1 /* 2 * QEMU VNC display driver 3 * 4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws> 5 * Copyright (C) 2006 Fabrice Bellard 6 * Copyright (C) 2009 Red Hat, Inc 7 * 8 * Permission is hereby granted, free of charge, to any person obtaining a copy 9 * of this software and associated documentation files (the "Software"), to deal 10 * in the Software without restriction, including without limitation the rights 11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 12 * copies of the Software, and to permit persons to whom the Software is 13 * furnished to do so, subject to the following conditions: 14 * 15 * The above copyright notice and this permission notice shall be included in 16 * all copies or substantial portions of the Software. 17 * 18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL 21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN 24 * THE SOFTWARE. 25 */ 26 27 #include "qemu/osdep.h" 28 #include "vnc.h" 29 #include "vnc-jobs.h" 30 #include "trace.h" 31 #include "hw/qdev-core.h" 32 #include "sysemu/sysemu.h" 33 #include "sysemu/runstate.h" 34 #include "qemu/error-report.h" 35 #include "qemu/main-loop.h" 36 #include "qemu/module.h" 37 #include "qemu/option.h" 38 #include "qemu/sockets.h" 39 #include "qemu/timer.h" 40 #include "authz/list.h" 41 #include "qemu/config-file.h" 42 #include "qapi/qapi-emit-events.h" 43 #include "qapi/qapi-events-ui.h" 44 #include "qapi/error.h" 45 #include "qapi/qapi-commands-ui.h" 46 #include "ui/input.h" 47 #include "crypto/hash.h" 48 #include "crypto/tlscreds.h" 49 #include "crypto/tlscredsanon.h" 50 #include "crypto/tlscredsx509.h" 51 #include "crypto/random.h" 52 #include "crypto/secret_common.h" 53 #include "qom/object_interfaces.h" 54 #include "qemu/cutils.h" 55 #include "qemu/help_option.h" 56 #include "io/dns-resolver.h" 57 #include "monitor/monitor.h" 58 59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT 60 #define VNC_REFRESH_INTERVAL_INC 50 61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE 62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 }; 63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 }; 64 65 #include "vnc_keysym.h" 66 #include "crypto/cipher.h" 67 68 static QTAILQ_HEAD(, VncDisplay) vnc_displays = 69 QTAILQ_HEAD_INITIALIZER(vnc_displays); 70 71 static int vnc_cursor_define(VncState *vs); 72 static void vnc_update_throttle_offset(VncState *vs); 73 vnc_set_share_mode(VncState * vs,VncShareMode mode)74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode) 75 { 76 #ifdef _VNC_DEBUG 77 static const char *mn[] = { 78 [0] = "undefined", 79 [VNC_SHARE_MODE_CONNECTING] = "connecting", 80 [VNC_SHARE_MODE_SHARED] = "shared", 81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive", 82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected", 83 }; 84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__, 85 vs->ioc, mn[vs->share_mode], mn[mode]); 86 #endif 87 88 switch (vs->share_mode) { 89 case VNC_SHARE_MODE_CONNECTING: 90 vs->vd->num_connecting--; 91 break; 92 case VNC_SHARE_MODE_SHARED: 93 vs->vd->num_shared--; 94 break; 95 case VNC_SHARE_MODE_EXCLUSIVE: 96 vs->vd->num_exclusive--; 97 break; 98 default: 99 break; 100 } 101 102 vs->share_mode = mode; 103 104 switch (vs->share_mode) { 105 case VNC_SHARE_MODE_CONNECTING: 106 vs->vd->num_connecting++; 107 break; 108 case VNC_SHARE_MODE_SHARED: 109 vs->vd->num_shared++; 110 break; 111 case VNC_SHARE_MODE_EXCLUSIVE: 112 vs->vd->num_exclusive++; 113 break; 114 default: 115 break; 116 } 117 } 118 119 vnc_init_basic_info(SocketAddress * addr,VncBasicInfo * info,Error ** errp)120 static void vnc_init_basic_info(SocketAddress *addr, 121 VncBasicInfo *info, 122 Error **errp) 123 { 124 switch (addr->type) { 125 case SOCKET_ADDRESS_TYPE_INET: 126 info->host = g_strdup(addr->u.inet.host); 127 info->service = g_strdup(addr->u.inet.port); 128 if (addr->u.inet.ipv6) { 129 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 130 } else { 131 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 132 } 133 break; 134 135 case SOCKET_ADDRESS_TYPE_UNIX: 136 info->host = g_strdup(""); 137 info->service = g_strdup(addr->u.q_unix.path); 138 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 139 break; 140 141 case SOCKET_ADDRESS_TYPE_VSOCK: 142 case SOCKET_ADDRESS_TYPE_FD: 143 error_setg(errp, "Unsupported socket address type %s", 144 SocketAddressType_str(addr->type)); 145 break; 146 default: 147 abort(); 148 } 149 150 return; 151 } 152 vnc_init_basic_info_from_server_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)153 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc, 154 VncBasicInfo *info, 155 Error **errp) 156 { 157 SocketAddress *addr = NULL; 158 159 if (!ioc) { 160 error_setg(errp, "No listener socket available"); 161 return; 162 } 163 164 addr = qio_channel_socket_get_local_address(ioc, errp); 165 if (!addr) { 166 return; 167 } 168 169 vnc_init_basic_info(addr, info, errp); 170 qapi_free_SocketAddress(addr); 171 } 172 vnc_init_basic_info_from_remote_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)173 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc, 174 VncBasicInfo *info, 175 Error **errp) 176 { 177 SocketAddress *addr = NULL; 178 179 addr = qio_channel_socket_get_remote_address(ioc, errp); 180 if (!addr) { 181 return; 182 } 183 184 vnc_init_basic_info(addr, info, errp); 185 qapi_free_SocketAddress(addr); 186 } 187 vnc_auth_name(VncDisplay * vd)188 static const char *vnc_auth_name(VncDisplay *vd) { 189 switch (vd->auth) { 190 case VNC_AUTH_INVALID: 191 return "invalid"; 192 case VNC_AUTH_NONE: 193 return "none"; 194 case VNC_AUTH_VNC: 195 return "vnc"; 196 case VNC_AUTH_RA2: 197 return "ra2"; 198 case VNC_AUTH_RA2NE: 199 return "ra2ne"; 200 case VNC_AUTH_TIGHT: 201 return "tight"; 202 case VNC_AUTH_ULTRA: 203 return "ultra"; 204 case VNC_AUTH_TLS: 205 return "tls"; 206 case VNC_AUTH_VENCRYPT: 207 switch (vd->subauth) { 208 case VNC_AUTH_VENCRYPT_PLAIN: 209 return "vencrypt+plain"; 210 case VNC_AUTH_VENCRYPT_TLSNONE: 211 return "vencrypt+tls+none"; 212 case VNC_AUTH_VENCRYPT_TLSVNC: 213 return "vencrypt+tls+vnc"; 214 case VNC_AUTH_VENCRYPT_TLSPLAIN: 215 return "vencrypt+tls+plain"; 216 case VNC_AUTH_VENCRYPT_X509NONE: 217 return "vencrypt+x509+none"; 218 case VNC_AUTH_VENCRYPT_X509VNC: 219 return "vencrypt+x509+vnc"; 220 case VNC_AUTH_VENCRYPT_X509PLAIN: 221 return "vencrypt+x509+plain"; 222 case VNC_AUTH_VENCRYPT_TLSSASL: 223 return "vencrypt+tls+sasl"; 224 case VNC_AUTH_VENCRYPT_X509SASL: 225 return "vencrypt+x509+sasl"; 226 default: 227 return "vencrypt"; 228 } 229 case VNC_AUTH_SASL: 230 return "sasl"; 231 } 232 return "unknown"; 233 } 234 vnc_server_info_get(VncDisplay * vd)235 static VncServerInfo *vnc_server_info_get(VncDisplay *vd) 236 { 237 VncServerInfo *info; 238 Error *err = NULL; 239 240 if (!vd->listener || !vd->listener->nsioc) { 241 return NULL; 242 } 243 244 info = g_malloc0(sizeof(*info)); 245 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0], 246 qapi_VncServerInfo_base(info), &err); 247 info->auth = g_strdup(vnc_auth_name(vd)); 248 if (err) { 