1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "system/system.h"
33 #include "system/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
46 #include "ui/input.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscreds.h"
49 #include "crypto/tlscredsanon.h"
50 #include "crypto/tlscredsx509.h"
51 #include "crypto/random.h"
52 #include "crypto/secret_common.h"
53 #include "qom/object_interfaces.h"
54 #include "qemu/cutils.h"
55 #include "qemu/help_option.h"
56 #include "io/dns-resolver.h"
57 #include "monitor/monitor.h"
58
59 typedef struct VncConnection {
60 VncState vs;
61 VncZlib zlib;
62 } VncConnection;
63
64 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
65 #define VNC_REFRESH_INTERVAL_INC 50
66 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
67 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
68 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
69
70 #include "vnc_keysym.h"
71 #include "crypto/cipher.h"
72
73 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
74 QTAILQ_HEAD_INITIALIZER(vnc_displays);
75
76 static int vnc_cursor_define(VncState *vs);
77 static void vnc_update_throttle_offset(VncState *vs);
78
vnc_set_share_mode(VncState * vs,VncShareMode mode)79 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
80 {
81 #ifdef _VNC_DEBUG
82 static const char *mn[] = {
83 [0] = "undefined",
84 [VNC_SHARE_MODE_CONNECTING] = "connecting",
85 [VNC_SHARE_MODE_SHARED] = "shared",
86 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
87 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
88 };
89 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
90 vs->ioc, mn[vs->share_mode], mn[mode]);
91 #endif
92
93 switch (vs->share_mode) {
94 case VNC_SHARE_MODE_CONNECTING:
95 vs->vd->num_connecting--;
96 break;
97 case VNC_SHARE_MODE_SHARED:
98 vs->vd->num_shared--;
99 break;
100 case VNC_SHARE_MODE_EXCLUSIVE:
101 vs->vd->num_exclusive--;
102 break;
103 default:
104 break;
105 }
106
107 vs->share_mode = mode;
108
109 switch (vs->share_mode) {
110 case VNC_SHARE_MODE_CONNECTING:
111 vs->vd->num_connecting++;
112 break;
113 case VNC_SHARE_MODE_SHARED:
114 vs->vd->num_shared++;
115 break;
116 case VNC_SHARE_MODE_EXCLUSIVE:
117 vs->vd->num_exclusive++;
118 break;
119 default:
120 break;
121 }
122 }
123
124
vnc_init_basic_info(SocketAddress * addr,VncBasicInfo * info,Error ** errp)125 static void vnc_init_basic_info(SocketAddress *addr,
126 VncBasicInfo *info,
127 Error **errp)
128 {
129 switch (addr->type) {
130 case SOCKET_ADDRESS_TYPE_INET:
131 info->host = g_strdup(addr->u.inet.host);
132 info->service = g_strdup(addr->u.inet.port);
133 if (addr->u.inet.ipv6) {
134 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
135 } else {
136 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
137 }
138 break;
139
140 case SOCKET_ADDRESS_TYPE_UNIX:
141 info->host = g_strdup("");
142 info->service = g_strdup(addr->u.q_unix.path);
143 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
144 break;
145
146 case SOCKET_ADDRESS_TYPE_VSOCK:
147 case SOCKET_ADDRESS_TYPE_FD:
148 error_setg(errp, "Unsupported socket address type %s",
149 SocketAddressType_str(addr->type));
150 break;
151 default:
152 abort();
153 }
154
155 return;
156 }
157
vnc_init_basic_info_from_server_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)158 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
159 VncBasicInfo *info,
160 Error **errp)
161 {
162 SocketAddress *addr = NULL;
163
164 if (!ioc) {
165 error_setg(errp, "No listener socket available");
166 return;
167 }
168
169 addr = qio_channel_socket_get_local_address(ioc, errp);
170 if (!addr) {
171 return;
172 }
173
174 vnc_init_basic_info(addr, info, errp);
175 qapi_free_SocketAddress(addr);
176 }
177
vnc_init_basic_info_from_remote_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)178 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
179 VncBasicInfo *info,
180 Error **errp)
181 {
182 SocketAddress *addr = NULL;
183
184 addr = qio_channel_socket_get_remote_address(ioc, errp);
185 if (!addr) {
186 return;
187 }
188
189 vnc_init_basic_info(addr, info, errp);
190 qapi_free_SocketAddress(addr);
191 }
192
vnc_auth_name(VncDisplay * vd)193 static const char *vnc_auth_name(VncDisplay *vd) {
194 switch (vd->auth) {
195 case VNC_AUTH_INVALID:
196 return "invalid";
197 case VNC_AUTH_NONE:
198 return "none";
199 case VNC_AUTH_VNC:
200 return "vnc";
201 case VNC_AUTH_RA2:
202 return "ra2";
203 case VNC_AUTH_RA2NE:
204 return "ra2ne";
205 case VNC_AUTH_TIGHT:
206 return "tight";
207 case VNC_AUTH_ULTRA:
208 return "ultra";
209 case VNC_AUTH_TLS:
210 return "tls";
211 case VNC_AUTH_VENCRYPT:
212 switch (vd->subauth) {
213 case VNC_AUTH_VENCRYPT_PLAIN:
214 return "vencrypt+plain";
215 case VNC_AUTH_VENCRYPT_TLSNONE:
216 return "vencrypt+tls+none";
217 case VNC_AUTH_VENCRYPT_TLSVNC:
218 return "vencrypt+tls+vnc";
219 case VNC_AUTH_VENCRYPT_TLSPLAIN:
220 return "vencrypt+tls+plain";
221 case VNC_AUTH_VENCRYPT_X509NONE:
222 return "vencrypt+x509+none";
223 case VNC_AUTH_VENCRYPT_X509VNC:
224 return "vencrypt+x509+vnc";
225 case VNC_AUTH_VENCRYPT_X509PLAIN:
226 return "vencrypt+x509+plain";
227 case VNC_AUTH_VENCRYPT_TLSSASL:
228 return "vencrypt+tls+sasl";
229 case VNC_AUTH_VENCRYPT_X509SASL:
230 return "vencrypt+x509+sasl";
231 default:
232 return "vencrypt";
233 }
234 case VNC_AUTH_SASL:
235 return "sasl";
236 }
237 return "unknown";
238 }
239
vnc_server_info_get(VncDisplay * vd)240 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
241 {
242 VncServerInfo *info;
243 Error *err = NULL;
244
245 if (!vd->listener || !vd->listener->nsioc) {
246 return NULL;
247 }
248
249 info = g_malloc0(sizeof(*info));
250 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
251 qapi_VncServerInfo_base(info), &err);
252 info->auth = g_strdup(vnc_auth_name(vd));
253 if (err) {
254 qapi_free_VncServerInfo(info);
255 info = NULL;
256 error_free(err);
257 }
258 return info;
259 }
260
vnc_client_cache_auth(VncState * client)261 static void vnc_client_cache_auth(VncState *client)
262 {
263 if (!client->info) {
264 return;
265 }
266
267 if (client->tls) {
268 client->info->x509_dname =
269 qcrypto_tls_session_get_peer_name(client->tls);
270 }
271 #ifdef CONFIG_VNC_SASL
272 if (client->sasl.conn &&
273 client->sasl.username) {
274 client->info->sasl_username = g_strdup(client->sasl.username);
275 }
276 #endif
277 }
278
vnc_client_cache_addr(VncState * client)279 static void vnc_client_cache_addr(VncState *client)
280 {
281 Error *err = NULL;
282
283 client->info = g_malloc0(sizeof(*client->info));
284 vnc_init_basic_info_from_remote_addr(client->sioc,
285 qapi_VncClientInfo_base(client->info),
286 &err);
287 client->info->websocket = client->websocket;
288 if (err) {
289 qapi_free_VncClientInfo(client->info);
290 client->info = NULL;
291 error_free(err);
292 }
293 }
294
vnc_qmp_event(VncState * vs,QAPIEvent event)295 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
296 {
297 VncServerInfo *si;
298
299 if (!vs->info) {
300 return;
301 }
302
303 si = vnc_server_info_get(vs->vd);
304 if (!si) {
305 return;
306 }
307
308 switch (event) {
309 case QAPI_EVENT_VNC_CONNECTED:
310 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
311 break;
312 case QAPI_EVENT_VNC_INITIALIZED:
313 qapi_event_send_vnc_initialized(si, vs->info);
314 break;
315 case QAPI_EVENT_VNC_DISCONNECTED:
316 qapi_event_send_vnc_disconnected(si, vs->info);
317 break;
318 default:
319 break;
320 }
321
322 qapi_free_VncServerInfo(si);
323 }
324
qmp_query_vnc_client(const VncState * client)325 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
326 {
327 VncClientInfo *info;
328 Error *err = NULL;
329
330 info = g_malloc0(sizeof(*info));
331
332 vnc_init_basic_info_from_remote_addr(client->sioc,
333 qapi_VncClientInfo_base(info),
334 &err);
335 if (err) {
336 error_free(err);
337 qapi_free_VncClientInfo(info);
338 return NULL;
339 }
340
341 info->websocket = client->websocket;
342
343 if (client->tls) {
344 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
345 }
346 #ifdef CONFIG_VNC_SASL
347 if (client->sasl.conn && client->sasl.username) {
348 info->sasl_username = g_strdup(client->sasl.username);
349 }
350 #endif
351
352 return info;
353 }
354
vnc_display_find(const char * id)355 static VncDisplay *vnc_display_find(const char *id)
356 {
357 VncDisplay *vd;
358
359 if (id == NULL) {
360 return QTAILQ_FIRST(&vnc_displays);
361 }
362 QTAILQ_FOREACH(vd, &vnc_displays, next) {
363 if (strcmp(id, vd->id) == 0) {
364 return vd;
365 }
366 }
367 return NULL;
368 }
369
qmp_query_client_list(VncDisplay * vd)370 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
371 {
372 VncClientInfoList *prev = NULL;
373 VncState *client;
374
375 QTAILQ_FOREACH(client, &vd->clients, next) {
376 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
377 }
378 return prev;
379 }
380
qmp_query_vnc(Error ** errp)381 VncInfo *qmp_query_vnc(Error **errp)
382 {
383 VncInfo *info = g_malloc0(sizeof(*info));
384 VncDisplay *vd = vnc_display_find(NULL);
385 SocketAddress *addr = NULL;
386
387 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
388 info->enabled = false;
389 } else {
390 info->enabled = true;
391
392 /* for compatibility with the original command */
393 info->has_clients = true;
394 info->clients = qmp_query_client_list(vd);
395
396 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
397 errp);
398 if (!addr) {
399 goto out_error;
400 }
401
402 switch (addr->type) {
403 case SOCKET_ADDRESS_TYPE_INET:
404 info->host = g_strdup(addr->u.inet.host);
405 info->service = g_strdup(addr->u.inet.port);
406 if (addr->u.inet.ipv6) {
407 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
408 } else {
409 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
410 }
411 break;
412
413 case SOCKET_ADDRESS_TYPE_UNIX:
414 info->host = g_strdup("");
415 info->service = g_strdup(addr->u.q_unix.path);
416 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
417 break;
418
419 case SOCKET_ADDRESS_TYPE_VSOCK:
420 case SOCKET_ADDRESS_TYPE_FD:
421 error_setg(errp, "Unsupported socket address type %s",
422 SocketAddressType_str(addr->type));
423 goto out_error;
424 default:
425 abort();
426 }
427
428 info->has_family = true;
429
430 info->auth = g_strdup(vnc_auth_name(vd));
431 }
432
433 qapi_free_SocketAddress(addr);
434 return info;
435
436 out_error:
437 qapi_free_SocketAddress(addr);
438 qapi_free_VncInfo(info);
439 return NULL;
440 }
441
442
443 static void qmp_query_auth(int auth, int subauth,
444 VncPrimaryAuth *qmp_auth,
445 VncVencryptSubAuth *qmp_vencrypt,
446 bool *qmp_has_vencrypt);
447
qmp_query_server_entry(QIOChannelSocket * ioc,bool websocket,int auth,int subauth,VncServerInfo2List * prev)448 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
449 bool websocket,
450 int auth,
451 int subauth,
452 VncServerInfo2List *prev)
453 {
454 VncServerInfo2 *info;
455 Error *err = NULL;
456 SocketAddress *addr;
457
458 addr = qio_channel_socket_get_local_address(ioc, NULL);
459 if (!addr) {
460 return prev;
461 }
462
463 info = g_new0(VncServerInfo2, 1);
464 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
465 qapi_free_SocketAddress(addr);
466 if (err) {
467 qapi_free_VncServerInfo2(info);
468 error_free(err);
469 return prev;
470 }
471 info->websocket = websocket;
472
473 qmp_query_auth(auth, subauth, &info->auth,
474 &info->vencrypt, &info->has_vencrypt);
475
476 QAPI_LIST_PREPEND(prev, info);
477 return prev;
478 }
479
qmp_query_auth(int auth,int subauth,VncPrimaryAuth * qmp_auth,VncVencryptSubAuth * qmp_vencrypt,bool * qmp_has_vencrypt)480 static void qmp_query_auth(int auth, int subauth,
481 VncPrimaryAuth *qmp_auth,
482 VncVencryptSubAuth *qmp_vencrypt,
483 bool *qmp_has_vencrypt)
484 {
485 switch (auth) {
486 case VNC_AUTH_VNC:
487 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
488 break;
489 case VNC_AUTH_RA2:
490 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
491 break;
492 case VNC_AUTH_RA2NE:
493 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
494 break;
495 case VNC_AUTH_TIGHT:
496 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
497 break;
498 case VNC_AUTH_ULTRA:
499 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
500 break;
501 case VNC_AUTH_TLS:
502 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
503 break;
504 case VNC_AUTH_VENCRYPT:
505 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
506 *qmp_has_vencrypt = true;
507 switch (subauth) {
508 case VNC_AUTH_VENCRYPT_PLAIN:
509 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
510 break;
511 case VNC_AUTH_VENCRYPT_TLSNONE:
512 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
513 break;
514 case VNC_AUTH_VENCRYPT_TLSVNC:
515 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
516 break;
517 case VNC_AUTH_VENCRYPT_TLSPLAIN:
518 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
519 break;
520 case VNC_AUTH_VENCRYPT_X509NONE:
521 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
522 break;
523 case VNC_AUTH_VENCRYPT_X509VNC:
524 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
525 break;
526 case VNC_AUTH_VENCRYPT_X509PLAIN:
527 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
528 break;
529 case VNC_AUTH_VENCRYPT_TLSSASL:
530 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
531 break;
532 case VNC_AUTH_VENCRYPT_X509SASL:
533 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
534 break;
535 default:
536 *qmp_has_vencrypt = false;
537 break;
538 }
539 break;
540 case VNC_AUTH_SASL:
541 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
542 break;
543 case VNC_AUTH_NONE:
544 default:
545 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
546 break;
547 }
548 }
549
qmp_query_vnc_servers(Error ** errp)550 VncInfo2List *qmp_query_vnc_servers(Error **errp)
551 {
552 VncInfo2List *prev = NULL;
553 VncInfo2 *info;
554 VncDisplay *vd;
555 DeviceState *dev;
556 size_t i;
557
558 QTAILQ_FOREACH(vd, &vnc_displays, next) {
559 info = g_new0(VncInfo2, 1);
560 info->id = g_strdup(vd->id);
561 info->clients = qmp_query_client_list(vd);
562 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
563 &info->vencrypt, &info->has_vencrypt);
564 if (vd->dcl.con) {
565 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
566 "device", &error_abort));
567 info->display = g_strdup(dev->id);
568 }
569 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
570 info->server = qmp_query_server_entry(
571 vd->listener->sioc[i], false, vd->auth, vd->subauth,
572 info->server);
573 }
574 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
575 info->server = qmp_query_server_entry(
576 vd->wslistener->sioc[i], true, vd->ws_auth,
577 vd->ws_subauth, info->server);
578 }
579
580 QAPI_LIST_PREPEND(prev, info);
581 }
582 return prev;
583 }
584
vnc_display_reload_certs(const char * id,Error ** errp)585 bool vnc_display_reload_certs(const char *id, Error **errp)
586 {
587 VncDisplay *vd = vnc_display_find(id);
588 QCryptoTLSCredsClass *creds = NULL;
589
590 if (!vd) {
591 error_setg(errp, "Can not find vnc display");
592 return false;
593 }
594
595 if (!vd->tlscreds) {
596 error_setg(errp, "vnc tls is not enabled");
597 return false;
598 }
599
600 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
601 if (creds->reload == NULL) {
602 error_setg(errp, "%s doesn't support to reload TLS credential",
603 object_get_typename(OBJECT(vd->tlscreds)));
604 return false;
605 }
606 if (!creds->reload(vd->tlscreds, errp)) {
607 return false;
608 }
609
610 return true;
611 }
612
613 /* TODO
614 1) Get the queue working for IO.
