1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev.h" 32 #include "sysemu/sysemu.h" 33 #include "qemu/error-report.h" 34 #include "qemu/sockets.h" 35 #include "qemu/timer.h" 36 #include "qemu/acl.h" 37 #include "qemu/config-file.h" 38 #include "qapi/qmp/qerror.h" 39 #include "qapi/qmp/types.h" 40 #include "qmp-commands.h" 41 #include "ui/input.h" 42 #include "qapi-event.h" 43 #include "crypto/hash.h" 44 #include "crypto/tlscredsanon.h" 45 #include "crypto/tlscredsx509.h" 46 #include "qom/object_interfaces.h" 47 #include "qemu/cutils.h" 48 49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 50 #define VNC_REFRESH_INTERVAL_INC 50 51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 54 55 #include "vnc_keysym.h" 56 #include "crypto/cipher.h" 57 58 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 59 QTAILQ_HEAD_INITIALIZER(vnc_displays); 60 61 static int vnc_cursor_define(VncState *vs); 62 static void vnc_release_modifiers(VncState *vs); 63 64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 65 { 66 #ifdef _VNC_DEBUG 67 static const char *mn[] = { 68 [0] = "undefined", 69 [VNC_SHARE_MODE_CONNECTING] = "connecting", 70 [VNC_SHARE_MODE_SHARED] = "shared", 71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 73 }; 74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 75 vs->ioc, mn[vs->share_mode], mn[mode]); 76 #endif 77 78 switch (vs->share_mode) { 79 case VNC_SHARE_MODE_CONNECTING: 80 vs->vd->num_connecting--; 81 break; 82 case VNC_SHARE_MODE_SHARED: 83 vs->vd->num_shared--; 84 break; 85 case VNC_SHARE_MODE_EXCLUSIVE: 86 vs->vd->num_exclusive--; 87 break; 88 default: 89 break; 90 } 91 92 vs->share_mode = mode; 93 94 switch (vs->share_mode) { 95 case VNC_SHARE_MODE_CONNECTING: 96 vs->vd->num_connecting++; 97 break; 98 case VNC_SHARE_MODE_SHARED: 99 vs->vd->num_shared++; 100 break; 101 case VNC_SHARE_MODE_EXCLUSIVE: 102 vs->vd->num_exclusive++; 103 break; 104 default: 105 break; 106 } 107 } 108 109 110 static void vnc_init_basic_info(SocketAddress *addr, 111 VncBasicInfo *info, 112 Error **errp) 113 { 114 switch (addr->type) { 115 case SOCKET_ADDRESS_KIND_INET: 116 info->host = g_strdup(addr->u.inet.data->host); 117 info->service = g_strdup(addr->u.inet.data->port); 118 if (addr->u.inet.data->ipv6) { 119 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 120 } else { 121 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 122 } 123 break; 124 125 case SOCKET_ADDRESS_KIND_UNIX: 126 info->host = g_strdup(""); 127 info->service = g_strdup(addr->u.q_unix.data->path); 128 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 129 break; 130 131 default: 132 error_setg(errp, "Unsupported socket kind %d", 133 addr->type); 134 break; 135 } 136 137 return; 138 } 139 140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 141 VncBasicInfo *info, 142 Error **errp) 143 { 144 SocketAddress *addr = NULL; 145 146 addr = qio_channel_socket_get_local_address(ioc, errp); 147 if (!addr) { 148 return; 149 } 150 151 vnc_init_basic_info(addr, info, errp); 152 qapi_free_SocketAddress(addr); 153 } 154 155 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 156 VncBasicInfo *info, 157 Error **errp) 158 { 159 SocketAddress *addr = NULL; 160 161 addr = qio_channel_socket_get_remote_address(ioc, errp); 162 if (!addr) { 163 return; 164 } 165 166 vnc_init_basic_info(addr, info, errp); 167 qapi_free_SocketAddress(addr); 168 } 169 170 static const char *vnc_auth_name(VncDisplay *vd) { 171 switch (vd->auth) { 172 case VNC_AUTH_INVALID: 173 return "invalid"; 174 case VNC_AUTH_NONE: 175 return "none"; 176 case VNC_AUTH_VNC: 177 return "vnc"; 178 case VNC_AUTH_RA2: 179 return "ra2"; 180 case VNC_AUTH_RA2NE: 181 return "ra2ne"; 182 case VNC_AUTH_TIGHT: 183 return "tight"; 184 case VNC_AUTH_ULTRA: 185 return "ultra"; 186 case VNC_AUTH_TLS: 187 return "tls"; 188 case VNC_AUTH_VENCRYPT: 189 switch (vd->subauth) { 190 case VNC_AUTH_VENCRYPT_PLAIN: 191 return "vencrypt+plain"; 192 case VNC_AUTH_VENCRYPT_TLSNONE: 193 return "vencrypt+tls+none"; 194 case VNC_AUTH_VENCRYPT_TLSVNC: 195 return "vencrypt+tls+vnc"; 196 case VNC_AUTH_VENCRYPT_TLSPLAIN: 197 return "vencrypt+tls+plain"; 198 case VNC_AUTH_VENCRYPT_X509NONE: 199 return "vencrypt+x509+none"; 200 case VNC_AUTH_VENCRYPT_X509VNC: 201 return "vencrypt+x509+vnc"; 202 case VNC_AUTH_VENCRYPT_X509PLAIN: 203 return "vencrypt+x509+plain"; 204 case VNC_AUTH_VENCRYPT_TLSSASL: 205 return "vencrypt+tls+sasl"; 206 case VNC_AUTH_VENCRYPT_X509SASL: 207 return "vencrypt+x509+sasl"; 208 default: 209 return "vencrypt"; 210 } 211 case VNC_AUTH_SASL: 212 return "sasl"; 213 } 214 return "unknown"; 215 } 216 217 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 218 { 219 VncServerInfo *info; 220 Error *err = NULL; 221 222 info = g_malloc(sizeof(*info)); 223 vnc_init_basic_info_from_server_addr(vd->lsock, 224 qapi_VncServerInfo_base(info), &err); 225 info->has_auth = true; 226 info->auth = g_strdup(vnc_auth_name(vd)); 227 if (err) { 228 qapi_free_VncServerInfo(info); 229 info = NULL; 230 error_free(err); 231 } 232 return info; 233 } 234 235 static void vnc_client_cache_auth(VncState *client) 236 { 237 if (!client->info) { 238 return; 239 } 240 241 if (client->tls) { 242 client->info->x509_dname = 243 qcrypto_tls_session_get_peer_name(client->tls); 244 client->info->has_x509_dname = 245 client->info->x509_dname != NULL; 246 } 247 #ifdef CONFIG_VNC_SASL 248 if (client->sasl.conn && 249 client->sasl.username) { 250 client->info->has_sasl_username = true; 251 client->info->sasl_username = g_strdup(client->sasl.username); 252 } 253 #endif 254 } 255 256 static void vnc_client_cache_addr(VncState *client) 257 { 258 Error *err = NULL; 259 260 client->info = g_malloc0(sizeof(*client->info)); 261 vnc_init_basic_info_from_remote_addr(client->sioc, 262 qapi_VncClientInfo_base(client->info), 263 &err); 264 if (err) { 265 qapi_free_VncClientInfo(client->info); 266 client->info = NULL; 267 error_free(err); 268 } 269 } 270 271 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 272 { 273 VncServerInfo *si; 274 275 if (!vs->info) { 276 return; 277 } 278 279 si = vnc_server_info_get(vs->vd); 280 if (!si) { 281 return; 282 } 283 284 switch (event) { 285 case QAPI_EVENT_VNC_CONNECTED: 286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info), 287 &error_abort); 288 break; 289 case QAPI_EVENT_VNC_INITIALIZED: 290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort); 291 break; 292 case QAPI_EVENT_VNC_DISCONNECTED: 293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort); 294 break; 295 default: 296 break; 297 } 298 299 qapi_free_VncServerInfo(si); 300 } 301 302 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 303 { 304 VncClientInfo *info; 305 Error *err = NULL; 306 307 info = g_malloc0(sizeof(*info)); 308 309 vnc_init_basic_info_from_remote_addr(client->sioc, 310 qapi_VncClientInfo_base(info), 311 &err); 312 if (err) { 313 error_free(err); 314 qapi_free_VncClientInfo(info); 315 return NULL; 316 } 317 318 info->websocket = client->websocket; 319 320 if (client->tls) { 321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 322 info->has_x509_dname = info->x509_dname != NULL; 323 } 324 #ifdef CONFIG_VNC_SASL 325 if (client->sasl.conn && client->sasl.username) { 326 info->has_sasl_username = true; 327 info->sasl_username = g_strdup(client->sasl.username); 328 } 329 #endif 330 331 return info; 332 } 333 334 static VncDisplay *vnc_display_find(const char *id) 335 { 336 VncDisplay *vd; 337 338 if (id == NULL) { 339 return QTAILQ_FIRST(&vnc_displays); 340 } 341 QTAILQ_FOREACH(vd, &vnc_displays, next) { 342 if (strcmp(id, vd->id) == 0) { 343 return vd; 344 } 345 } 346 return NULL; 347 } 348 349 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 350 { 351 VncClientInfoList *cinfo, *prev = NULL; 352 VncState *client; 353 354 QTAILQ_FOREACH(client, &vd->clients, next) { 355 cinfo = g_new0(VncClientInfoList, 1); 356 cinfo->value = qmp_query_vnc_client(client); 357 cinfo->next = prev; 358 prev = cinfo; 359 } 360 return prev; 361 } 362 363 VncInfo *qmp_query_vnc(Error **errp) 364 { 365 VncInfo *info = g_malloc0(sizeof(*info)); 366 VncDisplay *vd = vnc_display_find(NULL); 367 SocketAddress *addr = NULL; 368 369 if (vd == NULL || !vd->enabled) { 370 info->enabled = false; 371 } else { 372 info->enabled = true; 373 374 /* for compatibility with the original command */ 375 info->has_clients = true; 376 info->clients = qmp_query_client_list(vd); 377 378 if (vd->lsock == NULL) { 379 return info; 380 } 381 382 addr = qio_channel_socket_get_local_address(vd->lsock, errp); 383 if (!addr) { 384 goto out_error; 385 } 386 387 switch (addr->type) { 388 case SOCKET_ADDRESS_KIND_INET: 389 info->host = g_strdup(addr->u.inet.data->host); 390 info->service = g_strdup(addr->u.inet.data->port); 391 if (addr->u.inet.data->ipv6) { 392 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 393 } else { 394 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 395 } 396 break; 397 398 case SOCKET_ADDRESS_KIND_UNIX: 399 info->host = g_strdup(""); 400 info->service = g_strdup(addr->u.q_unix.data->path); 401 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 402 break; 403 404 default: 405 error_setg(errp, "Unsupported socket kind %d", 406 addr->type); 407 goto out_error; 408 } 409 410 info->has_host = true; 411 info->has_service = true; 412 info->has_family = true; 413 414 info->has_auth = true; 415 info->auth = g_strdup(vnc_auth_name(vd)); 416 } 417 418 qapi_free_SocketAddress(addr); 419 return info; 420 421 out_error: 422 qapi_free_SocketAddress(addr); 423 qapi_free_VncInfo(info); 424 return NULL; 425 } 426 427 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc, 428 bool websocket, 429 VncBasicInfoList *prev) 430 { 431 VncBasicInfoList *list; 432 VncBasicInfo *info; 433 Error *err = NULL; 434 SocketAddress *addr; 435 436 addr = qio_channel_socket_get_local_address(ioc, &err); 437 if (!addr) { 438 error_free(err); 439 return prev; 440 } 441 442 info = g_new0(VncBasicInfo, 1); 443 vnc_init_basic_info(addr, info, &err); 444 qapi_free_SocketAddress(addr); 445 if (err) { 446 qapi_free_VncBasicInfo(info); 447 error_free(err); 448 return prev; 449 } 450 info->websocket = websocket; 451 452 list = g_new0(VncBasicInfoList, 1); 453 list->value = info; 454 list->next = prev; 455 return list; 456 } 457 458 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info) 459 { 460 switch (vd->auth) { 461 case VNC_AUTH_VNC: 462 info->auth = VNC_PRIMARY_AUTH_VNC; 463 break; 464 case VNC_AUTH_RA2: 465 info->auth = VNC_PRIMARY_AUTH_RA2; 466 break; 467 case VNC_AUTH_RA2NE: 468 info->auth = VNC_PRIMARY_AUTH_RA2NE; 469 break; 470 case VNC_AUTH_TIGHT: 471 info->auth = VNC_PRIMARY_AUTH_TIGHT; 472 break; 473 case VNC_AUTH_ULTRA: 474 info->auth = VNC_PRIMARY_AUTH_ULTRA; 475 break; 476 case VNC_AUTH_TLS: 477 info->auth = VNC_PRIMARY_AUTH_TLS; 478 break; 479 case VNC_AUTH_VENCRYPT: 480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT; 481 info->has_vencrypt = true; 482 switch (vd->subauth) { 483 case VNC_AUTH_VENCRYPT_PLAIN: 484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 485 break; 486 case VNC_AUTH_VENCRYPT_TLSNONE: 487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 488 break; 489 case VNC_AUTH_VENCRYPT_TLSVNC: 490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 491 break; 492 case VNC_AUTH_VENCRYPT_TLSPLAIN: 493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 494 break; 495 case VNC_AUTH_VENCRYPT_X509NONE: 496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 497 break; 498 case VNC_AUTH_VENCRYPT_X509VNC: 499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 500 break; 501 case VNC_AUTH_VENCRYPT_X509PLAIN: 502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 503 break; 504 case VNC_AUTH_VENCRYPT_TLSSASL: 505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 506 break; 507 case VNC_AUTH_VENCRYPT_X509SASL: 508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 509 break; 510 default: 511 info->has_vencrypt = false; 512 break; 513 } 514 break; 515 case VNC_AUTH_SASL: 516 info->auth = VNC_PRIMARY_AUTH_SASL; 517 break; 518 case VNC_AUTH_NONE: 519 default: 520 info->auth = VNC_PRIMARY_AUTH_NONE; 521 break; 522 } 523 } 524 525 VncInfo2List *qmp_query_vnc_servers(Error **errp) 526 { 527 VncInfo2List *item, *prev = NULL; 528 VncInfo2 *info; 529 VncDisplay *vd; 530 DeviceState *dev; 531 532 QTAILQ_FOREACH(vd, &vnc_displays, next) { 533 info = g_new0(VncInfo2, 1); 534 info->id = g_strdup(vd->id); 535 info->clients = qmp_query_client_list(vd); 536 qmp_query_auth(vd, info); 537 if (vd->dcl.con) { 538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 539 "device", NULL)); 540 info->has_display = true; 541 info->display = g_strdup(dev->id); 542 } 543 if (vd->lsock != NULL) { 544 info->server = qmp_query_server_entry( 545 vd->lsock, false, info->server); 546 } 547 if (vd->lwebsock != NULL) { 548 info->server = qmp_query_server_entry( 549 vd->lwebsock, true, info->server); 550 } 551 552 item = g_new0(VncInfo2List, 1); 553 item->value = info; 554 item->next = prev; 555 prev = item; 556 } 557 return prev; 558 } 559 560 /* TODO 561 1) Get the queue working for IO. 562 2) there is some weirdness when using the -S option (the