249 qapi_free_VncServerInfo(info); 250 info = NULL; 251 error_free(err); 252 } 253 return info; 254 } 255 vnc_client_cache_auth(VncState * client)256 static void vnc_client_cache_auth(VncState *client) 257 { 258 if (!client->info) { 259 return; 260 } 261 262 if (client->tls) { 263 client->info->x509_dname = 264 qcrypto_tls_session_get_peer_name(client->tls); 265 } 266 #ifdef CONFIG_VNC_SASL 267 if (client->sasl.conn && 268 client->sasl.username) { 269 client->info->sasl_username = g_strdup(client->sasl.username); 270 } 271 #endif 272 } 273 vnc_client_cache_addr(VncState * client)274 static void vnc_client_cache_addr(VncState *client) 275 { 276 Error *err = NULL; 277 278 client->info = g_malloc0(sizeof(*client->info)); 279 vnc_init_basic_info_from_remote_addr(client->sioc, 280 qapi_VncClientInfo_base(client->info), 281 &err); 282 client->info->websocket = client->websocket; 283 if (err) { 284 qapi_free_VncClientInfo(client->info); 285 client->info = NULL; 286 error_free(err); 287 } 288 } 289 vnc_qmp_event(VncState * vs,QAPIEvent event)290 static void vnc_qmp_event(VncState *vs, QAPIEvent event) 291 { 292 VncServerInfo *si; 293 294 if (!vs->info) { 295 return; 296 } 297 298 si = vnc_server_info_get(vs->vd); 299 if (!si) { 300 return; 301 } 302 303 switch (event) { 304 case QAPI_EVENT_VNC_CONNECTED: 305 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info)); 306 break; 307 case QAPI_EVENT_VNC_INITIALIZED: 308 qapi_event_send_vnc_initialized(si, vs->info); 309 break; 310 case QAPI_EVENT_VNC_DISCONNECTED: 311 qapi_event_send_vnc_disconnected(si, vs->info); 312 break; 313 default: 314 break; 315 } 316 317 qapi_free_VncServerInfo(si); 318 } 319 qmp_query_vnc_client(const VncState * client)320 static VncClientInfo *qmp_query_vnc_client(const VncState *client) 321 { 322 VncClientInfo *info; 323 Error *err = NULL; 324 325 info = g_malloc0(sizeof(*info)); 326 327 vnc_init_basic_info_from_remote_addr(client->sioc, 328 qapi_VncClientInfo_base(info), 329 &err); 330 if (err) { 331 error_free(err); 332 qapi_free_VncClientInfo(info); 333 return NULL; 334 } 335 336 info->websocket = client->websocket; 337 338 if (client->tls) { 339 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls); 340 } 341 #ifdef CONFIG_VNC_SASL 342 if (client->sasl.conn && client->sasl.username) { 343 info->sasl_username = g_strdup(client->sasl.username); 344 } 345 #endif 346 347 return info; 348 } 349 vnc_display_find(const char * id)350 static VncDisplay *vnc_display_find(const char *id) 351 { 352 VncDisplay *vd; 353 354 if (id == NULL) { 355 return QTAILQ_FIRST(&vnc_displays); 356 } 357 QTAILQ_FOREACH(vd, &vnc_displays, next) { 358 if (strcmp(id, vd->id) == 0) { 359 return vd; 360 } 361 } 362 return NULL; 363 } 364 qmp_query_client_list(VncDisplay * vd)365 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd) 366 { 367 VncClientInfoList *prev = NULL; 368 VncState *client; 369 370 QTAILQ_FOREACH(client, &vd->clients, next) { 371 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client)); 372 } 373 return prev; 374 } 375 qmp_query_vnc(Error ** errp)376 VncInfo *qmp_query_vnc(Error **errp) 377 { 378 VncInfo *info = g_malloc0(sizeof(*info)); 379 VncDisplay *vd = vnc_display_find(NULL); 380 SocketAddress *addr = NULL; 381 382 if (vd == NULL || !vd->listener || !vd->listener->nsioc) { 383 info->enabled = false; 384 } else { 385 info->enabled = true; 386 387 /* for compatibility with the original command */ 388 info->has_clients = true; 389 info->clients = qmp_query_client_list(vd); 390 391 