615 2) there is some weirdness when using the -S option (the screen is grey
616 and not totally invalidated
617 3) resolutions > 1024
618 */
619
620 static int vnc_update_client(VncState *vs, int has_dirty);
621 static void vnc_disconnect_start(VncState *vs);
622
623 static void vnc_colordepth(VncState *vs);
624 static void framebuffer_update_request(VncState *vs, int incremental,
625 int x_position, int y_position,
626 int w, int h);
627 static void vnc_refresh(DisplayChangeListener *dcl);
628 static int vnc_refresh_server_surface(VncDisplay *vd);
629
vnc_width(VncDisplay * vd)630 static int vnc_width(VncDisplay *vd)
631 {
632 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
633 VNC_DIRTY_PIXELS_PER_BIT));
634 }
635
vnc_true_width(VncDisplay * vd)636 static int vnc_true_width(VncDisplay *vd)
637 {
638 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
639 }
640
vnc_height(VncDisplay * vd)641 static int vnc_height(VncDisplay *vd)
642 {
643 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
644 }
645
646 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
647 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
648 VncDisplay *vd,
649 int x, int y, int w, int h)
650 {
651 int width = vnc_width(vd);
652 int height = vnc_height(vd);
653
654 /* this is needed this to ensure we updated all affected
655 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
656 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
657 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
658
659 x = MIN(x, width);
660 y = MIN(y, height);
661 w = MIN(x + w, width) - x;
662 h = MIN(y + h, height);
663
664 for (; y < h; y++) {
665 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
666 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
667 }
668 }
669
vnc_dpy_update(DisplayChangeListener * dcl,int x,int y,int w,int h)670 static void vnc_dpy_update(DisplayChangeListener *dcl,
671 int x, int y, int w, int h)
672 {
673 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
674 struct VncSurface *s = &vd->guest;
675
676 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
677 }
678
vnc_framebuffer_update(VncState * vs,int x,int y,int w,int h,int32_t encoding)679 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
680 int32_t encoding)
681 {
682 vnc_write_u16(vs, x);
683 vnc_write_u16(vs, y);
684 vnc_write_u16(vs, w);
685 vnc_write_u16(vs, h);
686
687 vnc_write_s32(vs, encoding);
688 }
689
vnc_desktop_resize_ext(VncState * vs,int reject_reason)690 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
691 {
692 trace_vnc_msg_server_ext_desktop_resize(
693 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
694
695 vnc_lock_output(vs);
696 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
697 vnc_write_u8(vs, 0);
698 vnc_write_u16(vs, 1); /* number of rects */
699 vnc_framebuffer_update(vs,
700 reject_reason ? 1 : 0,
701 reject_reason,
702 vs->client_width, vs->client_height,
703 VNC_ENCODING_DESKTOP_RESIZE_EXT);
704 vnc_write_u8(vs, 1); /* number of screens */
705 vnc_write_u8(vs, 0); /* padding */
706 vnc_write_u8(vs, 0); /* padding */
707 vnc_write_u8(vs, 0); /* padding */
708 vnc_write_u32(vs, 0); /* screen id */
709 vnc_write_u16(vs, 0); /* screen x-pos */
710 vnc_write_u16(vs, 0); /* screen y-pos */
711 vnc_write_u16(vs, vs->client_width);
712 vnc_write_u16(vs, vs->client_height);
713 vnc_write_u32(vs, 0); /* screen flags */
714 vnc_unlock_output(vs);
715 vnc_flush(vs);
716 }
717
vnc_desktop_resize(VncState * vs)718 static void vnc_desktop_resize(VncState *vs)
719 {
720 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
721 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
722 return;
723 }
724 if (vs->client_width == vs->vd->true_width &&
725 vs->client_height == pixman_image_get_height(vs->vd->server)) {
726 return;
727 }
728
729 assert(vs->vd->true_width < 65536 &&
730 vs->vd->true_width >= 0);
731 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
732 pixman_image_get_height(vs->vd->server) >= 0);
733 vs->client_width = vs->vd->true_width;
734 vs->client_height = pixman_image_get_height(vs->vd->server);
735
736 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
737 vnc_desktop_resize_ext(vs, 0);
738 return;
739 }
740
741 trace_vnc_msg_server_desktop_resize(
742 vs, vs->ioc, vs->client_width, vs->client_height);
743
744 vnc_lock_output(vs);
745 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
746 vnc_write_u8(vs, 0);
747 vnc_write_u16(vs, 1); /* number of rects */
748 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
749 VNC_ENCODING_DESKTOPRESIZE);
750 vnc_unlock_output(vs);
751 vnc_flush(vs);
752 }
753
vnc_abort_display_jobs(VncDisplay * vd)754 static void vnc_abort_display_jobs(VncDisplay *vd)
755 {
756 VncState *vs;
757
758 QTAILQ_FOREACH(vs, &vd->clients, next) {
759 vnc_lock_output(vs);
760 vs->abort = true;
761 vnc_unlock_output(vs);
762 }
763 QTAILQ_FOREACH(vs, &vd->clients, next) {
764 vnc_jobs_join(vs);
765 }
766 QTAILQ_FOREACH(vs, &vd->clients, next) {
767 vnc_lock_output(vs);
768 if (vs->update == VNC_STATE_UPDATE_NONE &&
769 vs->job_update != VNC_STATE_UPDATE_NONE) {
770 /* job aborted before completion */
771 vs->update = vs->job_update;
772 vs->job_update = VNC_STATE_UPDATE_NONE;
773 }
774 vs->abort = false;
775 vnc_unlock_output(vs);
776 }
777 }
778
vnc_server_fb_stride(VncDisplay * vd)779 int vnc_server_fb_stride(VncDisplay *vd)
780 {
781 return pixman_image_get_stride(vd->server);
782 }
783
vnc_server_fb_ptr(VncDisplay * vd,int x,int y)784 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
785 {
786 uint8_t *ptr;
787
788 ptr = (uint8_t *)pixman_image_get_data(vd->server);
789 ptr += y * vnc_server_fb_stride(vd);
790 ptr += x * VNC_SERVER_FB_BYTES;
791 return ptr;
792 }
793
vnc_update_server_surface(VncDisplay * vd)794 static void vnc_update_server_surface(VncDisplay *vd)
795 {
796 int width, height;
797
798 qemu_pixman_image_unref(vd->server);
799 vd->server = NULL;
800
801 if (QTAILQ_EMPTY(&vd->clients)) {
802 return;
803 }
804
805 width = vnc_width(vd);
806 height = vnc_height(vd);
807 vd->true_width = vnc_true_width(vd);
808 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
809 width, height,
810 NULL, 0);
811
812 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
813 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
814 width, height);
815 }
816
vnc_check_pageflip(DisplaySurface * s1,DisplaySurface * s2)817 static bool vnc_check_pageflip(DisplaySurface *s1,
818 DisplaySurface *s2)
819 {
820 return (s1 != NULL &&
821 s2 != NULL &&
822 surface_width(s1) == surface_width(s2) &&
823 surface_height(s1) == surface_height(s2) &&
824 surface_format(s1) == surface_format(s2));
825
826 }
827
vnc_dpy_switch(DisplayChangeListener * dcl,DisplaySurface * surface)828 static void vnc_dpy_switch(DisplayChangeListener *dcl,
829 DisplaySurface *surface)
830 {
831 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
832 bool pageflip = vnc_check_pageflip(vd->ds, surface);
833 VncState *vs;
834
835 vnc_abort_display_jobs(vd);
836 vd->ds = surface;
837
838 /* guest surface */
839 qemu_pixman_image_unref(vd->guest.fb);
840 vd->guest.fb = pixman_image_ref(surface->image);
841 vd->guest.format = surface_format(surface);
842
843
844 if (pageflip) {
845 trace_vnc_server_dpy_pageflip(vd,
846 surface_width(surface),
847 surface_height(surface),
848 surface_format(surface));
849 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
850 surface_width(surface),
851 surface_height(surface));
852 return;
853 }
854
855 trace_vnc_server_dpy_recreate(vd,
856 surface_width(surface),
857 surface_height(surface),
858 surface_format(surface));
859 /* server surface */
860 vnc_update_server_surface(vd);
861
862 QTAILQ_FOREACH(vs, &vd->clients, next) {
863 vnc_colordepth(vs);
864 vnc_desktop_resize(vs);
865 vnc_cursor_define(vs);
866 memset(vs->dirty, 0x00, sizeof(vs->dirty));
867 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
868 vnc_width(vd),
869 vnc_height(vd));
870 vnc_update_throttle_offset(vs);
871 }
872 }
873
874 /* fastest code */
vnc_write_pixels_copy(VncState * vs,void * pixels,int size)875 static void vnc_write_pixels_copy(VncState *vs,
876 void *pixels, int size)
877 {
878 vnc_write(vs, pixels, size);
879 }
880
881 /* slowest but generic code. */
vnc_convert_pixel(VncState * vs,uint8_t * buf,uint32_t v)882 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
883 {
884 uint8_t r, g, b;
885
886 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
887 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
888 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
889 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
890 #else
891 # error need some bits here if you change VNC_SERVER_FB_FORMAT
892 #endif
893 v = (r << vs->client_pf.rshift) |
894 (g << vs->client_pf.gshift) |
895 (b << vs->client_pf.bshift);
896 switch (vs->client_pf.bytes_per_pixel) {
897 case 1:
898 buf[0] = v;
899 break;
900 case 2:
901 if (vs->client_endian == G_BIG_ENDIAN) {
902 buf[0] = v >> 8;
903 buf[1] = v;
904 } else {
905 buf[1] = v >> 8;
906 buf[0] = v;
907 }
908 break;
909 default:
910 case 4:
911 if (vs->client_endian == G_BIG_ENDIAN) {
912 buf[0] = v >> 24;
913 buf[1] = v >> 16;
914 buf[2] = v >> 8;
915 buf[3] = v;
916 } else {
917 buf[3] = v >> 24;
918 buf[2] = v >> 16;
919 buf[1] = v >> 8;
920 buf[0] = v;
921 }
922 break;
923 }
924 }
925
vnc_write_pixels_generic(VncState * vs,void * pixels1,int size)926 static void vnc_write_pixels_generic(VncState *vs,
927 void *pixels1, int size)
928 {
929 uint8_t buf[4];
930
931 if (VNC_SERVER_FB_BYTES == 4) {
932 uint32_t *pixels = pixels1;
933 int n, i;
934 n = size >> 2;
935 for (i = 0; i < n; i++) {
936 vnc_convert_pixel(vs, buf, pixels[i]);
937 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
938 }
939 }
940 }
941
vnc_raw_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)942 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
943 {
944 int i;
945 uint8_t *row;
946 VncDisplay *vd = vs->vd;
947
948 row = vnc_server_fb_ptr(vd, x, y);
949 for (i = 0; i < h; i++) {
950 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
951 row += vnc_server_fb_stride(vd);
952 }
953 return 1;
954 }
955
vnc_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)956 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
957 {
958 int n = 0;
959
960 switch(vs->vnc_encoding) {
961 case VNC_ENCODING_ZLIB:
962 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
963 break;
964 case VNC_ENCODING_HEXTILE:
965 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
966 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
967 break;
968 case VNC_ENCODING_TIGHT:
969 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
970 break;
971 case VNC_ENCODING_TIGHT_PNG:
972 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
973 break;
974 case VNC_ENCODING_ZRLE:
975 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
976 break;
977 case VNC_ENCODING_ZYWRLE:
978 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
979 break;
980 default:
981 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
982 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
983 break;
984 }
985 return n;
986 }
987
vnc_mouse_set(DisplayChangeListener * dcl,int x,int y,bool visible)988 static void vnc_mouse_set(DisplayChangeListener *dcl,
989 int x, int y, bool visible)
990 {
991 /* can we ask the client(s) to move the pointer ??? */
992 }
993
vnc_cursor_define(VncState * vs)994 static int vnc_cursor_define(VncState *vs)
995 {
996 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con);
997 int isize;
998
999 if (!c) {
1000 return -1;
1001 }
1002
1003 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
1004 vnc_lock_output(vs);
1005 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1006 vnc_write_u8(vs, 0); /* padding */
1007 vnc_write_u16(vs, 1); /* # of rects */
1008 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1009 VNC_ENCODING_ALPHA_CURSOR);
1010 vnc_write_s32(vs, VNC_ENCODING_RAW);
1011 vnc_write(vs, c->data, c->width * c->height * 4);
1012 vnc_unlock_output(vs);
1013 return 0;
1014 }
1015 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1016 vnc_lock_output(vs);
1017 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1018 vnc_write_u8(vs, 0); /* padding */
1019 vnc_write_u16(vs, 1); /* # of rects */
1020 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1021 VNC_ENCODING_RICH_CURSOR);
1022 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1023 vnc_write_pixels_generic(vs, c->data, isize);
1024 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1025 vnc_unlock_output(vs);
1026 return 0;
1027 }
1028 return -1;
1029 }
1030
vnc_dpy_cursor_define(DisplayChangeListener * dcl,QEMUCursor * c)1031 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1032 QEMUCursor *c)
1033 {
1034 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1035 VncState *vs;
1036
1037 g_free(vd->cursor_mask);
1038 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1039 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1040 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1041
1042 QTAILQ_FOREACH(vs, &vd->clients, next) {
1043 vnc_cursor_define(vs);
1044 }
1045 }
1046
find_and_clear_dirty_height(VncState * vs,int y,int last_x,int x,int height)1047 static int find_and_clear_dirty_height(VncState *vs,
1048 int y, int last_x, int x, int height)
1049 {
1050 int h;
1051
1052 for (h = 1; h < (height - y); h++) {
1053 if (!test_bit(last_x, vs->dirty[y + h])) {
1054 break;
1055 }
1056 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1057 }
1058
1059 return h;
1060 }
1061
1062 /*
1063 * Figure out how much pending data we should allow in the output
1064 * buffer before we throttle incremental display updates, and/or
1065 * drop audio samples.
1066 *
1067 * We allow for equiv of 1 full display's worth of FB updates,
1068 * and 1 second of audio samples. If audio backlog was larger
1069 * than that the client would already suffering awful audio
1070 * glitches, so dropping samples is no worse really).
1071 */
vnc_update_throttle_offset(VncState * vs)1072 static void vnc_update_throttle_offset(VncState *vs)
1073 {
1074 size_t offset =
1075 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1076
1077 if (vs->audio_cap) {
1078 int bps;
1079 switch (vs->as.fmt) {
1080 default:
1081 case AUDIO_FORMAT_U8:
1082 case AUDIO_FORMAT_S8:
1083 bps = 1;
1084 break;
1085 case AUDIO_FORMAT_U16:
1086 case AUDIO_FORMAT_S16:
1087 bps = 2;
1088 break;
1089 case AUDIO_FORMAT_U32:
1090 case AUDIO_FORMAT_S32:
1091 bps = 4;
1092 break;
1093 }
1094 offset += vs->as.freq * bps * vs->as.nchannels;
1095 }
1096
1097 /* Put a floor of 1MB on offset, so that if we have a large pending
1098 * buffer and the display is resized to a small size & back again
1099 * we don't suddenly apply a tiny send limit
1100 */
1101 offset = MAX(offset, 1024 * 1024);
1102
1103 if (vs->throttle_output_offset != offset) {
1104 trace_vnc_client_throttle_threshold(
1105 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1106 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1107 }
1108
1109 vs->throttle_output_offset = offset;
1110 }
1111
vnc_should_update(VncState * vs)1112 static bool vnc_should_update(VncState *vs)
1113 {
1114 switch (vs->update) {
1115 case VNC_STATE_UPDATE_NONE:
1116 break;
1117 case VNC_STATE_UPDATE_INCREMENTAL:
1118 /* Only allow incremental updates if the pending send queue
1119 * is less than the permitted threshold, and the job worker
1120 * is completely idle.