screen is grey 563 and not totally invalidated 564 3) resolutions > 1024 565 */ 566 567 static int vnc_update_client(VncState *vs, int has_dirty, bool sync); 568 static void vnc_disconnect_start(VncState *vs); 569 570 static void vnc_colordepth(VncState *vs); 571 static void framebuffer_update_request(VncState *vs, int incremental, 572 int x_position, int y_position, 573 int w, int h); 574 static void vnc_refresh(DisplayChangeListener *dcl); 575 static int vnc_refresh_server_surface(VncDisplay *vd); 576 577 static int vnc_width(VncDisplay *vd) 578 { 579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 580 VNC_DIRTY_PIXELS_PER_BIT)); 581 } 582 583 static int vnc_height(VncDisplay *vd) 584 { 585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 586 } 587 588 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 590 VncDisplay *vd, 591 int x, int y, int w, int h) 592 { 593 int width = vnc_width(vd); 594 int height = vnc_height(vd); 595 596 /* this is needed this to ensure we updated all affected 597 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 598 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 600 601 x = MIN(x, width); 602 y = MIN(y, height); 603 w = MIN(x + w, width) - x; 604 h = MIN(y + h, height); 605 606 for (; y < h; y++) { 607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 609 } 610 } 611 612 static void vnc_dpy_update(DisplayChangeListener *dcl, 613 int x, int y, int w, int h) 614 { 615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 616 struct VncSurface *s = &vd->guest; 617 618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 619 } 620 621 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 622 int32_t encoding) 623 { 624 vnc_write_u16(vs, x); 625 vnc_write_u16(vs, y); 626 vnc_write_u16(vs, w); 627 vnc_write_u16(vs, h); 628 629 vnc_write_s32(vs, encoding); 630 } 631 632 633 static void vnc_desktop_resize(VncState *vs) 634 { 635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) { 636 return; 637 } 638 if (vs->client_width == pixman_image_get_width(vs->vd->server) && 639 vs->client_height == pixman_image_get_height(vs->vd->server)) { 640 return; 641 } 642 vs->client_width = pixman_image_get_width(vs->vd->server); 643 vs->client_height = pixman_image_get_height(vs->vd->server); 644 vnc_lock_output(vs); 645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 646 vnc_write_u8(vs, 0); 647 vnc_write_u16(vs, 1); /* number of rects */ 648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 649 VNC_ENCODING_DESKTOPRESIZE); 650 vnc_unlock_output(vs); 651 vnc_flush(vs); 652 } 653 654 static void vnc_abort_display_jobs(VncDisplay *vd) 655 { 656 VncState *vs; 657 658 QTAILQ_FOREACH(vs, &vd->clients, next) { 659 vnc_lock_output(vs); 660 vs->abort = true; 661 vnc_unlock_output(vs); 662 } 663 QTAILQ_FOREACH(vs, &vd->clients, next) { 664 vnc_jobs_join(vs); 665 } 666 QTAILQ_FOREACH(vs, &vd->clients, next) { 667 vnc_lock_output(vs); 668 vs->abort = false; 669 vnc_unlock_output(vs); 670 } 671 } 672 673 int vnc_server_fb_stride(VncDisplay *vd) 674 { 675 return pixman_image_get_stride(vd->server); 676 } 677 678 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 679 { 680 uint8_t *ptr; 681 682 ptr = (uint8_t *)pixman_image_get_data(vd->server); 683 ptr += y * vnc_server_fb_stride(vd); 684 ptr += x * VNC_SERVER_FB_BYTES; 685 return ptr; 686 } 687 688 static void vnc_update_server_surface(VncDisplay *vd) 689 { 690 qemu_pixman_image_unref(vd->server); 691 vd->server = NULL; 692 693 if (QTAILQ_EMPTY(&vd->clients)) { 694 return; 695 } 696 697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 698 vnc_width(vd), 699 vnc_height(vd), 700 NULL, 0); 701 } 702 703 static void vnc_dpy_switch(DisplayChangeListener *dcl, 704 DisplaySurface *surface) 705 { 706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 707 VncState *vs; 708 int width, height; 709 710 vnc_abort_display_jobs(vd); 711 vd->ds = surface; 712 713 /* server surface */ 714 vnc_update_server_surface(vd); 715 716 /* guest surface */ 717 qemu_pixman_image_unref(vd->guest.fb); 718 vd->guest.fb = pixman_image_ref(surface->image); 719 vd->guest.format = surface->format; 720 width = vnc_width(vd); 721 height = vnc_height(vd); 722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 724 width, height); 725 726 QTAILQ_FOREACH(vs, &vd->clients, next) { 727 vnc_colordepth(vs); 728 vnc_desktop_resize(vs); 729 if (vs->vd->cursor) { 730 vnc_cursor_define(vs); 731 } 732 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 733 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 734 width, height); 735 } 736 } 737 738 /* fastest code */ 739 static void vnc_write_pixels_copy(VncState *vs, 740 void *pixels, int size) 741 { 742 vnc_write(vs, pixels, size); 743 } 744 745 /* slowest but generic code. */ 746 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 747 { 748 uint8_t r, g, b; 749 750 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 754 #else 755 # error need some bits here if you change VNC_SERVER_FB_FORMAT 756 #endif 757 v = (r << vs->client_pf.rshift) | 758 (g << vs->client_pf.gshift) | 759 (b << vs->client_pf.bshift); 760 switch (vs->client_pf.bytes_per_pixel) { 761 case 1: 762 buf[0] = v; 763 break; 764 case 2: 765 if (vs->client_be) { 766 buf[0] = v >> 8; 767 buf[1] = v; 768 } else { 769 buf[1] = v >> 8; 770 buf[0] = v; 771 } 772 break; 773 default: 774 case 4: 775 if (vs->client_be) { 776 buf[0] = v >> 24; 777 buf[1] = v >> 16; 778 buf[2] = v >> 8; 779 buf[3] = v; 780 } else { 781 buf[3] = v >> 24; 782 buf[2] = v >> 16; 783 buf[1] = v >> 8; 784 buf[0] = v; 785 } 786 break; 787 } 788 } 789 790 static void vnc_write_pixels_generic(VncState *vs, 791 void *pixels1, int size) 792 { 793 uint8_t buf[4]; 794 795 if (VNC_SERVER_FB_BYTES == 4) { 796 uint32_t *pixels = pixels1; 797 int n, i; 798 n = size >> 2; 799 for (i = 0; i < n; i++) { 800 vnc_convert_pixel(vs, buf, pixels[i]); 801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 802 } 803 } 804 } 805 806 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 807 { 808 int i; 809 uint8_t *row; 810 VncDisplay *vd = vs->vd; 811 812 row = vnc_server_fb_ptr(vd, x, y); 813 for (i = 0; i < h; i++) { 814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 815 row += vnc_server_fb_stride(vd); 816 } 817 return 1; 818 } 819 820 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 821 { 822 int n = 0; 823 bool encode_raw = false; 824 size_t saved_offs = vs->output.offset; 825 826 switch(vs->vnc_encoding) { 827 case VNC_ENCODING_ZLIB: 828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 829 break; 830 case VNC_ENCODING_HEXTILE: 831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 833 break; 834 case VNC_ENCODING_TIGHT: 835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 836 break; 837 case VNC_ENCODING_TIGHT_PNG: 838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 839 break; 840 case VNC_ENCODING_ZRLE: 841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 842 break; 843 case VNC_ENCODING_ZYWRLE: 844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 845 break; 846 default: 847 encode_raw = true; 848 break; 849 } 850 851 /* If the client has the same pixel format as our internal buffer and 852 * a RAW encoding would need less space fall back to RAW encoding to 853 * save bandwidth and processing power in the client. */ 854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy && 855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) { 856 vs->output.offset = saved_offs; 857 encode_raw = true; 858 } 859 860 if (encode_raw) { 861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 863 } 864 865 return n; 866 } 867 868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h) 869 { 870 /* send bitblit op to the vnc client */ 871 vnc_lock_output(vs); 872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 873 vnc_write_u8(vs, 0); 874 vnc_write_u16(vs, 1); /* number of rects */ 875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT); 876 vnc_write_u16(vs, src_x); 877 vnc_write_u16(vs, src_y); 878 vnc_unlock_output(vs); 879 vnc_flush(vs); 880 } 881 882 static void vnc_dpy_copy(DisplayChangeListener *dcl, 883 int src_x, int src_y, 884 int dst_x, int dst_y, int w, int h) 885 { 886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 887 VncState *vs, *vn; 888 uint8_t *src_row; 889 uint8_t *dst_row; 890 int i, x, y, pitch, inc, w_lim, s; 891 int cmp_bytes; 892 893 if (!vd->server) { 894 /* no client connected */ 895 return; 896 } 897 898 vnc_refresh_server_surface(vd); 899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 901 vs->force_update = 1; 902 vnc_update_client(vs, 1, true); 903 /* vs might be free()ed here */ 904 } 905 } 906 907 /* do bitblit op on the local surface too */ 908 pitch = vnc_server_fb_stride(vd); 909 src_row = vnc_server_fb_ptr(vd, src_x, src_y); 910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y); 911 y = dst_y; 912 inc = 1; 913 if (dst_y > src_y) { 914 /* copy backwards */ 915 src_row += pitch * (h-1); 916 dst_row += pitch * (h-1); 917 pitch = -pitch; 918 y = dst_y + h - 1; 919 inc = -1; 920 } 921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 922 if (w_lim < 0) { 923 w_lim = w; 924 } else { 925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT); 926 } 927 for (i = 0; i < h; i++) { 928 for (x = 0; x <= w_lim; 929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) { 930 if (x == w_lim) { 931 if ((s = w - w_lim) == 0) 932 break; 933 } else if (!x) { 934 s = (VNC_DIRTY_PIXELS_PER_BIT - 935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT)); 936 s = MIN(s, w_lim); 937 } else { 938 s = VNC_DIRTY_PIXELS_PER_BIT; 939 } 940 cmp_bytes = s * VNC_SERVER_FB_BYTES; 941 if (memcmp(src_row, dst_row, cmp_bytes) == 0) 942 continue; 943 memmove(dst_row, src_row, cmp_bytes); 944 QTAILQ_FOREACH(vs, &vd->clients, next) { 945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT), 947 vs->dirty[y]); 948 } 949 } 950 } 951 src_row += pitch - w * VNC_SERVER_FB_BYTES; 952 dst_row += pitch - w * VNC_SERVER_FB_BYTES; 953 y += inc; 954 } 955 956 QTAILQ_FOREACH(vs, &vd->clients, next) { 957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) { 958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h); 959 } 960 } 961 } 962 963 static void vnc_mouse_set(DisplayChangeListener *dcl, 964 int x, int y, int visible) 965 { 966 /* can we ask the client(s) to move the pointer ??? */ 967 } 968 969 static int vnc_cursor_define(VncState *vs) 970 { 971 QEMUCursor *c = vs->vd->cursor; 972 int isize; 973 974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 975 vnc_lock_output(vs); 976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 977 vnc_write_u8(vs, 0); /* padding */ 978 vnc_write_u16(vs, 1); /* # of rects */ 979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 980 VNC_ENCODING_RICH_CURSOR); 981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 982 vnc_write_pixels_generic(vs, c->data, isize); 983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 984 vnc_unlock_output(vs); 985 return 0; 986 } 987 return -1; 988 } 989 990 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 991 QEMUCursor *c) 992 { 993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 994 VncState *vs; 995 996 cursor_put(vd->cursor); 997 g_free(vd->cursor_mask); 998 999 vd->cursor = c; 1000 cursor_get(vd->cursor); 1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1002 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1003 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1004 1005 QTAILQ_FOREACH(vs, &vd->clients, next) { 1006 vnc_cursor_define(vs); 1007 } 1008 } 1009 1010 static int find_and_clear_dirty_height(VncState *vs, 1011 int y, int last_x, int x, int height) 1012 { 1013 int h; 1014 1015 for (h = 1; h < (height - y); h++) { 1016 if (!test_bit(last_x, vs->dirty[y + h])) { 1017 break; 1018 } 1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1020 } 1021 1022 return h; 1023 } 1024 1025 static int vnc_update_client(VncState *vs, int has_dirty, bool sync) 1026 { 1027 vs->has_dirty += has_dirty; 1028 if (vs->need_update && vs->ioc != NULL) { 1029 VncDisplay *vd = vs->vd; 1030 VncJob *job; 1031 int y; 1032 int height, width; 1033 int n = 0; 1034 1035 if (vs->output.offset && !vs->audio_cap && !vs->force_update) 1036 /* kernel send buffers are full -> drop frames to throttle */ 1037 return 0; 1038 1039 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update) 1040 return 0; 1041 1042 /* 1043 * Send screen updates to the vnc client using the server 1044 * surface and server dirty map. guest surface updates 1045 * happening in parallel don't disturb us, the next pass will 1046 * send them to the client. 