switch (addr->type) { 115 case SOCKET_ADDRESS_KIND_INET: 116 info->host = g_strdup(addr->u.inet.data->host); 117 info->service = g_strdup(addr->u.inet.data->port); 118 if (addr->u.inet.data->ipv6) { 119 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 120 } else { 121 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 122 } 123 break; 124 125 case SOCKET_ADDRESS_KIND_UNIX: 126 info->host = g_strdup(""); 127 info->service = g_strdup(addr->u.q_unix.data->path); 128 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 129 break; 130 131 default: 132 error_setg(errp, "Unsupported socket kind %d", 133 addr->type); 134 break; 135 } 136 137 return; 138 } 139 140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 141 VncBasicInfo *info, 142 Error **errp) 143 { 144 SocketAddress *addr = NULL; 145 146 if (!ioc) { 147 error_setg(errp, "No listener socket available"); 148 return; 149 } 150 151 addr = qio_channel_socket_get_local_address(ioc, errp); 152 if (!addr) { 153 return; 154 } 155 156 vnc_init_basic_info(addr, info, errp); 157 qapi_free_SocketAddress(addr); 158 } 159 160 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 161 VncBasicInfo *info, 162 Error **errp) 163 { 164 SocketAddress *addr = NULL; 165 166 addr = qio_channel_socket_get_remote_address(ioc, errp); 167 if (!addr) { 168 return; 169 } 170 171 vnc_init_basic_info(addr, info, errp); 172 qapi_free_SocketAddress(addr); 173 } 174 175 static const char *vnc_auth_name(VncDisplay *vd) { 176 switch (vd->auth) { 177 case VNC_AUTH_INVALID: 178 return "invalid"; 179 case VNC_AUTH_NONE: 180 return "none"; 181 case VNC_AUTH_VNC: 182 return "vnc"; 183 case VNC_AUTH_RA2: 184 return "ra2"; 185 case VNC_AUTH_RA2NE: 186 return "ra2ne"; 187 case VNC_AUTH_TIGHT: 188 return "tight"; 189 case VNC_AUTH_ULTRA: 190 return "ultra"; 191 case VNC_AUTH_TLS: 192 return "tls"; 193 case VNC_AUTH_VENCRYPT: 194 switch (vd->subauth) { 195 case VNC_AUTH_VENCRYPT_PLAIN: 196 return "vencrypt+plain"; 197 case VNC_AUTH_VENCRYPT_TLSNONE: 198 return "vencrypt+tls+none"; 199 case VNC_AUTH_VENCRYPT_TLSVNC: 200 return "vencrypt+tls+vnc"; 201 case VNC_AUTH_VENCRYPT_TLSPLAIN: 202 return "vencrypt+tls+plain"; 203 case VNC_AUTH_VENCRYPT_X509NONE: 204 return "vencrypt+x509+none"; 205 case VNC_AUTH_VENCRYPT_X509VNC: 206 return "vencrypt+x509+vnc"; 207 case VNC_AUTH_VENCRYPT_X509PLAIN: 208 return "vencrypt+x509+plain"; 209 case VNC_AUTH_VENCRYPT_TLSSASL: 210 return "vencrypt+tls+sasl"; 211 case VNC_AUTH_VENCRYPT_X509SASL: 212 return "vencrypt+x509+sasl"; 213 default: 214 return "vencrypt"; 215 } 216 case VNC_AUTH_SASL: 217 return "sasl"; 218 } 219 return "unknown"; 220 } 221 222 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 223 { 224 VncServerInfo *info; 225 Error *err = NULL; 226 227 info = g_malloc0(sizeof(*info)); 228 vnc_init_basic_info_from_server_addr(vd->lsock, 229 qapi_VncServerInfo_base(info), &err); 230 info->has_auth = true; 231 info->auth = g_strdup(vnc_auth_name(vd)); 232 if (err) { 233 qapi_free_VncServerInfo(info); 234 info = NULL; 235 error_free(err); 236 } 237 return info; 238 } 239 240 static void vnc_client_cache_auth(VncState *client) 241 { 242 if (!client->info) { 243 return; 244 } 245 246 if (client->tls) { 247 client->info->x509_dname = 248 qcrypto_tls_session_get_peer_name(client->tls); 249 client->info->has_x509_dname = 250 client->info->x509_dname != NULL; 251 } 252 #ifdef CONFIG_VNC_SASL 253 if (client->sasl.conn && 254 client->sasl.username) { 255 client->info->has_sasl_username = true; 256 client->info->sasl_username = g_strdup(client->sasl.username); 257 } 258 #endif 259 } 260 261 static void vnc_client_cache_addr(VncState *client) 262 { 263 Error *err = NULL; 264 265 client->info = g_malloc0(sizeof(*client->info)); 266 vnc_init_basic_info_from_remote_addr(client->sioc, 267 qapi_VncClientInfo_base(client->info), 268 &err); 269 if (err) { 270 qapi_free_VncClientInfo(client->info); 271 client->info = NULL; 272 error_free(err); 273 } 274 } 275 276 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 277 { 278 VncServerInfo *si; 279 280 if (!vs->info) { 281 return; 282 } 283 284 si = vnc_server_info_get(vs->vd); 285 if (!si) { 286 return; 287 } 288 289 switch (event) { 290 case QAPI_EVENT_VNC_CONNECTED: 291 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info), 292 &error_abort); 293 break; 294 case QAPI_EVENT_VNC_INITIALIZED: 295 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 296 break; 297 case QAPI_EVENT_VNC_DISCONNECTED: 298 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 299 break; 300 default: 301 break; 302 } 303 304 qapi_free_VncServerInfo(si); 305 } 306 307 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 308 { 309 VncClientInfo *info; 310 Error *err = NULL; 311 312 info = g_malloc0(sizeof(*info)); 313 314 vnc_init_basic_info_from_remote_addr(client->sioc, 315 qapi_VncClientInfo_base(info), 316 &err); 317 if (err) { 318 error_free(err); 319 qapi_free_VncClientInfo(info); 320 return NULL; 321 } 322 323 info->websocket = client->websocket; 324 325 if (client->tls) { 326 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 327 info->has_x509_dname = info->x509_dname != NULL; 328 } 329 #ifdef CONFIG_VNC_SASL 330 if (client->sasl.conn && client->sasl.username) { 331 info->has_sasl_username = true; 332 info->sasl_username = g_strdup(client->sasl.username); 333 } 334 #endif 335 336 return info; 337 } 338 339 static VncDisplay *vnc_display_find(const char *id) 340 { 341 VncDisplay *vd; 342 343 if (id == NULL) { 344 return QTAILQ_FIRST(&vnc_displays); 345 } 346 QTAILQ_FOREACH(vd, &vnc_displays, next) { 347 if (strcmp(id, vd->id) == 0) { 348 return vd; 349 } 350 } 351 return NULL; 352 } 353 354 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 355 { 356 VncClientInfoList *cinfo, *prev = NULL; 357 VncState *client; 358 359 QTAILQ_FOREACH(client, &vd->clients, next) { 360 cinfo = g_new0(VncClientInfoList, 1); 361 cinfo->value = qmp_query_vnc_client(client); 362 cinfo->next = prev; 363 prev = cinfo; 364 } 365 return prev; 366 } 367 368 VncInfo *qmp_query_vnc(Error **errp) 369 { 370 VncInfo *info = g_malloc0(sizeof(*info)); 371 VncDisplay *vd = vnc_display_find(NULL); 372 SocketAddress *addr = NULL; 373 374 if (vd == NULL || !vd->lsock) { 375 info->enabled = false; 376 } else { 377 info->enabled = true; 378 379 /* for compatibility with the original command */ 380 info->has_clients = true; 381 info->clients = qmp_query_client_list(vd); 382 383 if (vd->lsock == NULL) { 384 return info; 385 } 386 387 addr = qio_channel_socket_get_local_address(vd->lsock, errp); 388 if (!addr) { 389 goto out_error; 390 } 391 392 switch (addr->type) { 393 case SOCKET_ADDRESS_KIND_INET: 394 info->host = g_strdup(addr->u.inet.data->host); 395 info->service = g_strdup(addr->u.inet.data->port); 396 if (addr->u.inet.data->ipv6) { 397 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 398 } else { 399 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 400 } 401 break; 402 403 case SOCKET_ADDRESS_KIND_UNIX: 404 info->host = g_strdup(""); 405 info->service = g_strdup(addr->u.q_unix.data->path); 406 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 407 break; 408 409 default: 410 error_setg(errp, "Unsupported socket kind %d", 411 addr->type); 412 goto out_error; 413 } 414 415 info->has_host = true; 416 info->has_service = true; 417 info->has_family = true; 418 419 info->has_auth = true; 420 info->auth = g_strdup(vnc_auth_name(vd)); 421 } 422 423 qapi_free_SocketAddress(addr); 424 return info; 425 426 out_error: 427 qapi_free_SocketAddress(addr); 428 qapi_free_VncInfo(info); 429 return NULL; 430 } 431 432 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc, 433 bool websocket, 434 VncBasicInfoList *prev) 435 { 436 VncBasicInfoList *list; 437 VncBasicInfo *info; 438 Error *err = NULL; 439 SocketAddress *addr; 440 441 addr = qio_channel_socket_get_local_address(ioc, &err); 442 if (!addr) { 443 error_free(err); 444 return prev; 445 } 446 447 info = g_new0(VncBasicInfo, 1); 448 vnc_init_basic_info(addr, info, &err); 449 qapi_free_SocketAddress(addr); 450 if (err) { 451 qapi_free_VncBasicInfo(info); 452 error_free(err); 453 return prev; 454 } 455 info->websocket = websocket; 456 457 list = g_new0(VncBasicInfoList, 1); 458 list->value = info; 459 list->next = prev; 460 return list; 461 } 462 463 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 464 { 465 switch (vd->auth) { 466 case VNC_AUTH_VNC: 467 info->auth = VNC_PRIMARY_AUTH_VNC; 468 break; 469 case VNC_AUTH_RA2: 470 info->auth = VNC_PRIMARY_AUTH_RA2; 471 break; 472 case VNC_AUTH_RA2NE: 473 info->auth = VNC_PRIMARY_AUTH_RA2NE; 474 break; 475 case VNC_AUTH_TIGHT: 476 info->auth = VNC_PRIMARY_AUTH_TIGHT; 477 break; 478 case VNC_AUTH_ULTRA: 479 info->auth = VNC_PRIMARY_AUTH_ULTRA; 480 break; 481 case VNC_AUTH_TLS: 482 info->auth = VNC_PRIMARY_AUTH_TLS; 483 break; 484 case VNC_AUTH_VENCRYPT: 485 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 486 info->has_vencrypt = true; 487 switch (vd->subauth) { 488 case VNC_AUTH_VENCRYPT_PLAIN: 489 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 490 break; 491 case VNC_AUTH_VENCRYPT_TLSNONE: 492 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 493 break; 494 case VNC_AUTH_VENCRYPT_TLSVNC: 495 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 496 break; 497 case VNC_AUTH_VENCRYPT_TLSPLAIN: 498 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 499 break; 500 case VNC_AUTH_VENCRYPT_X509NONE: 501 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 502 break; 503 case VNC_AUTH_VENCRYPT_X509VNC: 504 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 505 break; 506 case VNC_AUTH_VENCRYPT_X509PLAIN: 507 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 508 break; 509 case VNC_AUTH_VENCRYPT_TLSSASL: 510 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 511 break; 512 case VNC_AUTH_VENCRYPT_X509SASL: 513 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 514 break; 515 default: 516 info->has_vencrypt = false; 517 break; 518 } 519 break; 520 case VNC_AUTH_SASL: 521 info->auth = VNC_PRIMARY_AUTH_SASL; 522 break; 523 case VNC_AUTH_NONE: 524 default: 525 info->auth = VNC_PRIMARY_AUTH_NONE; 526 break; 527 } 528 } 529 530 VncInfo2List *qmp_query_vnc_servers(Error **errp) 531 { 532 VncInfo2List *item, *prev = NULL; 533 VncInfo2 *info; 534 VncDisplay *vd; 535 DeviceState *dev; 536 537 QTAILQ_FOREACH(vd, &vnc_displays, next) { 538 info = g_new0(VncInfo2, 1); 539 info->id = g_strdup(vd->id); 540 info->clients = qmp_query_client_list(vd); 541 qmp_query_auth(vd, info); 542 if (vd->dcl.con) { 543 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 544 "device", NULL)); 545 info->has_display = true; 546 info->display = g_strdup(dev->id); 547 } 548 if (vd->lsock != NULL) { 549 info->server = qmp_query_server_entry( 550 vd->lsock, false, info->server); 551 } 552 if (vd->lwebsock != NULL) { 553 info->server = qmp_query_server_entry( 554 vd->lwebsock, true, info->server); 555 } 556 557 item = g_new0(VncInfo2List, 1); 558 item->value = info; 559 item->next = prev; 560 prev = item; 561 } 562 return prev; 563 } 564 565 /* TODO 566 1) Get the queue working for IO. 567 2) there is some weirdness when using the -S option (the screen is grey 568 and not totally invalidated 569 3) resolutions > 1024 570 */ 571 572 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 573 static void vnc_disconnect_start(VncState *vs); 574 575 static void vnc_colordepth(VncState *vs); 576 static void framebuffer_update_request(VncState *vs, int incremental, 577 int x_position, int y_position, 578 int w, int h); 579 static void vnc_refresh(DisplayChangeListener *dcl); 580 static int vnc_refresh_server_surface(VncDisplay *vd); 581 582 static int vnc_width(VncDisplay *vd) 583 { 584 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 585 VNC_DIRTY_PIXELS_PER_BIT)); 586 } 587 588 static int vnc_height(VncDisplay *vd) 589 { 590 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 591 } 592 593 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 594 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 595 VncDisplay *vd, 596 int x, int y, int w, int h) 597 { 598 int width = vnc_width(vd); 599 int height = vnc_height(vd); 600 601 /* this is needed this to ensure we updated all affected 602 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 603 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 604 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 605 606 x = MIN(x, width); 607 y = MIN(y, height); 608 w = MIN(x + w, width) - x; 609 h = MIN(y + h, height); 610 611 for (; y < h; y++) { 612 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 613 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 614 } 615 } 616 617 static void vnc_dpy_update(DisplayChangeListener *dcl, 618 int x, int y, int w, int h) 619 { 620 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 621 struct VncSurface *s = &vd->guest; 622 623 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 