1121 */
1122 if (vs->output.offset < vs->throttle_output_offset &&
1123 vs->job_update == VNC_STATE_UPDATE_NONE) {
1124 return true;
1125 }
1126 trace_vnc_client_throttle_incremental(
1127 vs, vs->ioc, vs->job_update, vs->output.offset);
1128 break;
1129 case VNC_STATE_UPDATE_FORCE:
1130 /* Only allow forced updates if the pending send queue
1131 * does not contain a previous forced update, and the
1132 * job worker is completely idle.
1133 *
1134 * Note this means we'll queue a forced update, even if
1135 * the output buffer size is otherwise over the throttle
1136 * output limit.
1137 */
1138 if (vs->force_update_offset == 0 &&
1139 vs->job_update == VNC_STATE_UPDATE_NONE) {
1140 return true;
1141 }
1142 trace_vnc_client_throttle_forced(
1143 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1144 break;
1145 }
1146 return false;
1147 }
1148
vnc_update_client(VncState * vs,int has_dirty)1149 static int vnc_update_client(VncState *vs, int has_dirty)
1150 {
1151 VncDisplay *vd = vs->vd;
1152 VncJob *job;
1153 int y;
1154 int height, width;
1155 int n = 0;
1156
1157 if (vs->disconnecting) {
1158 vnc_disconnect_finish(vs);
1159 return 0;
1160 }
1161
1162 vs->has_dirty += has_dirty;
1163 if (!vnc_should_update(vs)) {
1164 return 0;
1165 }
1166
1167 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1168 return 0;
1169 }
1170
1171 /*
1172 * Send screen updates to the vnc client using the server
1173 * surface and server dirty map. guest surface updates
1174 * happening in parallel don't disturb us, the next pass will
1175 * send them to the client.
1176 */
1177 job = vnc_job_new(vs);
1178
1179 height = pixman_image_get_height(vd->server);
1180 width = pixman_image_get_width(vd->server);
1181
1182 y = 0;
1183 for (;;) {
1184 int x, h;
1185 unsigned long x2;
1186 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1187 height * VNC_DIRTY_BPL(vs),
1188 y * VNC_DIRTY_BPL(vs));
1189 if (offset == height * VNC_DIRTY_BPL(vs)) {
1190 /* no more dirty bits */
1191 break;
1192 }
1193 y = offset / VNC_DIRTY_BPL(vs);
1194 x = offset % VNC_DIRTY_BPL(vs);
1195 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1196 VNC_DIRTY_BPL(vs), x);
1197 bitmap_clear(vs->dirty[y], x, x2 - x);
1198 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1199 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1200 if (x2 > x) {
1201 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1202 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1203 }
1204 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1205 y += h;
1206 if (y == height) {
1207 break;
1208 }
1209 }
1210 }
1211
1212 vs->job_update = vs->update;
1213 vs->update = VNC_STATE_UPDATE_NONE;
1214 vnc_job_push(job);
1215 vs->has_dirty = 0;
1216 return n;
1217 }
1218
1219 /* audio */
audio_capture_notify(void * opaque,audcnotification_e cmd)1220 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1221 {
1222 VncState *vs = opaque;
1223
1224 assert(vs->magic == VNC_MAGIC);
1225 switch (cmd) {
1226 case AUD_CNOTIFY_DISABLE:
1227 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1228 vnc_lock_output(vs);
1229 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1230 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1231 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1232 vnc_unlock_output(vs);
1233 vnc_flush(vs);
1234 break;
1235
1236 case AUD_CNOTIFY_ENABLE:
1237 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1238 vnc_lock_output(vs);
1239 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1240 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1241 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1242 vnc_unlock_output(vs);
1243 vnc_flush(vs);
1244 break;
1245 }
1246 }
1247
audio_capture_destroy(void * opaque)1248 static void audio_capture_destroy(void *opaque)
1249 {
1250 }
1251
audio_capture(void * opaque,const void * buf,int size)1252 static void audio_capture(void *opaque, const void *buf, int size)
1253 {
1254 VncState *vs = opaque;
1255
1256 assert(vs->magic == VNC_MAGIC);
1257 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1258 vnc_lock_output(vs);
1259 if (vs->output.offset < vs->throttle_output_offset) {
1260 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1261 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1262 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1263 vnc_write_u32(vs, size);
1264 vnc_write(vs, buf, size);
1265 } else {
1266 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1267 }
1268 vnc_unlock_output(vs);
1269 vnc_flush(vs);
1270 }
1271
audio_add(VncState * vs)1272 static void audio_add(VncState *vs)
1273 {
1274 struct audio_capture_ops ops;
1275
1276 if (vs->audio_cap) {
1277 error_report("audio already running");
1278 return;
1279 }
1280
1281 ops.notify = audio_capture_notify;
1282 ops.destroy = audio_capture_destroy;
1283 ops.capture = audio_capture;
1284
1285 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1286 if (!vs->audio_cap) {
1287 error_report("Failed to add audio capture");
1288 }
1289 }
1290
audio_del(VncState * vs)1291 static void audio_del(VncState *vs)
1292 {
1293 if (vs->audio_cap) {
1294 AUD_del_capture(vs->audio_cap, vs);
1295 vs->audio_cap = NULL;
1296 }
1297 }
1298
vnc_disconnect_start(VncState * vs)1299 static void vnc_disconnect_start(VncState *vs)
1300 {
1301 if (vs->disconnecting) {
1302 return;
1303 }
1304 trace_vnc_client_disconnect_start(vs, vs->ioc);
1305 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1306 if (vs->ioc_tag) {
1307 g_source_remove(vs->ioc_tag);
1308 vs->ioc_tag = 0;
1309 }
1310 qio_channel_close(vs->ioc, NULL);
1311 vs->disconnecting = TRUE;
1312 }
1313
vnc_disconnect_finish(VncState * vs)1314 void vnc_disconnect_finish(VncState *vs)
1315 {
1316 int i;
1317
1318 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1319
1320 vnc_jobs_join(vs); /* Wait encoding jobs */
1321
1322 vnc_lock_output(vs);
1323 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1324
1325 buffer_free(&vs->input);
1326 buffer_free(&vs->output);
1327
1328 qapi_free_VncClientInfo(vs->info);
1329
1330 vnc_zlib_clear(vs);
1331 vnc_tight_clear(vs);
1332 vnc_zrle_clear(vs);
1333
1334 #ifdef CONFIG_VNC_SASL
1335 vnc_sasl_client_cleanup(vs);
1336 #endif /* CONFIG_VNC_SASL */
1337 audio_del(vs);
1338 qkbd_state_lift_all_keys(vs->vd->kbd);
1339
1340 if (vs->mouse_mode_notifier.notify != NULL) {
1341 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1342 }
1343 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1344 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1345 /* last client gone */
1346 vnc_update_server_surface(vs->vd);
1347 }
1348 vnc_unlock_output(vs);
1349
1350 if (vs->cbpeer.notifier.notify) {
1351 qemu_clipboard_peer_unregister(&vs->cbpeer);
1352 }
1353
1354 qemu_mutex_destroy(&vs->output_mutex);
1355 if (vs->bh != NULL) {
1356 qemu_bh_delete(vs->bh);
1357 }
1358 buffer_free(&vs->jobs_buffer);
1359
1360 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1361 g_free(vs->lossy_rect[i]);
1362 }
1363 g_free(vs->lossy_rect);
1364
1365 object_unref(OBJECT(vs->ioc));
1366 vs->ioc = NULL;
1367 object_unref(OBJECT(vs->sioc));
1368 vs->sioc = NULL;
1369 vs->magic = 0;
1370 g_free(vs->zrle);
1371 g_free(vs->tight);
1372 g_free(container_of(vs, VncConnection, vs));
1373 }
1374
vnc_client_io_error(VncState * vs,ssize_t ret,Error * err)1375 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1376 {
1377 if (ret <= 0) {
1378 if (ret == 0) {
1379 trace_vnc_client_eof(vs, vs->ioc);
1380 vnc_disconnect_start(vs);
1381 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1382 trace_vnc_client_io_error(vs, vs->ioc,
1383 err ? error_get_pretty(err) : "Unknown");
1384 vnc_disconnect_start(vs);
1385 }
1386
1387 error_free(err);
1388 return 0;
1389 }
1390 return ret;
1391 }
1392
1393
vnc_client_error(VncState * vs)1394 void vnc_client_error(VncState *vs)
1395 {
1396 VNC_DEBUG("Closing down client sock: protocol error\n");
1397 vnc_disconnect_start(vs);
1398 }
1399
1400
1401 /*
1402 * Called to write a chunk of data to the client socket. The data may
1403 * be the raw data, or may have already been encoded by SASL.
1404 * The data will be written either straight onto the socket, or
1405 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1406 *
1407 * NB, it is theoretically possible to have 2 layers of encryption,
1408 * both SASL, and this TLS layer. It is highly unlikely in practice
1409 * though, since SASL encryption will typically be a no-op if TLS
1410 * is active
1411 *
1412 * Returns the number of bytes written, which may be less than
1413 * the requested 'datalen' if the socket would block. Returns
1414 * 0 on I/O error, and disconnects the client socket.
1415 */
vnc_client_write_buf(VncState * vs,const uint8_t * data,size_t datalen)1416 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1417 {
1418 Error *err = NULL;
1419 ssize_t ret;
1420 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1421 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1422 return vnc_client_io_error(vs, ret, err);
1423 }
1424
1425
1426 /*
1427 * Called to write buffered data to the client socket, when not
1428 * using any SASL SSF encryption layers. Will write as much data
1429 * as possible without blocking. If all buffered data is written,
1430 * will switch the FD poll() handler back to read monitoring.
1431 *
1432 * Returns the number of bytes written, which may be less than
1433 * the buffered output data if the socket would block. Returns
1434 * 0 on I/O error, and disconnects the client socket.
1435 */
vnc_client_write_plain(VncState * vs)1436 static size_t vnc_client_write_plain(VncState *vs)
1437 {
1438 size_t offset;
1439 size_t ret;
1440
1441 #ifdef CONFIG_VNC_SASL
1442 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1443 vs->output.buffer, vs->output.capacity, vs->output.offset,
1444 vs->sasl.waitWriteSSF);
1445
1446 if (vs->sasl.conn &&
1447 vs->sasl.runSSF &&
1448 vs->sasl.waitWriteSSF) {
1449 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1450 if (ret)
1451 vs->sasl.waitWriteSSF -= ret;
1452 } else
1453 #endif /* CONFIG_VNC_SASL */
1454 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1455 if (!ret)
1456 return 0;
1457
1458 if (ret >= vs->force_update_offset) {
1459 if (vs->force_update_offset != 0) {
1460 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1461 }
1462 vs->force_update_offset = 0;
1463 } else {
1464 vs->force_update_offset -= ret;
1465 }
1466 offset = vs->output.offset;
1467 buffer_advance(&vs->output, ret);
1468 if (offset >= vs->throttle_output_offset &&
1469 vs->output.offset < vs->throttle_output_offset) {
1470 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1471 }
1472
1473 if (vs->output.offset == 0) {
1474 if (vs->ioc_tag) {
1475 g_source_remove(vs->ioc_tag);
1476 }
1477 vs->ioc_tag = qio_channel_add_watch(
1478 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1479 vnc_client_io, vs, NULL);
1480 }
1481
1482 return ret;
1483 }
1484
1485
1486 /*
1487 * First function called whenever there is data to be written to
1488 * the client socket. Will delegate actual work according to whether
1489 * SASL SSF layers are enabled (thus requiring encryption calls)
1490 */
vnc_client_write_locked(VncState * vs)1491 static void vnc_client_write_locked(VncState *vs)
1492 {
1493 #ifdef CONFIG_VNC_SASL
1494 if (vs->sasl.conn &&
1495 vs->sasl.runSSF &&
1496 !vs->sasl.waitWriteSSF) {
1497 vnc_client_write_sasl(vs);
1498 } else
1499 #endif /* CONFIG_VNC_SASL */
1500 {
1501 vnc_client_write_plain(vs);
1502 }
1503 }
1504
vnc_client_write(VncState * vs)1505 static void vnc_client_write(VncState *vs)
1506 {
1507 assert(vs->magic == VNC_MAGIC);
1508 vnc_lock_output(vs);
1509 if (vs->output.offset) {
1510 vnc_client_write_locked(vs);
1511 } else if (vs->ioc != NULL) {
1512 if (vs->ioc_tag) {
1513 g_source_remove(vs->ioc_tag);
1514 }
1515 vs->ioc_tag = qio_channel_add_watch(
1516 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1517 vnc_client_io, vs, NULL);
1518 }
1519 vnc_unlock_output(vs);
1520 }
1521
vnc_read_when(VncState * vs,VncReadEvent * func,size_t expecting)1522 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1523 {
1524 vs->read_handler = func;
1525 vs->read_handler_expect = expecting;
1526 }
1527
1528
1529 /*
1530 * Called to read a chunk of data from the client socket. The data may
1531 * be the raw data, or may need to be further decoded by SASL.
1532 * The data will be read either straight from to the socket, or
1533 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1534 *
1535 * NB, it is theoretically possible to have 2 layers of encryption,
1536 * both SASL, and this TLS layer. It is highly unlikely in practice
1537 * though, since SASL encryption will typically be a no-op if TLS
1538 * is active
1539 *
1540 * Returns the number of bytes read, which may be less than
1541 * the requested 'datalen' if the socket would block. Returns
1542 * 0 on I/O error or EOF, and disconnects the client socket.
1543 */
vnc_client_read_buf(VncState * vs,uint8_t * data,size_t datalen)1544 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1545 {
1546 ssize_t ret;
1547 Error *err = NULL;
1548 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1549 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1550 return vnc_client_io_error(vs, ret, err);
1551 }
1552
1553
1554 /*
1555 * Called to read data from the client socket to the input buffer,
1556 * when not using any SASL SSF encryption layers. Will read as much
1557 * data as possible without blocking.
1558 *
1559 * Returns the number of bytes read, which may be less than
1560 * the requested 'datalen' if the socket would block. Returns
1561 * 0 on I/O error or EOF, and disconnects the client socket.
1562 */
vnc_client_read_plain(VncState * vs)1563 static size_t vnc_client_read_plain(VncState *vs)
1564 {
1565 size_t ret;
1566 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1567 vs->input.buffer, vs->input.capacity, vs->input.offset);
1568 buffer_reserve(&vs->input, 4096);
1569 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1570 if (!ret)
1571 return 0;
1572 vs->input.offset += ret;
1573 return ret;
1574 }
1575
vnc_jobs_bh(void * opaque)1576 static void vnc_jobs_bh(void *opaque)
1577 {
1578 VncState *vs = opaque;
1579
1580 assert(vs->magic == VNC_MAGIC);
1581 vnc_jobs_consume_buffer(vs);
1582 }
1583
1584 /*
1585 * First function called whenever there is more data to be read from
1586 * the client socket. Will delegate actual work according to whether
1587 * SASL SSF layers are enabled (thus requiring decryption calls)
1588 * Returns 0 on success, -1 if client disconnected
1589 */
vnc_client_read(VncState * vs)1590 static int vnc_client_read(VncState *vs)
1591 {
1592 size_t sz;
1593
1594 #ifdef CONFIG_VNC_SASL
1595 if (vs->sasl.conn && vs->sasl.runSSF)
1596 sz = vnc_client_read_sasl(vs);
1597 else
1598 #endif /* CONFIG_VNC_SASL */
1599 sz = vnc_client_read_plain(vs);
1600 if (!sz) {
1601 if (vs->disconnecting) {
1602 vnc_disconnect_finish(vs);
1603 return -1;
1604 }
1605 return 0;
1606 }
1607
1608 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1609 size_t len = vs->read_handler_expect;
1610 int ret;
1611
1612 ret = vs->read_handler(vs, vs->input.buffer, len);
1613 if (vs->disconnecting) {
1614 vnc_disconnect_finish(vs);
1615 return -1;
1616 }
1617
1618 if (!ret) {
1619 buffer_advance(&vs->input, len);
1620 } else {
1621 vs->read_handler_expect = ret;
1622 }
1623 }
1624 return 0;
1625 }
1626
vnc_client_io(QIOChannel * ioc G_GNUC_UNUSED,GIOCondition condition,void * opaque)1627 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1628 GIOCondition condition, void *opaque)
1629 {
1630 VncState *vs = opaque;
1631
1632 assert(vs->magic == VNC_MAGIC);
1633
1634 if (condition & (G_IO_HUP | G_IO_ERR)) {
1635 vnc_disconnect_start(vs);
1636 return TRUE;
1637 }
1638
1639 if (condition & G_IO_IN) {
1640 if (vnc_client_read(vs) < 0) {
1641 /* vs is free()ed here */
1642 return TRUE;
1643 }
1644 }
1645 if (condition & G_IO_OUT) {
1646 vnc_client_write(vs);
1647 }
1648
1649 if (vs->disconnecting) {
1650 if (vs->ioc_tag != 0) {
1651 g_source_remove(vs->ioc_tag);
1652 }
1653 vs->ioc_tag = 0;
1654 }
1655 return TRUE;
1656 }
1657
1658
1659 /*
1660 * Scale factor to apply to vs->throttle_output_offset when checking for
1661 * hard limit. Worst case normal usage could be x2, if we have a complete
1662 * incremental update and complete forced update in the output buffer.