1047 */ 1048 job = vnc_job_new(vs); 1049 1050 height = pixman_image_get_height(vd->server); 1051 width = pixman_image_get_width(vd->server); 1052 1053 y = 0; 1054 for (;;) { 1055 int x, h; 1056 unsigned long x2; 1057 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1058 height * VNC_DIRTY_BPL(vs), 1059 y * VNC_DIRTY_BPL(vs)); 1060 if (offset == height * VNC_DIRTY_BPL(vs)) { 1061 /* no more dirty bits */ 1062 break; 1063 } 1064 y = offset / VNC_DIRTY_BPL(vs); 1065 x = offset % VNC_DIRTY_BPL(vs); 1066 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1067 VNC_DIRTY_BPL(vs), x); 1068 bitmap_clear(vs->dirty[y], x, x2 - x); 1069 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1070 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1071 if (x2 > x) { 1072 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1073 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1074 } 1075 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1076 y += h; 1077 if (y == height) { 1078 break; 1079 } 1080 } 1081 } 1082 1083 vnc_job_push(job); 1084 if (sync) { 1085 vnc_jobs_join(vs); 1086 } 1087 vs->force_update = 0; 1088 vs->has_dirty = 0; 1089 return n; 1090 } 1091 1092 if (vs->disconnecting) { 1093 vnc_disconnect_finish(vs); 1094 } else if (sync) { 1095 vnc_jobs_join(vs); 1096 } 1097 1098 return 0; 1099 } 1100 1101 /* audio */ 1102 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1103 { 1104 VncState *vs = opaque; 1105 1106 switch (cmd) { 1107 case AUD_CNOTIFY_DISABLE: 1108 vnc_lock_output(vs); 1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1110 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1111 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1112 vnc_unlock_output(vs); 1113 vnc_flush(vs); 1114 break; 1115 1116 case AUD_CNOTIFY_ENABLE: 1117 vnc_lock_output(vs); 1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1119 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1120 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1121 vnc_unlock_output(vs); 1122 vnc_flush(vs); 1123 break; 1124 } 1125 } 1126 1127 static void audio_capture_destroy(void *opaque) 1128 { 1129 } 1130 1131 static void audio_capture(void *opaque, void *buf, int size) 1132 { 1133 VncState *vs = opaque; 1134 1135 vnc_lock_output(vs); 1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1137 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1138 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1139 vnc_write_u32(vs, size); 1140 vnc_write(vs, buf, size); 1141 vnc_unlock_output(vs); 1142 vnc_flush(vs); 1143 } 1144 1145 static void audio_add(VncState *vs) 1146 { 1147 struct audio_capture_ops ops; 1148 1149 if (vs->audio_cap) { 1150 error_report("audio already running"); 1151 return; 1152 } 1153 1154 ops.notify = audio_capture_notify; 1155 ops.destroy = audio_capture_destroy; 1156 ops.capture = audio_capture; 1157 1158 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs); 1159 if (!vs->audio_cap) { 1160 error_report("Failed to add audio capture"); 1161 } 1162 } 1163 1164 static void audio_del(VncState *vs) 1165 { 1166 if (vs->audio_cap) { 1167 AUD_del_capture(vs->audio_cap, vs); 1168 vs->audio_cap = NULL; 1169 } 1170 } 1171 1172 static void vnc_disconnect_start(VncState *vs) 1173 { 1174 if (vs->disconnecting) { 1175 return; 1176 } 1177 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1178 if (vs->ioc_tag) { 1179 g_source_remove(vs->ioc_tag); 1180 } 1181 qio_channel_close(vs->ioc, NULL); 1182 vs->disconnecting = TRUE; 1183 } 1184 1185 void vnc_disconnect_finish(VncState *vs) 1186 { 1187 int i; 1188 1189 vnc_jobs_join(vs); /* Wait encoding jobs */ 1190 1191 vnc_lock_output(vs); 1192 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1193 1194 buffer_free(&vs->input); 1195 buffer_free(&vs->output); 1196 1197 qapi_free_VncClientInfo(vs->info); 1198 1199 vnc_zlib_clear(vs); 1200 vnc_tight_clear(vs); 1201 vnc_zrle_clear(vs); 1202 1203 #ifdef CONFIG_VNC_SASL 1204 vnc_sasl_client_cleanup(vs); 1205 #endif /* CONFIG_VNC_SASL */ 1206 audio_del(vs); 1207 vnc_release_modifiers(vs); 1208 1209 if (vs->initialized) { 1210 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1211 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1212 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1213 /* last client gone */ 1214 vnc_update_server_surface(vs->vd); 1215 } 1216 } 1217 1218 if (vs->vd->lock_key_sync) 1219 qemu_remove_led_event_handler(vs->led); 1220 vnc_unlock_output(vs); 1221 1222 qemu_mutex_destroy(&vs->output_mutex); 1223 if (vs->bh != NULL) { 1224 qemu_bh_delete(vs->bh); 1225 } 1226 buffer_free(&vs->jobs_buffer); 1227 1228 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1229 g_free(vs->lossy_rect[i]); 1230 } 1231 g_free(vs->lossy_rect); 1232 1233 object_unref(OBJECT(vs->ioc)); 1234 vs->ioc = NULL; 1235 object_unref(OBJECT(vs->sioc)); 1236 vs->sioc = NULL; 1237 g_free(vs); 1238 } 1239 1240 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp) 1241 { 1242 if (ret <= 0) { 1243 if (ret == 0) { 1244 VNC_DEBUG("Closing down client sock: EOF\n"); 1245 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1246 VNC_DEBUG("Closing down client sock: ret %d (%s)\n", 1247 ret, errp ? error_get_pretty(*errp) : "Unknown"); 1248 } 1249 1250 vnc_disconnect_start(vs); 1251 if (errp) { 1252 error_free(*errp); 1253 *errp = NULL; 1254 } 1255 return 0; 1256 } 1257 return ret; 1258 } 1259 1260 1261 void vnc_client_error(VncState *vs) 1262 { 1263 VNC_DEBUG("Closing down client sock: protocol error\n"); 1264 vnc_disconnect_start(vs); 1265 } 1266 1267 1268 /* 1269 * Called to write a chunk of data to the client socket. The data may 1270 * be the raw data, or may have already been encoded by SASL. 1271 * The data will be written either straight onto the socket, or 1272 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1273 * 1274 * NB, it is theoretically possible to have 2 layers of encryption, 1275 * both SASL, and this TLS layer. It is highly unlikely in practice 1276 * though, since SASL encryption will typically be a no-op if TLS 1277 * is active 1278 * 1279 * Returns the number of bytes written, which may be less than 1280 * the requested 'datalen' if the socket would block. Returns 1281 * -1 on error, and disconnects the client socket. 1282 */ 1283 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1284 { 1285 Error *err = NULL; 1286 ssize_t ret; 1287 ret = qio_channel_write( 1288 vs->ioc, (const char *)data, datalen, &err); 1289 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1290 return vnc_client_io_error(vs, ret, &err); 1291 } 1292 1293 1294 /* 1295 * Called to write buffered data to the client socket, when not 1296 * using any SASL SSF encryption layers. Will write as much data 1297 * as possible without blocking. If all buffered data is written, 1298 * will switch the FD poll() handler back to read monitoring. 1299 * 1300 * Returns the number of bytes written, which may be less than 1301 * the buffered output data if the socket would block. Returns 1302 * -1 on error, and disconnects the client socket. 1303 */ 1304 static ssize_t vnc_client_write_plain(VncState *vs) 1305 { 1306 ssize_t ret; 1307 1308 #ifdef CONFIG_VNC_SASL 1309 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1310 vs->output.buffer, vs->output.capacity, vs->output.offset, 1311 vs->sasl.waitWriteSSF); 1312 1313 if (vs->sasl.conn && 1314 vs->sasl.runSSF && 1315 vs->sasl.waitWriteSSF) { 1316 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1317 if (ret) 1318 vs->sasl.waitWriteSSF -= ret; 1319 } else 1320 #endif /* CONFIG_VNC_SASL */ 1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1322 if (!ret) 1323 return 0; 1324 1325 buffer_advance(&vs->output, ret); 1326 1327 if (vs->output.offset == 0) { 1328 if (vs->ioc_tag) { 1329 g_source_remove(vs->ioc_tag); 1330 } 1331 vs->ioc_tag = qio_channel_add_watch( 1332 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1333 } 1334 1335 return ret; 1336 } 1337 1338 1339 /* 1340 * First function called whenever there is data to be written to 1341 * the client socket. Will delegate actual work according to whether 1342 * SASL SSF layers are enabled (thus requiring encryption calls) 1343 */ 1344 static void vnc_client_write_locked(VncState *vs) 1345 { 1346 #ifdef CONFIG_VNC_SASL 1347 if (vs->sasl.conn && 1348 vs->sasl.runSSF && 1349 !vs->sasl.waitWriteSSF) { 1350 vnc_client_write_sasl(vs); 1351 } else 1352 #endif /* CONFIG_VNC_SASL */ 1353 { 1354 vnc_client_write_plain(vs); 1355 } 1356 } 1357 1358 static void vnc_client_write(VncState *vs) 1359 { 1360 1361 vnc_lock_output(vs); 1362 if (vs->output.offset) { 1363 vnc_client_write_locked(vs); 1364 } else if (vs->ioc != NULL) { 1365 if (vs->ioc_tag) { 1366 g_source_remove(vs->ioc_tag); 1367 } 1368 vs->ioc_tag = qio_channel_add_watch( 1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 1370 } 1371 vnc_unlock_output(vs); 1372 } 1373 1374 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1375 { 1376 vs->read_handler = func; 1377 vs->read_handler_expect = expecting; 1378 } 1379 1380 1381 /* 1382 * Called to read a chunk of data from the client socket. The data may 1383 * be the raw data, or may need to be further decoded by SASL. 1384 * The data will be read either straight from to the socket, or 1385 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1386 * 1387 * NB, it is theoretically possible to have 2 layers of encryption, 1388 * both SASL, and this TLS layer. It is highly unlikely in practice 1389 * though, since SASL encryption will typically be a no-op if TLS 1390 * is active 1391 * 1392 * Returns the number of bytes read, which may be less than 1393 * the requested 'datalen' if the socket would block. Returns 1394 * -1 on error, and disconnects the client socket. 1395 */ 1396 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1397 { 1398 ssize_t ret; 1399 Error *err = NULL; 1400 ret = qio_channel_read( 1401 vs->ioc, (char *)data, datalen, &err); 1402 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1403 return vnc_client_io_error(vs, ret, &err); 1404 } 1405 1406 1407 /* 1408 * Called to read data from the client socket to the input buffer, 1409 * when not using any SASL SSF encryption layers. Will read as much 1410 * data as possible without blocking. 1411 * 1412 * Returns the number of bytes read. Returns -1 on error, and 1413 * disconnects the client socket. 1414 */ 1415 static ssize_t vnc_client_read_plain(VncState *vs) 1416 { 1417 ssize_t ret; 1418 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1419 vs->input.buffer, vs->input.capacity, vs->input.offset); 1420 buffer_reserve(&vs->input, 4096); 1421 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1422 if (!ret) 1423 return 0; 1424 vs->input.offset += ret; 1425 return ret; 1426 } 1427 1428 static void vnc_jobs_bh(void *opaque) 1429 { 1430 VncState *vs = opaque; 1431 1432 vnc_jobs_consume_buffer(vs); 1433 } 1434 1435 /* 1436 * First function called whenever there is more data to be read from 1437 * the client socket. Will delegate actual work according to whether 1438 * SASL SSF layers are enabled (thus requiring decryption calls) 1439 */ 1440 static void vnc_client_read(VncState *vs) 1441 { 1442 ssize_t ret; 1443 1444 #ifdef CONFIG_VNC_SASL 1445 if (vs->sasl.conn && vs->sasl.runSSF) 1446 ret = vnc_client_read_sasl(vs); 1447 else 1448 #endif /* CONFIG_VNC_SASL */ 1449 ret = vnc_client_read_plain(vs); 1450 if (!ret) { 1451 if (vs->disconnecting) { 1452 vnc_disconnect_finish(vs); 1453 } 1454 return; 1455 } 1456 1457 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1458 size_t len = vs->read_handler_expect; 1459 int ret; 1460 1461 ret = vs->read_handler(vs, vs->input.buffer, len); 1462 if (vs->disconnecting) { 1463 vnc_disconnect_finish(vs); 1464 return; 1465 } 1466 1467 if (!ret) { 1468 buffer_advance(&vs->input, len); 1469 } else { 1470 vs->read_handler_expect = ret; 1471 } 1472 } 1473 } 1474 1475 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1476 GIOCondition condition, void *opaque) 1477 { 1478 VncState *vs = opaque; 1479 if (condition & G_IO_IN) { 1480 vnc_client_read(vs); 1481 } 1482 if (condition & G_IO_OUT) { 1483 vnc_client_write(vs); 1484 } 1485 return TRUE; 1486 } 1487 1488 1489 void vnc_write(VncState *vs, const void *data, size_t len) 1490 { 1491 buffer_reserve(&vs->output, len); 1492 1493 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1494 if (vs->ioc_tag) { 1495 g_source_remove(vs->ioc_tag); 1496 } 1497 vs->ioc_tag = qio_channel_add_watch( 1498 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL); 1499 } 1500 1501 buffer_append(&vs->output, data, len); 1502 } 1503 1504 void vnc_write_s32(VncState *vs, int32_t value) 1505 { 1506 vnc_write_u32(vs, *(uint32_t *)&value); 1507 } 1508 1509 void vnc_write_u32(VncState *vs, uint32_t value) 1510 { 1511 uint8_t buf[4]; 1512 1513 buf[0] = (value >> 24) & 0xFF; 1514 buf[1] = (value >> 16) & 0xFF; 1515 buf[2] = (value >> 8) & 0xFF; 1516 buf[3] = value & 0xFF; 1517 1518 vnc_write(vs, buf, 4); 1519 } 1520 1521 void vnc_write_u16(VncState *vs, uint16_t value) 1522 { 1523 uint8_t buf[2]; 1524 1525 buf[0] = (value >> 8) & 0xFF; 1526 buf[1] = value & 0xFF; 1527 1528 vnc_write(vs, buf, 2); 1529 } 1530 1531 void vnc_write_u8(VncState *vs, uint8_t value) 1532 { 1533 vnc_write(vs, (char *)&value, 1); 1534 } 1535 1536 void vnc_flush(VncState *vs) 1537 { 1538 vnc_lock_output(vs); 1539 if (vs->ioc != NULL && vs->output.offset) { 1540 vnc_client_write_locked(vs); 1541 } 1542 vnc_unlock_output(vs); 1543 } 1544 1545 static uint8_t read_u8(uint8_t *data, size_t offset) 1546 { 1547 return data[offset]; 1548 } 1549 1550 static uint16_t read_u16(uint8_t *data, size_t offset) 1551 { 1552 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1553 } 1554 1555 static int32_t read_s32(uint8_t *data, size_t offset) 1556 { 1557 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1558 (data[offset + 2] << 8) | data[offset + 3]); 1559 } 1560 1561 uint32_t read_u32(uint8_t *data, size_t offset) 1562 { 1563 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1564 (data[offset + 2] << 8) | data[offset + 3]); 1565 } 1566 1567 static void client_cut_text(VncState *vs, size_t len, uint8_t *text) 1568 { 1569 } 1570 1571 static void check_pointer_type_change(Notifier *notifier, void *data) 1572 { 1573 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1574 int absolute = qemu_input_is_absolute(); 1575 1576 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1577 vnc_lock_output(vs); 1578 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1579 vnc_write_u8(vs, 0); 1580 vnc_write_u16(vs, 1); 1581 vnc_framebuffer_update(vs, absolute, 0, 1582 pixman_image_get_width(vs->vd->server), 1583 pixman_image_get_height(vs->vd->server), 1584 VNC_ENCODING_POINTER_TYPE_CHANGE); 1585 vnc_unlock_output(vs); 1586 vnc_flush(vs); 1587 } 1588 vs->absolute = absolute; 1589 } 1590 1591 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1592 { 1593 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1594 [INPUT_BUTTON_LEFT] = 0x01, 1595 [INPUT_BUTTON_MIDDLE] = 0x02, 1596 [INPUT_BUTTON_RIGHT] = 0x04, 1597 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1598 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1599 }; 1600 QemuConsole *con = vs->vd->dcl.con; 1601 int width = pixman_image_get_width(vs->vd->server); 1602 int height = pixman_image_get_height(vs->vd->server); 1603 1604 if (vs->last_bmask != button_mask) { 1605 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1606 vs->last_bmask = button_mask; 1607 } 1608 1609 if (vs->absolute) { 1610 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width); 1611 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height); 1612 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1613 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1614 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1615 } else { 1616 if (vs->last_x != -1) { 1617 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1618 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1619 } 1620 vs->last_x = x; 1621 vs->last_y = y; 1622 } 1623 qemu_input_event_sync(); 1624 } 1625 1626 static void reset_keys(VncState *vs) 1627 { 1628 int i; 1629 for(i = 0; i < 256; i++) { 1630 if (vs->modifiers_state[i]) { 1631 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false); 1632 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1633 vs->modifiers_state[i] = 0; 1634 } 1635 } 1636 } 1637 1638 static void press_key(VncState *vs, int keysym) 1639 { 1640 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK; 1641 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true); 1642 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1643 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1644 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1645 } 1646 1647 static int current_led_state(VncState *vs) 1648 { 1649 int ledstate = 0; 1650 1651 if (vs->modifiers_state[0x46]) { 1652 ledstate |= QEMU_SCROLL_LOCK_LED; 1653 } 1654 if (vs->modifiers_state[0x45]) { 1655 ledstate |= QEMU_NUM_LOCK_LED; 1656 } 1657 if (vs->modifiers_state[0x3a]) { 1658 ledstate |= QEMU_CAPS_LOCK_LED; 1659 } 1660 1661 return ledstate; 1662 } 1663 1664 static void vnc_led_state_change(VncState *vs) 1665 { 1666 int ledstate = 0; 1667 1668 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1669 return; 1670 } 1671 1672 ledstate = current_led_state(vs); 1673 vnc_lock_output(vs); 1674 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1675 vnc_write_u8(vs, 0); 1676 vnc_write_u16(vs, 1); 1677 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1678 vnc_write_u8(vs, ledstate); 1679 vnc_unlock_output(vs); 1680 vnc_flush(vs); 1681 } 1682 1683 static void kbd_leds(void *opaque, int ledstate) 1684 { 1685 VncState *vs = opaque; 1686 int caps, num, scr; 1687 bool has_changed = (ledstate != current_led_state(vs)); 1688 1689 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1690 (ledstate & QEMU_NUM_LOCK_LED), 1691 (ledstate & QEMU_SCROLL_LOCK_LED)); 1692 1693 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0; 1694 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0; 1695 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0; 1696 1697 if (vs->modifiers_state[0x3a] != caps) { 1698 vs->modifiers_state[0x3a] = caps; 1699 } 1700 if (vs->modifiers_state[0x45] != num) { 1701 vs->modifiers_state[0x45] = num; 1702 } 1703 if (vs->modifiers_state[0x46] != scr) { 1704 vs->modifiers_state[0x46] = scr; 1705 } 1706 1707 /* Sending the current led state message to the client */ 1708 if (has_changed) { 1709 vnc_led_state_change(vs); 1710 } 1711 } 1712 1713 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1714 { 1715 /* QEMU console switch */ 1716 switch(keycode) { 1717 case 0x2a: /* Left Shift */ 1718 case 0x36: /* Right Shift */ 1719 case 0x1d: /* Left CTRL */ 1720 case 0x9d: /* Right CTRL */ 1721 case 0x38: /* Left ALT */ 1722 case 0xb8: /* Right ALT */ 1723 if (down) 1724 vs->modifiers_state[keycode] = 1; 1725 else 1726 vs->modifiers_state[keycode] = 0; 1727 break; 1728 case 0x02 ... 0x0a: /* '1' to '9' keys */ 1729 if (vs->vd->dcl.con == NULL && 1730 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) { 1731 /* Reset the modifiers sent to the current console */ 1732 reset_keys(vs); 1733 console_select(keycode - 0x02); 1734 return; 1735 } 1736 break; 1737 case 0x3a: /* CapsLock */ 1738 case 0x45: /* NumLock */ 1739 if (down) 1740 vs->modifiers_state[keycode] ^= 1; 1741 break; 1742 } 1743 1744 /* Turn off the lock state sync logic if the client support the led 1745 state extension. 1746 */ 1747 if (down && vs->vd->lock_key_sync && 1748 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1749 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1750 /* If the numlock state needs to change then simulate an additional 1751 keypress before sending this one. This will happen if the user 1752 toggles numlock away from the VNC window. 1753 */ 1754 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1755 if (!vs->modifiers_state[0x45]) { 1756 trace_vnc_key_sync_numlock(true); 1757 vs->modifiers_state[0x45] = 1; 1758 press_key(vs, 0xff7f); 1759 } 1760 } else { 1761 if (vs->modifiers_state[0x45]) { 1762 trace_vnc_key_sync_numlock(false); 1763 vs->modifiers_state[0x45] = 0; 1764 press_key(vs, 0xff7f); 1765 } 1766 } 1767 } 1768 1769 if (down && vs->vd->lock_key_sync && 1770 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1771 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1772 /* If the capslock state needs to change then simulate an additional 1773 keypress before sending this one. This will happen if the user 1774 toggles capslock away from the VNC window. 1775 */ 1776 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1777 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]); 1778 int capslock = !!(vs->modifiers_state[0x3a]); 1779 if (capslock) { 1780 if (uppercase == shift) { 1781 trace_vnc_key_sync_capslock(false); 1782 vs->modifiers_state[0x3a] = 0; 1783 press_key(vs, 0xffe5); 1784 } 1785 } else { 1786 if (uppercase != shift) { 1787 trace_vnc_key_sync_capslock(true); 1788 vs->modifiers_state[0x3a] = 1; 1789 press_key(vs, 0xffe5); 1790 } 1791 } 1792 } 1793 1794 if (qemu_console_is_graphic(NULL)) { 1795 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down); 1796 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1797 } else { 1798 bool numlock = vs->modifiers_state[0x45]; 1799 bool control = (vs->modifiers_state[0x1d] || 1800 vs->modifiers_state[0x9d]); 1801 /* QEMU console emulation */ 1802 if (down) { 1803 switch (keycode) { 1804 case 0x2a: /* Left Shift */ 1805 case 0x36: /* Right Shift */ 1806 case 0x1d: /* Left CTRL */ 1807 case 0x9d: /* Right CTRL */ 1808 case 0x38: /* Left ALT */ 1809 case 0xb8: /* Right ALT */ 1810 break; 1811 case 0xc8: 1812 kbd_put_keysym(QEMU_KEY_UP); 1813 break; 1814 case 0xd0: 1815 kbd_put_keysym(QEMU_KEY_DOWN); 1816 break; 1817 case 0xcb: 1818 kbd_put_keysym(QEMU_KEY_LEFT); 1819 break; 1820 case 0xcd: 1821 kbd_put_keysym(QEMU_KEY_RIGHT); 1822 break; 1823 case 0xd3: 1824 kbd_put_keysym(QEMU_KEY_DELETE); 1825 break; 1826 case 0xc7: 1827 kbd_put_keysym(QEMU_KEY_HOME); 1828 break; 1829 case 0xcf: 1830 kbd_put_keysym(QEMU_KEY_END); 1831 break; 1832 case 0xc9: 1833 kbd_put_keysym(QEMU_KEY_PAGEUP); 1834 break; 1835 case 0xd1: 1836 kbd_put_keysym(QEMU_KEY_PAGEDOWN); 1837 break; 1838 1839 case 0x47: 1840 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME); 1841 break; 1842 case 0x48: 1843 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP); 1844 break; 1845 case 0x49: 1846 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP); 1847 break; 1848 case 0x4b: 1849 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT); 1850 break; 1851 case 0x4c: 1852 kbd_put_keysym('5'); 1853 break; 1854 case 0x4d: 1855 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT); 1856 break; 1857 case 0x4f: 1858 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END); 1859 break; 1860 case 0x50: 1861 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN); 1862 break; 1863 case 0x51: 1864 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN); 1865 break; 1866 case 0x52: 1867 kbd_put_keysym('0'); 1868 break; 1869 case 0x53: 1870 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE); 1871 break; 1872 1873 case 0xb5: 1874 kbd_put_keysym('/'); 1875 break; 1876 case 0x37: 1877 kbd_put_keysym('*'); 1878 break; 1879 case 0x4a: 1880 kbd_put_keysym('-'); 1881 break; 1882 case 0x4e: 1883 kbd_put_keysym('+'); 1884 break; 1885 case 0x9c: 1886 kbd_put_keysym('\n'); 1887 break; 1888 1889 default: 1890 if (control) { 1891 kbd_put_keysym(sym & 0x1f); 1892 } else { 1893 kbd_put_keysym(sym); 1894 } 1895 break; 1896 } 1897 } 1898 } 1899 } 1900 1901 static void vnc_release_modifiers(VncState *vs) 1902 { 1903 static const int keycodes[] = { 1904 /* shift, control, alt keys, both left & right */ 1905 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8, 1906 }; 1907 int i, keycode; 1908 1909 if (!qemu_console_is_graphic(NULL)) { 1910 return; 1911 } 1912 for (i = 0; i < ARRAY_SIZE(keycodes); i++) { 1913 keycode = keycodes[i]; 1914 if (!vs->modifiers_state[keycode]) { 1915 continue; 1916 } 1917 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false); 1918 qemu_input_event_send_key_delay(vs->vd->key_delay_ms); 1919 } 1920 } 1921 1922 static const char *code2name(int keycode) 1923 { 1924 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)]; 1925 } 1926 1927 static void key_event(VncState *vs, int down, uint32_t sym) 1928 { 1929 int keycode; 1930 int lsym = sym; 1931 1932 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) { 1933 lsym = lsym - 'A' + 'a'; 1934 } 1935 1936 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK; 1937 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 1938 do_key_event(vs, down, keycode, sym); 1939 } 1940 1941 static void ext_key_event(VncState *vs, int down, 1942 uint32_t sym, uint16_t keycode) 1943 { 1944 /* if the user specifies a keyboard layout, always use it */ 1945 if (keyboard_layout) { 1946 key_event(vs, down, sym); 1947 } else { 1948 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 1949 do_key_event(vs, down, keycode, sym); 1950 } 1951 } 1952 1953 static void framebuffer_update_request(VncState *vs, int incremental, 1954 int x, int y, int w, int h) 1955 { 1956 vs->need_update = 1; 1957 1958 if (incremental) { 1959 return; 1960 } 1961 1962 vs->force_update = 1; 1963 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 1964 } 1965 1966 static void send_ext_key_event_ack(VncState *vs) 1967 { 1968 vnc_lock_output(vs); 1969 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1970 vnc_write_u8(vs, 0); 1971 vnc_write_u16(vs, 1); 1972 vnc_framebuffer_update(vs, 0, 0, 1973 pixman_image_get_width(vs->vd->server), 1974 pixman_image_get_height(vs->vd->server), 1975 VNC_ENCODING_EXT_KEY_EVENT); 1976 vnc_unlock_output(vs); 1977 vnc_flush(vs); 1978 } 1979 1980 static void send_ext_audio_ack(VncState *vs) 1981 { 1982 vnc_lock_output(vs); 1983 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1984 vnc_write_u8(vs, 0); 1985 vnc_write_u16(vs, 1); 1986 vnc_framebuffer_update(vs, 0, 0, 1987 pixman_image_get_width(vs->vd->server), 1988 pixman_image_get_height(vs->vd->server), 1989 VNC_ENCODING_AUDIO); 1990 vnc_unlock_output(vs); 1991 vnc_flush(vs); 1992 } 1993 1994 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 1995 { 1996 int i; 1997 unsigned int enc = 0; 1998 1999 vs->features = 0; 2000 vs->vnc_encoding = 0; 2001 vs->tight.compression = 9; 2002 vs->tight.quality = -1; /* Lossless by default */ 2003 vs->absolute = -1; 2004 2005 /* 2006 * Start from the end because the encodings are sent in order of preference. 