624 } 625 626 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 627 int32_t encoding) 628 { 629 vnc_write_u16(vs, x); 630 vnc_write_u16(vs, y); 631 vnc_write_u16(vs, w); 632 vnc_write_u16(vs, h); 633 634 vnc_write_s32(vs, encoding); 635 } 636 637 638 static void vnc_desktop_resize(VncState *vs) 639 { 640 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 641 return; 642 } 643 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 644 vs->client_height == pixman_image_get_height(vs->vd->server)) { 645 return; 646 } 647 vs->client_width = pixman_image_get_width(vs->vd->server); 648 vs->client_height = pixman_image_get_height(vs->vd->server); 649 vnc_lock_output(vs); 650 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 651 vnc_write_u8(vs, 0); 652 vnc_write_u16(vs, 1); /* number of rects */ 653 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 654 VNC_ENCODING_DESKTOPRESIZE); 655 vnc_unlock_output(vs); 656 vnc_flush(vs); 657 } 658 659 static void vnc_abort_display_jobs(VncDisplay *vd) 660 { 661 VncState *vs; 662 663 QTAILQ_FOREACH(vs, &vd->clients, next) { 664 vnc_lock_output(vs); 665 vs->abort = true; 666 vnc_unlock_output(vs); 667 } 668 QTAILQ_FOREACH(vs, &vd->clients, next) { 669 vnc_jobs_join(vs); 670 } 671 QTAILQ_FOREACH(vs, &vd->clients, next) { 672 vnc_lock_output(vs); 673 vs->abort = false; 674 vnc_unlock_output(vs); 675 } 676 } 677 678 int vnc_server_fb_stride(VncDisplay *vd) 679 { 680 return pixman_image_get_stride(vd->server); 681 } 682 683 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 684 { 685 uint8_t *ptr; 686 687 ptr = (uint8_t *)pixman_image_get_data(vd->server); 688 ptr += y * vnc_server_fb_stride(vd); 689 ptr += x * VNC_SERVER_FB_BYTES; 690 return ptr; 691 } 692 693 static void vnc_update_server_surface(VncDisplay *vd) 694 { 695 int width, height; 696 697 qemu_pixman_image_unref(vd->server); 698 vd->server = NULL; 699 700 if (QTAILQ_EMPTY(&vd->clients)) { 701 return; 702 } 703 704 width = vnc_width(vd); 705 height = vnc_height(vd); 706 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 707 width, height, 708 NULL, 0); 709 710 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 711 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 712 width, height); 713 } 714 715 static void vnc_dpy_switch(DisplayChangeListener *dcl, 716 DisplaySurface *surface) 717 { 718 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 719 VncState *vs; 720 721 vnc_abort_display_jobs(vd); 722 vd->ds = surface; 723 724 /* server surface */ 725 vnc_update_server_surface(vd); 726 727 /* guest surface */ 728 qemu_pixman_image_unref(vd->guest.fb); 729 vd->guest.fb = pixman_image_ref(surface->image); 730 vd->guest.format = surface->format; 731 732 QTAILQ_FOREACH(vs, &vd->clients, next) { 733 vnc_colordepth(vs); 734 vnc_desktop_resize(vs); 735 if (vs->vd->cursor) { 736 vnc_cursor_define(vs); 737 } 738 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 739 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 740 vnc_width(vd), 741 vnc_height(vd)); 742 } 743 } 744 745 /* fastest code */ 746 static void vnc_write_pixels_copy(VncState *vs, 747 void *pixels, int size) 748 { 749 vnc_write(vs, pixels, size); 750 } 751 752 /* slowest but generic code. */ 753 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 754 { 755 uint8_t r, g, b; 756 757 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 758 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 759 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 760 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 761 #else 762 # error need some bits here if you change VNC_SERVER_FB_FORMAT 763 #endif 764 v = (r << vs->client_pf.rshift) | 765 (g << vs->client_pf.gshift) | 766 (b << vs->client_pf.bshift); 767 switch (vs->client_pf.bytes_per_pixel) { 768 case 1: 769 buf[0] = v; 770 break; 771 case 2: 772 if (vs->client_be) { 773 buf[0] = v >> 8; 774 buf[1] = v; 775 } else { 776 buf[1] = v >> 8; 777 buf[0] = v; 778 } 779 break; 780 default: 781 case 4: 782 if (vs->client_be) { 783 buf[0] = v >> 24; 784 buf[1] = v >> 16; 785 buf[2] = v >> 8; 786 buf[3] = v; 787 } else { 788 buf[3] = v >> 24; 789 buf[2] = v >> 16; 790 buf[1] = v >> 8; 791 buf[0] = v; 792 } 793 break; 794 } 795 } 796 797 static void vnc_write_pixels_generic(VncState *vs, 798 void *pixels1, int size) 799 { 800 uint8_t buf[4]; 801 802 if (VNC_SERVER_FB_BYTES == 4) { 803 uint32_t *pixels = pixels1; 804 int n, i; 805 n = size >> 2; 806 for (i = 0; i < n; i++) { 807 vnc_convert_pixel(vs, buf, pixels[i]); 808 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 809 } 810 } 811 } 812 813 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 814 { 815 int i; 816 uint8_t *row; 817 VncDisplay *vd = vs->vd; 818 819 row = vnc_server_fb_ptr(vd, x, y); 820 for (i = 0; i < h; i++) { 821 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 822 row += vnc_server_fb_stride(vd); 823 } 824 return 1; 825 } 826 827 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 828 { 829 int n = 0; 830 bool encode_raw = false; 831 size_t saved_offs = vs->output.offset; 832 833 switch(vs->vnc_encoding) { 834 case VNC_ENCODING_ZLIB: 835 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 836 break; 837 case VNC_ENCODING_HEXTILE: 838 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 839 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 840 break; 841 case VNC_ENCODING_TIGHT: 842 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 843 break; 844 case VNC_ENCODING_TIGHT_PNG: 845 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 846 break; 847 case VNC_ENCODING_ZRLE: 848 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 849 break; 850 case VNC_ENCODING_ZYWRLE: 851 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 852 break; 853 default: 854 encode_raw = true; 855 break; 856 } 857 858 /* If the client has the same pixel format as our internal buffer and 859 * a RAW encoding would need less space fall back to RAW encoding to 860 * save bandwidth and processing power in the client. */ 861 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 862 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 863 vs->output.offset = saved_offs; 864 encode_raw = true; 865 } 866 867 if (encode_raw) { 868 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 869 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 870 } 871 872 return n; 873 } 874 875 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 876 { 877 /* send bitblit op to the vnc client */ 878 vnc_lock_output(vs); 879 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 880 vnc_write_u8(vs, 0); 881 vnc_write_u16(vs, 1); /* number of rects */ 882 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 883 vnc_write_u16(vs, src_x); 884 vnc_write_u16(vs, src_y); 885 vnc_unlock_output(vs); 886 vnc_flush(vs); 887 } 888 889 static void vnc_dpy_copy(DisplayChangeListener *dcl, 890 int src_x, int src_y, 891 int dst_x, int dst_y, int w, int h) 892 { 893 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 894 VncState *vs, *vn; 895 uint8_t *src_row; 896 uint8_t *dst_row; 897 int i, x, y, pitch, inc, w_lim, s; 898 int cmp_bytes; 899 900 if (!vd->server) { 901 /* no client connected */ 902 return; 903 } 904 905 vnc_refresh_server_surface(vd); 906 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 907 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 908 vs->force_update = 1; 909 vnc_update_client(vs, 1, true); 910 /* vs might be free()ed here */ 911 } 912 } 913 914 if (!vd->server) { 915 /* no client connected */ 916 return; 917 } 918 /* do bitblit op on the local surface too */ 919 pitch = vnc_server_fb_stride(vd); 920 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 921 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 922 y = dst_y; 923 inc = 1; 924 if (dst_y > src_y) { 925 /* copy backwards */ 926 src_row += pitch * (h-1); 927 dst_row += pitch * (h-1); 928 pitch = -pitch; 929 y = dst_y + h - 1; 930 inc = -1; 931 } 932 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 933 if (w_lim < 0) { 934 w_lim = w; 935 } else { 936 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 937 } 938 for (i = 0; i < h; i++) { 939 for (x = 0; x <= w_lim; 940 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 941 if (x == w_lim) { 942 if ((s = w - w_lim) == 0) 943 break; 944 } else if (!x) { 945 s = (VNC_DIRTY_PIXELS_PER_BIT - 946 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 947 s = MIN(s, w_lim); 948 } else { 949 s = VNC_DIRTY_PIXELS_PER_BIT; 950 } 951 cmp_bytes = s * VNC_SERVER_FB_BYTES; 952 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 953 continue; 954 memmove(dst_row, src_row, cmp_bytes); 955 QTAILQ_FOREACH(vs, &vd->clients, next) { 956 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 957 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 958 vs->dirty[y]); 959 } 960 } 961 } 962 src_row += pitch - w * VNC_SERVER_FB_BYTES; 963 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 964 y += inc; 965 } 966 967 QTAILQ_FOREACH(vs, &vd->clients, next) { 968 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 969 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 970 } 971 } 972 } 973 974 static void vnc_mouse_set(DisplayChangeListener *dcl, 975 int x, int y, int visible) 976 { 977 /* can we ask the client(s) to move the pointer ??? */ 978 } 979 980 static int vnc_cursor_define(VncState *vs) 981 { 982 QEMUCursor *c = vs->vd->cursor; 983 int isize; 984 985 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 986 vnc_lock_output(vs); 987 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 988 vnc_write_u8(vs, 0); /* padding */ 989 vnc_write_u16(vs, 1); /* # of rects */ 990 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 991 VNC_ENCODING_RICH_CURSOR); 992 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 993 vnc_write_pixels_generic(vs, c->data, isize); 994 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 995 vnc_unlock_output(vs); 996 return 0; 997 } 998 return -1; 999 } 1000 1001 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1002 QEMUCursor *c) 1003 { 1004 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1005 VncState *vs; 1006 1007 cursor_put(vd->cursor); 1008 g_free(vd->cursor_mask); 1009 1010 vd->cursor = c; 1011 cursor_get(vd->cursor); 1012 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1013 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1014 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1015 1016 QTAILQ_FOREACH(vs, &vd->clients, next) { 1017 vnc_cursor_define(vs); 1018 } 1019 } 1020 1021 static int find_and_clear_dirty_height(VncState *vs, 1022 int y, int last_x, int x, int height) 1023 { 1024 int h; 1025 1026 for (h = 1; h < (height - y); h++) { 1027 if (!test_bit(last_x, vs->dirty[y + h])) { 1028 break; 1029 } 1030 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1031 } 1032 1033 return h; 1034 } 1035 1036 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1037 { 1038 if (vs->disconnecting) { 1039 vnc_disconnect_finish(vs); 1040 return 0; 1041 } 1042 1043 vs->has_dirty += has_dirty; 1044 if (vs->need_update && !vs->disconnecting) { 1045 VncDisplay *vd = vs->vd; 1046 VncJob *job; 1047 int y; 1048 int height, width; 1049 int n = 0; 1050 1051 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1052 /* kernel send buffers are full -> drop frames to throttle */ 1053 return 0; 1054 1055 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1056 return 0; 1057 1058 /* 1059 * Send screen updates to the vnc client using the server 1060 * surface and server dirty map. guest surface updates 1061 * happening in parallel don't disturb us, the next pass will 1062 * send them to the client. 