1663 * So x3 should be good enough, but we pick x5 to be conservative and thus
1664 * (hopefully) never trigger incorrectly.
1665 */
1666 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1667
vnc_write(VncState * vs,const void * data,size_t len)1668 void vnc_write(VncState *vs, const void *data, size_t len)
1669 {
1670 assert(vs->magic == VNC_MAGIC);
1671 if (vs->disconnecting) {
1672 return;
1673 }
1674 /* Protection against malicious client/guest to prevent our output
1675 * buffer growing without bound if client stops reading data. This
1676 * should rarely trigger, because we have earlier throttling code
1677 * which stops issuing framebuffer updates and drops audio data
1678 * if the throttle_output_offset value is exceeded. So we only reach
1679 * this higher level if a huge number of pseudo-encodings get
1680 * triggered while data can't be sent on the socket.
1681 *
1682 * NB throttle_output_offset can be zero during early protocol
1683 * handshake, or from the job thread's VncState clone
1684 */
1685 if (vs->throttle_output_offset != 0 &&
1686 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1687 vs->throttle_output_offset) {
1688 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1689 vs->throttle_output_offset);
1690 vnc_disconnect_start(vs);
1691 return;
1692 }
1693 buffer_reserve(&vs->output, len);
1694
1695 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1696 if (vs->ioc_tag) {
1697 g_source_remove(vs->ioc_tag);
1698 }
1699 vs->ioc_tag = qio_channel_add_watch(
1700 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1701 vnc_client_io, vs, NULL);
1702 }
1703
1704 buffer_append(&vs->output, data, len);
1705 }
1706
vnc_write_s32(VncState * vs,int32_t value)1707 void vnc_write_s32(VncState *vs, int32_t value)
1708 {
1709 vnc_write_u32(vs, *(uint32_t *)&value);
1710 }
1711
vnc_write_u32(VncState * vs,uint32_t value)1712 void vnc_write_u32(VncState *vs, uint32_t value)
1713 {
1714 uint8_t buf[4];
1715
1716 buf[0] = (value >> 24) & 0xFF;
1717 buf[1] = (value >> 16) & 0xFF;
1718 buf[2] = (value >> 8) & 0xFF;
1719 buf[3] = value & 0xFF;
1720
1721 vnc_write(vs, buf, 4);
1722 }
1723
vnc_write_u16(VncState * vs,uint16_t value)1724 void vnc_write_u16(VncState *vs, uint16_t value)
1725 {
1726 uint8_t buf[2];
1727
1728 buf[0] = (value >> 8) & 0xFF;
1729 buf[1] = value & 0xFF;
1730
1731 vnc_write(vs, buf, 2);
1732 }
1733
vnc_write_u8(VncState * vs,uint8_t value)1734 void vnc_write_u8(VncState *vs, uint8_t value)
1735 {
1736 vnc_write(vs, (char *)&value, 1);
1737 }
1738
vnc_flush(VncState * vs)1739 void vnc_flush(VncState *vs)
1740 {
1741 vnc_lock_output(vs);
1742 if (vs->ioc != NULL && vs->output.offset) {
1743 vnc_client_write_locked(vs);
1744 }
1745 if (vs->disconnecting) {
1746 if (vs->ioc_tag != 0) {
1747 g_source_remove(vs->ioc_tag);
1748 }
1749 vs->ioc_tag = 0;
1750 }
1751 vnc_unlock_output(vs);
1752 }
1753
read_u8(uint8_t * data,size_t offset)1754 static uint8_t read_u8(uint8_t *data, size_t offset)
1755 {
1756 return data[offset];
1757 }
1758
read_u16(uint8_t * data,size_t offset)1759 static uint16_t read_u16(uint8_t *data, size_t offset)
1760 {
1761 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1762 }
1763
read_s32(uint8_t * data,size_t offset)1764 static int32_t read_s32(uint8_t *data, size_t offset)
1765 {
1766 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1767 (data[offset + 2] << 8) | data[offset + 3]);
1768 }
1769
read_u32(uint8_t * data,size_t offset)1770 uint32_t read_u32(uint8_t *data, size_t offset)
1771 {
1772 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1773 (data[offset + 2] << 8) | data[offset + 3]);
1774 }
1775
check_pointer_type_change(Notifier * notifier,void * data)1776 static void check_pointer_type_change(Notifier *notifier, void *data)
1777 {
1778 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1779 int absolute = qemu_input_is_absolute(vs->vd->dcl.con);
1780
1781 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1782 vnc_lock_output(vs);
1783 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1784 vnc_write_u8(vs, 0);
1785 vnc_write_u16(vs, 1);
1786 vnc_framebuffer_update(vs, absolute, 0,
1787 pixman_image_get_width(vs->vd->server),
1788 pixman_image_get_height(vs->vd->server),
1789 VNC_ENCODING_POINTER_TYPE_CHANGE);
1790 vnc_unlock_output(vs);
1791 vnc_flush(vs);
1792 }
1793 vs->absolute = absolute;
1794 }
1795
pointer_event(VncState * vs,int button_mask,int x,int y)1796 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1797 {
1798 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1799 [INPUT_BUTTON_LEFT] = 0x01,
1800 [INPUT_BUTTON_MIDDLE] = 0x02,
1801 [INPUT_BUTTON_RIGHT] = 0x04,
1802 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1803 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1804 };
1805 QemuConsole *con = vs->vd->dcl.con;
1806 int width = pixman_image_get_width(vs->vd->server);
1807 int height = pixman_image_get_height(vs->vd->server);
1808
1809 if (vs->last_bmask != button_mask) {
1810 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1811 vs->last_bmask = button_mask;
1812 }
1813
1814 if (vs->absolute) {
1815 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1816 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1817 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1818 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1819 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1820 } else {
1821 if (vs->last_x != -1) {
1822 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1823 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1824 }
1825 vs->last_x = x;
1826 vs->last_y = y;
1827 }
1828 qemu_input_event_sync();
1829 }
1830
press_key(VncState * vs,QKeyCode qcode)1831 static void press_key(VncState *vs, QKeyCode qcode)
1832 {
1833 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1834 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1835 }
1836
vnc_led_state_change(VncState * vs)1837 static void vnc_led_state_change(VncState *vs)
1838 {
1839 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1840 return;
1841 }
1842
1843 vnc_lock_output(vs);
1844 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1845 vnc_write_u8(vs, 0);
1846 vnc_write_u16(vs, 1);
1847 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1848 vnc_write_u8(vs, vs->vd->ledstate);
1849 vnc_unlock_output(vs);
1850 vnc_flush(vs);
1851 }
1852
kbd_leds(void * opaque,int ledstate)1853 static void kbd_leds(void *opaque, int ledstate)
1854 {
1855 VncDisplay *vd = opaque;
1856 VncState *client;
1857
1858 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1859 (ledstate & QEMU_NUM_LOCK_LED),
1860 (ledstate & QEMU_SCROLL_LOCK_LED));
1861
1862 if (ledstate == vd->ledstate) {
1863 return;
1864 }
1865
1866 vd->ledstate = ledstate;
1867
1868 QTAILQ_FOREACH(client, &vd->clients, next) {
1869 vnc_led_state_change(client);
1870 }
1871 }
1872
do_key_event(VncState * vs,int down,int keycode,int sym)1873 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1874 {
1875 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1876
1877 /* QEMU console switch */
1878 switch (qcode) {
1879 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1880 if (down &&
1881 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1882 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1883 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1);
1884 if (con) {
1885 unregister_displaychangelistener(&vs->vd->dcl);
1886 qkbd_state_switch_console(vs->vd->kbd, con);
1887 vs->vd->dcl.con = con;
1888 register_displaychangelistener(&vs->vd->dcl);
1889 }
1890 return;
1891 }
1892 default:
1893 break;
1894 }
1895
1896 /* Turn off the lock state sync logic if the client support the led
1897 state extension.
1898 */
1899 if (down && vs->vd->lock_key_sync &&
1900 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1901 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1902 /* If the numlock state needs to change then simulate an additional
1903 keypress before sending this one. This will happen if the user
1904 toggles numlock away from the VNC window.
1905 */
1906 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1907 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1908 trace_vnc_key_sync_numlock(true);
1909 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1910 }
1911 } else {
1912 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1913 trace_vnc_key_sync_numlock(false);
1914 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1915 }
1916 }
1917 }
1918
1919 if (down && vs->vd->lock_key_sync &&
1920 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1921 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1922 /* If the capslock state needs to change then simulate an additional
1923 keypress before sending this one. This will happen if the user
1924 toggles capslock away from the VNC window.
1925 */
1926 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1927 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1928 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1929 if (capslock) {
1930 if (uppercase == shift) {
1931 trace_vnc_key_sync_capslock(false);
1932 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1933 }
1934 } else {
1935 if (uppercase != shift) {
1936 trace_vnc_key_sync_capslock(true);
1937 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1938 }
1939 }
1940 }
1941
1942 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1943 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
1944 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
1945 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1946 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1947 /* QEMU console emulation */
1948 if (down) {
1949 switch (keycode) {
1950 case 0x2a: /* Left Shift */
1951 case 0x36: /* Right Shift */
1952 case 0x1d: /* Left CTRL */
1953 case 0x9d: /* Right CTRL */
1954 case 0x38: /* Left ALT */
1955 case 0xb8: /* Right ALT */
1956 break;
1957 case 0xc8:
1958 qemu_text_console_put_keysym(con, QEMU_KEY_UP);
1959 break;
1960 case 0xd0:
1961 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN);
1962 break;
1963 case 0xcb:
1964 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT);
1965 break;
1966 case 0xcd:
1967 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT);
1968 break;
1969 case 0xd3:
1970 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE);
1971 break;
1972 case 0xc7:
1973 qemu_text_console_put_keysym(con, QEMU_KEY_HOME);
1974 break;
1975 case 0xcf:
1976 qemu_text_console_put_keysym(con, QEMU_KEY_END);
1977 break;
1978 case 0xc9:
1979 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP);
1980 break;
1981 case 0xd1:
1982 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN);
1983 break;
1984
1985 case 0x47:
1986 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME);
1987 break;
1988 case 0x48:
1989 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP);
1990 break;
1991 case 0x49:
1992 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP);
1993 break;
1994 case 0x4b:
1995 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT);
1996 break;
1997 case 0x4c:
1998 qemu_text_console_put_keysym(con, '5');
1999 break;
2000 case 0x4d:
2001 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT);
2002 break;
2003 case 0x4f:
2004 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END);
2005 break;
2006 case 0x50:
2007 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN);
2008 break;
2009 case 0x51:
2010 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN);
2011 break;
2012 case 0x52:
2013 qemu_text_console_put_keysym(con, '0');
2014 break;
2015 case 0x53:
2016 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE);
2017 break;
2018
2019 case 0xb5:
2020 qemu_text_console_put_keysym(con, '/');
2021 break;
2022 case 0x37:
2023 qemu_text_console_put_keysym(con, '*');
2024 break;
2025 case 0x4a:
2026 qemu_text_console_put_keysym(con, '-');
2027 break;
2028 case 0x4e:
2029 qemu_text_console_put_keysym(con, '+');
2030 break;
2031 case 0x9c:
2032 qemu_text_console_put_keysym(con, '\n');
2033 break;
2034
2035 default:
2036 if (control) {
2037 qemu_text_console_put_keysym(con, sym & 0x1f);
2038 } else {
2039 qemu_text_console_put_keysym(con, sym);
2040 }
2041 break;
2042 }
2043 }
2044 }
2045 }
2046
code2name(int keycode)2047 static const char *code2name(int keycode)
2048 {
2049 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2050 }
2051
key_event(VncState * vs,int down,uint32_t sym)2052 static void key_event(VncState *vs, int down, uint32_t sym)
2053 {
2054 int keycode;
2055 int lsym = sym;
2056
2057 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) {
2058 lsym = lsym - 'A' + 'a';
2059 }
2060
2061 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2062 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2063 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2064 do_key_event(vs, down, keycode, sym);
2065 }
2066
ext_key_event(VncState * vs,int down,uint32_t sym,uint16_t keycode)2067 static void ext_key_event(VncState *vs, int down,
2068 uint32_t sym, uint16_t keycode)
2069 {
2070 /* if the user specifies a keyboard layout, always use it */
2071 if (keyboard_layout) {
2072 key_event(vs, down, sym);
2073 } else {
2074 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2075 do_key_event(vs, down, keycode, sym);
2076 }
2077 }
2078
framebuffer_update_request(VncState * vs,int incremental,int x,int y,int w,int h)2079 static void framebuffer_update_request(VncState *vs, int incremental,
2080 int x, int y, int w, int h)
2081 {
2082 if (incremental) {
2083 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2084 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2085 }
2086 } else {
2087 vs->update = VNC_STATE_UPDATE_FORCE;
2088 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2089 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2090 vnc_desktop_resize_ext(vs, 0);
2091 }
2092 }
2093 }
2094
send_ext_key_event_ack(VncState * vs)2095 static void send_ext_key_event_ack(VncState *vs)
2096 {
2097 vnc_lock_output(vs);
2098 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2099 vnc_write_u8(vs, 0);
2100 vnc_write_u16(vs, 1);
2101 vnc_framebuffer_update(vs, 0, 0,
2102 pixman_image_get_width(vs->vd->server),
2103 pixman_image_get_height(vs->vd->server),
2104 VNC_ENCODING_EXT_KEY_EVENT);
2105 vnc_unlock_output(vs);
2106 vnc_flush(vs);
2107 }
2108
send_ext_audio_ack(VncState * vs)2109 static void send_ext_audio_ack(VncState *vs)
2110 {
2111 vnc_lock_output(vs);
2112 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2113 vnc_write_u8(vs, 0);
2114 vnc_write_u16(vs, 1);
2115 vnc_framebuffer_update(vs, 0, 0,
2116 pixman_image_get_width(vs->vd->server),
2117 pixman_image_get_height(vs->vd->server),
2118 VNC_ENCODING_AUDIO);
2119 vnc_unlock_output(vs);
2120 vnc_flush(vs);
2121 }
2122
send_xvp_message(VncState * vs,int code)2123 static void send_xvp_message(VncState *vs, int code)
2124 {
2125 vnc_lock_output(vs);
2126 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2127 vnc_write_u8(vs, 0); /* pad */
2128 vnc_write_u8(vs, 1); /* version */
2129 vnc_write_u8(vs, code);
2130 vnc_unlock_output(vs);
2131 vnc_flush(vs);
2132 }
2133
set_encodings(VncState * vs,int32_t * encodings,size_t n_encodings)2134 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2135 {
2136 int i;
2137 unsigned int enc = 0;
2138
2139 vs->features = 0;
2140 vs->vnc_encoding = 0;
2141 vs->tight->compression = 9;
2142 vs->tight->quality = -1; /* Lossless by default */
2143 vs->absolute = -1;
2144
2145 /*
2146 * Start from the end because the encodings are sent in order of preference.
2147 * This way the preferred encoding (first encoding defined in the array)
2148 * will be set at the end of the loop.