2007 * This way the preferred encoding (first encoding defined in the array) 2008 * will be set at the end of the loop. 2009 */ 2010 for (i = n_encodings - 1; i >= 0; i--) { 2011 enc = encodings[i]; 2012 switch (enc) { 2013 case VNC_ENCODING_RAW: 2014 vs->vnc_encoding = enc; 2015 break; 2016 case VNC_ENCODING_COPYRECT: 2017 vs->features |= VNC_FEATURE_COPYRECT_MASK; 2018 break; 2019 case VNC_ENCODING_HEXTILE: 2020 vs->features |= VNC_FEATURE_HEXTILE_MASK; 2021 vs->vnc_encoding = enc; 2022 break; 2023 case VNC_ENCODING_TIGHT: 2024 vs->features |= VNC_FEATURE_TIGHT_MASK; 2025 vs->vnc_encoding = enc; 2026 break; 2027 #ifdef CONFIG_VNC_PNG 2028 case VNC_ENCODING_TIGHT_PNG: 2029 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK; 2030 vs->vnc_encoding = enc; 2031 break; 2032 #endif 2033 case VNC_ENCODING_ZLIB: 2034 vs->features |= VNC_FEATURE_ZLIB_MASK; 2035 vs->vnc_encoding = enc; 2036 break; 2037 case VNC_ENCODING_ZRLE: 2038 vs->features |= VNC_FEATURE_ZRLE_MASK; 2039 vs->vnc_encoding = enc; 2040 break; 2041 case VNC_ENCODING_ZYWRLE: 2042 vs->features |= VNC_FEATURE_ZYWRLE_MASK; 2043 vs->vnc_encoding = enc; 2044 break; 2045 case VNC_ENCODING_DESKTOPRESIZE: 2046 vs->features |= VNC_FEATURE_RESIZE_MASK; 2047 break; 2048 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2049 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK; 2050 break; 2051 case VNC_ENCODING_RICH_CURSOR: 2052 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK; 2053 if (vs->vd->cursor) { 2054 vnc_cursor_define(vs); 2055 } 2056 break; 2057 case VNC_ENCODING_EXT_KEY_EVENT: 2058 send_ext_key_event_ack(vs); 2059 break; 2060 case VNC_ENCODING_AUDIO: 2061 send_ext_audio_ack(vs); 2062 break; 2063 case VNC_ENCODING_WMVi: 2064 vs->features |= VNC_FEATURE_WMVI_MASK; 2065 break; 2066 case VNC_ENCODING_LED_STATE: 2067 vs->features |= VNC_FEATURE_LED_STATE_MASK; 2068 break; 2069 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2070 vs->tight.compression = (enc & 0x0F); 2071 break; 2072 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2073 if (vs->vd->lossy) { 2074 vs->tight.quality = (enc & 0x0F); 2075 } 2076 break; 2077 default: 2078 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2079 break; 2080 } 2081 } 2082 vnc_desktop_resize(vs); 2083 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2084 vnc_led_state_change(vs); 2085 } 2086 2087 static void set_pixel_conversion(VncState *vs) 2088 { 2089 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2090 2091 if (fmt == VNC_SERVER_FB_FORMAT) { 2092 vs->write_pixels = vnc_write_pixels_copy; 2093 vnc_hextile_set_pixel_conversion(vs, 0); 2094 } else { 2095 vs->write_pixels = vnc_write_pixels_generic; 2096 vnc_hextile_set_pixel_conversion(vs, 1); 2097 } 2098 } 2099 2100 static void send_color_map(VncState *vs) 2101 { 2102 int i; 2103 2104 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2105 vnc_write_u8(vs, 0); /* padding */ 2106 vnc_write_u16(vs, 0); /* first color */ 2107 vnc_write_u16(vs, 256); /* # of colors */ 2108 2109 for (i = 0; i < 256; i++) { 2110 PixelFormat *pf = &vs->client_pf; 2111 2112 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2113 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2114 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2115 } 2116 } 2117 2118 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2119 int big_endian_flag, int true_color_flag, 2120 int red_max, int green_max, int blue_max, 2121 int red_shift, int green_shift, int blue_shift) 2122 { 2123 if (!true_color_flag) { 2124 /* Expose a reasonable default 256 color map */ 2125 bits_per_pixel = 8; 2126 red_max = 7; 2127 green_max = 7; 2128 blue_max = 3; 2129 red_shift = 0; 2130 green_shift = 3; 2131 blue_shift = 6; 2132 } 2133 2134 switch (bits_per_pixel) { 2135 case 8: 2136 case 16: 2137 case 32: 2138 break; 2139 default: 2140 vnc_client_error(vs); 2141 return; 2142 } 2143 2144 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2145 vs->client_pf.rbits = hweight_long(red_max); 2146 vs->client_pf.rshift = red_shift; 2147 vs->client_pf.rmask = red_max << red_shift; 2148 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2149 vs->client_pf.gbits = hweight_long(green_max); 2150 vs->client_pf.gshift = green_shift; 2151 vs->client_pf.gmask = green_max << green_shift; 2152 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2153 vs->client_pf.bbits = hweight_long(blue_max); 2154 vs->client_pf.bshift = blue_shift; 2155 vs->client_pf.bmask = blue_max << blue_shift; 2156 vs->client_pf.bits_per_pixel = bits_per_pixel; 2157 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2158 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2159 vs->client_be = big_endian_flag; 2160 2161 if (!true_color_flag) { 2162 send_color_map(vs); 2163 } 2164 2165 set_pixel_conversion(vs); 2166 2167 graphic_hw_invalidate(vs->vd->dcl.con); 2168 graphic_hw_update(vs->vd->dcl.con); 2169 } 2170 2171 static void pixel_format_message (VncState *vs) { 2172 char pad[3] = { 0, 0, 0 }; 2173 2174 vs->client_pf = qemu_default_pixelformat(32); 2175 2176 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2177 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2178 2179 #ifdef HOST_WORDS_BIGENDIAN 2180 vnc_write_u8(vs, 1); /* big-endian-flag */ 2181 #else 2182 vnc_write_u8(vs, 0); /* big-endian-flag */ 2183 #endif 2184 vnc_write_u8(vs, 1); /* true-color-flag */ 2185 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2186 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2187 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2188 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2189 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2190 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2191 vnc_write(vs, pad, 3); /* padding */ 2192 2193 vnc_hextile_set_pixel_conversion(vs, 0); 2194 vs->write_pixels = vnc_write_pixels_copy; 2195 } 2196 2197 static void vnc_colordepth(VncState *vs) 2198 { 2199 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2200 /* Sending a WMVi message to notify the client*/ 2201 vnc_lock_output(vs); 2202 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2203 vnc_write_u8(vs, 0); 2204 vnc_write_u16(vs, 1); /* number of rects */ 2205 vnc_framebuffer_update(vs, 0, 0, 2206 pixman_image_get_width(vs->vd->server), 2207 pixman_image_get_height(vs->vd->server), 2208 VNC_ENCODING_WMVi); 2209 pixel_format_message(vs); 2210 vnc_unlock_output(vs); 2211 vnc_flush(vs); 2212 } else { 2213 set_pixel_conversion(vs); 2214 } 2215 } 2216 2217 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2218 { 2219 int i; 2220 uint16_t limit; 2221 VncDisplay *vd = vs->vd; 2222 2223 if (data[0] > 3) { 2224 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2225 } 2226 2227 switch (data[0]) { 2228 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2229 if (len == 1) 2230 return 20; 2231 2232 set_pixel_format(vs, read_u8(data, 4), 2233 read_u8(data, 6), read_u8(data, 7), 2234 read_u16(data, 8), read_u16(data, 10), 2235 read_u16(data, 12), read_u8(data, 14), 2236 read_u8(data, 15), read_u8(data, 16)); 2237 break; 2238 case VNC_MSG_CLIENT_SET_ENCODINGS: 2239 if (len == 1) 2240 return 4; 2241 2242 if (len == 4) { 2243 limit = read_u16(data, 2); 2244 if (limit > 0) 2245 return 4 + (limit * 4); 2246 } else 2247 limit = read_u16(data, 2); 2248 2249 for (i = 0; i < limit; i++) { 2250 int32_t val = read_s32(data, 4 + (i * 4)); 2251 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2252 } 2253 2254 set_encodings(vs, (int32_t *)(data + 4), limit); 2255 break; 2256 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2257 if (len == 1) 2258 return 10; 2259 2260 framebuffer_update_request(vs, 2261 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2262 read_u16(data, 6), read_u16(data, 8)); 2263 break; 2264 case VNC_MSG_CLIENT_KEY_EVENT: 2265 if (len == 1) 2266 return 8; 2267 2268 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2269 break; 2270 case VNC_MSG_CLIENT_POINTER_EVENT: 2271 if (len == 1) 2272 return 6; 2273 2274 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2275 break; 2276 case VNC_MSG_CLIENT_CUT_TEXT: 2277 if (len == 1) { 2278 return 8; 2279 } 2280 if (len == 8) { 2281 uint32_t dlen = read_u32(data, 4); 2282 if (dlen > (1 << 20)) { 2283 error_report("vnc: client_cut_text msg payload has %u bytes" 2284 " which exceeds our limit of 1MB.", dlen); 2285 vnc_client_error(vs); 2286 break; 2287 } 2288 if (dlen > 0) { 2289 return 8 + dlen; 2290 } 2291 } 2292 2293 client_cut_text(vs, read_u32(data, 4), data + 8); 2294 break; 2295 case VNC_MSG_CLIENT_QEMU: 2296 if (len == 1) 2297 return 2; 2298 2299 switch (read_u8(data, 1)) { 2300 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2301 if (len == 2) 2302 return 12; 2303 2304 ext_key_event(vs, read_u16(data, 2), 2305 read_u32(data, 4), read_u32(data, 8)); 2306 break; 2307 case VNC_MSG_CLIENT_QEMU_AUDIO: 2308 if (len == 2) 2309 return 4; 2310 2311 switch (read_u16 (data, 2)) { 2312 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2313 audio_add(vs); 2314 break; 2315 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2316 audio_del(vs); 2317 break; 2318 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2319 if (len == 4) 2320 return 10; 2321 switch (read_u8(data, 4)) { 2322 case 0: vs->as.fmt = AUD_FMT_U8; break; 2323 case 1: vs->as.fmt = AUD_FMT_S8; break; 2324 case 2: vs->as.fmt = AUD_FMT_U16; break; 2325 case 3: vs->as.fmt = AUD_FMT_S16; break; 2326 case 4: vs->as.fmt = AUD_FMT_U32; break; 2327 case 5: vs->as.fmt = AUD_FMT_S32; break; 2328 default: 2329 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2330 vnc_client_error(vs); 2331 break; 2332 } 2333 vs->as.nchannels = read_u8(data, 5); 2334 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2335 VNC_DEBUG("Invalid audio channel coount %d\n", 2336 read_u8(data, 5)); 2337 vnc_client_error(vs); 2338 break; 2339 } 2340 vs->as.freq = read_u32(data, 6); 2341 break; 2342 default: 2343 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4)); 2344 vnc_client_error(vs); 2345 break; 2346 } 2347 break; 2348 2349 default: 2350 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2351 vnc_client_error(vs); 2352 break; 2353 } 2354 break; 2355 default: 2356 VNC_DEBUG("Msg: %d\n", data[0]); 2357 vnc_client_error(vs); 2358 break; 2359 } 2360 2361 vnc_read_when(vs, protocol_client_msg, 1); 2362 return 0; 2363 } 2364 2365 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2366 { 2367 char buf[1024]; 2368 VncShareMode mode; 2369 int size; 2370 2371 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2372 switch (vs->vd->share_policy) { 2373 case VNC_SHARE_POLICY_IGNORE: 2374 /* 2375 * Ignore the shared flag. Nothing to do here. 2376 * 2377 * Doesn't conform to the rfb spec but is traditional qemu 2378 * behavior, thus left here as option for compatibility 2379 * reasons. 2380 */ 2381 break; 2382 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2383 /* 2384 * Policy: Allow clients ask for exclusive access. 2385 * 2386 * Implementation: When a client asks for exclusive access, 2387 * disconnect all others. Shared connects are allowed as long 2388 * as no exclusive connection exists. 2389 * 2390 * This is how the rfb spec suggests to handle the shared flag. 2391 */ 2392 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2393 VncState *client; 2394 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2395 if (vs == client) { 2396 continue; 2397 } 2398 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2399 client->share_mode != VNC_SHARE_MODE_SHARED) { 2400 continue; 2401 } 2402 vnc_disconnect_start(client); 2403 } 2404 } 2405 if (mode == VNC_SHARE_MODE_SHARED) { 2406 if (vs->vd->num_exclusive > 0) { 2407 vnc_disconnect_start(vs); 2408 return 0; 2409 } 2410 } 2411 break; 2412 case VNC_SHARE_POLICY_FORCE_SHARED: 2413 /* 2414 * Policy: Shared connects only. 2415 * Implementation: Disallow clients asking for exclusive access. 