1063 */ 1064 job = vnc_job_new(vs); 1065 1066 height = pixman_image_get_height(vd->server); 1067 width = pixman_image_get_width(vd->server); 1068 1069 y = 0; 1070 for (;;) { 1071 int x, h; 1072 unsigned long x2; 1073 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1074 height * VNC_DIRTY_BPL(vs), 1075 y * VNC_DIRTY_BPL(vs)); 1076 if (offset == height * VNC_DIRTY_BPL(vs)) { 1077 /* no more dirty bits */ 1078 break; 1079 } 1080 y = offset / VNC_DIRTY_BPL(vs); 1081 x = offset % VNC_DIRTY_BPL(vs); 1082 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1083 VNC_DIRTY_BPL(vs), x); 1084 bitmap_clear(vs->dirty[y], x, x2 - x); 1085 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1086 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1087 if (x2 > x) { 1088 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1089 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1090 } 1091 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1092 y += h; 1093 if (y == height) { 1094 break; 1095 } 1096 } 1097 } 1098 1099 vnc_job_push(job); 1100 if (sync) { 1101 vnc_jobs_join(vs); 1102 } 1103 vs->force_update = 0; 1104 vs->has_dirty = 0; 1105 return n; 1106 } 1107 1108 if (vs->disconnecting) { 1109 vnc_disconnect_finish(vs); 1110 } else if (sync) { 1111 vnc_jobs_join(vs); 1112 } 1113 1114 return 0; 1115 } 1116 1117 /* audio */ 1118 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1119 { 1120 VncState *vs = opaque; 1121 1122 switch (cmd) { 1123 case AUD_CNOTIFY_DISABLE: 1124 vnc_lock_output(vs); 1125 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1126 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1127 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1128 vnc_unlock_output(vs); 1129 vnc_flush(vs); 1130 break; 1131 1132 case AUD_CNOTIFY_ENABLE: 1133 vnc_lock_output(vs); 1134 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1135 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1136 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1137 vnc_unlock_output(vs); 1138 vnc_flush(vs); 1139 break; 1140 } 1141 } 1142 1143 static void audio_capture_destroy(void *opaque) 1144 { 1145 } 1146 1147 static void audio_capture(void *opaque, void *buf, int size) 1148 { 1149 VncState *vs = opaque; 1150 1151 vnc_lock_output(vs); 1152 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1153 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1154 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1155 vnc_write_u32(vs, size); 1156 vnc_write(vs, buf, size); 1157 vnc_unlock_output(vs); 1158 vnc_flush(vs); 1159 } 1160 1161 static void audio_add(VncState *vs) 1162 { 1163 struct audio_capture_ops ops; 1164 1165 if (vs->audio_cap) { 1166 error_report("audio already running"); 1167 return; 1168 } 1169 1170 ops.notify = audio_capture_notify; 1171 ops.destroy = audio_capture_destroy; 1172 ops.capture = audio_capture; 1173 1174 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1175 if (!vs->audio_cap) { 1176 error_report("Failed to add audio capture"); 1177 } 1178 } 1179 1180 static void audio_del(VncState *vs) 1181 { 1182 if (vs->audio_cap) { 1183 AUD_del_capture(vs->audio_cap, vs); 1184 vs->audio_cap = NULL; 1185 } 1186 } 1187 1188 static void vnc_disconnect_start(VncState *vs) 1189 { 1190 if (vs->disconnecting) { 1191 return; 1192 } 1193 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1194 if (vs->ioc_tag) { 1195 g_source_remove(vs->ioc_tag); 1196 } 1197 qio_channel_close(vs->ioc, NULL); 1198 vs->disconnecting = TRUE; 1199 } 1200 1201 void vnc_disconnect_finish(VncState *vs) 1202 { 1203 int i; 1204 1205 vnc_jobs_join(vs); /* Wait encoding jobs */ 1206 1207 vnc_lock_output(vs); 1208 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1209 1210 buffer_free(&vs->input); 1211 buffer_free(&vs->output); 1212 1213 qapi_free_VncClientInfo(vs->info); 1214 1215 vnc_zlib_clear(vs); 1216 vnc_tight_clear(vs); 1217 vnc_zrle_clear(vs); 1218 1219 #ifdef CONFIG_VNC_SASL 1220 vnc_sasl_client_cleanup(vs); 1221 #endif /* CONFIG_VNC_SASL */ 1222 audio_del(vs); 1223 vnc_release_modifiers(vs); 1224 1225 if (vs->mouse_mode_notifier.notify != NULL) { 1226 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1227 } 1228 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1229 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1230 /* last client gone */ 1231 vnc_update_server_surface(vs->vd); 1232 } 1233 1234 if (vs->vd->lock_key_sync) 1235 qemu_remove_led_event_handler(vs->led); 1236 vnc_unlock_output(vs); 1237 1238 qemu_mutex_destroy(&vs->output_mutex); 1239 if (vs->bh != NULL) { 1240 qemu_bh_delete(vs->bh); 1241 } 1242 buffer_free(&vs->jobs_buffer); 1243 1244 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1245 g_free(vs->lossy_rect[i]); 1246 } 1247 g_free(vs->lossy_rect); 1248 1249 object_unref(OBJECT(vs->ioc)); 1250 vs->ioc = NULL; 1251 object_unref(OBJECT(vs->sioc)); 1252 vs->sioc = NULL; 1253 g_free(vs); 1254 } 1255 1256 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1257 { 1258 if (ret <= 0) { 1259 if (ret == 0) { 1260 VNC_DEBUG("Closing down client sock: EOF\n"); 1261 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1262 VNC_DEBUG("Closing down client sock: ret %d (%s)\n", 1263 ret, errp ? error_get_pretty(*errp) : "Unknown"); 1264 } 1265 1266 vnc_disconnect_start(vs); 1267 if (errp) { 1268 error_free(*errp); 1269 *errp = NULL; 1270 } 1271 return 0; 1272 } 1273 return ret; 1274 } 1275 1276 1277 void vnc_client_error(VncState *vs) 1278 { 1279 VNC_DEBUG("Closing down client sock: protocol error\n"); 1280 vnc_disconnect_start(vs); 1281 } 1282 1283 1284 /* 1285 * Called to write a chunk of data to the client socket. The data may 1286 * be the raw data, or may have already been encoded by SASL. 1287 * The data will be written either straight onto the socket, or 1288 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1289 * 1290 * NB, it is theoretically possible to have 2 layers of encryption, 1291 * both SASL, and this TLS layer. It is highly unlikely in practice 1292 * though, since SASL encryption will typically be a no-op if TLS 1293 * is active 1294 * 1295 * Returns the number of bytes written, which may be less than 1296 * the requested 'datalen' if the socket would block. Returns 1297 * -1 on error, and disconnects the client socket. 1298 */ 1299 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1300 { 1301 Error *err = NULL; 1302 ssize_t ret; 1303 ret = qio_channel_write( 1304 vs->ioc, (const char *)data, datalen, &err); 1305 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1306 return vnc_client_io_error(vs, ret, &err); 1307 } 1308 1309 1310 /* 1311 * Called to write buffered data to the client socket, when not 1312 * using any SASL SSF encryption layers. Will write as much data 1313 * as possible without blocking. If all buffered data is written, 1314 * will switch the FD poll() handler back to read monitoring. 1315 * 1316 * Returns the number of bytes written, which may be less than 1317 * the buffered output data if the socket would block. Returns 1318 * -1 on error, and disconnects the client socket. 1319 */ 1320 static ssize_t vnc_client_write_plain(VncState *vs) 1321 { 1322 ssize_t ret; 1323 1324 #ifdef CONFIG_VNC_SASL 1325 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1326 vs->output.buffer, vs->output.capacity, vs->output.offset, 1327 vs->sasl.waitWriteSSF); 1328 1329 if (vs->sasl.conn && 1330 vs->sasl.runSSF && 1331 vs->sasl.waitWriteSSF) { 1332 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1333 if (ret) 1334 vs->sasl.waitWriteSSF -= ret; 1335 } else 1336 #endif /* CONFIG_VNC_SASL */ 1337 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1338 if (!ret) 1339 return 0; 1340 1341 buffer_advance(&vs->output, ret); 1342 1343 if (vs->output.offset == 0) { 1344 if (vs->ioc_tag) { 1345 g_source_remove(vs->ioc_tag); 1346 } 1347 vs->ioc_tag = qio_channel_add_watch( 1348 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1349 } 1350 1351 return ret; 1352 } 1353 1354 1355 /* 1356 * First function called whenever there is data to be written to 1357 * the client socket. Will delegate actual work according to whether 1358 * SASL SSF layers are enabled (thus requiring encryption calls) 1359 */ 1360 static void vnc_client_write_locked(VncState *vs) 1361 { 1362 #ifdef CONFIG_VNC_SASL 1363 if (vs->sasl.conn && 1364 vs->sasl.runSSF && 1365 !vs->sasl.waitWriteSSF) { 1366 vnc_client_write_sasl(vs); 1367 } else 1368 #endif /* CONFIG_VNC_SASL */ 1369 { 1370 vnc_client_write_plain(vs); 1371 } 1372 } 1373 1374 static void vnc_client_write(VncState *vs) 1375 { 1376 1377 vnc_lock_output(vs); 1378 if (vs->output.offset) { 1379 vnc_client_write_locked(vs); 1380 } else if (vs->ioc != NULL) { 1381 if (vs->ioc_tag) { 1382 g_source_remove(vs->ioc_tag); 1383 } 1384 vs->ioc_tag = qio_channel_add_watch( 1385 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1386 } 1387 vnc_unlock_output(vs); 1388 } 1389 1390 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1391 { 1392 vs->read_handler = func; 1393 vs->read_handler_expect = expecting; 1394 } 1395 1396 1397 /* 1398 * Called to read a chunk of data from the client socket. The data may 1399 * be the raw data, or may need to be further decoded by SASL. 1400 * The data will be read either straight from to the socket, or 1401 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1402 * 1403 * NB, it is theoretically possible to have 2 layers of encryption, 1404 * both SASL, and this TLS layer. It is highly unlikely in practice 1405 * though, since SASL encryption will typically be a no-op if TLS 1406 * is active 1407 * 1408 * Returns the number of bytes read, which may be less than 1409 * the requested 'datalen' if the socket would block. Returns 1410 * -1 on error, and disconnects the client socket. 1411 */ 1412 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1413 { 1414 ssize_t ret; 1415 Error *err = NULL; 1416 ret = qio_channel_read( 1417 vs->ioc, (char *)data, datalen, &err); 1418 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1419 return vnc_client_io_error(vs, ret, &err); 1420 } 1421 1422 1423 /* 1424 * Called to read data from the client socket to the input buffer, 1425 * when not using any SASL SSF encryption layers. Will read as much 1426 * data as possible without blocking. 1427 * 1428 * Returns the number of bytes read. Returns -1 on error, and 1429 * disconnects the client socket. 1430 */ 1431 static ssize_t vnc_client_read_plain(VncState *vs) 1432 { 1433 ssize_t ret; 1434 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1435 vs->input.buffer, vs->input.capacity, vs->input.offset); 1436 buffer_reserve(&vs->input, 4096); 1437 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1438 if (!ret) 1439 return 0; 1440 vs->input.offset += ret; 1441 return ret; 1442 } 1443 1444 static void vnc_jobs_bh(void *opaque) 1445 { 1446 VncState *vs = opaque; 1447 1448 vnc_jobs_consume_buffer(vs); 1449 } 1450 1451 /* 1452 * First function called whenever there is more data to be read from 1453 * the client socket. Will delegate actual work according to whether 1454 * SASL SSF layers are enabled (thus requiring decryption calls) 1455 * Returns 0 on success, -1 if client disconnected 1456 */ 1457 static int vnc_client_read(VncState *vs) 1458 { 1459 ssize_t ret; 1460 1461 #ifdef CONFIG_VNC_SASL 1462 if (vs->sasl.conn && vs->sasl.runSSF) 1463 ret = vnc_client_read_sasl(vs); 1464 else 1465 #endif /* CONFIG_VNC_SASL */ 1466 ret = vnc_client_read_plain(vs); 1467 if (!ret) { 1468 if (vs->disconnecting) { 1469 vnc_disconnect_finish(vs); 1470 return -1; 1471 } 1472 return 0; 1473 } 1474 1475 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1476 size_t len = vs->read_handler_expect; 1477 int ret; 1478 1479 ret = vs->read_handler(vs, vs->input.buffer, len); 1480 if (vs->disconnecting) { 1481 vnc_disconnect_finish(vs); 1482 return -1; 1483 } 1484 1485 if (!ret) { 1486 buffer_advance(&vs->input, len); 1487 } else { 1488 vs->read_handler_expect = ret; 1489 } 1490 } 1491 return 0; 1492 } 1493 1494 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1495 GIOCondition condition, void *opaque) 1496 { 1497 VncState *vs = opaque; 1498 if (condition & G_IO_IN) { 1499 if (vnc_client_read(vs) < 0) { 1500 return TRUE; 1501 } 1502 } 1503 if (condition & G_IO_OUT) { 1504 vnc_client_write(vs); 1505 } 1506 return TRUE; 1507 } 1508 1509 1510 void vnc_write(VncState *vs, const void *data, size_t len) 1511 { 1512 buffer_reserve(&vs->output, len); 1513 1514 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1515 if (vs->ioc_tag) { 1516 g_source_remove(vs->ioc_tag); 1517 } 1518 vs->ioc_tag = qio_channel_add_watch( 1519 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1520 } 1521 1522 buffer_append(&vs->output, data, len); 1523 } 1524 1525 void vnc_write_s32(VncState *vs, int32_t value) 1526 { 1527 vnc_write_u32(vs, *(uint32_t *)&value); 1528 } 1529 1530 void vnc_write_u32(VncState *vs, uint32_t value) 1531 { 1532 uint8_t buf[4]; 1533 1534 buf[0] = (value >> 24) & 0xFF; 1535 buf[1] = (value >> 16) & 0xFF; 1536 buf[2] = (value >> 8) & 0xFF; 1537 buf[3] = value & 0xFF; 1538 1539 vnc_write(vs, buf, 4); 1540 } 1541 1542 void vnc_write_u16(VncState *vs, uint16_t value) 1543 { 1544 uint8_t buf[2]; 1545 1546 buf[0] = (value >> 8) & 0xFF; 1547 buf[1] = value & 0xFF; 1548 1549 vnc_write(vs, buf, 2); 1550 } 1551 1552 void vnc_write_u8(VncState *vs, uint8_t value) 1553 { 1554 vnc_write(vs, (char *)&value, 1); 1555 } 1556 1557 void vnc_flush(VncState *vs) 1558 { 1559 vnc_lock_output(vs); 1560 if (vs->ioc != NULL && vs->output.offset) { 1561 vnc_client_write_locked(vs); 1562 } 1563 vnc_unlock_output(vs); 1564 } 1565 1566 static uint8_t read_u8(uint8_t *data, size_t offset) 1567 { 1568 return data[offset]; 1569 } 1570 1571 static uint16_t read_u16(uint8_t *data, size_t offset) 1572 { 1573 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1574 } 1575 1576 static int32_t read_s32(uint8_t *data, size_t offset) 1577 { 1578 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1579 (data[offset + 2] << 8) | data[offset + 3]); 1580 } 1581 1582 uint32_t read_u32(uint8_t *data, size_t offset) 1583 { 1584 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1585 (data[offset + 2] << 8) | data[offset + 3]); 1586 } 1587 1588 