2149 */
2150 for (i = n_encodings - 1; i >= 0; i--) {
2151 enc = encodings[i];
2152 switch (enc) {
2153 case VNC_ENCODING_RAW:
2154 vs->vnc_encoding = enc;
2155 break;
2156 case VNC_ENCODING_HEXTILE:
2157 vnc_set_feature(vs, VNC_FEATURE_HEXTILE);
2158 vs->vnc_encoding = enc;
2159 break;
2160 case VNC_ENCODING_TIGHT:
2161 vnc_set_feature(vs, VNC_FEATURE_TIGHT);
2162 vs->vnc_encoding = enc;
2163 break;
2164 #ifdef CONFIG_PNG
2165 case VNC_ENCODING_TIGHT_PNG:
2166 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG);
2167 vs->vnc_encoding = enc;
2168 break;
2169 #endif
2170 case VNC_ENCODING_ZLIB:
2171 /*
2172 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2173 * So prioritize ZRLE, even if the client hints that it prefers
2174 * ZLIB.
2175 */
2176 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) {
2177 vnc_set_feature(vs, VNC_FEATURE_ZLIB);
2178 vs->vnc_encoding = enc;
2179 }
2180 break;
2181 case VNC_ENCODING_ZRLE:
2182 vnc_set_feature(vs, VNC_FEATURE_ZRLE);
2183 vs->vnc_encoding = enc;
2184 break;
2185 case VNC_ENCODING_ZYWRLE:
2186 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE);
2187 vs->vnc_encoding = enc;
2188 break;
2189 case VNC_ENCODING_DESKTOPRESIZE:
2190 vnc_set_feature(vs, VNC_FEATURE_RESIZE);
2191 break;
2192 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2193 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT);
2194 break;
2195 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2196 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE);
2197 break;
2198 case VNC_ENCODING_RICH_CURSOR:
2199 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR);
2200 break;
2201 case VNC_ENCODING_ALPHA_CURSOR:
2202 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR);
2203 break;
2204 case VNC_ENCODING_EXT_KEY_EVENT:
2205 send_ext_key_event_ack(vs);
2206 break;
2207 case VNC_ENCODING_AUDIO:
2208 if (vs->vd->audio_state) {
2209 vnc_set_feature(vs, VNC_FEATURE_AUDIO);
2210 send_ext_audio_ack(vs);
2211 }
2212 break;
2213 case VNC_ENCODING_WMVi:
2214 vnc_set_feature(vs, VNC_FEATURE_WMVI);
2215 break;
2216 case VNC_ENCODING_LED_STATE:
2217 vnc_set_feature(vs, VNC_FEATURE_LED_STATE);
2218 break;
2219 case VNC_ENCODING_XVP:
2220 if (vs->vd->power_control) {
2221 vnc_set_feature(vs, VNC_FEATURE_XVP);
2222 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2223 }
2224 break;
2225 case VNC_ENCODING_CLIPBOARD_EXT:
2226 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT);
2227 vnc_server_cut_text_caps(vs);
2228 break;
2229 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2230 vs->tight->compression = (enc & 0x0F);
2231 break;
2232 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2233 if (vs->vd->lossy) {
2234 vs->tight->quality = (enc & 0x0F);
2235 }
2236 break;
2237 default:
2238 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2239 break;
2240 }
2241 }
2242 vnc_desktop_resize(vs);
2243 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2244 vnc_led_state_change(vs);
2245 vnc_cursor_define(vs);
2246 }
2247
set_pixel_conversion(VncState * vs)2248 static void set_pixel_conversion(VncState *vs)
2249 {
2250 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf,
2251 vs->client_endian);
2252
2253 if (fmt == VNC_SERVER_FB_FORMAT) {
2254 vs->write_pixels = vnc_write_pixels_copy;
2255 vnc_hextile_set_pixel_conversion(vs, 0);
2256 } else {
2257 vs->write_pixels = vnc_write_pixels_generic;
2258 vnc_hextile_set_pixel_conversion(vs, 1);
2259 }
2260 }
2261
send_color_map(VncState * vs)2262 static void send_color_map(VncState *vs)
2263 {
2264 int i;
2265
2266 vnc_lock_output(vs);
2267 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2268 vnc_write_u8(vs, 0); /* padding */
2269 vnc_write_u16(vs, 0); /* first color */
2270 vnc_write_u16(vs, 256); /* # of colors */
2271
2272 for (i = 0; i < 256; i++) {
2273 PixelFormat *pf = &vs->client_pf;
2274
2275 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2276 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2277 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2278 }
2279 vnc_unlock_output(vs);
2280 }
2281
set_pixel_format(VncState * vs,int bits_per_pixel,int big_endian_flag,int true_color_flag,int red_max,int green_max,int blue_max,int red_shift,int green_shift,int blue_shift)2282 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2283 int big_endian_flag, int true_color_flag,
2284 int red_max, int green_max, int blue_max,
2285 int red_shift, int green_shift, int blue_shift)
2286 {
2287 if (!true_color_flag) {
2288 /* Expose a reasonable default 256 color map */
2289 bits_per_pixel = 8;
2290 red_max = 7;
2291 green_max = 7;
2292 blue_max = 3;
2293 red_shift = 0;
2294 green_shift = 3;
2295 blue_shift = 6;
2296 }
2297
2298 switch (bits_per_pixel) {
2299 case 8:
2300 case 16:
2301 case 32:
2302 break;
2303 default:
2304 vnc_client_error(vs);
2305 return;
2306 }
2307
2308 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2309 vs->client_pf.rbits = ctpopl(red_max);
2310 vs->client_pf.rshift = red_shift;
2311 vs->client_pf.rmask = red_max << red_shift;
2312 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2313 vs->client_pf.gbits = ctpopl(green_max);
2314 vs->client_pf.gshift = green_shift;
2315 vs->client_pf.gmask = green_max << green_shift;
2316 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2317 vs->client_pf.bbits = ctpopl(blue_max);
2318 vs->client_pf.bshift = blue_shift;
2319 vs->client_pf.bmask = blue_max << blue_shift;
2320 vs->client_pf.bits_per_pixel = bits_per_pixel;
2321 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2322 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2323 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN;
2324
2325 if (!true_color_flag) {
2326 send_color_map(vs);
2327 }
2328
2329 set_pixel_conversion(vs);
2330
2331 graphic_hw_invalidate(vs->vd->dcl.con);
2332 graphic_hw_update(vs->vd->dcl.con);
2333 }
2334
pixel_format_message(VncState * vs)2335 static void pixel_format_message (VncState *vs) {
2336 char pad[3] = { 0, 0, 0 };
2337
2338 vs->client_pf = qemu_default_pixelformat(32);
2339 vs->client_endian = G_BYTE_ORDER;
2340
2341 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2342 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2343
2344 #if HOST_BIG_ENDIAN
2345 vnc_write_u8(vs, 1); /* big-endian-flag */
2346 #else
2347 vnc_write_u8(vs, 0); /* big-endian-flag */
2348 #endif
2349 vnc_write_u8(vs, 1); /* true-color-flag */
2350 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2351 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2352 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2353 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2354 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2355 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2356 vnc_write(vs, pad, 3); /* padding */
2357
2358 vnc_hextile_set_pixel_conversion(vs, 0);
2359 vs->write_pixels = vnc_write_pixels_copy;
2360 }
2361
vnc_colordepth(VncState * vs)2362 static void vnc_colordepth(VncState *vs)
2363 {
2364 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2365 /* Sending a WMVi message to notify the client*/
2366 vnc_lock_output(vs);
2367 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2368 vnc_write_u8(vs, 0);
2369 vnc_write_u16(vs, 1); /* number of rects */
2370 vnc_framebuffer_update(vs, 0, 0,
2371 vs->client_width,
2372 vs->client_height,
2373 VNC_ENCODING_WMVi);
2374 pixel_format_message(vs);
2375 vnc_unlock_output(vs);
2376 vnc_flush(vs);
2377 } else {
2378 set_pixel_conversion(vs);
2379 }
2380 }
2381
protocol_client_msg(VncState * vs,uint8_t * data,size_t len)2382 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2383 {
2384 int i;
2385 uint16_t limit;
2386 uint32_t freq;
2387 VncDisplay *vd = vs->vd;
2388
2389 if (data[0] > 3) {
2390 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2391 }
2392
2393 switch (data[0]) {
2394 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2395 if (len == 1)
2396 return 20;
2397
2398 set_pixel_format(vs, read_u8(data, 4),
2399 read_u8(data, 6), read_u8(data, 7),
2400 read_u16(data, 8), read_u16(data, 10),
2401 read_u16(data, 12), read_u8(data, 14),
2402 read_u8(data, 15), read_u8(data, 16));
2403 break;
2404 case VNC_MSG_CLIENT_SET_ENCODINGS:
2405 if (len == 1)
2406 return 4;
2407
2408 if (len == 4) {
2409 limit = read_u16(data, 2);
2410 if (limit > 0)
2411 return 4 + (limit * 4);
2412 } else
2413 limit = read_u16(data, 2);
2414
2415 for (i = 0; i < limit; i++) {
2416 int32_t val = read_s32(data, 4 + (i * 4));
2417 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2418 }
2419
2420 set_encodings(vs, (int32_t *)(data + 4), limit);
2421 break;
2422 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2423 if (len == 1)
2424 return 10;
2425
2426 framebuffer_update_request(vs,
2427 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2428 read_u16(data, 6), read_u16(data, 8));
2429 break;
2430 case VNC_MSG_CLIENT_KEY_EVENT:
2431 if (len == 1)
2432 return 8;
2433
2434 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2435 break;
2436 case VNC_MSG_CLIENT_POINTER_EVENT:
2437 if (len == 1)
2438 return 6;
2439
2440 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2441 break;
2442 case VNC_MSG_CLIENT_CUT_TEXT:
2443 if (len == 1) {
2444 return 8;
2445 }
2446 uint32_t dlen = abs(read_s32(data, 4));
2447 if (len == 8) {
2448 if (dlen > (1 << 20)) {
2449 error_report("vnc: client_cut_text msg payload has %u bytes"
2450 " which exceeds our limit of 1MB.", dlen);
2451 vnc_client_error(vs);
2452 break;
2453 }
2454 if (dlen > 0) {
2455 return 8 + dlen;
2456 }
2457 }
2458
2459 if (read_s32(data, 4) < 0) {
2460 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) {
2461 error_report("vnc: extended clipboard message while disabled");
2462 vnc_client_error(vs);
2463 break;
2464 }
2465 if (dlen < 4) {
2466 error_report("vnc: malformed payload (header less than 4 bytes)"
2467 " in extended clipboard pseudo-encoding.");
2468 vnc_client_error(vs);
2469 break;
2470 }
2471 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2472 break;
2473 }
2474 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2475 break;
2476 case VNC_MSG_CLIENT_XVP:
2477 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) {
2478 error_report("vnc: xvp client message while disabled");
2479 vnc_client_error(vs);
2480 break;
2481 }
2482 if (len == 1) {
2483 return 4;
2484 }
2485 if (len == 4) {
2486 uint8_t version = read_u8(data, 2);
2487 uint8_t action = read_u8(data, 3);
2488
2489 if (version != 1) {
2490 error_report("vnc: xvp client message version %d != 1",
2491 version);
2492 vnc_client_error(vs);
2493 break;
2494 }
2495
2496 switch (action) {
2497 case VNC_XVP_ACTION_SHUTDOWN:
2498 qemu_system_powerdown_request();
2499 break;
2500 case VNC_XVP_ACTION_REBOOT:
2501 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2502 break;
2503 case VNC_XVP_ACTION_RESET:
2504 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2505 break;
2506 default:
2507 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2508 break;
2509 }
2510 }
2511 break;
2512 case VNC_MSG_CLIENT_QEMU:
2513 if (len == 1)
2514 return 2;
2515
2516 switch (read_u8(data, 1)) {
2517 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2518 if (len == 2)
2519 return 12;
2520
2521 ext_key_event(vs, read_u16(data, 2),
2522 read_u32(data, 4), read_u32(data, 8));
2523 break;
2524 case VNC_MSG_CLIENT_QEMU_AUDIO:
2525 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) {
2526 error_report("Audio message %d with audio disabled", read_u8(data, 2));
2527 vnc_client_error(vs);
2528 break;
2529 }
2530
2531 if (len == 2)
2532 return 4;
2533
2534 switch (read_u16 (data, 2)) {
2535 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2536 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2537 audio_add(vs);
2538 break;
2539 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2540 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2541 audio_del(vs);
2542 break;
2543 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2544 if (len == 4)
2545 return 10;
2546 switch (read_u8(data, 4)) {
2547 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2548 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2549 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2550 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2551 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2552 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2553 default:
2554 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2555 vnc_client_error(vs);
2556 break;
2557 }
2558 vs->as.nchannels = read_u8(data, 5);
2559 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2560 VNC_DEBUG("Invalid audio channel count %d\n",
2561 read_u8(data, 5));
2562 vnc_client_error(vs);
2563 break;
2564 }
2565 freq = read_u32(data, 6);
2566 /* No official limit for protocol, but 48khz is a sensible
2567 * upper bound for trustworthy clients, and this limit
2568 * protects calculations involving 'vs->as.freq' later.
2569 */
2570 if (freq > 48000) {
2571 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2572 vnc_client_error(vs);
2573 break;
2574 }
2575 vs->as.freq = freq;
2576 trace_vnc_msg_client_audio_format(
2577 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2578 break;
2579 default:
2580 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2));
2581 vnc_client_error(vs);
2582 break;
2583 }
2584 break;
2585
2586 default:
2587 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2588 vnc_client_error(vs);
2589 break;
2590 }
2591 break;
2592 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2593 {
2594 size_t size;
2595 uint8_t screens;
2596 int w, h;
2597
2598 if (len < 8) {
2599 return 8;
2600 }
2601
2602 screens = read_u8(data, 6);
2603 size = 8 + screens * 16;
2604 if (len < size) {
2605 return size;
2606 }
2607 w = read_u16(data, 2);
2608 h = read_u16(data, 4);
2609
2610 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2611 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2612 QemuUIInfo info;
2613 memset(&info, 0, sizeof(info));
2614 info.width = w;
2615 info.height = h;
2616 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2617 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */);
2618 } else {
2619 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */);
2620 }
2621
2622 break;
2623 }
2624 default:
2625 VNC_DEBUG("Msg: %d\n", data[0]);
2626 vnc_client_error(vs);
2627 break;
2628 }
2629
2630 vnc_update_throttle_offset(vs);
2631 vnc_read_when(vs, protocol_client_msg, 1);
2632 return 0;
2633 }
2634
protocol_client_init(VncState * vs,uint8_t * data,size_t len)2635 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2636 {
2637 char buf[1024];
2638 VncShareMode mode;
2639 int size;
2640
2641 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2642 switch (vs->vd->share_policy) {
2643 case VNC_SHARE_POLICY_IGNORE:
2644 /*
2645 * Ignore the shared flag. Nothing to do here.
2646 *
2647 * Doesn't conform to the rfb spec but is traditional qemu
2648 * behavior, thus left here as option for compatibility
2649 * reasons.
2650 */
2651 break;
2652 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2653 /*
2654 * Policy: Allow clients ask for exclusive access.
2655 *
2656 * Implementation: When a client asks for exclusive access,
2657 * disconnect all others. Shared connects are allowed as long
2658 * as no exclusive connection exists.
2659 *
2660 * This is how the rfb spec suggests to handle the shared flag.
2661 */
2662 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2663 VncState *client;
2664 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2665 if (vs == client) {
2666 continue;
2667 }
2668 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2669 client->share_mode != VNC_SHARE_MODE_SHARED) {
2670 continue;
2671 }
2672 vnc_disconnect_start(client);
2673 }
2674 }
2675 if (mode == VNC_SHARE_MODE_SHARED) {
2676 if (vs->vd->num_exclusive > 0) {
2677 vnc_disconnect_start(vs);
2678 return 0;
2679 }
2680 }
2681 break;
2682 case VNC_SHARE_POLICY_FORCE_SHARED:
2683 /*
2684 * Policy: Shared connects only.
2685 * Implementation: Disallow clients asking for exclusive access.
2686 *
2687 * Useful for shared desktop sessions where you don't want
2688 * someone forgetting to say -shared when running the vnc
2689 * client disconnect everybody else.