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], 392 errp); 393 if (!addr) { 394 goto out_error; 395 } 396 397 switch (addr->type) { 398 case SOCKET_ADDRESS_TYPE_INET: 399 info->host = g_strdup(addr->u.inet.host); 400 info->service = g_strdup(addr->u.inet.port); 401 if (addr->u.inet.ipv6) { 402 info->family = NETWORK_ADDRESS_FAMILY_IPV6; 403 } else { 404 info->family = NETWORK_ADDRESS_FAMILY_IPV4; 405 } 406 break; 407 408 case SOCKET_ADDRESS_TYPE_UNIX: 409 info->host = g_strdup(""); 410 info->service = g_strdup(addr->u.q_unix.path); 411 info->family = NETWORK_ADDRESS_FAMILY_UNIX; 412 break; 413 414 case SOCKET_ADDRESS_TYPE_VSOCK: 415 case SOCKET_ADDRESS_TYPE_FD: 416 error_setg(errp, "Unsupported socket address type %s", 417 SocketAddressType_str(addr->type)); 418 goto out_error; 419 default: 420 abort(); 421 } 422 423 info->has_family = true; 424 425 info->auth = g_strdup(vnc_auth_name(vd)); 426 } 427 428 qapi_free_SocketAddress(addr); 429 return info; 430 431 out_error: 432 qapi_free_SocketAddress(addr); 433 qapi_free_VncInfo(info); 434 return NULL; 435 } 436 437 438 static void qmp_query_auth(int auth, int subauth, 439 VncPrimaryAuth *qmp_auth, 440 VncVencryptSubAuth *qmp_vencrypt, 441 bool *qmp_has_vencrypt); 442 qmp_query_server_entry(QIOChannelSocket * ioc,bool websocket,int auth,int subauth,VncServerInfo2List * prev)443 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc, 444 bool websocket, 445 int auth, 446 int subauth, 447 VncServerInfo2List *prev) 448 { 449 VncServerInfo2 *info; 450 Error *err = NULL; 451 SocketAddress *addr; 452 453 addr = qio_channel_socket_get_local_address(ioc, NULL); 454 if (!addr) { 455 return prev; 456 } 457 458 info = g_new0(VncServerInfo2, 1); 459 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err); 460 qapi_free_SocketAddress(addr); 461 if (err) { 462 qapi_free_VncServerInfo2(info); 463 error_free(err); 464 return prev; 465 } 466 info->websocket = websocket; 467 468 qmp_query_auth(auth, subauth, &info->auth, 469 &info->vencrypt, &info->has_vencrypt); 470 471 QAPI_LIST_PREPEND(prev, info); 472 return prev; 473 } 474 qmp_query_auth(int auth,int subauth,VncPrimaryAuth * qmp_auth,VncVencryptSubAuth * qmp_vencrypt,bool * qmp_has_vencrypt)475 static void qmp_query_auth(int auth, int subauth, 476 VncPrimaryAuth *qmp_auth, 477 VncVencryptSubAuth *qmp_vencrypt, 478 bool *qmp_has_vencrypt) 479 { 480 switch (auth) { 481 case VNC_AUTH_VNC: 482 *qmp_auth = VNC_PRIMARY_AUTH_VNC; 483 break; 484 case VNC_AUTH_RA2: 485 *qmp_auth = VNC_PRIMARY_AUTH_RA2; 486 break; 487 case VNC_AUTH_RA2NE: 488 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE; 489 break; 490 case VNC_AUTH_TIGHT: 491 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT; 492 break; 493 case VNC_AUTH_ULTRA: 494 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA; 495 break; 496 case VNC_AUTH_TLS: 497 *qmp_auth = VNC_PRIMARY_AUTH_TLS; 498 break; 499 case VNC_AUTH_VENCRYPT: 500 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT; 501 *qmp_has_vencrypt = true; 502 switch (subauth) { 503 case VNC_AUTH_VENCRYPT_PLAIN: 504 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN; 505 break; 506 case VNC_AUTH_VENCRYPT_TLSNONE: 507 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE; 508 break; 509 case VNC_AUTH_VENCRYPT_TLSVNC: 510 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC; 511 break; 512 case VNC_AUTH_VENCRYPT_TLSPLAIN: 513 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN; 514 break; 515 case VNC_AUTH_VENCRYPT_X509NONE: 516 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE; 