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1589 { 1590 } 1591 1592 static void check_pointer_type_change(Notifier *notifier, void *data) 1593 { 1594 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1595 int absolute = qemu_input_is_absolute(); 1596 1597 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1598 vnc_lock_output(vs); 1599 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1600 vnc_write_u8(vs, 0); 1601 vnc_write_u16(vs, 1); 1602 vnc_framebuffer_update(vs, absolute, 0, 1603 pixman_image_get_width(vs->vd->server), 1604 pixman_image_get_height(vs->vd->server), 1605 VNC_ENCODING_POINTER_TYPE_CHANGE); 1606 vnc_unlock_output(vs); 1607 vnc_flush(vs); 1608 } 1609 vs->absolute = absolute; 1610 } 1611 1612 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1613 { 1614 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1615 [INPUT_BUTTON_LEFT] = 0x01, 1616 [INPUT_BUTTON_MIDDLE] = 0x02, 1617 [INPUT_BUTTON_RIGHT] = 0x04, 1618 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1619 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1620 }; 1621 QemuConsole *con = vs->vd->dcl.con; 1622 int width = pixman_image_get_width(vs->vd->server); 1623 int height = pixman_image_get_height(vs->vd->server); 1624 1625 if (vs->last_bmask != button_mask) { 1626 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1627 vs->last_bmask = button_mask; 1628 } 1629 1630 if (vs->absolute) { 1631 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1632 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1633 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1634 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1635 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1636 } else { 1637 if (vs->last_x != -1) { 1638 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1639 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1640 } 1641 vs->last_x = x; 1642 vs->last_y = y; 1643 } 1644 qemu_input_event_sync(); 1645 } 1646 1647 static void reset_keys(VncState *vs) 1648 { 1649 int i; 1650 for(i = 0; i < 256; i++) { 1651 if (vs->modifiers_state[i]) { 1652 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1653 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1654 vs->modifiers_state[i] = 0; 1655 } 1656 } 1657 } 1658 1659 static void press_key(VncState *vs, int keysym) 1660 { 1661 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1662 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1663 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1664 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1665 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1666 } 1667 1668 static int current_led_state(VncState *vs) 1669 { 1670 int ledstate = 0; 1671 1672 if (vs->modifiers_state[0x46]) { 1673 ledstate |= QEMU_SCROLL_LOCK_LED; 1674 } 1675 if (vs->modifiers_state[0x45]) { 1676 ledstate |= QEMU_NUM_LOCK_LED; 1677 } 1678 if (vs->modifiers_state[0x3a]) { 1679 ledstate |= QEMU_CAPS_LOCK_LED; 1680 } 1681 1682 return ledstate; 1683 } 1684 1685 static void vnc_led_state_change(VncState *vs) 1686 { 1687 int ledstate = 0; 1688 1689 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1690 return; 1691 } 1692 1693 ledstate = current_led_state(vs); 1694 vnc_lock_output(vs); 1695 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1696 vnc_write_u8(vs, 0); 1697 vnc_write_u16(vs, 1); 1698 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1699 vnc_write_u8(vs, ledstate); 1700 vnc_unlock_output(vs); 1701 vnc_flush(vs); 1702 } 1703 1704 static void kbd_leds(void *opaque, int ledstate) 1705 { 1706 VncState *vs = opaque; 1707 int caps, num, scr; 1708 bool has_changed = (ledstate != current_led_state(vs)); 1709 1710 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1711 (ledstate & QEMU_NUM_LOCK_LED), 1712 (ledstate & QEMU_SCROLL_LOCK_LED)); 1713 1714 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1715 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1716 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1717 1718 if (vs->modifiers_state[0x3a] != caps) { 1719 vs->modifiers_state[0x3a] = caps; 1720 } 1721 if (vs->modifiers_state[0x45] != num) { 1722 vs->modifiers_state[0x45] = num; 1723 } 1724 if (vs->modifiers_state[0x46] != scr) { 1725 vs->modifiers_state[0x46] = scr; 1726 } 1727 1728 /* Sending the current led state message to the client */ 1729 if (has_changed) { 1730 vnc_led_state_change(vs); 1731 } 1732 } 1733 1734 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1735 { 1736 /* QEMU console switch */ 1737 switch(keycode) { 1738 case 0x2a: /* Left Shift */ 1739 case 0x36: /* Right Shift */ 1740 case 0x1d: /* Left CTRL */ 1741 case 0x9d: /* Right CTRL */ 1742 case 0x38: /* Left ALT */ 1743 case 0xb8: /* Right ALT */ 1744 if (down) 1745 vs->modifiers_state[keycode] = 1; 1746 else 1747 vs->modifiers_state[keycode] = 0; 1748 break; 1749 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1750 if (vs->vd->dcl.con == NULL && 1751 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1752 /* Reset the modifiers sent to the current console */ 1753 reset_keys(vs); 1754 console_select(keycode - 0x02); 1755 return; 1756 } 1757 break; 1758 case 0x3a: /* CapsLock */ 1759 case 0x45: /* NumLock */ 1760 if (down) 1761 vs->modifiers_state[keycode] ^= 1; 1762 break; 1763 } 1764 1765 /* Turn off the lock state sync logic if the client support the led 1766 state extension. 1767 */ 1768 if (down && vs->vd->lock_key_sync && 1769 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1770 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1771 /* If the numlock state needs to change then simulate an additional 1772 keypress before sending this one. This will happen if the user 1773 toggles numlock away from the VNC window. 1774 */ 1775 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1776 if (!vs->modifiers_state[0x45]) { 1777 trace_vnc_key_sync_numlock(true); 1778 vs->modifiers_state[0x45] = 1; 1779 press_key(vs, 0xff7f); 1780 } 1781 } else { 1782 if (vs->modifiers_state[0x45]) { 1783 trace_vnc_key_sync_numlock(false); 1784 vs->modifiers_state[0x45] = 0; 1785 press_key(vs, 0xff7f); 1786 } 1787 } 1788 } 1789 1790 if (down && vs->vd->lock_key_sync && 1791 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1792 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1793 /* If the capslock state needs to change then simulate an additional 1794 keypress before sending this one. This will happen if the user 1795 toggles capslock away from the VNC window. 1796 */ 1797 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1798 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1799 int capslock = !!(vs->modifiers_state[0x3a]); 1800 if (capslock) { 1801 if (uppercase == shift) { 1802 trace_vnc_key_sync_capslock(false); 1803 vs->modifiers_state[0x3a] = 0; 1804 press_key(vs, 0xffe5); 1805 } 1806 } else { 1807 if (uppercase != shift) { 1808 trace_vnc_key_sync_capslock(true); 1809 vs->modifiers_state[0x3a] = 1; 1810 press_key(vs, 0xffe5); 1811 } 1812 } 1813 } 1814 1815 if (qemu_console_is_graphic(NULL)) { 1816 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1817 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1818 } else { 1819 bool numlock = vs->modifiers_state[0x45]; 1820 bool control = (vs->modifiers_state[0x1d] || 1821 vs->modifiers_state[0x9d]); 1822 /* QEMU console emulation */ 1823 if (down) { 1824 switch (keycode) { 1825 case 0x2a: /* Left Shift */ 1826 case 0x36: /* Right Shift */ 1827 case 0x1d: /* Left CTRL */ 1828 case 0x9d: /* Right CTRL */ 1829 case 0x38: /* Left ALT */ 1830 case 0xb8: /* Right ALT */ 1831 break; 1832 case 0xc8: 1833 kbd_put_keysym(QEMU_KEY_UP); 1834 break; 1835 case 0xd0: 1836 kbd_put_keysym(QEMU_KEY_DOWN); 1837 break; 1838 case 0xcb: 1839 kbd_put_keysym(QEMU_KEY_LEFT); 1840 break; 1841 case 0xcd: 1842 kbd_put_keysym(QEMU_KEY_RIGHT); 1843 break; 1844 case 0xd3: 1845 kbd_put_keysym(QEMU_KEY_DELETE); 1846 break; 1847 case 0xc7: 1848 kbd_put_keysym(QEMU_KEY_HOME); 1849 break; 1850 case 0xcf: 1851 kbd_put_keysym(QEMU_KEY_END); 1852 break; 1853 case 0xc9: 1854 kbd_put_keysym(QEMU_KEY_PAGEUP); 1855 break; 1856 case 0xd1: 1857 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1858 break; 1859 1860 case 0x47: 1861 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1862 break; 1863 case 0x48: 1864 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1865 break; 1866 case 0x49: 1867 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1868 break; 1869 case 0x4b: 1870 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1871 break; 1872 case 0x4c: 1873 kbd_put_keysym('5'); 1874 break; 1875 case 0x4d: 1876 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1877 break; 1878 case 0x4f: 1879 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1880 break; 1881 case 0x50: 1882 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1883 break; 1884 case 0x51: 1885 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1886 break; 1887 case 0x52: 1888 kbd_put_keysym('0'); 1889 break; 1890 case 0x53: 1891 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1892 break; 1893 1894 case 0xb5: 1895 kbd_put_keysym('/'); 1896 break; 1897 case 0x37: 1898 kbd_put_keysym('*'); 1899 break; 1900 case 0x4a: 1901 kbd_put_keysym('-'); 1902 break; 1903 case 0x4e: 1904 kbd_put_keysym('+'); 1905 break; 1906 case 0x9c: 1907 kbd_put_keysym('\n'); 1908 break; 1909 1910 default: 1911 if (control) { 1912 kbd_put_keysym(sym & 0x1f); 1913 } else { 1914 kbd_put_keysym(sym); 1915 } 1916 break; 1917 } 1918 } 1919 } 1920 } 1921 1922 static void vnc_release_modifiers(VncState *vs) 1923 { 1924 static const int keycodes[] = { 1925 /* shift, control, alt keys, both left & right */ 1926 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1927 }; 1928 int i, keycode; 1929 1930 if (!qemu_console_is_graphic(NULL)) { 1931 return; 1932 } 1933 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1934 keycode = keycodes[i]; 1935 if (!vs->modifiers_state[keycode]) { 1936 continue; 1937 } 1938 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1939 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1940 } 1941 } 1942 1943 static const char *code2name(int keycode) 1944 { 1945 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1946 } 1947 1948 static void key_event(VncState *vs, int down, uint32_t sym) 1949 { 1950 int keycode; 1951 int lsym = sym; 1952 1953 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1954 lsym = lsym - 'A' + 'a'; 1955 } 1956 1957 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1958 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1959 do_key_event(vs, down, keycode, sym); 1960 } 1961 1962 static void ext_key_event(VncState *vs, int down, 1963 uint32_t sym, uint16_t keycode) 1964 { 1965 /* if the user specifies a keyboard layout, always use it */ 1966 if (keyboard_layout) { 1967 key_event(vs, down, sym); 1968 } else { 1969 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1970 do_key_event(vs, down, keycode, sym); 1971 } 1972 } 1973 1974 static void framebuffer_update_request(VncState *vs, int incremental, 1975 int x, int y, int w, int h) 1976 { 1977 vs->need_update = 1; 1978 1979 if (incremental) { 1980 return; 1981 } 1982 1983 vs->force_update = 1; 1984 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 1985 } 1986 1987 static void send_ext_key_event_ack(VncState *vs) 1988 { 1989 vnc_lock_output(vs); 1990 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1991 vnc_write_u8(vs, 0); 1992 vnc_write_u16(vs, 1); 1993 vnc_framebuffer_update(vs, 0, 0, 1994 pixman_image_get_width(vs->vd->server), 1995 pixman_image_get_height(vs->vd->server), 1996 VNC_ENCODING_EXT_KEY_EVENT); 1997 vnc_unlock_output(vs); 1998 vnc_flush(vs); 1999 } 2000 2001 static void send_ext_audio_ack(VncState *vs) 2002 { 2003 vnc_lock_output(vs); 2004 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2005 vnc_write_u8(vs, 0); 2006 vnc_write_u16(vs, 1); 2007 vnc_framebuffer_update(vs, 0, 0, 2008 pixman_image_get_width(vs->vd->server), 2009 pixman_image_get_height(vs->vd->server), 2010 VNC_ENCODING_AUDIO); 2011 vnc_unlock_output(vs); 2012 vnc_flush(vs); 2013 } 2014 2015 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2016 { 2017 int i; 2018 unsigned int enc = 0; 2019 2020 vs->features = 0; 2021 vs->vnc_encoding = 0; 2022 vs->tight.compression = 9; 2023 vs->tight.quality = -1; /* Lossless by default */ 2024 vs->absolute = -1; 2025 2026 /* 2027 * Start from the end because the encodings are sent in order of preference. 