2690 */
2691 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2692 vnc_disconnect_start(vs);
2693 return 0;
2694 }
2695 break;
2696 }
2697 vnc_set_share_mode(vs, mode);
2698
2699 if (vs->vd->num_shared > vs->vd->connections_limit) {
2700 vnc_disconnect_start(vs);
2701 return 0;
2702 }
2703
2704 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2705 pixman_image_get_width(vs->vd->server) >= 0);
2706 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2707 pixman_image_get_height(vs->vd->server) >= 0);
2708 vs->client_width = pixman_image_get_width(vs->vd->server);
2709 vs->client_height = pixman_image_get_height(vs->vd->server);
2710 vnc_write_u16(vs, vs->client_width);
2711 vnc_write_u16(vs, vs->client_height);
2712
2713 pixel_format_message(vs);
2714
2715 if (qemu_name) {
2716 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2717 if (size > sizeof(buf)) {
2718 size = sizeof(buf);
2719 }
2720 } else {
2721 size = snprintf(buf, sizeof(buf), "QEMU");
2722 }
2723
2724 vnc_write_u32(vs, size);
2725 vnc_write(vs, buf, size);
2726 vnc_flush(vs);
2727
2728 vnc_client_cache_auth(vs);
2729 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2730
2731 vnc_read_when(vs, protocol_client_msg, 1);
2732
2733 return 0;
2734 }
2735
start_client_init(VncState * vs)2736 void start_client_init(VncState *vs)
2737 {
2738 vnc_read_when(vs, protocol_client_init, 1);
2739 }
2740
authentication_failed(VncState * vs)2741 static void authentication_failed(VncState *vs)
2742 {
2743 vnc_write_u32(vs, 1); /* Reject auth */
2744 if (vs->minor >= 8) {
2745 static const char err[] = "Authentication failed";
2746 vnc_write_u32(vs, sizeof(err));
2747 vnc_write(vs, err, sizeof(err));
2748 }
2749 vnc_flush(vs);
2750 vnc_client_error(vs);
2751 }
2752
2753 static void
vnc_munge_des_rfb_key(unsigned char * key,size_t nkey)2754 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2755 {
2756 size_t i;
2757 for (i = 0; i < nkey; i++) {
2758 uint8_t r = key[i];
2759 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2760 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2761 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2762 key[i] = r;
2763 }
2764 }
2765
protocol_client_auth_vnc(VncState * vs,uint8_t * data,size_t len)2766 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2767 {
2768 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2769 size_t i, pwlen;
2770 unsigned char key[8];
2771 time_t now = time(NULL);
2772 QCryptoCipher *cipher = NULL;
2773 Error *err = NULL;
2774
2775 if (!vs->vd->password) {
2776 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2777 goto reject;
2778 }
2779 if (vs->vd->expires < now) {
2780 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2781 goto reject;
2782 }
2783
2784 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2785
2786 /* Calculate the expected challenge response */
2787 pwlen = strlen(vs->vd->password);
2788 for (i=0; i<sizeof(key); i++)
2789 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2790 vnc_munge_des_rfb_key(key, sizeof(key));
2791
2792 cipher = qcrypto_cipher_new(
2793 QCRYPTO_CIPHER_ALGO_DES,
2794 QCRYPTO_CIPHER_MODE_ECB,
2795 key, G_N_ELEMENTS(key),
2796 &err);
2797 if (!cipher) {
2798 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2799 error_get_pretty(err));
2800 error_free(err);
2801 goto reject;
2802 }
2803
2804 if (qcrypto_cipher_encrypt(cipher,
2805 vs->challenge,
2806 response,
2807 VNC_AUTH_CHALLENGE_SIZE,
2808 &err) < 0) {
2809 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2810 error_get_pretty(err));
2811 error_free(err);
2812 goto reject;
2813 }
2814
2815 /* Compare expected vs actual challenge response */
2816 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2817 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2818 goto reject;
2819 } else {
2820 trace_vnc_auth_pass(vs, vs->auth);
2821 vnc_write_u32(vs, 0); /* Accept auth */
2822 vnc_flush(vs);
2823
2824 start_client_init(vs);
2825 }
2826
2827 qcrypto_cipher_free(cipher);
2828 return 0;
2829
2830 reject:
2831 authentication_failed(vs);
2832 qcrypto_cipher_free(cipher);
2833 return 0;
2834 }
2835
start_auth_vnc(VncState * vs)2836 void start_auth_vnc(VncState *vs)
2837 {
2838 Error *err = NULL;
2839
2840 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2841 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2842 error_get_pretty(err));
2843 error_free(err);
2844 authentication_failed(vs);
2845 return;
2846 }
2847
2848 /* Send client a 'random' challenge */
2849 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2850 vnc_flush(vs);
2851
2852 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2853 }
2854
2855
protocol_client_auth(VncState * vs,uint8_t * data,size_t len)2856 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2857 {
2858 /* We only advertise 1 auth scheme at a time, so client
2859 * must pick the one we sent. Verify this */
2860 if (data[0] != vs->auth) { /* Reject auth */
2861 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2862 authentication_failed(vs);
2863 } else { /* Accept requested auth */
2864 trace_vnc_auth_start(vs, vs->auth);
2865 switch (vs->auth) {
2866 case VNC_AUTH_NONE:
2867 if (vs->minor >= 8) {
2868 vnc_write_u32(vs, 0); /* Accept auth completion */
2869 vnc_flush(vs);
2870 }
2871 trace_vnc_auth_pass(vs, vs->auth);
2872 start_client_init(vs);
2873 break;
2874
2875 case VNC_AUTH_VNC:
2876 start_auth_vnc(vs);
2877 break;
2878
2879 case VNC_AUTH_VENCRYPT:
2880 start_auth_vencrypt(vs);
2881 break;
2882
2883 #ifdef CONFIG_VNC_SASL
2884 case VNC_AUTH_SASL:
2885 start_auth_sasl(vs);
2886 break;
2887 #endif /* CONFIG_VNC_SASL */
2888
2889 default: /* Should not be possible, but just in case */
2890 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2891 authentication_failed(vs);
2892 }
2893 }
2894 return 0;
2895 }
2896
protocol_version(VncState * vs,uint8_t * version,size_t len)2897 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2898 {
2899 char local[13];
2900
2901 memcpy(local, version, 12);
2902 local[12] = 0;
2903
2904 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2905 VNC_DEBUG("Malformed protocol version %s\n", local);
2906 vnc_client_error(vs);
2907 return 0;
2908 }
2909 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2910 if (vs->major != 3 ||
2911 (vs->minor != 3 &&
2912 vs->minor != 4 &&
2913 vs->minor != 5 &&
2914 vs->minor != 7 &&
2915 vs->minor != 8)) {
2916 VNC_DEBUG("Unsupported client version\n");
2917 vnc_write_u32(vs, VNC_AUTH_INVALID);
2918 vnc_flush(vs);
2919 vnc_client_error(vs);
2920 return 0;
2921 }
2922 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2923 * as equivalent to v3.3 by servers
2924 */
2925 if (vs->minor == 4 || vs->minor == 5)
2926 vs->minor = 3;
2927
2928 if (vs->minor == 3) {
2929 trace_vnc_auth_start(vs, vs->auth);
2930 if (vs->auth == VNC_AUTH_NONE) {
2931 vnc_write_u32(vs, vs->auth);
2932 vnc_flush(vs);
2933 trace_vnc_auth_pass(vs, vs->auth);
2934 start_client_init(vs);
2935 } else if (vs->auth == VNC_AUTH_VNC) {
2936 VNC_DEBUG("Tell client VNC auth\n");
2937 vnc_write_u32(vs, vs->auth);
2938 vnc_flush(vs);
2939 start_auth_vnc(vs);
2940 } else {
2941 trace_vnc_auth_fail(vs, vs->auth,
2942 "Unsupported auth method for v3.3", "");
2943 vnc_write_u32(vs, VNC_AUTH_INVALID);
2944 vnc_flush(vs);
2945 vnc_client_error(vs);
2946 }
2947 } else {
2948 vnc_write_u8(vs, 1); /* num auth */
2949 vnc_write_u8(vs, vs->auth);
2950 vnc_read_when(vs, protocol_client_auth, 1);
2951 vnc_flush(vs);
2952 }
2953
2954 return 0;
2955 }
2956
vnc_stat_rect(VncDisplay * vd,int x,int y)2957 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2958 {
2959 struct VncSurface *vs = &vd->guest;
2960
2961 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2962 }
2963
vnc_sent_lossy_rect(VncState * vs,int x,int y,int w,int h)2964 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2965 {
2966 int i, j;
2967
2968 w = (x + w) / VNC_STAT_RECT;
2969 h = (y + h) / VNC_STAT_RECT;
2970 x /= VNC_STAT_RECT;
2971 y /= VNC_STAT_RECT;
2972
2973 for (j = y; j <= h; j++) {
2974 for (i = x; i <= w; i++) {
2975 vs->lossy_rect[j][i] = 1;
2976 }
2977 }
2978 }
2979
vnc_refresh_lossy_rect(VncDisplay * vd,int x,int y)2980 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2981 {
2982 VncState *vs;
2983 int sty = y / VNC_STAT_RECT;
2984 int stx = x / VNC_STAT_RECT;
2985 int has_dirty = 0;
2986
2987 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2988 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2989
2990 QTAILQ_FOREACH(vs, &vd->clients, next) {
2991 int j;
2992
2993 /* kernel send buffers are full -> refresh later */
2994 if (vs->output.offset) {
2995 continue;
2996 }
2997
2998 if (!vs->lossy_rect[sty][stx]) {
2999 continue;
3000 }
3001
3002 vs->lossy_rect[sty][stx] = 0;
3003 for (j = 0; j < VNC_STAT_RECT; ++j) {
3004 bitmap_set(vs->dirty[y + j],
3005 x / VNC_DIRTY_PIXELS_PER_BIT,
3006 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
3007 }
3008 has_dirty++;
3009 }
3010
3011 return has_dirty;
3012 }
3013
vnc_update_stats(VncDisplay * vd,struct timeval * tv)3014 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
3015 {
3016 int width = MIN(pixman_image_get_width(vd->guest.fb),
3017 pixman_image_get_width(vd->server));
3018 int height = MIN(pixman_image_get_height(vd->guest.fb),
3019 pixman_image_get_height(vd->server));
3020 int x, y;
3021 struct timeval res;
3022 int has_dirty = 0;
3023
3024 for (y = 0; y < height; y += VNC_STAT_RECT) {
3025 for (x = 0; x < width; x += VNC_STAT_RECT) {
3026 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3027
3028 rect->updated = false;
3029 }
3030 }
3031
3032 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3033
3034 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3035 return has_dirty;
3036 }
3037 vd->guest.last_freq_check = *tv;
3038
3039 for (y = 0; y < height; y += VNC_STAT_RECT) {
3040 for (x = 0; x < width; x += VNC_STAT_RECT) {
3041 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3042 int count = ARRAY_SIZE(rect->times);
3043 struct timeval min, max;
3044
3045 if (!timerisset(&rect->times[count - 1])) {
3046 continue ;
3047 }
3048
3049 max = rect->times[(rect->idx + count - 1) % count];
3050 qemu_timersub(tv, &max, &res);
3051
3052 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3053 rect->freq = 0;
3054 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3055 memset(rect->times, 0, sizeof (rect->times));
3056 continue ;
3057 }
3058
3059 min = rect->times[rect->idx];
3060 max = rect->times[(rect->idx + count - 1) % count];
3061 qemu_timersub(&max, &min, &res);
3062
3063 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3064 rect->freq /= count;
3065 rect->freq = 1. / rect->freq;
3066 }
3067 }
3068 return has_dirty;
3069 }
3070
vnc_update_freq(VncState * vs,int x,int y,int w,int h)3071 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3072 {
3073 int i, j;
3074 double total = 0;
3075 int num = 0;
3076
3077 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3078 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3079
3080 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3081 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3082 total += vnc_stat_rect(vs->vd, i, j)->freq;
3083 num++;
3084 }
3085 }
3086
3087 if (num) {
3088 return total / num;
3089 } else {
3090 return 0;
3091 }
3092 }
3093
vnc_rect_updated(VncDisplay * vd,int x,int y,struct timeval * tv)3094 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3095 {
3096 VncRectStat *rect;
3097
3098 rect = vnc_stat_rect(vd, x, y);
3099 if (rect->updated) {
3100 return;
3101 }
3102 rect->times[rect->idx] = *tv;
3103 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3104 rect->updated = true;
3105 }
3106
vnc_refresh_server_surface(VncDisplay * vd)3107 static int vnc_refresh_server_surface(VncDisplay *vd)
3108 {
3109 int width = MIN(pixman_image_get_width(vd->guest.fb),
3110 pixman_image_get_width(vd->server));
3111 int height = MIN(pixman_image_get_height(vd->guest.fb),
3112 pixman_image_get_height(vd->server));
3113 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3114 uint8_t *guest_row0 = NULL, *server_row0;
3115 VncState *vs;
3116 int has_dirty = 0;
3117 pixman_image_t *tmpbuf = NULL;
3118 unsigned long offset;
3119 int x;
3120 uint8_t *guest_ptr, *server_ptr;
3121
3122 struct timeval tv = { 0, 0 };
3123
3124 if (!vd->non_adaptive) {
3125 gettimeofday(&tv, NULL);
3126 has_dirty = vnc_update_stats(vd, &tv);
3127 }
3128
3129 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3130 height * VNC_DIRTY_BPL(&vd->guest), 0);
3131 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3132 /* no dirty bits in guest surface */
3133 return has_dirty;
3134 }
3135
3136 /*
3137 * Walk through the guest dirty map.
3138 * Check and copy modified bits from guest to server surface.
3139 * Update server dirty map.