2416 * 2417 * Useful for shared desktop sessions where you don't want 2418 * someone forgetting to say -shared when running the vnc 2419 * client disconnect everybody else. 2420 */ 2421 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2422 vnc_disconnect_start(vs); 2423 return 0; 2424 } 2425 break; 2426 } 2427 vnc_set_share_mode(vs, mode); 2428 2429 if (vs->vd->num_shared > vs->vd->connections_limit) { 2430 vnc_disconnect_start(vs); 2431 return 0; 2432 } 2433 2434 vs->client_width = pixman_image_get_width(vs->vd->server); 2435 vs->client_height = pixman_image_get_height(vs->vd->server); 2436 vnc_write_u16(vs, vs->client_width); 2437 vnc_write_u16(vs, vs->client_height); 2438 2439 pixel_format_message(vs); 2440 2441 if (qemu_name) 2442 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2443 else 2444 size = snprintf(buf, sizeof(buf), "QEMU"); 2445 2446 vnc_write_u32(vs, size); 2447 vnc_write(vs, buf, size); 2448 vnc_flush(vs); 2449 2450 vnc_client_cache_auth(vs); 2451 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2452 2453 vnc_read_when(vs, protocol_client_msg, 1); 2454 2455 return 0; 2456 } 2457 2458 void start_client_init(VncState *vs) 2459 { 2460 vnc_read_when(vs, protocol_client_init, 1); 2461 } 2462 2463 static void make_challenge(VncState *vs) 2464 { 2465 int i; 2466 2467 srand(time(NULL)+getpid()+getpid()*987654+rand()); 2468 2469 for (i = 0 ; i < sizeof(vs->challenge) ; i++) 2470 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0)); 2471 } 2472 2473 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2474 { 2475 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2476 size_t i, pwlen; 2477 unsigned char key[8]; 2478 time_t now = time(NULL); 2479 QCryptoCipher *cipher = NULL; 2480 Error *err = NULL; 2481 2482 if (!vs->vd->password) { 2483 VNC_DEBUG("No password configured on server"); 2484 goto reject; 2485 } 2486 if (vs->vd->expires < now) { 2487 VNC_DEBUG("Password is expired"); 2488 goto reject; 2489 } 2490 2491 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2492 2493 /* Calculate the expected challenge response */ 2494 pwlen = strlen(vs->vd->password); 2495 for (i=0; i<sizeof(key); i++) 2496 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2497 2498 cipher = qcrypto_cipher_new( 2499 QCRYPTO_CIPHER_ALG_DES_RFB, 2500 QCRYPTO_CIPHER_MODE_ECB, 2501 key, G_N_ELEMENTS(key), 2502 &err); 2503 if (!cipher) { 2504 VNC_DEBUG("Cannot initialize cipher %s", 2505 error_get_pretty(err)); 2506 error_free(err); 2507 goto reject; 2508 } 2509 2510 if (qcrypto_cipher_encrypt(cipher, 2511 vs->challenge, 2512 response, 2513 VNC_AUTH_CHALLENGE_SIZE, 2514 &err) < 0) { 2515 VNC_DEBUG("Cannot encrypt challenge %s", 2516 error_get_pretty(err)); 2517 error_free(err); 2518 goto reject; 2519 } 2520 2521 /* Compare expected vs actual challenge response */ 2522 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2523 VNC_DEBUG("Client challenge response did not match\n"); 2524 goto reject; 2525 } else { 2526 VNC_DEBUG("Accepting VNC challenge response\n"); 2527 vnc_write_u32(vs, 0); /* Accept auth */ 2528 vnc_flush(vs); 2529 2530 start_client_init(vs); 2531 } 2532 2533 qcrypto_cipher_free(cipher); 2534 return 0; 2535 2536 reject: 2537 vnc_write_u32(vs, 1); /* Reject auth */ 2538 if (vs->minor >= 8) { 2539 static const char err[] = "Authentication failed"; 2540 vnc_write_u32(vs, sizeof(err)); 2541 vnc_write(vs, err, sizeof(err)); 2542 } 2543 vnc_flush(vs); 2544 vnc_client_error(vs); 2545 qcrypto_cipher_free(cipher); 2546 return 0; 2547 } 2548 2549 void start_auth_vnc(VncState *vs) 2550 { 2551 make_challenge(vs); 2552 /* Send client a 'random' challenge */ 2553 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2554 vnc_flush(vs); 2555 2556 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2557 } 2558 2559 2560 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2561 { 2562 /* We only advertise 1 auth scheme at a time, so client 2563 * must pick the one we sent. Verify this */ 2564 if (data[0] != vs->auth) { /* Reject auth */ 2565 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]); 2566 vnc_write_u32(vs, 1); 2567 if (vs->minor >= 8) { 2568 static const char err[] = "Authentication failed"; 2569 vnc_write_u32(vs, sizeof(err)); 2570 vnc_write(vs, err, sizeof(err)); 2571 } 2572 vnc_client_error(vs); 2573 } else { /* Accept requested auth */ 2574 VNC_DEBUG("Client requested auth %d\n", (int)data[0]); 2575 switch (vs->auth) { 2576 case VNC_AUTH_NONE: 2577 VNC_DEBUG("Accept auth none\n"); 2578 if (vs->minor >= 8) { 2579 vnc_write_u32(vs, 0); /* Accept auth completion */ 2580 vnc_flush(vs); 2581 } 2582 start_client_init(vs); 2583 break; 2584 2585 case VNC_AUTH_VNC: 2586 VNC_DEBUG("Start VNC auth\n"); 2587 start_auth_vnc(vs); 2588 break; 2589 2590 case VNC_AUTH_VENCRYPT: 2591 VNC_DEBUG("Accept VeNCrypt auth\n"); 2592 start_auth_vencrypt(vs); 2593 break; 2594 2595 #ifdef CONFIG_VNC_SASL 2596 case VNC_AUTH_SASL: 2597 VNC_DEBUG("Accept SASL auth\n"); 2598 start_auth_sasl(vs); 2599 break; 2600 #endif /* CONFIG_VNC_SASL */ 2601 2602 default: /* Should not be possible, but just in case */ 2603 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth); 2604 vnc_write_u8(vs, 1); 2605 if (vs->minor >= 8) { 2606 static const char err[] = "Authentication failed"; 2607 vnc_write_u32(vs, sizeof(err)); 2608 vnc_write(vs, err, sizeof(err)); 2609 } 2610 vnc_client_error(vs); 2611 } 2612 } 2613 return 0; 2614 } 2615 2616 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2617 { 2618 char local[13]; 2619 2620 memcpy(local, version, 12); 2621 local[12] = 0; 2622 2623 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2624 VNC_DEBUG("Malformed protocol version %s\n", local); 2625 vnc_client_error(vs); 2626 return 0; 2627 } 2628 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2629 if (vs->major != 3 || 2630 (vs->minor != 3 && 2631 vs->minor != 4 && 2632 vs->minor != 5 && 2633 vs->minor != 7 && 2634 vs->minor != 8)) { 2635 VNC_DEBUG("Unsupported client version\n"); 2636 vnc_write_u32(vs, VNC_AUTH_INVALID); 2637 vnc_flush(vs); 2638 vnc_client_error(vs); 2639 return 0; 2640 } 2641 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2642 * as equivalent to v3.3 by servers 2643 */ 2644 if (vs->minor == 4 || vs->minor == 5) 2645 vs->minor = 3; 2646 2647 if (vs->minor == 3) { 2648 if (vs->auth == VNC_AUTH_NONE) { 2649 VNC_DEBUG("Tell client auth none\n"); 2650 vnc_write_u32(vs, vs->auth); 2651 vnc_flush(vs); 2652 start_client_init(vs); 2653 } else if (vs->auth == VNC_AUTH_VNC) { 2654 VNC_DEBUG("Tell client VNC auth\n"); 2655 vnc_write_u32(vs, vs->auth); 2656 vnc_flush(vs); 2657 start_auth_vnc(vs); 2658 } else { 2659 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth); 2660 vnc_write_u32(vs, VNC_AUTH_INVALID); 2661 vnc_flush(vs); 2662 vnc_client_error(vs); 2663 } 2664 } else { 2665 VNC_DEBUG("Telling client we support auth %d\n", vs->auth); 2666 vnc_write_u8(vs, 1); /* num auth */ 2667 vnc_write_u8(vs, vs->auth); 2668 vnc_read_when(vs, protocol_client_auth, 1); 2669 vnc_flush(vs); 2670 } 2671 2672 return 0; 2673 } 2674 2675 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2676 { 2677 struct VncSurface *vs = &vd->guest; 2678 2679 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2680 } 2681 2682 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2683 { 2684 int i, j; 2685 2686 w = (x + w) / VNC_STAT_RECT; 2687 h = (y + h) / VNC_STAT_RECT; 2688 x /= VNC_STAT_RECT; 2689 y /= VNC_STAT_RECT; 2690 2691 for (j = y; j <= h; j++) { 2692 for (i = x; i <= w; i++) { 2693 vs->lossy_rect[j][i] = 1; 2694 } 2695 } 2696 } 2697 2698 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2699 { 2700 VncState *vs; 2701 int sty = y / VNC_STAT_RECT; 2702 int stx = x / VNC_STAT_RECT; 2703 int has_dirty = 0; 2704 2705 y = y / VNC_STAT_RECT * VNC_STAT_RECT; 2706 x = x / VNC_STAT_RECT * VNC_STAT_RECT; 2707 2708 QTAILQ_FOREACH(vs, &vd->clients, next) { 2709 int j; 2710 2711 /* kernel send buffers are full -> refresh later */ 2712 if (vs->output.offset) { 2713 continue; 2714 } 2715 2716 if (!vs->lossy_rect[sty][stx]) { 2717 continue; 2718 } 2719 2720 vs->lossy_rect[sty][stx] = 0; 2721 for (j = 0; j < VNC_STAT_RECT; ++j) { 2722 bitmap_set(vs->dirty[y + j], 2723 x / VNC_DIRTY_PIXELS_PER_BIT, 2724 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 2725 } 2726 has_dirty++; 2727 } 2728 2729 return has_dirty; 2730 } 2731 2732 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 2733 { 2734 int width = pixman_image_get_width(vd->guest.fb); 2735 int height = pixman_image_get_height(vd->guest.fb); 2736 int x, y; 2737 struct timeval res; 2738 int has_dirty = 0; 2739 2740 for (y = 0; y < height; y += VNC_STAT_RECT) { 2741 for (x = 0; x < width; x += VNC_STAT_RECT) { 2742 VncRectStat *rect = vnc_stat_rect(vd, x, y); 2743 2744 rect->updated = false; 2745 } 2746 } 2747 2748 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 2749 2750 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 2751 return has_dirty; 2752 } 2753 vd->guest.last_freq_check = *tv; 2754 2755 for (y = 0; y < height; y += VNC_STAT_RECT) { 2756 for (x = 0; x < width; x += VNC_STAT_RECT) { 2757 VncRectStat *rect= vnc_stat_rect(vd, x, y); 2758 int count = ARRAY_SIZE(rect->times); 2759 struct timeval min, max; 2760 2761 if (!timerisset(&rect->times[count - 1])) { 2762 continue ; 2763 } 2764 2765 max = rect->times[(rect->idx + count - 1) % count]; 2766 qemu_timersub(tv, &max, &res); 2767 2768 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 2769 rect->freq = 0; 2770 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 2771 memset(rect->times, 0, sizeof (rect->times)); 2772 continue ; 2773 } 2774 2775 min = rect->times[rect->idx]; 2776 max = rect->times[(rect->idx + count - 1) % count]; 2777 qemu_timersub(&max, &min, &res); 2778 2779 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 2780 rect->freq /= count; 2781 rect->freq = 1. / rect->freq; 2782 } 2783 } 2784 return has_dirty; 2785 } 2786 2787 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 2788 { 2789 int i, j; 2790 double total = 0; 2791 int num = 0; 2792 2793 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT; 2794 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT; 2795 2796 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 2797 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 2798 total += vnc_stat_rect(vs->vd, i, j)->freq; 2799 num++; 2800 } 2801 } 2802 2803 if (num) { 2804 return total / num; 2805 } else { 2806 return 0; 2807 } 2808 } 2809 2810 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 2811 { 2812 VncRectStat *rect; 2813 2814 rect = vnc_stat_rect(vd, x, y); 2815 if (rect->updated) { 2816 return ; 2817 } 2818 rect->times[rect->idx] = *tv; 2819 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 2820 rect->updated = true; 2821 } 2822 2823 static int vnc_refresh_server_surface(VncDisplay *vd) 2824 { 2825 int width = MIN(pixman_image_get_width(vd->guest.fb), 2826 pixman_image_get_width(vd->server)); 2827 int height = MIN(pixman_image_get_height(vd->guest.fb), 2828 pixman_image_get_height(vd->server)); 2829 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 2830 uint8_t *guest_row0 = NULL, *server_row0; 2831 VncState *vs; 2832 int has_dirty = 0; 2833 pixman_image_t *tmpbuf = NULL; 2834 2835 struct timeval tv = { 0, 0 }; 2836 2837 if (!vd->non_adaptive) { 2838 gettimeofday(&tv, NULL); 2839 has_dirty = vnc_update_stats(vd, &tv); 2840 } 2841 2842 /* 2843 * Walk through the guest dirty map. 2844 * Check and copy modified bits from guest to server surface. 2845 * Update server dirty map. 2846 */ 2847 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 2848 server_stride = guest_stride = guest_ll = 2849 pixman_image_get_stride(vd->server); 2850 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 2851 server_stride); 2852 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2853 int width = pixman_image_get_width(vd->server); 2854 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width); 2855 } else { 2856 int guest_bpp = 2857 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 2858 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 2859 guest_stride = pixman_image_get_stride(vd->guest.fb); 2860 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8); 2861 } 2862 line_bytes = MIN(server_stride, guest_ll); 2863 2864 for (;;) { 2865 int x; 2866 uint8_t *guest_ptr, *server_ptr; 2867 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty, 2868 height * VNC_DIRTY_BPL(&vd->guest), 2869 y * VNC_DIRTY_BPL(&vd->guest)); 2870 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 2871 /* no more dirty bits */ 2872 break; 2873 } 2874 y = offset / VNC_DIRTY_BPL(&vd->guest); 2875 x = offset % VNC_DIRTY_BPL(&vd->guest); 2876 2877 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 2878 2879 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 2880 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 2881 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 2882 } else { 2883 guest_ptr = guest_row0 + y * guest_stride; 2884 } 2885 guest_ptr += x * cmp_bytes; 2886 2887 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 2888 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 2889 int _cmp_bytes = cmp_bytes; 2890 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 2891 continue; 2892 } 2893 if ((x + 1) * cmp_bytes > line_bytes) { 2894 _cmp_bytes = line_bytes - x * cmp_bytes; 2895 } 2896 assert(_cmp_bytes >= 0); 2897 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 2898 continue; 2899 } 2900 memcpy(server_ptr, guest_ptr, _cmp_bytes); 2901 if (!vd->non_adaptive) { 2902 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 2903 y, &tv); 2904 } 2905 QTAILQ_FOREACH(vs, &vd->clients, next) { 2906 set_bit(x, vs->dirty[y]); 2907 } 2908 has_dirty++; 2909 } 2910 2911 y++; 2912 } 2913 qemu_pixman_image_unref(tmpbuf); 2914 return has_dirty; 2915 } 2916 2917 static void vnc_refresh(DisplayChangeListener *dcl) 2918 { 2919 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 2920 VncState *vs, *vn; 2921 int has_dirty, rects = 0; 2922 2923 if (QTAILQ_EMPTY(&vd->clients)) { 2924 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 2925 return; 2926 } 2927 2928 graphic_hw_update(vd->dcl.con); 2929 2930 if (vnc_trylock_display(vd)) { 2931 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2932 return; 2933 } 2934 2935 has_dirty = vnc_refresh_server_surface(vd); 2936 vnc_unlock_display(vd); 2937 2938 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 2939 rects += vnc_update_client(vs, has_dirty, false); 2940 /* vs might be free()ed here */ 2941 } 2942 2943 if (has_dirty && rects) { 2944 vd->dcl.update_interval /= 2; 2945 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 2946 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 