2028 * This way the preferred encoding (first encoding defined in the array) 2029 * will be set at the end of the loop. 2030 */ 2031 for (i = n_encodings - 1; i >= 0; i--) { 2032 enc = encodings[i]; 2033 switch (enc) { 2034 case VNC_ENCODING_RAW: 2035 vs->vnc_encoding = enc; 2036 break; 2037 case VNC_ENCODING_COPYRECT: 2038 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2039 break; 2040 case VNC_ENCODING_HEXTILE: 2041 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2042 vs->vnc_encoding = enc; 2043 break; 2044 case VNC_ENCODING_TIGHT: 2045 vs->features |= VNC_FEATURE_TIGHT_MASK; 2046 vs->vnc_encoding = enc; 2047 break; 2048 #ifdef CONFIG_VNC_PNG 2049 case VNC_ENCODING_TIGHT_PNG: 2050 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2051 vs->vnc_encoding = enc; 2052 break; 2053 #endif 2054 case VNC_ENCODING_ZLIB: 2055 vs->features |= VNC_FEATURE_ZLIB_MASK; 2056 vs->vnc_encoding = enc; 2057 break; 2058 case VNC_ENCODING_ZRLE: 2059 vs->features |= VNC_FEATURE_ZRLE_MASK; 2060 vs->vnc_encoding = enc; 2061 break; 2062 case VNC_ENCODING_ZYWRLE: 2063 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2064 vs->vnc_encoding = enc; 2065 break; 2066 case VNC_ENCODING_DESKTOPRESIZE: 2067 vs->features |= VNC_FEATURE_RESIZE_MASK; 2068 break; 2069 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2070 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2071 break; 2072 case VNC_ENCODING_RICH_CURSOR: 2073 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2074 if (vs->vd->cursor) { 2075 vnc_cursor_define(vs); 2076 } 2077 break; 2078 case VNC_ENCODING_EXT_KEY_EVENT: 2079 send_ext_key_event_ack(vs); 2080 break; 2081 case VNC_ENCODING_AUDIO: 2082 send_ext_audio_ack(vs); 2083 break; 2084 case VNC_ENCODING_WMVi: 2085 vs->features |= VNC_FEATURE_WMVI_MASK; 2086 break; 2087 case VNC_ENCODING_LED_STATE: 2088 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2089 break; 2090 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2091 vs->tight.compression = (enc & 0x0F); 2092 break; 2093 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2094 if (vs->vd->lossy) { 2095 vs->tight.quality = (enc & 0x0F); 2096 } 2097 break; 2098 default: 2099 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2100 break; 2101 } 2102 } 2103 vnc_desktop_resize(vs); 2104 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2105 vnc_led_state_change(vs); 2106 } 2107 2108 static void set_pixel_conversion(VncState *vs) 2109 { 2110 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2111 2112 if (fmt == VNC_SERVER_FB_FORMAT) { 2113 vs->write_pixels = vnc_write_pixels_copy; 2114 vnc_hextile_set_pixel_conversion(vs, 0); 2115 } else { 2116 vs->write_pixels = vnc_write_pixels_generic; 2117 vnc_hextile_set_pixel_conversion(vs, 1); 2118 } 2119 } 2120 2121 static void send_color_map(VncState *vs) 2122 { 2123 int i; 2124 2125 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2126 vnc_write_u8(vs, 0); /* padding */ 2127 vnc_write_u16(vs, 0); /* first color */ 2128 vnc_write_u16(vs, 256); /* # of colors */ 2129 2130 for (i = 0; i < 256; i++) { 2131 PixelFormat *pf = &vs->client_pf; 2132 2133 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2134 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2135 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2136 } 2137 } 2138 2139 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2140 int big_endian_flag, int true_color_flag, 2141 int red_max, int green_max, int blue_max, 2142 int red_shift, int green_shift, int blue_shift) 2143 { 2144 if (!true_color_flag) { 2145 /* Expose a reasonable default 256 color map */ 2146 bits_per_pixel = 8; 2147 red_max = 7; 2148 green_max = 7; 2149 blue_max = 3; 2150 red_shift = 0; 2151 green_shift = 3; 2152 blue_shift = 6; 2153 } 2154 2155 switch (bits_per_pixel) { 2156 case 8: 2157 case 16: 2158 case 32: 2159 break; 2160 default: 2161 vnc_client_error(vs); 2162 return; 2163 } 2164 2165 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2166 vs->client_pf.rbits = hweight_long(red_max); 2167 vs->client_pf.rshift = red_shift; 2168 vs->client_pf.rmask = red_max << red_shift; 2169 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2170 vs->client_pf.gbits = hweight_long(green_max); 2171 vs->client_pf.gshift = green_shift; 2172 vs->client_pf.gmask = green_max << green_shift; 2173 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2174 vs->client_pf.bbits = hweight_long(blue_max); 2175 vs->client_pf.bshift = blue_shift; 2176 vs->client_pf.bmask = blue_max << blue_shift; 2177 vs->client_pf.bits_per_pixel = bits_per_pixel; 2178 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2179 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2180 vs->client_be = big_endian_flag; 2181 2182 if (!true_color_flag) { 2183 send_color_map(vs); 2184 } 2185 2186 set_pixel_conversion(vs); 2187 2188 graphic_hw_invalidate(vs->vd->dcl.con); 2189 graphic_hw_update(vs->vd->dcl.con); 2190 } 2191 2192 static void pixel_format_message (VncState *vs) { 2193 char pad[3] = { 0, 0, 0 }; 2194 2195 vs->client_pf = qemu_default_pixelformat(32); 2196 2197 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2198 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2199 2200 #ifdef HOST_WORDS_BIGENDIAN 2201 vnc_write_u8(vs, 1); /* big-endian-flag */ 2202 #else 2203 vnc_write_u8(vs, 0); /* big-endian-flag */ 2204 #endif 2205 vnc_write_u8(vs, 1); /* true-color-flag */ 2206 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2207 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2208 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2209 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2210 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2211 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2212 vnc_write(vs, pad, 3); /* padding */ 2213 2214 vnc_hextile_set_pixel_conversion(vs, 0); 2215 vs->write_pixels = vnc_write_pixels_copy; 2216 } 2217 2218 static void vnc_colordepth(VncState *vs) 2219 { 2220 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2221 /* Sending a WMVi message to notify the client*/ 2222 vnc_lock_output(vs); 2223 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2224 vnc_write_u8(vs, 0); 2225 vnc_write_u16(vs, 1); /* number of rects */ 2226 vnc_framebuffer_update(vs, 0, 0, 2227 pixman_image_get_width(vs->vd->server), 2228 pixman_image_get_height(vs->vd->server), 2229 VNC_ENCODING_WMVi); 2230 pixel_format_message(vs); 2231 vnc_unlock_output(vs); 2232 vnc_flush(vs); 2233 } else { 2234 set_pixel_conversion(vs); 2235 } 2236 } 2237 2238 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2239 { 2240 int i; 2241 uint16_t limit; 2242 VncDisplay *vd = vs->vd; 2243 2244 if (data[0] > 3) { 2245 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2246 } 2247 2248 switch (data[0]) { 2249 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2250 if (len == 1) 2251 return 20; 2252 2253 set_pixel_format(vs, read_u8(data, 4), 2254 read_u8(data, 6), read_u8(data, 7), 2255 read_u16(data, 8), read_u16(data, 10), 2256 read_u16(data, 12), read_u8(data, 14), 2257 read_u8(data, 15), read_u8(data, 16)); 2258 break; 2259 case VNC_MSG_CLIENT_SET_ENCODINGS: 2260 if (len == 1) 2261 return 4; 2262 2263 if (len == 4) { 2264 limit = read_u16(data, 2); 2265 if (limit > 0) 2266 return 4 + (limit * 4); 2267 } else 2268 limit = read_u16(data, 2); 2269 2270 for (i = 0; i < limit; i++) { 2271 int32_t val = read_s32(data, 4 + (i * 4)); 2272 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2273 } 2274 2275 set_encodings(vs, (int32_t *)(data + 4), limit); 2276 break; 2277 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2278 if (len == 1) 2279 return 10; 2280 2281 framebuffer_update_request(vs, 2282 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2283 read_u16(data, 6), read_u16(data, 8)); 2284 break; 2285 case VNC_MSG_CLIENT_KEY_EVENT: 2286 if (len == 1) 2287 return 8; 2288 2289 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2290 break; 2291 case VNC_MSG_CLIENT_POINTER_EVENT: 2292 if (len == 1) 2293 return 6; 2294 2295 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2296 break; 2297 case VNC_MSG_CLIENT_CUT_TEXT: 2298 if (len == 1) { 2299 return 8; 2300 } 2301 if (len == 8) { 2302 uint32_t dlen = read_u32(data, 4); 2303 if (dlen > (1 << 20)) { 2304 error_report("vnc: client_cut_text msg payload has %u bytes" 2305 " which exceeds our limit of 1MB.", dlen); 2306 vnc_client_error(vs); 2307 break; 2308 } 2309 if (dlen > 0) { 2310 return 8 + dlen; 2311 } 2312 } 2313 2314 client_cut_text(vs, read_u32(data, 4), data + 8); 2315 break; 2316 case VNC_MSG_CLIENT_QEMU: 2317 if (len == 1) 2318 return 2; 2319 2320 switch (read_u8(data, 1)) { 2321 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2322 if (len == 2) 2323 return 12; 2324 2325 ext_key_event(vs, read_u16(data, 2), 2326 read_u32(data, 4), read_u32(data, 8)); 2327 break; 2328 case VNC_MSG_CLIENT_QEMU_AUDIO: 2329 if (len == 2) 2330 return 4; 2331 2332 switch (read_u16 (data, 2)) { 2333 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2334 audio_add(vs); 2335 break; 2336 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2337 audio_del(vs); 2338 break; 2339 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2340 if (len == 4) 2341 return 10; 2342 switch (read_u8(data, 4)) { 2343 case 0: vs->as.fmt = AUD_FMT_U8; break; 2344 case 1: vs->as.fmt = AUD_FMT_S8; break; 2345 case 2: vs->as.fmt = AUD_FMT_U16; break; 2346 case 3: vs->as.fmt = AUD_FMT_S16; break; 2347 case 4: vs->as.fmt = AUD_FMT_U32; break; 2348 case 5: vs->as.fmt = AUD_FMT_S32; break; 2349 default: 2350 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2351 vnc_client_error(vs); 2352 break; 2353 } 2354 vs->as.nchannels = read_u8(data, 5); 2355 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2356 VNC_DEBUG("Invalid audio channel coount %d\n", 2357 read_u8(data, 5)); 2358 vnc_client_error(vs); 2359 break; 2360 } 2361 vs->as.freq = read_u32(data, 6); 2362 break; 2363 default: 2364 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2365 vnc_client_error(vs); 2366 break; 2367 } 2368 break; 2369 2370 default: 2371 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2372 vnc_client_error(vs); 2373 break; 2374 } 2375 break; 2376 default: 2377 VNC_DEBUG("Msg: %d\n", data[0]); 2378 vnc_client_error(vs); 2379 break; 2380 } 2381 2382 vnc_read_when(vs, protocol_client_msg, 1); 2383 return 0; 2384 } 2385 2386 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2387 { 2388 char buf[1024]; 2389 VncShareMode mode; 2390 int size; 2391 2392 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2393 switch (vs->vd->share_policy) { 2394 case VNC_SHARE_POLICY_IGNORE: 2395 /* 2396 * Ignore the shared flag. Nothing to do here. 2397 * 2398 * Doesn't conform to the rfb spec but is traditional qemu 2399 * behavior, thus left here as option for compatibility 2400 * reasons. 2401 */ 2402 break; 2403 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2404 /* 2405 * Policy: Allow clients ask for exclusive access. 2406 * 2407 * Implementation: When a client asks for exclusive access, 2408 * disconnect all others. Shared connects are allowed as long 2409 * as no exclusive connection exists. 2410 * 2411 * This is how the rfb spec suggests to handle the shared flag. 2412 */ 2413 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2414 VncState *client; 2415 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2416 if (vs == client) { 2417 continue; 2418 } 2419 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2420 client->share_mode != VNC_SHARE_MODE_SHARED) { 2421 continue; 2422 } 2423 vnc_disconnect_start(client); 2424 } 2425 } 2426 if (mode == VNC_SHARE_MODE_SHARED) { 2427 if (vs->vd->num_exclusive > 0) { 2428 vnc_disconnect_start(vs); 2429 return 0; 2430 } 2431 } 2432 break; 2433 case VNC_SHARE_POLICY_FORCE_SHARED: 2434 /* 2435 * Policy: Shared connects only. 2436 * Implementation: Disallow clients asking for exclusive access. 