3140 */
3141 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3142 server_stride = guest_stride = guest_ll =
3143 pixman_image_get_stride(vd->server);
3144 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3145 server_stride);
3146 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3147 int w = pixman_image_get_width(vd->server);
3148 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w);
3149 } else {
3150 int guest_bpp =
3151 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3152 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3153 guest_stride = pixman_image_get_stride(vd->guest.fb);
3154 guest_ll = pixman_image_get_width(vd->guest.fb)
3155 * DIV_ROUND_UP(guest_bpp, 8);
3156 }
3157 line_bytes = MIN(server_stride, guest_ll);
3158
3159 for (;;) {
3160 y = offset / VNC_DIRTY_BPL(&vd->guest);
3161 x = offset % VNC_DIRTY_BPL(&vd->guest);
3162
3163 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3164
3165 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3166 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3167 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3168 } else {
3169 guest_ptr = guest_row0 + y * guest_stride;
3170 }
3171 guest_ptr += x * cmp_bytes;
3172
3173 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3174 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3175 int _cmp_bytes = cmp_bytes;
3176 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3177 continue;
3178 }
3179 if ((x + 1) * cmp_bytes > line_bytes) {
3180 _cmp_bytes = line_bytes - x * cmp_bytes;
3181 }
3182 assert(_cmp_bytes >= 0);
3183 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3184 continue;
3185 }
3186 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3187 if (!vd->non_adaptive) {
3188 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3189 y, &tv);
3190 }
3191 QTAILQ_FOREACH(vs, &vd->clients, next) {
3192 set_bit(x, vs->dirty[y]);
3193 }
3194 has_dirty++;
3195 }
3196
3197 y++;
3198 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3199 height * VNC_DIRTY_BPL(&vd->guest),
3200 y * VNC_DIRTY_BPL(&vd->guest));
3201 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3202 /* no more dirty bits */
3203 break;
3204 }
3205 }
3206 qemu_pixman_image_unref(tmpbuf);
3207 return has_dirty;
3208 }
3209
vnc_refresh(DisplayChangeListener * dcl)3210 static void vnc_refresh(DisplayChangeListener *dcl)
3211 {
3212 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3213 VncState *vs, *vn;
3214 int has_dirty, rects = 0;
3215
3216 if (QTAILQ_EMPTY(&vd->clients)) {
3217 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3218 return;
3219 }
3220
3221 graphic_hw_update(vd->dcl.con);
3222
3223 if (vnc_trylock_display(vd)) {
3224 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3225 return;
3226 }
3227
3228 has_dirty = vnc_refresh_server_surface(vd);
3229 vnc_unlock_display(vd);
3230
3231 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3232 rects += vnc_update_client(vs, has_dirty);
3233 /* vs might be free()ed here */
3234 }
3235
3236 if (has_dirty && rects) {
3237 vd->dcl.update_interval /= 2;
3238 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3239 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3240 }
3241 } else {
3242 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3243 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3244 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3245 }
3246 }
3247 }
3248
vnc_connect(VncDisplay * vd,QIOChannelSocket * sioc,bool skipauth,bool websocket)3249 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3250 bool skipauth, bool websocket)
3251 {
3252 VncConnection *vc = g_new0(VncConnection, 1);
3253 VncState *vs = &vc->vs;
3254 bool first_client = QTAILQ_EMPTY(&vd->clients);
3255 int i;
3256
3257 trace_vnc_client_connect(vs, sioc);
3258 vs->zlib = &vc->zlib;
3259 vs->zrle = g_new0(VncZrle, 1);
3260 vs->tight = g_new0(VncTight, 1);
3261 vs->magic = VNC_MAGIC;
3262 vs->sioc = sioc;
3263 object_ref(OBJECT(vs->sioc));
3264 vs->ioc = QIO_CHANNEL(sioc);
3265 object_ref(OBJECT(vs->ioc));
3266 vs->vd = vd;
3267
3268 buffer_init(&vs->input, "vnc-input/%p", sioc);
3269 buffer_init(&vs->output, "vnc-output/%p", sioc);
3270 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3271
3272 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3273 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3274 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3275 #ifdef CONFIG_VNC_JPEG
3276 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3277 #endif
3278 #ifdef CONFIG_PNG
3279 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3280 #endif
3281 buffer_init(&vc->zlib.zlib, "vnc-zlib/%p", sioc);
3282 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3283 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3284 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3285
3286 if (skipauth) {
3287 vs->auth = VNC_AUTH_NONE;
3288 vs->subauth = VNC_AUTH_INVALID;
3289 } else {
3290 if (websocket) {
3291 vs->auth = vd->ws_auth;
3292 vs->subauth = VNC_AUTH_INVALID;
3293 } else {
3294 vs->auth = vd->auth;
3295 vs->subauth = vd->subauth;
3296 }
3297 }
3298 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3299 sioc, websocket, vs->auth, vs->subauth);
3300
3301 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3302 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3303 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3304 }
3305
3306 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3307 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3308 qio_channel_set_blocking(vs->ioc, false, NULL);
3309 if (vs->ioc_tag) {
3310 g_source_remove(vs->ioc_tag);
3311 }
3312 if (websocket) {
3313 vs->websocket = 1;
3314 if (vd->tlscreds) {
3315 vs->ioc_tag = qio_channel_add_watch(
3316 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3317 vncws_tls_handshake_io, vs, NULL);
3318 } else {
3319 vs->ioc_tag = qio_channel_add_watch(
3320 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3321 vncws_handshake_io, vs, NULL);
3322 }
3323 } else {
3324 vs->ioc_tag = qio_channel_add_watch(
3325 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3326 vnc_client_io, vs, NULL);
3327 }
3328
3329 vnc_client_cache_addr(vs);
3330 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3331 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3332
3333 vs->last_x = -1;
3334 vs->last_y = -1;
3335
3336 vs->as.freq = 44100;
3337 vs->as.nchannels = 2;
3338 vs->as.fmt = AUDIO_FORMAT_S16;
3339 vs->as.endianness = 0;
3340
3341 qemu_mutex_init(&vs->output_mutex);
3342 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3343
3344 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3345 if (first_client) {
3346 vnc_update_server_surface(vd);
3347 }
3348
3349 graphic_hw_update(vd->dcl.con);
3350
3351 if (!vs->websocket) {
3352 vnc_start_protocol(vs);
3353 }
3354
3355 if (vd->num_connecting > vd->connections_limit) {
3356 QTAILQ_FOREACH(vs, &vd->clients, next) {
3357 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3358 vnc_disconnect_start(vs);
3359 return;
3360 }
3361 }
3362 }
3363 }
3364
vnc_start_protocol(VncState * vs)3365 void vnc_start_protocol(VncState *vs)
3366 {
3367 vnc_write(vs, "RFB 003.008\n", 12);
3368 vnc_flush(vs);
3369 vnc_read_when(vs, protocol_version, 12);
3370
3371 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3372 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3373 }
3374
vnc_listen_io(QIONetListener * listener,QIOChannelSocket * cioc,void * opaque)3375 static void vnc_listen_io(QIONetListener *listener,
3376 QIOChannelSocket *cioc,
3377 void *opaque)
3378 {
3379 VncDisplay *vd = opaque;
3380 bool isWebsock = listener == vd->wslistener;
3381
3382 qio_channel_set_name(QIO_CHANNEL(cioc),
3383 isWebsock ? "vnc-ws-server" : "vnc-server");
3384 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3385 vnc_connect(vd, cioc, false, isWebsock);
3386 }
3387
3388 static const DisplayChangeListenerOps dcl_ops = {
3389 .dpy_name = "vnc",
3390 .dpy_refresh = vnc_refresh,
3391 .dpy_gfx_update = vnc_dpy_update,
3392 .dpy_gfx_switch = vnc_dpy_switch,
3393 .dpy_gfx_check_format = qemu_pixman_check_format,
3394 .dpy_mouse_set = vnc_mouse_set,
3395 .dpy_cursor_define = vnc_dpy_cursor_define,
3396 };
3397
vnc_display_init(const char * id,Error ** errp)3398 void vnc_display_init(const char *id, Error **errp)
3399 {
3400 VncDisplay *vd;
3401
3402 if (vnc_display_find(id) != NULL) {
3403 return;
3404 }
3405 vd = g_malloc0(sizeof(*vd));
3406
3407 vd->id = strdup(id);
3408 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3409
3410 QTAILQ_INIT(&vd->clients);
3411 vd->expires = TIME_MAX;
3412
3413 if (keyboard_layout) {
3414 trace_vnc_key_map_init(keyboard_layout);
3415 vd->kbd_layout = init_keyboard_layout(name2keysym,
3416 keyboard_layout, errp);
3417 } else {
3418 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3419 }
3420
3421 if (!vd->kbd_layout) {
3422 return;
3423 }
3424
3425 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3426 vd->connections_limit = 32;
3427
3428 qemu_mutex_init(&vd->mutex);
3429 vnc_start_worker_thread();
3430
3431 vd->dcl.ops = &dcl_ops;
3432 register_displaychangelistener(&vd->dcl);
3433 vd->kbd = qkbd_state_init(vd->dcl.con);
3434 }
3435
3436
vnc_display_close(VncDisplay * vd)3437 static void vnc_display_close(VncDisplay *vd)
3438 {
3439 if (!vd) {
3440 return;
3441 }
3442
3443 if (vd->listener) {
3444 qio_net_listener_disconnect(vd->listener);
3445 object_unref(OBJECT(vd->listener));
3446 }
3447 vd->listener = NULL;
3448
3449 if (vd->wslistener) {
3450 qio_net_listener_disconnect(vd->wslistener);
3451 object_unref(OBJECT(vd->wslistener));
3452 }
3453 vd->wslistener = NULL;
3454
3455 vd->auth = VNC_AUTH_INVALID;
3456 vd->subauth = VNC_AUTH_INVALID;
3457 if (vd->tlscreds) {
3458 object_unref(OBJECT(vd->tlscreds));
3459 vd->tlscreds = NULL;
3460 }
3461 if (vd->tlsauthz) {
3462 object_unparent(OBJECT(vd->tlsauthz));
3463 vd->tlsauthz = NULL;
3464 }
3465 g_free(vd->tlsauthzid);
3466 vd->tlsauthzid = NULL;
3467 if (vd->lock_key_sync) {
3468 qemu_remove_led_event_handler(vd->led);
3469 vd->led = NULL;
3470 }
3471 #ifdef CONFIG_VNC_SASL
3472 if (vd->sasl.authz) {
3473 object_unparent(OBJECT(vd->sasl.authz));
3474 vd->sasl.authz = NULL;
3475 }
3476 g_free(vd->sasl.authzid);
3477 vd->sasl.authzid = NULL;
3478 #endif
3479 }
3480
vnc_display_password(const char * id,const char * password)3481 int vnc_display_password(const char *id, const char *password)
3482 {
3483 VncDisplay *vd = vnc_display_find(id);
3484
3485 if (!vd) {
3486 return -EINVAL;
3487 }
3488 if (vd->auth == VNC_AUTH_NONE) {
3489 error_printf_unless_qmp("If you want use passwords please enable "
3490 "password auth using '-vnc ${dpy},password'.\n");
3491 return -EINVAL;
3492 }
3493
3494 g_free(vd->password);
3495 vd->password = g_strdup(password);
3496
3497 return 0;
3498 }
3499
vnc_display_pw_expire(const char * id,time_t expires)3500 int vnc_display_pw_expire(const char *id, time_t expires)
3501 {
3502 VncDisplay *vd = vnc_display_find(id);
3503
3504 if (!vd) {
3505 return -EINVAL;
3506 }
3507
3508 vd->expires = expires;
3509 return 0;
3510 }
3511
vnc_display_print_local_addr(VncDisplay * vd)3512 static void vnc_display_print_local_addr(VncDisplay *vd)
3513 {
3514 SocketAddress *addr;
3515
3516 if (!vd->listener || !vd->listener->nsioc) {
3517 return;
3518 }
3519
3520 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3521 if (!addr) {
3522 return;
3523 }
3524
3525 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3526 qapi_free_SocketAddress(addr);
3527 return;
3528 }
3529 error_printf_unless_qmp("VNC server running on %s:%s\n",
3530 addr->u.inet.host,
3531 addr->u.inet.port);
3532 qapi_free_SocketAddress(addr);
3533 }
3534
3535 static QemuOptsList qemu_vnc_opts = {
3536 .name = "vnc",
3537 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3538 .implied_opt_name = "vnc",
3539 .desc = {
3540 {
3541 .name = "vnc",
3542 .type = QEMU_OPT_STRING,
3543 },{
3544 .name = "websocket",
3545 .type = QEMU_OPT_STRING,
3546 },{
3547 .name = "tls-creds",
3548 .type = QEMU_OPT_STRING,
3549 },{
3550 .name = "share",
3551 .type = QEMU_OPT_STRING,
3552 },{
3553 .name = "display",
3554 .type = QEMU_OPT_STRING,
3555 },{
3556 .name = "head",
3557 .type = QEMU_OPT_NUMBER,
3558 },{
3559 .name = "connections",
3560 .type = QEMU_OPT_NUMBER,
3561 },{
3562 .name = "to",
3563 .type = QEMU_OPT_NUMBER,
3564 },{
3565 .name = "ipv4",
3566 .type = QEMU_OPT_BOOL,
3567 },{
3568 .name = "ipv6",
3569 .type = QEMU_OPT_BOOL,
3570 },{
3571 .name = "password",
3572 .type = QEMU_OPT_BOOL,
3573 },{
3574 .name = "password-secret",
3575 .type = QEMU_OPT_STRING,
3576 },{
3577 .name = "reverse",
3578 .type = QEMU_OPT_BOOL,
3579 },{
3580 .name = "lock-key-sync",
3581 .type = QEMU_OPT_BOOL,
3582 },{
3583 .name = "key-delay-ms",
3584 .type = QEMU_OPT_NUMBER,
3585 },{
3586 .name = "sasl",
3587 .type = QEMU_OPT_BOOL,
3588 },{
3589 .name = "tls-authz",
3590 .type = QEMU_OPT_STRING,
3591 },{
3592 .name = "sasl-authz",
3593 .type = QEMU_OPT_STRING,
3594 },{
3595 .name = "lossy",
3596 .type = QEMU_OPT_BOOL,
3597 },{
3598 .name = "non-adaptive",
3599 .type = QEMU_OPT_BOOL,
3600 },{
3601 .name = "audiodev",
3602 .type = QEMU_OPT_STRING,
3603 },{
3604 .name = "power-control",
3605 .type = QEMU_OPT_BOOL,
3606 },
3607 { /* end of list */ }
3608 },
3609 };
3610
3611
3612 static int
vnc_display_setup_auth(int * auth,int * subauth,QCryptoTLSCreds * tlscreds,bool password,bool sasl,bool websocket,Error ** errp)3613 vnc_display_setup_auth(int *auth,
3614 int *subauth,
3615 QCryptoTLSCreds *tlscreds,
3616 bool password,
3617 bool sasl,
3618 bool websocket,
3619 Error **errp)
3620 {
3621 /*
3622 * We have a choice of 3 authentication options
3623 *
3624 * 1. none
3625 * 2. vnc
3626 * 3. sasl
3627 *
3628 * The channel can be run in 2 modes
3629 *
3630 * 1. clear
3631 * 2. tls
3632 *
3633 * And TLS can use 2 types of credentials
3634 *
3635 * 1. anon
3636 * 2. x509
3637 *
3638 * We thus have 9 possible logical combinations
3639 *
3640 * 1. clear + none
3641 * 2. clear + vnc
3642 * 3. clear + sasl
3643 * 4. tls + anon + none
3644 * 5. tls + anon + vnc
3645 * 6. tls + anon + sasl
3646 * 7. tls + x509 + none
3647 * 8. tls + x509 + vnc
3648 * 9. tls + x509 + sasl
3649 *
3650 * These need to be mapped into the VNC auth schemes
3651 * in an appropriate manner. In regular VNC, all the
3652 * TLS options get mapped into VNC_AUTH_VENCRYPT
3653 * sub-auth types.
3654 *
3655 * In websockets, the https:// protocol already provides
3656 * TLS support, so there is no need to make use of the
3657 * VeNCrypt extension. Furthermore, websockets browser
3658 * clients could not use VeNCrypt even if they wanted to,
3659 * as they cannot control when the TLS handshake takes
3660 * place. Thus there is no option but to rely on https://,
3661 * meaning combinations 4->6 and 7->9 will be mapped to
3662 * VNC auth schemes in the same way as combos 1->3.
3663 *
3664 * Regardless of fact that we have a different mapping to
3665 * VNC auth mechs for plain VNC vs websockets VNC, the end
3666 * result has the same security characteristics.