2947 } 2948 } else { 2949 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 2950 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 2951 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 2952 } 2953 } 2954 } 2955 2956 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 2957 bool skipauth, bool websocket) 2958 { 2959 VncState *vs = g_new0(VncState, 1); 2960 int i; 2961 2962 vs->sioc = sioc; 2963 object_ref(OBJECT(vs->sioc)); 2964 vs->ioc = QIO_CHANNEL(sioc); 2965 object_ref(OBJECT(vs->ioc)); 2966 vs->vd = vd; 2967 2968 buffer_init(&vs->input, "vnc-input/%p", sioc); 2969 buffer_init(&vs->output, "vnc-output/%p", sioc); 2970 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 2971 2972 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc); 2973 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc); 2974 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc); 2975 #ifdef CONFIG_VNC_JPEG 2976 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc); 2977 #endif 2978 #ifdef CONFIG_VNC_PNG 2979 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc); 2980 #endif 2981 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 2982 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc); 2983 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc); 2984 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc); 2985 2986 if (skipauth) { 2987 vs->auth = VNC_AUTH_NONE; 2988 vs->subauth = VNC_AUTH_INVALID; 2989 } else { 2990 if (websocket) { 2991 vs->auth = vd->ws_auth; 2992 vs->subauth = VNC_AUTH_INVALID; 2993 } else { 2994 vs->auth = vd->auth; 2995 vs->subauth = vd->subauth; 2996 } 2997 } 2998 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 2999 sioc, websocket, vs->auth, vs->subauth); 3000 3001 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3002 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3003 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 3004 } 3005 3006 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3007 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3008 qio_channel_set_blocking(vs->ioc, false, NULL); 3009 if (websocket) { 3010 vs->websocket = 1; 3011 if (vd->ws_tls) { 3012 vs->ioc_tag = qio_channel_add_watch( 3013 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); 3014 } else { 3015 vs->ioc_tag = qio_channel_add_watch( 3016 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); 3017 } 3018 } else { 3019 vs->ioc_tag = qio_channel_add_watch( 3020 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); 3021 } 3022 3023 vnc_client_cache_addr(vs); 3024 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3025 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3026 3027 if (!vs->websocket) { 3028 vnc_init_state(vs); 3029 } 3030 3031 if (vd->num_connecting > vd->connections_limit) { 3032 QTAILQ_FOREACH(vs, &vd->clients, next) { 3033 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3034 vnc_disconnect_start(vs); 3035 return; 3036 } 3037 } 3038 } 3039 } 3040 3041 void vnc_init_state(VncState *vs) 3042 { 3043 vs->initialized = true; 3044 VncDisplay *vd = vs->vd; 3045 bool first_client = QTAILQ_EMPTY(&vd->clients); 3046 3047 vs->last_x = -1; 3048 vs->last_y = -1; 3049 3050 vs->as.freq = 44100; 3051 vs->as.nchannels = 2; 3052 vs->as.fmt = AUD_FMT_S16; 3053 vs->as.endianness = 0; 3054 3055 qemu_mutex_init(&vs->output_mutex); 3056 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3057 3058 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3059 if (first_client) { 3060 vnc_update_server_surface(vd); 3061 } 3062 3063 graphic_hw_update(vd->dcl.con); 3064 3065 vnc_write(vs, "RFB 003.008\n", 12); 3066 vnc_flush(vs); 3067 vnc_read_when(vs, protocol_version, 12); 3068 reset_keys(vs); 3069 if (vs->vd->lock_key_sync) 3070 vs->led = qemu_add_led_event_handler(kbd_leds, vs); 3071 3072 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3073 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3074 3075 /* vs might be free()ed here */ 3076 } 3077 3078 static gboolean vnc_listen_io(QIOChannel *ioc, 3079 GIOCondition condition, 3080 void *opaque) 3081 { 3082 VncDisplay *vs = opaque; 3083 QIOChannelSocket *sioc = NULL; 3084 Error *err = NULL; 3085 3086 /* Catch-up */ 3087 graphic_hw_update(vs->dcl.con); 3088 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err); 3089 if (sioc != NULL) { 3090 qio_channel_set_delay(QIO_CHANNEL(sioc), false); 3091 vnc_connect(vs, sioc, false, 3092 ioc != QIO_CHANNEL(vs->lsock)); 3093 object_unref(OBJECT(sioc)); 3094 } else { 3095 /* client probably closed connection before we got there */ 3096 error_free(err); 3097 } 3098 3099 return TRUE; 3100 } 3101 3102 static const DisplayChangeListenerOps dcl_ops = { 3103 .dpy_name = "vnc", 3104 .dpy_refresh = vnc_refresh, 3105 .dpy_gfx_copy = vnc_dpy_copy, 3106 .dpy_gfx_update = vnc_dpy_update, 3107 .dpy_gfx_switch = vnc_dpy_switch, 3108 .dpy_gfx_check_format = qemu_pixman_check_format, 3109 .dpy_mouse_set = vnc_mouse_set, 3110 .dpy_cursor_define = vnc_dpy_cursor_define, 3111 }; 3112 3113 void vnc_display_init(const char *id) 3114 { 3115 VncDisplay *vs; 3116 3117 if (vnc_display_find(id) != NULL) { 3118 return; 3119 } 3120 vs = g_malloc0(sizeof(*vs)); 3121 3122 vs->id = strdup(id); 3123 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next); 3124 3125 QTAILQ_INIT(&vs->clients); 3126 vs->expires = TIME_MAX; 3127 3128 if (keyboard_layout) { 3129 trace_vnc_key_map_init(keyboard_layout); 3130 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout); 3131 } else { 3132 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us"); 3133 } 3134 3135 if (!vs->kbd_layout) 3136 exit(1); 3137 3138 qemu_mutex_init(&vs->mutex); 3139 vnc_start_worker_thread(); 3140 3141 vs->dcl.ops = &dcl_ops; 3142 register_displaychangelistener(&vs->dcl); 3143 } 3144 3145 3146 static void vnc_display_close(VncDisplay *vs) 3147 { 3148 if (!vs) 3149 return; 3150 vs->enabled = false; 3151 vs->is_unix = false; 3152 if (vs->lsock != NULL) { 3153 if (vs->lsock_tag) { 3154 g_source_remove(vs->lsock_tag); 3155 } 3156 object_unref(OBJECT(vs->lsock)); 3157 vs->lsock = NULL; 3158 } 3159 vs->ws_enabled = false; 3160 if (vs->lwebsock != NULL) { 3161 if (vs->lwebsock_tag) { 3162 g_source_remove(vs->lwebsock_tag); 3163 } 3164 object_unref(OBJECT(vs->lwebsock)); 3165 vs->lwebsock = NULL; 3166 } 3167 vs->auth = VNC_AUTH_INVALID; 3168 vs->subauth = VNC_AUTH_INVALID; 3169 if (vs->tlscreds) { 3170 object_unparent(OBJECT(vs->tlscreds)); 3171 vs->tlscreds = NULL; 3172 } 3173 g_free(vs->tlsaclname); 3174 vs->tlsaclname = NULL; 3175 } 3176 3177 int vnc_display_password(const char *id, const char *password) 3178 { 3179 VncDisplay *vs = vnc_display_find(id); 3180 3181 if (!vs) { 3182 return -EINVAL; 3183 } 3184 if (vs->auth == VNC_AUTH_NONE) { 3185 error_printf_unless_qmp("If you want use passwords please enable " 3186 "password auth using '-vnc ${dpy},password'."); 3187 return -EINVAL; 3188 } 3189 3190 g_free(vs->password); 3191 vs->password = g_strdup(password); 3192 3193 return 0; 3194 } 3195 3196 int vnc_display_pw_expire(const char *id, time_t expires) 3197 { 3198 VncDisplay *vs = vnc_display_find(id); 3199 3200 if (!vs) { 3201 return -EINVAL; 3202 } 3203 3204 vs->expires = expires; 3205 return 0; 3206 } 3207 3208 char *vnc_display_local_addr(const char *id) 3209 { 3210 VncDisplay *vs = vnc_display_find(id); 3211 SocketAddress *addr; 3212 char *ret; 3213 Error *err = NULL; 3214 3215 assert(vs); 3216 3217 addr = qio_channel_socket_get_local_address(vs->lsock, &err); 3218 if (!addr) { 3219 return NULL; 3220 } 3221 3222 if (addr->type != SOCKET_ADDRESS_KIND_INET) { 3223 qapi_free_SocketAddress(addr); 3224 return NULL; 3225 } 3226 ret = g_strdup_printf("%s:%s", addr->u.inet.data->host, 3227 addr->u.inet.data->port); 3228 qapi_free_SocketAddress(addr); 3229 3230 return ret; 3231 } 3232 3233 static QemuOptsList qemu_vnc_opts = { 3234 .name = "vnc", 3235 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3236 .implied_opt_name = "vnc", 3237 .desc = { 3238 { 3239 .name = "vnc", 3240 .type = QEMU_OPT_STRING, 3241 },{ 3242 .name = "websocket", 3243 .type = QEMU_OPT_STRING, 3244 },{ 3245 .name = "tls-creds", 3246 .type = QEMU_OPT_STRING, 3247 },{ 3248 /* Deprecated in favour of tls-creds */ 3249 .name = "x509", 3250 .type = QEMU_OPT_STRING, 3251 },{ 3252 .name = "share", 3253 .type = QEMU_OPT_STRING, 3254 },{ 3255 .name = "display", 3256 .type = QEMU_OPT_STRING, 3257 },{ 3258 .name = "head", 3259 .type = QEMU_OPT_NUMBER, 3260 },{ 3261 .name = "connections", 3262 .type = QEMU_OPT_NUMBER, 3263 },{ 3264 .name = "to", 3265 .type = QEMU_OPT_NUMBER, 3266 },{ 3267 .name = "ipv4", 3268 .type = QEMU_OPT_BOOL, 3269 },{ 3270 .name = "ipv6", 3271 .type = QEMU_OPT_BOOL, 3272 },{ 3273 .name = "password", 3274 .type = QEMU_OPT_BOOL, 3275 },{ 3276 .name = "reverse", 3277 .type = QEMU_OPT_BOOL, 3278 },{ 3279 .name = "lock-key-sync", 3280 .type = QEMU_OPT_BOOL, 3281 },{ 3282 .name = "key-delay-ms", 3283 .type = QEMU_OPT_NUMBER, 3284 },{ 3285 .name = "sasl", 3286 .type = QEMU_OPT_BOOL, 3287 },{ 3288 /* Deprecated in favour of tls-creds */ 3289 .name = "tls", 3290 .type = QEMU_OPT_BOOL, 3291 },{ 3292 /* Deprecated in favour of tls-creds */ 3293 .name = "x509verify", 3294 .type = QEMU_OPT_STRING, 3295 },{ 3296 .name = "acl", 3297 .type = QEMU_OPT_BOOL, 3298 },{ 3299 .name = "lossy", 3300 .type = QEMU_OPT_BOOL, 3301 },{ 3302 .name = "non-adaptive", 3303 .type = QEMU_OPT_BOOL, 3304 }, 3305 { /* end of list */ } 3306 }, 3307 }; 3308 3309 3310 static int 3311 vnc_display_setup_auth(VncDisplay *vs, 3312 bool password, 3313 bool sasl, 3314 bool websocket, 3315 Error **errp) 3316 { 3317 /* 3318 * We have a choice of 3 authentication options 3319 * 3320 * 1. none 3321 * 2. vnc 3322 * 3. sasl 3323 * 3324 * The channel can be run in 2 modes 3325 * 3326 * 1. clear 3327 * 2. tls 3328 * 3329 * And TLS can use 2 types of credentials 3330 * 3331 * 1. anon 3332 * 2. x509 3333 * 3334 * We thus have 9 possible logical combinations 3335 * 3336 * 1. clear + none 3337 * 2. clear + vnc 3338 * 3. clear + sasl 3339 * 4. tls + anon + none 3340 * 5. tls + anon + vnc 3341 * 6. tls + anon + sasl 3342 * 7. tls + x509 + none 3343 * 8. tls + x509 + vnc 3344 * 9. tls + x509 + sasl 3345 * 3346 * These need to be mapped into the VNC auth schemes 3347 * in an appropriate manner. In regular VNC, all the 3348 * TLS options get mapped into VNC_AUTH_VENCRYPT 3349 * sub-auth types. 3350 * 3351 * In websockets, the https:// protocol already provides 3352 * TLS support, so there is no need to make use of the 3353 * VeNCrypt extension. Furthermore, websockets browser 3354 * clients could not use VeNCrypt even if they wanted to, 3355 * as they cannot control when the TLS handshake takes 3356 * place. Thus there is no option but to rely on https://, 3357 * meaning combinations 4->6 and 7->9 will be mapped to 3358 * VNC auth schemes in the same way as combos 1->3. 3359 * 3360 * Regardless of fact that we have a different mapping to 3361 * VNC auth mechs for plain VNC vs websockets VNC, the end 3362 * result has the same security characteristics. 3363 */ 3364 if (password) { 3365 if (vs->tlscreds) { 3366 vs->auth = VNC_AUTH_VENCRYPT; 3367 if (websocket) { 3368 vs->ws_tls = true; 3369 } 3370 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3371 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3372 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3373 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC; 3374 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3375 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3376 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3377 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3378 } else { 3379 error_setg(errp, 3380 "Unsupported TLS cred type %s", 3381 object_get_typename(OBJECT(vs->tlscreds))); 3382 return -1; 3383 } 3384 } else { 3385 VNC_DEBUG("Initializing VNC server with password auth\n"); 3386 vs->auth = VNC_AUTH_VNC; 3387 vs->subauth = VNC_AUTH_INVALID; 3388 } 3389 if (websocket) { 3390 vs->ws_auth = VNC_AUTH_VNC; 3391 } else { 3392 vs->ws_auth = VNC_AUTH_INVALID; 3393 } 3394 } else if (sasl) { 3395 if (vs->tlscreds) { 3396 vs->auth = VNC_AUTH_VENCRYPT; 3397 if (websocket) { 3398 vs->ws_tls = true; 3399 } 3400 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3401 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3402 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3403 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL; 3404 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3405 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3406 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3407 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3408 } else { 3409 error_setg(errp, 3410 "Unsupported TLS cred type %s", 3411 object_get_typename(OBJECT(vs->tlscreds))); 3412 return -1; 3413 } 3414 } else { 3415 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3416 vs->auth = VNC_AUTH_SASL; 3417 vs->subauth = VNC_AUTH_INVALID; 3418 } 3419 if (websocket) { 3420 vs->ws_auth = VNC_AUTH_SASL; 3421 } else { 3422 vs->ws_auth = VNC_AUTH_INVALID; 3423 } 3424 } else { 3425 if (vs->tlscreds) { 3426 vs->auth = VNC_AUTH_VENCRYPT; 3427 if (websocket) { 