2437 * 2438 * Useful for shared desktop sessions where you don't want 2439 * someone forgetting to say -shared when running the vnc 2440 * client disconnect everybody else. 2441 */ 2442 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2443 vnc_disconnect_start(vs); 2444 return 0; 2445 } 2446 break; 2447 } 2448 vnc_set_share_mode(vs, mode); 2449 2450 if (vs->vd->num_shared > vs->vd->connections_limit) { 2451 vnc_disconnect_start(vs); 2452 return 0; 2453 } 2454 2455 vs->client_width = pixman_image_get_width(vs->vd->server); 2456 vs->client_height = pixman_image_get_height(vs->vd->server); 2457 vnc_write_u16(vs, vs->client_width); 2458 vnc_write_u16(vs, vs->client_height); 2459 2460 pixel_format_message(vs); 2461 2462 if (qemu_name) { 2463 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2464 if (size > sizeof(buf)) { 2465 size = sizeof(buf); 2466 } 2467 } else { 2468 size = snprintf(buf, sizeof(buf), "QEMU"); 2469 } 2470 2471 vnc_write_u32(vs, size); 2472 vnc_write(vs, buf, size); 2473 vnc_flush(vs); 2474 2475 vnc_client_cache_auth(vs); 2476 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2477 2478 vnc_read_when(vs, protocol_client_msg, 1); 2479 2480 return 0; 2481 } 2482 2483 void start_client_init(VncState *vs) 2484 { 2485 vnc_read_when(vs, protocol_client_init, 1); 2486 } 2487 2488 static void make_challenge(VncState *vs) 2489 { 2490 int i; 2491 2492 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2493 2494 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2495 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2496 } 2497 2498 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2499 { 2500 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2501 size_t i, pwlen; 2502 unsigned char key[8]; 2503 time_t now = time(NULL); 2504 QCryptoCipher *cipher = NULL; 2505 Error *err = NULL; 2506 2507 if (!vs->vd->password) { 2508 VNC_DEBUG("No password configured on server"); 2509 goto reject; 2510 } 2511 if (vs->vd->expires < now) { 2512 VNC_DEBUG("Password is expired"); 2513 goto reject; 2514 } 2515 2516 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2517 2518 /* Calculate the expected challenge response */ 2519 pwlen = strlen(vs->vd->password); 2520 for (i=0; i<sizeof(key); i++) 2521 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2522 2523 cipher = qcrypto_cipher_new( 2524 QCRYPTO_CIPHER_ALG_DES_RFB, 2525 QCRYPTO_CIPHER_MODE_ECB, 2526 key, G_N_ELEMENTS(key), 2527 &err); 2528 if (!cipher) { 2529 VNC_DEBUG("Cannot initialize cipher %s", 2530 error_get_pretty(err)); 2531 error_free(err); 2532 goto reject; 2533 } 2534 2535 if (qcrypto_cipher_encrypt(cipher, 2536 vs->challenge, 2537 response, 2538 VNC_AUTH_CHALLENGE_SIZE, 2539 &err) < 0) { 2540 VNC_DEBUG("Cannot encrypt challenge %s", 2541 error_get_pretty(err)); 2542 error_free(err); 2543 goto reject; 2544 } 2545 2546 /* Compare expected vs actual challenge response */ 2547 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2548 VNC_DEBUG("Client challenge response did not match\n"); 2549 goto reject; 2550 } else { 2551 VNC_DEBUG("Accepting VNC challenge response\n"); 2552 vnc_write_u32(vs, 0); /* Accept auth */ 2553 vnc_flush(vs); 2554 2555 start_client_init(vs); 2556 } 2557 2558 qcrypto_cipher_free(cipher); 2559 return 0; 2560 2561 reject: 2562 vnc_write_u32(vs, 1); /* Reject auth */ 2563 if (vs->minor >= 8) { 2564 static const char err[] = "Authentication failed"; 2565 vnc_write_u32(vs, sizeof(err)); 2566 vnc_write(vs, err, sizeof(err)); 2567 } 2568 vnc_flush(vs); 2569 vnc_client_error(vs); 2570 qcrypto_cipher_free(cipher); 2571 return 0; 2572 } 2573 2574 void start_auth_vnc(VncState *vs) 2575 { 2576 make_challenge(vs); 2577 /* Send client a 'random' challenge */ 2578 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2579 vnc_flush(vs); 2580 2581 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2582 } 2583 2584 2585 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2586 { 2587 /* We only advertise 1 auth scheme at a time, so client 2588 * must pick the one we sent. Verify this */ 2589 if (data[0] != vs->auth) { /* Reject auth */ 2590 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2591 vnc_write_u32(vs, 1); 2592 if (vs->minor >= 8) { 2593 static const char err[] = "Authentication failed"; 2594 vnc_write_u32(vs, sizeof(err)); 2595 vnc_write(vs, err, sizeof(err)); 2596 } 2597 vnc_client_error(vs); 2598 } else { /* Accept requested auth */ 2599 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2600 switch (vs->auth) { 2601 case VNC_AUTH_NONE: 2602 VNC_DEBUG("Accept auth none\n"); 2603 if (vs->minor >= 8) { 2604 vnc_write_u32(vs, 0); /* Accept auth completion */ 2605 vnc_flush(vs); 2606 } 2607 start_client_init(vs); 2608 break; 2609 2610 case VNC_AUTH_VNC: 2611 VNC_DEBUG("Start VNC auth\n"); 2612 start_auth_vnc(vs); 2613 break; 2614 2615 case VNC_AUTH_VENCRYPT: 2616 VNC_DEBUG("Accept VeNCrypt auth\n"); 2617 start_auth_vencrypt(vs); 2618 break; 2619 2620 #ifdef CONFIG_VNC_SASL 2621 case VNC_AUTH_SASL: 2622 VNC_DEBUG("Accept SASL auth\n"); 2623 start_auth_sasl(vs); 2624 break; 2625 #endif /* CONFIG_VNC_SASL */ 2626 2627 default: /* Should not be possible, but just in case */ 2628 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2629 vnc_write_u8(vs, 1); 2630 if (vs->minor >= 8) { 2631 static const char err[] = "Authentication failed"; 2632 vnc_write_u32(vs, sizeof(err)); 2633 vnc_write(vs, err, sizeof(err)); 2634 } 2635 vnc_client_error(vs); 2636 } 2637 } 2638 return 0; 2639 } 2640 2641 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2642 { 2643 char local[13]; 2644 2645 memcpy(local, version, 12); 2646 local[12] = 0; 2647 2648 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2649 VNC_DEBUG("Malformed protocol version %s\n", local); 2650 vnc_client_error(vs); 2651 return 0; 2652 } 2653 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2654 if (vs->major != 3 || 2655 (vs->minor != 3 && 2656 vs->minor != 4 && 2657 vs->minor != 5 && 2658 vs->minor != 7 && 2659 vs->minor != 8)) { 2660 VNC_DEBUG("Unsupported client version\n"); 2661 vnc_write_u32(vs, VNC_AUTH_INVALID); 2662 vnc_flush(vs); 2663 vnc_client_error(vs); 2664 return 0; 2665 } 2666 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2667 * as equivalent to v3.3 by servers 2668 */ 2669 if (vs->minor == 4 || vs->minor == 5) 2670 vs->minor = 3; 2671 2672 if (vs->minor == 3) { 2673 if (vs->auth == VNC_AUTH_NONE) { 2674 VNC_DEBUG("Tell client auth none\n"); 2675 vnc_write_u32(vs, vs->auth); 2676 vnc_flush(vs); 2677 start_client_init(vs); 2678 } else if (vs->auth == VNC_AUTH_VNC) { 2679 VNC_DEBUG("Tell client VNC auth\n"); 2680 vnc_write_u32(vs, vs->auth); 2681 vnc_flush(vs); 2682 start_auth_vnc(vs); 2683 } else { 2684 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2685 vnc_write_u32(vs, VNC_AUTH_INVALID); 2686 vnc_flush(vs); 2687 vnc_client_error(vs); 2688 } 2689 } else { 2690 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2691 vnc_write_u8(vs, 1); /* num auth */ 2692 vnc_write_u8(vs, vs->auth); 2693 vnc_read_when(vs, protocol_client_auth, 1); 2694 vnc_flush(vs); 2695 } 2696 2697 return 0; 2698 } 2699 2700 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2701 { 2702 struct VncSurface *vs = &vd->guest; 2703 2704 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2705 } 2706 2707 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2708 { 2709 int i, j; 2710 2711 w = (x + w) / VNC_STAT_RECT; 2712 h = (y + h) / VNC_STAT_RECT; 2713 x /= VNC_STAT_RECT; 2714 y /= VNC_STAT_RECT; 2715 2716 for (j = y; j <= h; j++) { 2717 for (i = x; i <= w; i++) { 2718 vs->lossy_rect[j][i] = 1; 2719 } 2720 } 2721 } 2722 2723 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2724 { 2725 VncState *vs; 2726 int sty = y / VNC_STAT_RECT; 2727 int stx = x / VNC_STAT_RECT; 2728 int has_dirty = 0; 2729 2730 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2731 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2732 2733 QTAILQ_FOREACH(vs, &vd->clients, next) { 2734 int j; 2735 2736 /* kernel send buffers are full -> refresh later */ 2737 if (vs->output.offset) { 2738 continue; 2739 } 2740 2741 if (!vs->lossy_rect[sty][stx]) { 2742 continue; 2743 } 2744 2745 vs->lossy_rect[sty][stx] = 0; 2746 for (j = 0; j < VNC_STAT_RECT; ++j) { 2747 bitmap_set(vs->dirty[y + j], 2748 x / VNC_DIRTY_PIXELS_PER_BIT, 2749 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2750 } 2751 has_dirty++; 2752 } 2753 2754 return has_dirty; 2755 } 2756 2757 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2758 { 2759 int width = pixman_image_get_width(vd->guest.fb); 2760 int height = pixman_image_get_height(vd->guest.fb); 2761 int x, y; 2762 struct timeval res; 2763 int has_dirty = 0; 2764 2765 for (y = 0; y < height; y += VNC_STAT_RECT) { 2766 for (x = 0; x < width; x += VNC_STAT_RECT) { 2767 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2768 2769 rect->updated = false; 2770 } 2771 } 2772 2773 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2774 2775 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2776 return has_dirty; 2777 } 2778 vd->guest.last_freq_check = *tv; 2779 2780 for (y = 0; y < height; y += VNC_STAT_RECT) { 2781 for (x = 0; x < width; x += VNC_STAT_RECT) { 2782 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2783 int count = ARRAY_SIZE(rect->times); 2784 struct timeval min, max; 2785 2786 if (!timerisset(&rect->times[count - 1])) { 2787 continue ; 2788 } 2789 2790 max = rect->times[(rect->idx + count - 1) % count]; 2791 qemu_timersub(tv, &max, &res); 2792 2793 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2794 rect->freq = 0; 2795 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2796 memset(rect->times, 0, sizeof (rect->times)); 2797 continue ; 2798 } 2799 2800 min = rect->times[rect->idx]; 2801 max = rect->times[(rect->idx + count - 1) % count]; 2802 qemu_timersub(&max, &min, &res); 2803 2804 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2805 rect->freq /= count; 2806 rect->freq = 1. / rect->freq; 2807 } 2808 } 2809 return has_dirty; 2810 } 2811 2812 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2813 { 2814 int i, j; 2815 double total = 0; 2816 int num = 0; 2817 2818 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2819 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2820 2821 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2822 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2823 total += vnc_stat_rect(vs->vd, i, j)->freq; 2824 num++; 2825 } 2826 } 2827 2828 if (num) { 2829 return total / num; 2830 } else { 2831 return 0; 2832 } 2833 } 2834 2835 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2836 { 2837 VncRectStat *rect; 2838 2839 rect = vnc_stat_rect(vd, x, y); 2840 if (rect->updated) { 2841 return ; 2842 } 2843 rect->times[rect->idx] = *tv; 2844 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2845 rect->updated = true; 2846 } 2847 2848 static int vnc_refresh_server_surface(VncDisplay *vd) 2849 { 2850 int width = MIN(pixman_image_get_width(vd->guest.fb), 2851 pixman_image_get_width(vd->server)); 2852 int height = MIN(pixman_image_get_height(vd->guest.fb), 2853 pixman_image_get_height(vd->server)); 2854 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2855 uint8_t *guest_row0 = NULL, *server_row0; 2856 VncState *vs; 2857 int has_dirty = 0; 2858 pixman_image_t *tmpbuf = NULL; 2859 2860 struct timeval tv = { 0, 0 }; 2861 2862 if (!vd->non_adaptive) { 2863 gettimeofday(&tv, NULL); 2864 has_dirty = vnc_update_stats(vd, &tv); 2865 } 2866 2867 /* 2868 * Walk through the guest dirty map. 2869 * Check and copy modified bits from guest to server surface. 2870 * Update server dirty map. 2871 */ 2872 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2873 server_stride = guest_stride = guest_ll = 2874 pixman_image_get_stride(vd->server); 2875 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2876 server_stride); 2877 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2878 int width = pixman_image_get_width(vd->server); 2879 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2880 } else { 2881 int guest_bpp = 2882 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2883 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2884 guest_stride = pixman_image_get_stride(vd->guest.fb); 2885 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2886 } 2887 line_bytes = MIN(server_stride, guest_ll); 2888 2889 for (;;) { 2890 int x; 2891 uint8_t *guest_ptr, *server_ptr; 2892 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2893 height * VNC_DIRTY_BPL(&vd->guest), 2894 y * VNC_DIRTY_BPL(&vd->guest)); 2895 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2896 /* no more dirty bits */ 2897 break; 2898 } 2899 y = offset / VNC_DIRTY_BPL(&vd->guest); 2900 x = offset % VNC_DIRTY_BPL(&vd->guest); 2901 2902 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2903 2904 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2905 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2906 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2907 } else { 2908 guest_ptr = guest_row0 + y * guest_stride; 2909 } 2910 guest_ptr += x * cmp_bytes; 2911 2912 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2913 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2914 int _cmp_bytes = cmp_bytes; 2915 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2916 continue; 2917 } 2918 if ((x + 1) * cmp_bytes > line_bytes) { 2919 _cmp_bytes = line_bytes - x * cmp_bytes; 2920 } 2921 assert(_cmp_bytes >= 0); 2922 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2923 continue; 2924 } 2925 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2926 if (!vd->non_adaptive) { 2927 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2928 y, &tv); 2929 } 2930 QTAILQ_FOREACH(vs, &vd->clients, next) { 2931 set_bit(x, vs->dirty[y]); 2932 } 2933 has_dirty++; 2934 } 2935 2936 y++; 2937 } 2938 qemu_pixman_image_unref(tmpbuf); 2939 return has_dirty; 2940 } 2941 2942 static void vnc_refresh(DisplayChangeListener *dcl) 2943 { 2944 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2945 VncState *vs, *vn; 2946 int has_dirty, rects = 0; 2947 2948 if (QTAILQ_EMPTY(&vd->clients)) { 2949 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2950 return; 2951 } 2952 2953 graphic_hw_update(vd->dcl.con); 2954 2955 if (vnc_trylock_display(vd)) { 2956 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2957 return; 2958 } 2959 2960 has_dirty = vnc_refresh_server_surface(vd); 2961 vnc_unlock_display(vd); 2962 2963 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2964 