3667 */
3668 if (websocket || !tlscreds) {
3669 if (password) {
3670 VNC_DEBUG("Initializing VNC server with password auth\n");
3671 *auth = VNC_AUTH_VNC;
3672 } else if (sasl) {
3673 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3674 *auth = VNC_AUTH_SASL;
3675 } else {
3676 VNC_DEBUG("Initializing VNC server with no auth\n");
3677 *auth = VNC_AUTH_NONE;
3678 }
3679 *subauth = VNC_AUTH_INVALID;
3680 } else {
3681 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3682 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3683 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3684 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3685
3686 if (!is_x509 && !is_anon) {
3687 error_setg(errp,
3688 "Unsupported TLS cred type %s",
3689 object_get_typename(OBJECT(tlscreds)));
3690 return -1;
3691 }
3692 *auth = VNC_AUTH_VENCRYPT;
3693 if (password) {
3694 if (is_x509) {
3695 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3696 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3697 } else {
3698 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3699 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3700 }
3701
3702 } else if (sasl) {
3703 if (is_x509) {
3704 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3705 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3706 } else {
3707 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3708 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3709 }
3710 } else {
3711 if (is_x509) {
3712 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3713 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3714 } else {
3715 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3716 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3717 }
3718 }
3719 }
3720 return 0;
3721 }
3722
3723
vnc_display_get_address(const char * addrstr,bool websocket,bool reverse,int displaynum,int to,bool has_ipv4,bool has_ipv6,bool ipv4,bool ipv6,SocketAddress ** retaddr,Error ** errp)3724 static int vnc_display_get_address(const char *addrstr,
3725 bool websocket,
3726 bool reverse,
3727 int displaynum,
3728 int to,
3729 bool has_ipv4,
3730 bool has_ipv6,
3731 bool ipv4,
3732 bool ipv6,
3733 SocketAddress **retaddr,
3734 Error **errp)
3735 {
3736 int ret = -1;
3737 SocketAddress *addr = NULL;
3738
3739 addr = g_new0(SocketAddress, 1);
3740
3741 if (strncmp(addrstr, "unix:", 5) == 0) {
3742 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3743 addr->u.q_unix.path = g_strdup(addrstr + 5);
3744
3745 if (to) {
3746 error_setg(errp, "Port range not support with UNIX socket");
3747 goto cleanup;
3748 }
3749 ret = 0;
3750 } else {
3751 const char *port;
3752 size_t hostlen;
3753 uint64_t baseport = 0;
3754 InetSocketAddress *inet;
3755
3756 port = strrchr(addrstr, ':');
3757 if (!port) {
3758 if (websocket) {
3759 hostlen = 0;
3760 port = addrstr;
3761 } else {
3762 error_setg(errp, "no vnc port specified");
3763 goto cleanup;
3764 }
3765 } else {
3766 hostlen = port - addrstr;
3767 port++;
3768 if (*port == '\0') {
3769 error_setg(errp, "vnc port cannot be empty");
3770 goto cleanup;
3771 }
3772 }
3773
3774 addr->type = SOCKET_ADDRESS_TYPE_INET;
3775 inet = &addr->u.inet;
3776 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3777 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3778 } else {
3779 inet->host = g_strndup(addrstr, hostlen);
3780 }
3781 /* plain VNC port is just an offset, for websocket
3782 * port is absolute */
3783 if (websocket) {
3784 if (g_str_equal(addrstr, "") ||
3785 g_str_equal(addrstr, "on")) {
3786 if (displaynum == -1) {
3787 error_setg(errp, "explicit websocket port is required");
3788 goto cleanup;
3789 }
3790 inet->port = g_strdup_printf(
3791 "%d", displaynum + 5700);
3792 if (to) {
3793 inet->has_to = true;
3794 inet->to = to + 5700;
3795 }
3796 } else {
3797 inet->port = g_strdup(port);
3798 }
3799 } else {
3800 int offset = reverse ? 0 : 5900;
3801 if (parse_uint_full(port, 10, &baseport) < 0) {
3802 error_setg(errp, "can't convert to a number: %s", port);
3803 goto cleanup;
3804 }
3805 if (baseport > 65535 ||
3806 baseport + offset > 65535) {
3807 error_setg(errp, "port %s out of range", port);
3808 goto cleanup;
3809 }
3810 inet->port = g_strdup_printf(
3811 "%d", (int)baseport + offset);
3812
3813 if (to) {
3814 inet->has_to = true;
3815 inet->to = to + offset;
3816 }
3817 }
3818
3819 inet->ipv4 = ipv4;
3820 inet->has_ipv4 = has_ipv4;
3821 inet->ipv6 = ipv6;
3822 inet->has_ipv6 = has_ipv6;
3823
3824 ret = baseport;
3825 }
3826
3827 *retaddr = addr;
3828
3829 cleanup:
3830 if (ret < 0) {
3831 qapi_free_SocketAddress(addr);
3832 }
3833 return ret;
3834 }
3835
vnc_display_get_addresses(QemuOpts * opts,bool reverse,SocketAddressList ** saddr_list_ret,SocketAddressList ** wsaddr_list_ret,Error ** errp)3836 static int vnc_display_get_addresses(QemuOpts *opts,
3837 bool reverse,
3838 SocketAddressList **saddr_list_ret,
3839 SocketAddressList **wsaddr_list_ret,
3840 Error **errp)
3841 {
3842 SocketAddress *saddr = NULL;
3843 SocketAddress *wsaddr = NULL;
3844 g_autoptr(SocketAddressList) saddr_list = NULL;
3845 SocketAddressList **saddr_tail = &saddr_list;
3846 SocketAddress *single_saddr = NULL;
3847 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3848 SocketAddressList **wsaddr_tail = &wsaddr_list;
3849 QemuOptsIter addriter;
3850 const char *addr;
3851 int to = qemu_opt_get_number(opts, "to", 0);
3852 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3853 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3854 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3855 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3856 int displaynum = -1;
3857
3858 addr = qemu_opt_get(opts, "vnc");
3859 if (addr == NULL || g_str_equal(addr, "none")) {
3860 return 0;
3861 }
3862 if (qemu_opt_get(opts, "websocket") &&
3863 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) {
3864 error_setg(errp,
3865 "SHA1 hash support is required for websockets");
3866 return -1;
3867 }
3868
3869 qemu_opt_iter_init(&addriter, opts, "vnc");
3870 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3871 int rv;
3872 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3873 has_ipv4, has_ipv6,
3874 ipv4, ipv6,
3875 &saddr, errp);
3876 if (rv < 0) {
3877 return -1;
3878 }
3879 /* Historical compat - first listen address can be used
3880 * to set the default websocket port
3881 */
3882 if (displaynum == -1) {
3883 displaynum = rv;
3884 }
3885 QAPI_LIST_APPEND(saddr_tail, saddr);
3886 }
3887
3888 if (saddr_list && !saddr_list->next) {
3889 single_saddr = saddr_list->value;
3890 } else {
3891 /*
3892 * If we had multiple primary displays, we don't do defaults
3893 * for websocket, and require explicit config instead.
3894 */
3895 displaynum = -1;
3896 }
3897
3898 qemu_opt_iter_init(&addriter, opts, "websocket");
3899 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3900 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3901 has_ipv4, has_ipv6,
3902 ipv4, ipv6,
3903 &wsaddr, errp) < 0) {
3904 return -1;
3905 }
3906
3907 /* Historical compat - if only a single listen address was
3908 * provided, then this is used to set the default listen
3909 * address for websocket too
3910 */
3911 if (single_saddr &&
3912 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3913 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3914 g_str_equal(wsaddr->u.inet.host, "") &&
3915 !g_str_equal(single_saddr->u.inet.host, "")) {
3916 g_free(wsaddr->u.inet.host);
3917 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3918 }
3919
3920 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3921 }
3922
3923 *saddr_list_ret = g_steal_pointer(&saddr_list);
3924 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3925 return 0;
3926 }
3927
vnc_display_connect(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3928 static int vnc_display_connect(VncDisplay *vd,
3929 SocketAddressList *saddr_list,
3930 SocketAddressList *wsaddr_list,
3931 Error **errp)
3932 {
3933 /* connect to viewer */
3934 QIOChannelSocket *sioc = NULL;
3935 if (wsaddr_list) {
3936 error_setg(errp, "Cannot use websockets in reverse mode");
3937 return -1;
3938 }
3939 if (!saddr_list || saddr_list->next) {
3940 error_setg(errp, "Expected a single address in reverse mode");
3941 return -1;
3942 }
3943 sioc = qio_channel_socket_new();
3944 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3945 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3946 object_unref(OBJECT(sioc));
3947 return -1;
3948 }
3949 vnc_connect(vd, sioc, false, false);
3950 object_unref(OBJECT(sioc));
3951 return 0;
3952 }
3953
3954
vnc_display_listen(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3955 static int vnc_display_listen(VncDisplay *vd,
3956 SocketAddressList *saddr_list,
3957 SocketAddressList *wsaddr_list,
3958 Error **errp)
3959 {
3960 SocketAddressList *el;
3961
3962 if (saddr_list) {
3963 vd->listener = qio_net_listener_new();
3964 qio_net_listener_set_name(vd->listener, "vnc-listen");
3965 for (el = saddr_list; el; el = el->next) {
3966 if (qio_net_listener_open_sync(vd->listener,
3967 el->value, 1,
3968 errp) < 0) {
3969 return -1;
3970 }
3971 }
3972
3973 qio_net_listener_set_client_func(vd->listener,
3974 vnc_listen_io, vd, NULL);
3975 }
3976
3977 if (wsaddr_list) {
3978 vd->wslistener = qio_net_listener_new();
3979 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3980 for (el = wsaddr_list; el; el = el->next) {
3981 if (qio_net_listener_open_sync(vd->wslistener,
3982 el->value, 1,
3983 errp) < 0) {
3984 return -1;
3985 }
3986 }
3987
3988 qio_net_listener_set_client_func(vd->wslistener,
3989 vnc_listen_io, vd, NULL);
3990 }
3991
3992 return 0;
3993 }
3994
vnc_display_update(DisplayUpdateOptionsVNC * arg,Error ** errp)3995 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
3996 {
3997 VncDisplay *vd = vnc_display_find(NULL);
3998
3999 if (!vd) {
4000 error_setg(errp, "Can not find vnc display");
4001 return false;
4002 }
4003
4004 if (arg->has_addresses) {
4005 if (vd->listener) {
4006 qio_net_listener_disconnect(vd->listener);
4007 object_unref(OBJECT(vd->listener));
4008 vd->listener = NULL;
4009 }
4010
4011 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
4012 return false;
4013 }
4014 }
4015
4016 return true;
4017 }
4018
vnc_display_open(const char * id,Error ** errp)4019 void vnc_display_open(const char *id, Error **errp)
4020 {
4021 VncDisplay *vd = vnc_display_find(id);
4022 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4023 g_autoptr(SocketAddressList) saddr_list = NULL;
4024 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4025 const char *share, *device_id;
4026 QemuConsole *con;
4027 bool password = false;
4028 bool reverse = false;
4029 const char *credid;
4030 bool sasl = false;
4031 const char *tlsauthz;
4032 const char *saslauthz;
4033 int lock_key_sync = 1;
4034 int key_delay_ms;
4035 const char *audiodev;
4036 const char *passwordSecret;
4037
4038 if (!vd) {
4039 error_setg(errp, "VNC display not active");
4040 return;
4041 }
4042 vnc_display_close(vd);
4043
4044 if (!opts) {
4045 return;
4046 }
4047
4048 reverse = qemu_opt_get_bool(opts, "reverse", false);
4049 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4050 errp) < 0) {
4051 goto fail;
4052 }
4053
4054
4055 passwordSecret = qemu_opt_get(opts, "password-secret");
4056 if (passwordSecret) {
4057 if (qemu_opt_get(opts, "password")) {
4058 error_setg(errp,
4059 "'password' flag is redundant with 'password-secret'");
4060 goto fail;
4061 }
4062 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4063 errp);
4064 if (!vd->password) {
4065 goto fail;
4066 }
4067 password = true;
4068 } else {
4069 password = qemu_opt_get_bool(opts, "password", false);
4070 }
4071 if (password) {
4072 if (!qcrypto_cipher_supports(
4073 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4074 error_setg(errp,
4075 "Cipher backend does not support DES algorithm");
4076 goto fail;
4077 }
4078 }
4079
4080 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4081 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4082 sasl = qemu_opt_get_bool(opts, "sasl", false);
4083 #ifndef CONFIG_VNC_SASL
4084 if (sasl) {
4085 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4086 goto fail;
4087 }
4088 #endif /* CONFIG_VNC_SASL */
4089 credid = qemu_opt_get(opts, "tls-creds");
4090 if (credid) {
4091 Object *creds;
4092 creds = object_resolve_path_component(
4093 object_get_objects_root(), credid);
4094 if (!creds) {
4095 error_setg(errp, "No TLS credentials with id '%s'",
4096 credid);
4097 goto fail;
4098 }
4099 vd->tlscreds = (QCryptoTLSCreds *)
4100 object_dynamic_cast(creds,
4101 TYPE_QCRYPTO_TLS_CREDS);
4102 if (!vd->tlscreds) {
4103 error_setg(errp, "Object with id '%s' is not TLS credentials",
4104 credid);
4105 goto fail;
4106 }
4107 object_ref(OBJECT(vd->tlscreds));
4108
4109 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4110 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4111 errp)) {
4112 goto fail;
4113 }
4114 }
4115 tlsauthz = qemu_opt_get(opts, "tls-authz");
4116 if (tlsauthz && !vd->tlscreds) {
4117 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4118 goto fail;
4119 }
4120
4121 saslauthz = qemu_opt_get(opts, "sasl-authz");
4122 if (saslauthz && !sasl) {
4123 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4124 goto fail;
4125 }
4126
4127 share = qemu_opt_get(opts, "share");
4128 if (share) {
4129 if (strcmp(share, "ignore") == 0) {
4130 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4131 } else if (strcmp(share, "allow-exclusive") == 0) {
4132 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4133 } else if (strcmp(share, "force-shared") == 0) {
4134 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4135 } else {
4136 error_setg(errp, "unknown vnc share= option");
4137 goto fail;
4138 }
4139 } else {
4140 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4141 }
4142 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4143
4144 #ifdef CONFIG_VNC_JPEG
4145 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4146 #endif
4147 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4148 /* adaptive updates are only used with tight encoding and
4149 * if lossy updates are enabled so we can disable all the
4150 * calculations otherwise */
4151 if (!vd->lossy) {
4152 vd->non_adaptive = true;
4153 }
4154
4155 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4156
4157 if (tlsauthz) {
4158 vd->tlsauthzid = g_strdup(tlsauthz);
4159 }
4160 #ifdef CONFIG_VNC_SASL
4161 if (sasl) {
4162 if (saslauthz) {
4163 vd->sasl.authzid = g_strdup(saslauthz);
4164 }
4165 }
4166 #endif
4167
4168 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4169 vd->tlscreds, password,
4170 sasl, false, errp) < 0) {
4171 goto fail;
4172 }
4173 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4174
4175 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4176 vd->tlscreds, password,
4177 sasl, true, errp) < 0) {
4178 goto fail;
4179 }
4180 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4181
4182 #ifdef CONFIG_VNC_SASL
4183 if (sasl && !vnc_sasl_server_init(errp)) {
4184 goto fail;
4185 }
4186 #endif
4187 vd->lock_key_sync = lock_key_sync;
4188 if (lock_key_sync) {
4189 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4190 }
4191 vd->ledstate = 0;
4192
4193 audiodev = qemu_opt_get(opts, "audiodev");
4194 if (audiodev) {
4195 vd->audio_state = audio_state_by_name(audiodev, errp);
4196 if (!vd->audio_state) {
4197 goto fail;
4198 }
4199 } else {
4200 vd->audio_state = audio_get_default_audio_state(NULL);
4201 }
4202
4203 device_id = qemu_opt_get(opts, "display");
4204 if (device_id) {
4205 int head = qemu_opt_get_number(opts, "head", 0);
4206 Error *err = NULL;
4207
4208 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4209 if (err) {
4210 error_propagate(errp, err);
4211 goto fail;
4212 }
4213 } else {
4214 con = qemu_console_lookup_default();
4215 }
4216
4217 if (con != vd->dcl.con) {
4218 qkbd_state_free(vd->kbd);
4219 unregister_displaychangelistener(&vd->dcl);
4220 vd->dcl.con = con;
4221 register_displaychangelistener(&vd->dcl);
4222 vd->kbd = qkbd_state_init(vd->dcl.con);
4223 }
4224 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4225
4226 if (saddr_list == NULL) {
4227 return;
4228 }
4229
4230 if (reverse) {
4231 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4232 goto fail;
4233 }
4234 } else {
4235 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4236 goto fail;
4237 }
4238 }
4239
4240 if (qemu_opt_get(opts, "to")) {
4241 vnc_display_print_local_addr(vd);
4242 }
4243
4244 /* Success */
4245 return;
4246
4247 fail:
4248 vnc_display_close(vd);
4249 }
4250
vnc_display_add_client(const char * id,int csock,bool skipauth)4251 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4252 {
4253 VncDisplay *vd = vnc_display_find(id);
4254 QIOChannelSocket *sioc;
4255
4256 if (!vd) {
4257 return;
4258 }
4259
4260 sioc = qio_channel_socket_new_fd(csock, NULL);
4261 if (sioc) {
4262 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4263 vnc_connect(vd, sioc, skipauth, false);
4264 object_unref(OBJECT(sioc));
4265 }
4266 }
4267
vnc_auto_assign_id(QemuOptsList * olist,QemuOpts * opts)4268 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4269 {
4270 int i = 2;
4271 char *id;
4272
4273 id = g_strdup("default");
4274 while (qemu_opts_find(olist, id)) {
4275 g_free(id);
4276 id = g_strdup_printf("vnc%d", i++);
4277 }
4278 qemu_opts_set_id(opts, id);
4279 }
4280
vnc_parse(const char * str)4281 void vnc_parse(const char *str)
4282 {
4283 QemuOptsList *olist = qemu_find_opts("vnc");
4284 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4285 const char *id;
4286
4287 if (!opts) {
4288 exit(1);
4289 }
4290
4291 id = qemu_opts_id(opts);
4292 if (!id) {
4293 /* auto-assign id if not present */
4294 vnc_auto_assign_id(olist, opts);
4295 }
4296 }
4297
vnc_init_func(void * opaque,QemuOpts * opts,Error ** errp)4298 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4299 {
4300 Error *local_err = NULL;
4301 char *id = (char *)qemu_opts_id(opts);
4302
4303 assert(id);
4304 vnc_display_init(id, &local_err);
4305 if (local_err) {
4306 error_propagate(errp, local_err);
4307 return -1;
4308 }
4309 vnc_display_open(id, &local_err);
4310 if (local_err != NULL) {
4311 error_propagate(errp, local_err);
4312 return -1;
4313 }
4314 return 0;
4315 }
4316
vnc_register_config(void)4317 static void vnc_register_config(void)
4318 {
4319 qemu_add_opts(&qemu_vnc_opts);
4320 }
4321 opts_init(vnc_register_config);
4322