3428 vs->ws_tls = true; 3429 } 3430 if (object_dynamic_cast(OBJECT(vs->tlscreds), 3431 TYPE_QCRYPTO_TLS_CREDS_X509)) { 3432 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3433 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE; 3434 } else if (object_dynamic_cast(OBJECT(vs->tlscreds), 3435 TYPE_QCRYPTO_TLS_CREDS_ANON)) { 3436 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3437 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3438 } else { 3439 error_setg(errp, 3440 "Unsupported TLS cred type %s", 3441 object_get_typename(OBJECT(vs->tlscreds))); 3442 return -1; 3443 } 3444 } else { 3445 VNC_DEBUG("Initializing VNC server with no auth\n"); 3446 vs->auth = VNC_AUTH_NONE; 3447 vs->subauth = VNC_AUTH_INVALID; 3448 } 3449 if (websocket) { 3450 vs->ws_auth = VNC_AUTH_NONE; 3451 } else { 3452 vs->ws_auth = VNC_AUTH_INVALID; 3453 } 3454 } 3455 return 0; 3456 } 3457 3458 3459 /* 3460 * Handle back compat with old CLI syntax by creating some 3461 * suitable QCryptoTLSCreds objects 3462 */ 3463 static QCryptoTLSCreds * 3464 vnc_display_create_creds(bool x509, 3465 bool x509verify, 3466 const char *dir, 3467 const char *id, 3468 Error **errp) 3469 { 3470 gchar *credsid = g_strdup_printf("tlsvnc%s", id); 3471 Object *parent = object_get_objects_root(); 3472 Object *creds; 3473 Error *err = NULL; 3474 3475 if (x509) { 3476 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509, 3477 parent, 3478 credsid, 3479 &err, 3480 "endpoint", "server", 3481 "dir", dir, 3482 "verify-peer", x509verify ? "yes" : "no", 3483 NULL); 3484 } else { 3485 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON, 3486 parent, 3487 credsid, 3488 &err, 3489 "endpoint", "server", 3490 NULL); 3491 } 3492 3493 g_free(credsid); 3494 3495 if (err) { 3496 error_propagate(errp, err); 3497 return NULL; 3498 } 3499 3500 return QCRYPTO_TLS_CREDS(creds); 3501 } 3502 3503 3504 void vnc_display_open(const char *id, Error **errp) 3505 { 3506 VncDisplay *vs = vnc_display_find(id); 3507 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 3508 SocketAddress *saddr = NULL, *wsaddr = NULL; 3509 const char *share, *device_id; 3510 QemuConsole *con; 3511 bool password = false; 3512 bool reverse = false; 3513 const char *vnc; 3514 char *h; 3515 const char *credid; 3516 bool sasl = false; 3517 #ifdef CONFIG_VNC_SASL 3518 int saslErr; 3519 #endif 3520 int acl = 0; 3521 int lock_key_sync = 1; 3522 int key_delay_ms; 3523 3524 if (!vs) { 3525 error_setg(errp, "VNC display not active"); 3526 return; 3527 } 3528 vnc_display_close(vs); 3529 3530 if (!opts) { 3531 return; 3532 } 3533 vnc = qemu_opt_get(opts, "vnc"); 3534 if (!vnc || strcmp(vnc, "none") == 0) { 3535 return; 3536 } 3537 3538 h = strrchr(vnc, ':'); 3539 if (h) { 3540 size_t hlen = h - vnc; 3541 3542 const char *websocket = qemu_opt_get(opts, "websocket"); 3543 int to = qemu_opt_get_number(opts, "to", 0); 3544 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3545 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3546 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3547 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3548 3549 saddr = g_new0(SocketAddress, 1); 3550 if (websocket) { 3551 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) { 3552 error_setg(errp, 3553 "SHA1 hash support is required for websockets"); 3554 goto fail; 3555 } 3556 3557 wsaddr = g_new0(SocketAddress, 1); 3558 vs->ws_enabled = true; 3559 } 3560 3561 if (strncmp(vnc, "unix:", 5) == 0) { 3562 saddr->type = SOCKET_ADDRESS_KIND_UNIX; 3563 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1); 3564 saddr->u.q_unix.data->path = g_strdup(vnc + 5); 3565 3566 if (vs->ws_enabled) { 3567 error_setg(errp, "UNIX sockets not supported with websock"); 3568 goto fail; 3569 } 3570 } else { 3571 unsigned long long baseport; 3572 InetSocketAddress *inet; 3573 saddr->type = SOCKET_ADDRESS_KIND_INET; 3574 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1); 3575 if (vnc[0] == '[' && vnc[hlen - 1] == ']') { 3576 inet->host = g_strndup(vnc + 1, hlen - 2); 3577 } else { 3578 inet->host = g_strndup(vnc, hlen); 3579 } 3580 if (parse_uint_full(h + 1, &baseport, 10) < 0) { 3581 error_setg(errp, "can't convert to a number: %s", h + 1); 3582 goto fail; 3583 } 3584 if (baseport > 65535 || 3585 baseport + 5900 > 65535) { 3586 error_setg(errp, "port %s out of range", h + 1); 3587 goto fail; 3588 } 3589 inet->port = g_strdup_printf( 3590 "%d", (int)baseport + 5900); 3591 3592 if (to) { 3593 inet->has_to = true; 3594 inet->to = to + 5900; 3595 } 3596 inet->ipv4 = ipv4; 3597 inet->has_ipv4 = has_ipv4; 3598 inet->ipv6 = ipv6; 3599 inet->has_ipv6 = has_ipv6; 3600 3601 if (vs->ws_enabled) { 3602 wsaddr->type = SOCKET_ADDRESS_KIND_INET; 3603 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1); 3604 inet->host = g_strdup(saddr->u.inet.data->host); 3605 inet->port = g_strdup(websocket); 3606 3607 if (to) { 3608 inet->has_to = true; 3609 inet->to = to; 3610 } 3611 inet->ipv4 = ipv4; 3612 inet->has_ipv4 = has_ipv4; 3613 inet->ipv6 = ipv6; 3614 inet->has_ipv6 = has_ipv6; 3615 } 3616 } 3617 } else { 3618 error_setg(errp, "no vnc port specified"); 3619 goto fail; 3620 } 3621 3622 password = qemu_opt_get_bool(opts, "password", false); 3623 if (password) { 3624 if (fips_get_state()) { 3625 error_setg(errp, 3626 "VNC password auth disabled due to FIPS mode, " 3627 "consider using the VeNCrypt or SASL authentication " 3628 "methods as an alternative"); 3629 goto fail; 3630 } 3631 if (!qcrypto_cipher_supports( 3632 QCRYPTO_CIPHER_ALG_DES_RFB)) { 3633 error_setg(errp, 3634 "Cipher backend does not support DES RFB algorithm"); 3635 goto fail; 3636 } 3637 } 3638 3639 reverse = qemu_opt_get_bool(opts, "reverse", false); 3640 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 3641 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1); 3642 sasl = qemu_opt_get_bool(opts, "sasl", false); 3643 #ifndef CONFIG_VNC_SASL 3644 if (sasl) { 3645 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 3646 goto fail; 3647 } 3648 #endif /* CONFIG_VNC_SASL */ 3649 credid = qemu_opt_get(opts, "tls-creds"); 3650 if (credid) { 3651 Object *creds; 3652 if (qemu_opt_get(opts, "tls") || 3653 qemu_opt_get(opts, "x509") || 3654 qemu_opt_get(opts, "x509verify")) { 3655 error_setg(errp, 3656 "'tls-creds' parameter is mutually exclusive with " 3657 "'tls', 'x509' and 'x509verify' parameters"); 3658 goto fail; 3659 } 3660 3661 creds = object_resolve_path_component( 3662 object_get_objects_root(), credid); 3663 if (!creds) { 3664 error_setg(errp, "No TLS credentials with id '%s'", 3665 credid); 3666 goto fail; 3667 } 3668 vs->tlscreds = (QCryptoTLSCreds *) 3669 object_dynamic_cast(creds, 3670 TYPE_QCRYPTO_TLS_CREDS); 3671 if (!vs->tlscreds) { 3672 error_setg(errp, "Object with id '%s' is not TLS credentials", 3673 credid); 3674 goto fail; 3675 } 3676 object_ref(OBJECT(vs->tlscreds)); 3677 3678 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) { 3679 error_setg(errp, 3680 "Expecting TLS credentials with a server endpoint"); 3681 goto fail; 3682 } 3683 } else { 3684 const char *path; 3685 bool tls = false, x509 = false, x509verify = false; 3686 tls = qemu_opt_get_bool(opts, "tls", false); 3687 if (tls) { 3688 path = qemu_opt_get(opts, "x509"); 3689 3690 if (path) { 3691 x509 = true; 3692 } else { 3693 path = qemu_opt_get(opts, "x509verify"); 3694 if (path) { 3695 x509 = true; 3696 x509verify = true; 3697 } 3698 } 3699 vs->tlscreds = vnc_display_create_creds(x509, 3700 x509verify, 3701 path, 3702 vs->id, 3703 errp); 3704 if (!vs->tlscreds) { 3705 goto fail; 3706 } 3707 } 3708 } 3709 acl = qemu_opt_get_bool(opts, "acl", false); 3710 3711 share = qemu_opt_get(opts, "share"); 3712 if (share) { 3713 if (strcmp(share, "ignore") == 0) { 3714 vs->share_policy = VNC_SHARE_POLICY_IGNORE; 3715 } else if (strcmp(share, "allow-exclusive") == 0) { 3716 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3717 } else if (strcmp(share, "force-shared") == 0) { 3718 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 3719 } else { 3720 error_setg(errp, "unknown vnc share= option"); 3721 goto fail; 3722 } 3723 } else { 3724 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3725 } 3726 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32); 3727 3728 #ifdef CONFIG_VNC_JPEG 3729 vs->lossy = qemu_opt_get_bool(opts, "lossy", false); 3730 #endif 3731 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 3732 /* adaptive updates are only used with tight encoding and 3733 * if lossy updates are enabled so we can disable all the 3734 * calculations otherwise */ 3735 if (!vs->lossy) { 3736 vs->non_adaptive = true; 3737 } 3738 3739 if (acl) { 3740 if (strcmp(vs->id, "default") == 0) { 3741 vs->tlsaclname = g_strdup("vnc.x509dname"); 3742 } else { 3743 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id); 3744 } 3745 qemu_acl_init(vs->tlsaclname); 3746 } 3747 #ifdef CONFIG_VNC_SASL 3748 if (acl && sasl) { 3749 char *aclname; 3750 3751 if (strcmp(vs->id, "default") == 0) { 3752 aclname = g_strdup("vnc.username"); 3753 } else { 3754 aclname = g_strdup_printf("vnc.%s.username", vs->id); 3755 } 3756 vs->sasl.acl = qemu_acl_init(aclname); 3757 g_free(aclname); 3758 } 3759 #endif 3760 3761 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) { 3762 goto fail; 3763 } 3764 3765 #ifdef CONFIG_VNC_SASL 3766 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) { 3767 error_setg(errp, "Failed to initialize SASL auth: %s", 3768 sasl_errstring(saslErr, NULL, NULL)); 3769 goto fail; 3770 } 3771 #endif 3772 vs->lock_key_sync = lock_key_sync; 3773 vs->key_delay_ms = key_delay_ms; 3774 3775 device_id = qemu_opt_get(opts, "display"); 3776 if (device_id) { 3777 int head = qemu_opt_get_number(opts, "head", 0); 3778 Error *err = NULL; 3779 3780 con = qemu_console_lookup_by_device_name(device_id, head, &err); 3781 if (err) { 3782 error_propagate(errp, err); 3783 goto fail; 3784 } 3785 } else { 3786 con = NULL; 3787 } 3788 3789 if (con != vs->dcl.con) { 3790 unregister_displaychangelistener(&vs->dcl); 3791 vs->dcl.con = con; 3792 register_displaychangelistener(&vs->dcl); 3793 } 3794 3795 if (reverse) { 3796 /* connect to viewer */ 3797 QIOChannelSocket *sioc = NULL; 3798 vs->lsock = NULL; 3799 vs->lwebsock = NULL; 3800 if (vs->ws_enabled) { 3801 error_setg(errp, "Cannot use websockets in reverse mode"); 3802 goto fail; 3803 } 3804 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3805 sioc = qio_channel_socket_new(); 3806 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) { 3807 goto fail; 3808 } 3809 vnc_connect(vs, sioc, false, false); 3810 object_unref(OBJECT(sioc)); 3811 } else { 3812 vs->lsock = qio_channel_socket_new(); 3813 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) { 3814 goto fail; 3815 } 3816 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX; 3817 vs->enabled = true; 3818 3819 if (vs->ws_enabled) { 3820 vs->lwebsock = qio_channel_socket_new(); 3821 if (qio_channel_socket_listen_sync(vs->lwebsock, 3822 wsaddr, errp) < 0) { 3823 object_unref(OBJECT(vs->lsock)); 3824 vs->lsock = NULL; 3825 goto fail; 3826 } 3827 } 3828 3829 vs->lsock_tag = qio_channel_add_watch( 3830 QIO_CHANNEL(vs->lsock), 3831 G_IO_IN, vnc_listen_io, vs, NULL); 3832 if (vs->ws_enabled) { 3833 vs->lwebsock_tag = qio_channel_add_watch( 3834 QIO_CHANNEL(vs->lwebsock), 3835 G_IO_IN, vnc_listen_io, vs, NULL); 3836 } 3837 } 3838 3839 qapi_free_SocketAddress(saddr); 3840 qapi_free_SocketAddress(wsaddr); 3841 return; 3842 3843 fail: 3844 qapi_free_SocketAddress(saddr); 3845 qapi_free_SocketAddress(wsaddr); 3846 vs->enabled = false; 3847 vs->ws_enabled = false; 3848 } 3849 3850 void vnc_display_add_client(const char *id, int csock, bool skipauth) 3851 { 3852 VncDisplay *vs = vnc_display_find(id); 3853 QIOChannelSocket *sioc; 3854 3855 if (!vs) { 3856 return; 3857 } 3858 3859 sioc = qio_channel_socket_new_fd(csock, NULL); 3860 if (sioc) { 3861 vnc_connect(vs, sioc, skipauth, false); 3862 object_unref(OBJECT(sioc)); 3863 } 3864 } 3865 3866 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 3867 { 3868 int i = 2; 3869 char *id; 3870 3871 id = g_strdup("default"); 3872 while (qemu_opts_find(olist, id)) { 3873 g_free(id); 3874 id = g_strdup_printf("vnc%d", i++); 3875 } 3876 qemu_opts_set_id(opts, id); 3877 } 3878 3879 QemuOpts *vnc_parse(const char *str, Error **errp) 3880 { 3881 QemuOptsList *olist = qemu_find_opts("vnc"); 3882 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp); 3883 const char *id; 3884 3885 if (!opts) { 3886 return NULL; 3887 } 3888 3889 id = qemu_opts_id(opts); 3890 if (!id) { 3891 /* auto-assign id if not present */ 3892 vnc_auto_assign_id(olist, opts); 3893 } 3894 return opts; 3895 } 3896 3897 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 3898 { 3899 Error *local_err = NULL; 3900 char *id = (char *)qemu_opts_id(opts); 3901 3902 assert(id); 3903 vnc_display_init(id); 3904 vnc_display_open(id, &local_err); 3905 if (local_err != NULL) { 3906 error_reportf_err(local_err, "Failed to start VNC server: "); 3907 exit(1); 3908 } 3909 return 0; 3910 } 3911 3912 static void vnc_register_config(void) 3913 { 3914 qemu_add_opts(&qemu_vnc_opts); 3915 } 3916 opts_init(vnc_register_config); 3917