rects += vnc_update_client(vs, has_dirty, false); 2965 /* vs might be free()ed here */ 2966 } 2967 2968 if (has_dirty && rects) { 2969 vd->dcl.update_interval /= 2; 2970 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2971 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2972 } 2973 } else { 2974 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2975 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2976 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2977 } 2978 } 2979 } 2980 2981 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 2982 bool skipauth, bool websocket) 2983 { 2984 VncState *vs = g_new0(VncState, 1); 2985 bool first_client = QTAILQ_EMPTY(&vd->clients); 2986 int i; 2987 2988 vs->sioc = sioc; 2989 object_ref(OBJECT(vs->sioc)); 2990 vs->ioc = QIO_CHANNEL(sioc); 2991 object_ref(OBJECT(vs->ioc)); 2992 vs->vd = vd; 2993 2994 buffer_init(&vs->input, "vnc-input/%p", sioc); 2995 buffer_init(&vs->output, "vnc-output/%p", sioc); 2996 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 2997 2998 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 2999 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 3000 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 3001 #ifdef CONFIG_VNC_JPEG 3002 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 3003 #endif 3004 #ifdef CONFIG_VNC_PNG 3005 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 3006 #endif 3007 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 3008 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 3009 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 3010 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 3011 3012 if (skipauth) { 3013 vs->auth = VNC_AUTH_NONE; 3014 vs->subauth = VNC_AUTH_INVALID; 3015 } else { 3016 if (websocket) { 3017 vs->auth = vd->ws_auth; 3018 vs->subauth = VNC_AUTH_INVALID; 3019 } else { 3020 vs->auth = vd->auth; 3021 vs->subauth = vd->subauth; 3022 } 3023 } 3024 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3025 sioc, websocket, vs->auth, vs->subauth); 3026 3027 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3028 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3029 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 3030 } 3031 3032 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3033 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3034 qio_channel_set_blocking(vs->ioc, false, NULL); 3035 if (websocket) { 3036 vs->websocket = 1; 3037 if (vd->tlscreds) { 3038 vs->ioc_tag = qio_channel_add_watch( 3039 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 3040 } else { 3041 vs->ioc_tag = qio_channel_add_watch( 3042 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 3043 } 3044 } else { 3045 vs->ioc_tag = qio_channel_add_watch( 3046 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 3047 } 3048 3049 vnc_client_cache_addr(vs); 3050 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3051 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3052 3053 vs->last_x = -1; 3054 vs->last_y = -1; 3055 3056 vs->as.freq = 44100; 3057 vs->as.nchannels = 2; 3058 vs->as.fmt = AUD_FMT_S16; 3059 vs->as.endianness = 0; 3060 3061 qemu_mutex_init(&vs->output_mutex); 3062 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3063 3064 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3065 if (first_client) { 3066 vnc_update_server_surface(vd); 3067 } 3068 3069 graphic_hw_update(vd->dcl.con); 3070 3071 if (!vs->websocket) { 3072 vnc_start_protocol(vs); 3073 } 3074 3075 if (vd->num_connecting > vd->connections_limit) { 3076 QTAILQ_FOREACH(vs, &vd->clients, next) { 3077 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3078 vnc_disconnect_start(vs); 3079 return; 3080 } 3081 } 3082 } 3083 } 3084 3085 void vnc_start_protocol(VncState *vs) 3086 { 3087 vnc_write(vs, "RFB 003.008\n", 12); 3088 vnc_flush(vs); 3089 vnc_read_when(vs, protocol_version, 12); 3090 if (vs->vd->lock_key_sync) 3091 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3092 3093 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3094 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3095 } 3096 3097 static gboolean vnc_listen_io(QIOChannel *ioc, 3098 GIOCondition condition, 3099 void *opaque) 3100 { 3101 VncDisplay *vd = opaque; 3102 QIOChannelSocket *sioc = NULL; 3103 Error *err = NULL; 3104 3105 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err); 3106 if (sioc != NULL) { 3107 qio_channel_set_name(QIO_CHANNEL(sioc), 3108 ioc != QIO_CHANNEL(vd->lsock) ? 3109 "vnc-ws-server" : "vnc-server"); 3110 qio_channel_set_delay(QIO_CHANNEL(sioc), false); 3111 vnc_connect(vd, sioc, false, 3112 ioc != QIO_CHANNEL(vd->lsock)); 3113 object_unref(OBJECT(sioc)); 3114 } else { 3115 /* client probably closed connection before we got there */ 3116 error_free(err); 3117 } 3118 3119 return TRUE; 3120 } 3121 3122 static const DisplayChangeListenerOps dcl_ops = { 3123 .dpy_name = "vnc", 3124 .dpy_refresh = vnc_refresh, 3125 .dpy_gfx_copy = vnc_dpy_copy, 3126 .dpy_gfx_update = vnc_dpy_update, 3127 .dpy_gfx_switch = vnc_dpy_switch, 3128 .dpy_gfx_check_format = qemu_pixman_check_format, 3129 .dpy_mouse_set = vnc_mouse_set, 3130 .dpy_cursor_define = vnc_dpy_cursor_define, 3131 }; 3132 3133 void vnc_display_init(const char *id) 3134 { 3135 VncDisplay *vd; 3136 3137 if (vnc_display_find(id) != NULL) { 3138 return; 3139 } 3140 vd = g_malloc0(sizeof(*vd)); 3141 3142 vd->id = strdup(id); 3143 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3144 3145 QTAILQ_INIT(&vd->clients); 3146 vd->expires = TIME_MAX; 3147 3148 if (keyboard_layout) { 3149 trace_vnc_key_map_init(keyboard_layout); 3150 vd->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3151 } else { 3152 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3153 } 3154 3155 if (!vd->kbd_layout) { 3156 exit(1); 3157 } 3158 3159 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3160 vd->connections_limit = 32; 3161 3162 qemu_mutex_init(&vd->mutex); 3163 vnc_start_worker_thread(); 3164 3165 vd->dcl.ops = &dcl_ops; 3166 register_displaychangelistener(&vd->dcl); 3167 } 3168 3169 3170 static void vnc_display_close(VncDisplay *vd) 3171 { 3172 if (!vd) { 3173 return; 3174 } 3175 vd->is_unix = false; 3176 if (vd->lsock != NULL) { 3177 if (vd->lsock_tag) { 3178 g_source_remove(vd->lsock_tag); 3179 } 3180 object_unref(OBJECT(vd->lsock)); 3181 vd->lsock = NULL; 3182 } 3183 if (vd->lwebsock != NULL) { 3184 if (vd->lwebsock_tag) { 3185 g_source_remove(vd->lwebsock_tag); 3186 } 3187 object_unref(OBJECT(vd->lwebsock)); 3188 vd->lwebsock = NULL; 3189 } 3190 vd->auth = VNC_AUTH_INVALID; 3191 vd->subauth = VNC_AUTH_INVALID; 3192 if (vd->tlscreds) { 3193 object_unparent(OBJECT(vd->tlscreds)); 3194 vd->tlscreds = NULL; 3195 } 3196 g_free(vd->tlsaclname); 3197 vd->tlsaclname = NULL; 3198 } 3199 3200 int vnc_display_password(const char *id, const char *password) 3201 { 3202 VncDisplay *vd = vnc_display_find(id); 3203 3204 if (!vd) { 3205 return -EINVAL; 3206 } 3207 if (vd->auth == VNC_AUTH_NONE) { 3208 error_printf_unless_qmp("If you want use passwords please enable " 3209 "password auth using '-vnc ${dpy},password'.\n"); 3210 return -EINVAL; 3211 } 3212 3213 g_free(vd->password); 3214 vd->password = g_strdup(password); 3215 3216 return 0; 3217 } 3218 3219 int vnc_display_pw_expire(const char *id, time_t expires) 3220 { 3221 VncDisplay *vd = vnc_display_find(id); 3222 3223 if (!vd) { 3224 return -EINVAL; 3225 } 3226 3227 vd->expires = expires; 3228 return 0; 3229 } 3230 3231 static void vnc_display_print_local_addr(VncDisplay *vd) 3232 { 3233 SocketAddress *addr; 3234 Error *err = NULL; 3235 3236 addr = qio_channel_socket_get_local_address(vd->lsock, &err); 3237 if (!addr) { 3238 return; 3239 } 3240 3241 if (addr->type != SOCKET_ADDRESS_KIND_INET) { 3242 qapi_free_SocketAddress(addr); 3243 return; 3244 } 3245 error_printf_unless_qmp("VNC server running on %s:%s\n", 3246 addr->u.inet.data->host, 3247 addr->u.inet.data->port); 3248 qapi_free_SocketAddress(addr); 3249 } 3250 3251 static QemuOptsList qemu_vnc_opts = { 3252 .name = "vnc", 3253 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3254 .implied_opt_name = "vnc", 3255 .desc = { 3256 { 3257 .name = "vnc", 3258 .type = QEMU_OPT_STRING, 3259 },{ 3260 .name = "websocket", 3261 .type = QEMU_OPT_STRING, 3262 },{ 3263 .name = "tls-creds", 3264 .type = QEMU_OPT_STRING, 3265 },{ 3266 /* Deprecated in favour of tls-creds */ 3267 .name = "x509", 3268 .type = QEMU_OPT_STRING, 3269 },{ 3270 .name = "share", 3271 .type = QEMU_OPT_STRING, 3272 },{ 3273 .name = "display", 3274 .type = QEMU_OPT_STRING, 3275 },{ 3276 .name = "head", 3277 .type = QEMU_OPT_NUMBER, 3278 },{ 3279 .name = "connections", 3280 .type = QEMU_OPT_NUMBER, 3281 },{ 3282 .name = "to", 3283 .type = QEMU_OPT_NUMBER, 3284 },{ 3285 .name = "ipv4", 3286 .type = QEMU_OPT_BOOL, 3287 },{ 3288 .name = "ipv6", 3289 .type = QEMU_OPT_BOOL, 3290 },{ 3291 .name = "password", 3292 .type = QEMU_OPT_BOOL, 3293 },{ 3294 .name = "reverse", 3295 .type = QEMU_OPT_BOOL, 3296 },{ 3297 .name = "lock-key-sync", 3298 .type = QEMU_OPT_BOOL, 3299 },{ 3300 .name = "key-delay-ms", 3301 .type = QEMU_OPT_NUMBER, 3302 },{ 3303 .name = "sasl", 3304 .type = QEMU_OPT_BOOL, 3305 },{ 3306 /* Deprecated in favour of tls-creds */ 3307 .name = "tls", 3308 .type = QEMU_OPT_BOOL, 3309 },{ 3310 /* Deprecated in favour of tls-creds */ 3311 .name = "x509verify", 3312 .type = QEMU_OPT_STRING, 3313 },{ 3314 .name = "acl", 3315 .type = QEMU_OPT_BOOL, 3316 },{ 3317 .name = "lossy", 3318 .type = QEMU_OPT_BOOL, 3319 },{ 3320 .name = "non-adaptive", 3321 .type = QEMU_OPT_BOOL, 3322 }, 3323 { /* end of list */ } 3324 }, 3325 }; 3326 3327 3328 static int 3329 vnc_display_setup_auth(int *auth, 3330 int *subauth, 3331 QCryptoTLSCreds *tlscreds, 3332 bool password, 3333 bool sasl, 3334 bool websocket, 3335 Error **errp) 3336 { 3337 /* 3338 * We have a choice of 3 authentication options 3339 * 3340 * 1. none 3341 * 2. vnc 3342 * 3. sasl 3343 * 3344 * The channel can be run in 2 modes 3345 * 3346 * 1. clear 3347 * 2. tls 3348 * 3349 * And TLS can use 2 types of credentials 3350 * 3351 * 1. anon 3352 * 2. x509 3353 * 3354 * We thus have 9 possible logical combinations 3355 * 3356 * 1. clear + none 3357 * 2. clear + vnc 3358 * 3. clear + sasl 3359 * 4. tls + anon + none 3360 * 5. tls + anon + vnc 3361 * 6. tls + anon + sasl 3362 * 7. tls + x509 + none 3363 * 8. tls + x509 + vnc 3364 * 9. tls + x509 + sasl 3365 * 3366 * These need to be mapped into the VNC auth schemes 3367 * in an appropriate manner. In regular VNC, all the 3368 * TLS options get mapped into VNC_AUTH_VENCRYPT 3369 * sub-auth types. 3370 * 3371 * In websockets, the https:// protocol already provides 3372 * TLS support, so there is no need to make use of the 3373 * VeNCrypt extension. Furthermore, websockets browser 3374 * clients could not use VeNCrypt even if they wanted to, 3375 * as they cannot control when the TLS handshake takes 3376 * place. Thus there is no option but to rely on https://, 3377 * meaning combinations 4->6 and 7->9 will be mapped to 3378 * VNC auth schemes in the same way as combos 1->3. 3379 * 3380 * Regardless of fact that we have a different mapping to 3381 * VNC auth mechs for plain VNC vs websockets VNC, the end 3382 * result has the same security characteristics. 3383 */ 3384 if (websocket || !tlscreds) { 3385 if (password) { 3386 VNC_DEBUG("Initializing VNC server with password auth\n"); 3387 *auth = VNC_AUTH_VNC; 3388 } else if (sasl) { 3389 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3390 *auth = VNC_AUTH_SASL; 3391 } else { 3392 VNC_DEBUG("Initializing VNC server with no auth\n"); 3393 *auth = VNC_AUTH_NONE; 3394 } 3395 *subauth = VNC_AUTH_INVALID; 3396 } else { 3397 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3398 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3399 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3400 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3401 3402 if (!is_x509 && !is_anon) { 3403 error_setg(errp, 3404 "Unsupported TLS cred type %s", 3405 object_get_typename(OBJECT(tlscreds))); 3406 return -1; 3407 } 3408 *auth = VNC_AUTH_VENCRYPT; 3409 if (password) { 3410 if (is_x509) { 3411 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3412 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3413 } else { 3414 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3415 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3416 } 3417 3418 } else if (sasl) { 3419 if (is_x509) { 3420 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3421 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3422 } else { 3423 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3424 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3425 } 3426 } else { 3427 if (is_x509) { 3428 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3429 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3430 } else { 3431 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3432 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3433 } 3434 } 3435 } 3436 return 0; 3437 } 3438 3439 3440 /* 3441 * Handle back compat with old CLI syntax by creating some 3442 * suitable QCryptoTLSCreds objects 3443 */ 3444 static QCryptoTLSCreds * 3445 vnc_display_create_creds(bool x509, 3446 bool x509verify, 3447 const char *dir, 3448 const char *id, 3449 Error **errp) 3450 { 3451 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3452 Object *parent = object_get_objects_root(); 3453 Object *creds; 3454 Error *err = NULL; 3455 3456 if (x509) { 3457 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3458 parent, 3459 credsid, 3460 &err, 3461 "endpoint", "server", 3462 "dir", dir, 3463 "verify-peer", x509verify ? "yes" : "no", 3464 NULL); 3465 } else { 3466 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3467 parent, 3468 credsid, 3469 &err, 3470 "endpoint", "server", 3471 NULL); 3472 } 3473 3474 g_free(credsid); 3475 3476 if (err) { 3477 error_propagate(errp, err); 3478 return NULL; 3479 } 3480 3481 return QCRYPTO_TLS_CREDS(creds); 3482 } 3483 3484 3485 void vnc_display_open(const char *id, Error **errp) 3486 { 3487 VncDisplay *vd = vnc_display_find(id); 3488 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3489 SocketAddress *saddr = NULL, *wsaddr = NULL; 3490 const char *share, *device_id; 3491 QemuConsole *con; 3492 bool password = false; 3493 bool reverse = false; 3494 const char *vnc; 3495 char *h; 3496 const char *credid; 3497 int show_vnc_port = 0; 3498 bool sasl = false; 3499 #ifdef CONFIG_VNC_SASL 3500 int saslErr; 3501 #endif 3502 int acl = 0; 3503 int lock_key_sync = 1; 3504 int key_delay_ms; 3505 bool ws_enabled = false; 3506 3507 if (!vd) { 3508 error_setg(errp, "VNC display not active"); 3509 return; 3510 } 3511 vnc_display_close(vd); 3512 3513 if (!opts) { 3514 return; 3515 } 3516 vnc = qemu_opt_get(opts, "vnc"); 3517 if (!vnc || strcmp(vnc, "none") == 0) { 3518 return; 3519 } 3520 3521 h = strrchr(vnc, ':'); 3522 if (h) { 3523 size_t hlen = h - vnc; 3524 3525 const char *websocket = qemu_opt_get(opts, "websocket"); 3526 int to = qemu_opt_get_number(opts, "to", 0); 3527 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3528 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3529 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3530 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3531 3532 saddr = g_new0(SocketAddress, 1); 3533 if (websocket) { 3534 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3535 error_setg(errp, 3536 "SHA1 hash support is required for websockets"); 3537 goto fail; 3538 } 3539 3540 wsaddr = g_new0(SocketAddress, 1); 3541 ws_enabled = true; 3542 } 3543 3544 if (strncmp(vnc, "unix:", 5) == 0) { 3545 saddr->type = SOCKET_ADDRESS_KIND_UNIX; 3546 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1); 3547 saddr->u.q_unix.data->path = g_strdup(vnc + 5); 3548 3549 if (ws_enabled) { 3550 error_setg(errp, "UNIX sockets not supported with websock"); 3551 goto fail; 3552 } 3553 } else { 3554 unsigned long long baseport; 3555 InetSocketAddress *inet; 3556 saddr->type = SOCKET_ADDRESS_KIND_INET; 3557 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1); 3558 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3559 inet->host = g_strndup(vnc + 1, hlen - 2); 3560 } else { 3561 inet->host = g_strndup(vnc, hlen); 3562 } 3563 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3564 error_setg(errp, "can't convert to a number: %s", h + 1); 3565 goto fail; 3566 } 3567 if (baseport > 65535 || 3568 baseport + 5900 > 65535) { 3569 error_setg(errp, "port %s out of range", h + 1); 3570 goto fail; 3571 } 3572 inet->port = g_strdup_printf( 3573 "%d", (int)baseport + 5900); 3574 3575 if (to) { 3576 inet->has_to = true; 3577 inet->to = to + 5900; 3578 show_vnc_port = 1; 3579 } 3580 inet->ipv4 = ipv4; 3581 inet->has_ipv4 = has_ipv4; 3582 inet->ipv6 = ipv6; 3583 inet->has_ipv6 = has_ipv6; 3584 3585 if (ws_enabled) { 3586 wsaddr->type = SOCKET_ADDRESS_KIND_INET; 3587 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1); 3588 inet->host = g_strdup(saddr->u.inet.data->host); 3589 inet->port = g_strdup(websocket); 3590 3591 if (to) { 3592 inet->has_to = true; 3593 inet->to = to; 3594 } 3595 inet->ipv4 = ipv4; 3596 inet->has_ipv4 = has_ipv4; 3597 inet->ipv6 = ipv6; 3598 inet->has_ipv6 = has_ipv6; 3599 } 3600 } 3601 } else { 3602 error_setg(errp, "no vnc port specified"); 3603 goto fail; 3604 } 3605 3606 password = qemu_opt_get_bool(opts, "password", false); 3607 if (password) { 3608 if (fips_get_state()) { 3609 error_setg(errp, 3610 "VNC password auth disabled due to FIPS mode, " 3611 "consider using the VeNCrypt or SASL authentication " 3612 "methods as an alternative"); 3613 goto fail; 3614 } 3615 if (!qcrypto_cipher_supports( 3616 QCRYPTO_CIPHER_ALG_DES_RFB, QCRYPTO_CIPHER_MODE_ECB)) { 3617 error_setg(errp, 3618 "Cipher backend does not support DES RFB algorithm"); 3619 goto fail; 3620 } 3621 } 3622 3623 reverse = qemu_opt_get_bool(opts, "reverse", false); 3624 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3625 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1); 3626 sasl = qemu_opt_get_bool(opts, "sasl", false); 3627 #ifndef CONFIG_VNC_SASL 3628 if (sasl) { 3629 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3630 goto fail; 3631 } 3632 #endif /* CONFIG_VNC_SASL */ 3633 credid = qemu_opt_get(opts, "tls-creds"); 3634 if (credid) { 3635 Object *creds; 3636 if (qemu_opt_get(opts, "tls") || 3637 qemu_opt_get(opts, "x509") || 3638 qemu_opt_get(opts, "x509verify")) { 3639 error_setg(errp, 3640 "'tls-creds' parameter is mutually exclusive with " 3641 "'tls', 'x509' and 'x509verify' parameters"); 3642 goto fail; 3643 } 3644 3645 creds = object_resolve_path_component( 3646 object_get_objects_root(), credid); 3647 if (!creds) { 3648 error_setg(errp, "No TLS credentials with id '%s'", 3649 credid); 3650 goto fail; 3651 } 3652 vd->tlscreds = (QCryptoTLSCreds *) 3653 object_dynamic_cast(creds, 3654 TYPE_QCRYPTO_TLS_CREDS); 3655 if (!vd->tlscreds) { 3656 error_setg(errp, "Object with id '%s' is not TLS credentials", 3657 credid); 3658 goto fail; 3659 } 3660 object_ref(OBJECT(vd->tlscreds)); 3661 3662 if (vd->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3663 error_setg(errp, 3664 "Expecting TLS credentials with a server endpoint"); 3665 goto fail; 3666 } 3667 } else { 3668 const char *path; 3669 bool tls = false, x509 = false, x509verify = false; 3670 tls = qemu_opt_get_bool(opts, "tls", false); 3671 if (tls) { 3672 path = qemu_opt_get(opts, "x509"); 3673 3674 if (path) { 3675 x509 = true; 3676 } else { 3677 path = qemu_opt_get(opts, "x509verify"); 3678 if (path) { 3679 x509 = true; 3680 x509verify = true; 3681 } 3682 } 3683 vd->tlscreds = vnc_display_create_creds(x509, 3684 x509verify, 3685 path, 3686 vd->id, 3687 errp); 3688 if (!vd->tlscreds) { 3689 goto fail; 3690 } 3691 } 3692 } 3693 acl = qemu_opt_get_bool(opts, "acl", false); 3694 3695 share = qemu_opt_get(opts, "share"); 3696 if (share) { 3697 if (strcmp(share, "ignore") == 0) { 3698 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 3699 } else if (strcmp(share, "allow-exclusive") == 0) { 3700 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3701 } else if (strcmp(share, "force-shared") == 0) { 3702 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3703 } else { 3704 error_setg(errp, "unknown vnc share= option"); 3705 goto fail; 3706 } 3707 } else { 3708 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3709 } 3710 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3711 3712 #ifdef CONFIG_VNC_JPEG 3713 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 3714 #endif 3715 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3716 /* adaptive updates are only used with tight encoding and 3717 * if lossy updates are enabled so we can disable all the 3718 * calculations otherwise */ 3719 if (!vd->lossy) { 3720 vd->non_adaptive = true; 3721 } 3722 3723 if (acl) { 3724 if (strcmp(vd->id, "default") == 0) { 3725 vd->tlsaclname = g_strdup("vnc.x509dname"); 3726 } else { 3727 vd->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vd->id); 3728 } 3729 qemu_acl_init(vd->tlsaclname); 3730 } 3731 #ifdef CONFIG_VNC_SASL 3732 if (acl && sasl) { 3733 char *aclname; 3734 3735 if (strcmp(vd->id, "default") == 0) { 3736 aclname = g_strdup("vnc.username"); 3737 } else { 3738 aclname = g_strdup_printf("vnc.%s.username", vd->id); 3739 } 3740 vd->sasl.acl = qemu_acl_init(aclname); 3741 g_free(aclname); 3742 } 3743 #endif 3744 3745 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 3746 vd->tlscreds, password, 3747 sasl, false, errp) < 0) { 3748 goto fail; 3749 } 3750 3751 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 3752 vd->tlscreds, password, 3753 sasl, true, errp) < 0) { 3754 goto fail; 3755 } 3756 3757 #ifdef CONFIG_VNC_SASL 3758 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3759 error_setg(errp, "Failed to initialize SASL auth: %s", 3760 sasl_errstring(saslErr, NULL, NULL)); 3761 goto fail; 3762 } 3763 #endif 3764 vd->lock_key_sync = lock_key_sync; 3765 vd->key_delay_ms = key_delay_ms; 3766 3767 device_id = qemu_opt_get(opts, "display"); 3768 if (device_id) { 3769 int head = qemu_opt_get_number(opts, "head", 0); 3770 Error *err = NULL; 3771 3772 con = qemu_console_lookup_by_device_name(device_id, head, &err); 3773 if (err) { 3774 error_propagate(errp, err); 3775 goto fail; 3776 } 3777 } else { 3778 con = NULL; 3779 } 3780 3781 if (con != vd->dcl.con) { 3782 unregister_displaychangelistener(&vd->dcl); 3783 vd->dcl.con = con; 3784 register_displaychangelistener(&vd->dcl); 3785 } 3786 3787 if (reverse) { 3788 /* connect to viewer */ 3789 QIOChannelSocket *sioc = NULL; 3790 vd->lsock = NULL; 3791 vd->lwebsock = NULL; 3792 if (ws_enabled) { 3793 error_setg(errp, "Cannot use websockets in reverse mode"); 3794 goto fail; 3795 } 3796 vd->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3797 sioc = qio_channel_socket_new(); 3798 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3799 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) { 3800 goto fail; 3801 } 3802 vnc_connect(vd, sioc, false, false); 3803 object_unref(OBJECT(sioc)); 3804 } else { 3805 vd->lsock = qio_channel_socket_new(); 3806 qio_channel_set_name(QIO_CHANNEL(vd->lsock), "vnc-listen"); 3807 if (qio_channel_socket_listen_sync(vd->lsock, saddr, errp) < 0) { 3808 goto fail; 3809 } 3810 vd->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3811 3812 if (ws_enabled) { 3813 vd->lwebsock = qio_channel_socket_new(); 3814 qio_channel_set_name(QIO_CHANNEL(vd->lwebsock), "vnc-ws-listen"); 3815 if (qio_channel_socket_listen_sync(vd->lwebsock, 3816 wsaddr, errp) < 0) { 3817 object_unref(OBJECT(vd->lsock)); 3818 vd->lsock = NULL; 3819 goto fail; 3820 } 3821 } 3822 3823 vd->lsock_tag = qio_channel_add_watch( 3824 QIO_CHANNEL(vd->lsock), 3825 G_IO_IN, vnc_listen_io, vd, NULL); 3826 if (ws_enabled) { 3827 vd->lwebsock_tag = qio_channel_add_watch( 3828 QIO_CHANNEL(vd->lwebsock), 3829 G_IO_IN, vnc_listen_io, vd, NULL); 3830 } 3831 } 3832 3833 if (show_vnc_port) { 3834 vnc_display_print_local_addr(vd); 3835 } 3836 3837 qapi_free_SocketAddress(saddr); 3838 qapi_free_SocketAddress(wsaddr); 3839 return; 3840 3841 fail: 3842 qapi_free_SocketAddress(saddr); 3843 qapi_free_SocketAddress(wsaddr); 3844 ws_enabled = false; 3845 } 3846 3847 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3848 { 3849 VncDisplay *vd = vnc_display_find(id); 3850 QIOChannelSocket *sioc; 3851 3852 if (!vd) { 3853 return; 3854 } 3855 3856 sioc = qio_channel_socket_new_fd(csock, NULL); 3857 if (sioc) { 3858 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 3859 vnc_connect(vd, sioc, skipauth, false); 3860 object_unref(OBJECT(sioc)); 3861 } 3862 } 3863 3864 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3865 { 3866 int i = 2; 3867 char *id; 3868 3869 id = g_strdup("default"); 3870 while (qemu_opts_find(olist, id)) { 3871 g_free(id); 3872 id = g_strdup_printf("vnc%d", i++); 3873 } 3874 qemu_opts_set_id(opts, id); 3875 } 3876 3877 QemuOpts *vnc_parse(const char *str, Error **errp) 3878 { 3879 QemuOptsList *olist = qemu_find_opts("vnc"); 3880 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3881 const char *id; 3882 3883 if (!opts) { 3884 return NULL; 3885 } 3886 3887 id = qemu_opts_id(opts); 3888 if (!id) { 3889 /* auto-assign id if not present */ 3890 vnc_auto_assign_id(olist, opts); 3891 } 3892 return opts; 3893 } 3894 3895 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3896 { 3897 Error *local_err = NULL; 3898 char *id = (char *)qemu_opts_id(opts); 3899 3900 assert(id); 3901 vnc_display_init(id); 3902 vnc_display_open(id, &local_err); 3903 if (local_err != NULL) { 3904 error_reportf_err(local_err, "Failed to start VNC server: "); 3905 exit(1); 3906 } 3907 return 0; 3908 } 3909 3910 static void vnc_register_config(void) 3911 { 3912 qemu_add_opts(&qemu_vnc_opts); 3913 } 3914 opts_init(vnc_register_config); 3915