517 break; 518 case VNC_AUTH_VENCRYPT_X509VNC: 519 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC; 520 break; 521 case VNC_AUTH_VENCRYPT_X509PLAIN: 522 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN; 523 break; 524 case VNC_AUTH_VENCRYPT_TLSSASL: 525 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL; 526 break; 527 case VNC_AUTH_VENCRYPT_X509SASL: 528 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL; 529 break; 530 default: 531 *qmp_has_vencrypt = false; 532 break; 533 } 534 break; 535 case VNC_AUTH_SASL: 536 *qmp_auth = VNC_PRIMARY_AUTH_SASL; 537 break; 538 case VNC_AUTH_NONE: 539 default: 540 *qmp_auth = VNC_PRIMARY_AUTH_NONE; 541 break; 542 } 543 } 544 qmp_query_vnc_servers(Error ** errp)545 VncInfo2List *qmp_query_vnc_servers(Error **errp) 546 { 547 VncInfo2List *prev = NULL; 548 VncInfo2 *info; 549 VncDisplay *vd; 550 DeviceState *dev; 551 size_t i; 552 553 QTAILQ_FOREACH(vd, &vnc_displays, next) { 554 info = g_new0(VncInfo2, 1); 555 info->id = g_strdup(vd->id); 556 info->clients = qmp_query_client_list(vd); 557 qmp_query_auth(vd->auth, vd->subauth, &info->auth, 558 &info->vencrypt, &info->has_vencrypt); 559 if (vd->dcl.con) { 560 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con), 561 "device", &error_abort)); 562 info->display = g_strdup(dev->id); 563 } 564 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) { 565 info->server = qmp_query_server_entry( 566 vd->listener->sioc[i], false, vd->auth, vd->subauth, 567 info->server); 568 } 569 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) { 570 info->server = qmp_query_server_entry( 571 vd->wslistener->sioc[i], true, vd->ws_auth, 572 vd->ws_subauth, info->server); 573 } 574 575 QAPI_LIST_PREPEND(prev, info); 576 } 577 return prev; 578 } 579 vnc_display_reload_certs(const char * id,Error ** errp)580 bool vnc_display_reload_certs(const char *id, Error **errp) 581 { 582 VncDisplay *vd = vnc_display_find(id); 583 QCryptoTLSCredsClass *creds = NULL; 584 585 if (!vd) { 586 error_setg(errp, "Can not find vnc display"); 587 return false; 588 } 589 590 if (!vd->tlscreds) { 591 error_setg(errp, "vnc tls is not enabled"); 592 return false; 593 } 594 595 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds)); 596 if (creds->reload == NULL) { 597 error_setg(errp, "%s doesn't support to reload TLS credential", 598 object_get_typename(OBJECT(vd->tlscreds))); 599 return false; 600 } 601 if (!creds->reload(vd->tlscreds, errp)) { 602 return false; 603 } 604 605 return true; 606 } 607 608 /* TODO 609 1) Get the queue working for IO. 610 2) there is some weirdness when using the -S option (the screen is grey 611 and not totally invalidated 612 3) resolutions > 1024 613 */ 614 615 static int vnc_update_client(VncState *vs, int has_dirty); 616 static void vnc_disconnect_start(VncState *vs); 617 618 static void vnc_colordepth(VncState *vs); 619 static void framebuffer_update_request(VncState *vs, int incremental, 620 int x_position, int y_position, 621 int w, int h); 622 static void vnc_refresh(DisplayChangeListener *dcl); 623 static int vnc_refresh_server_surface(VncDisplay *vd); 624 vnc_width(VncDisplay * vd)625 static int vnc_width(VncDisplay *vd) 626 { 627 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds), 628 VNC_DIRTY_PIXELS_PER_BIT)); 629 } 630 vnc_true_width(VncDisplay * vd)631 static int vnc_true_width(VncDisplay *vd) 632 { 633 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds)); 634 } 635 vnc_height(VncDisplay * vd)636 static int vnc_height(VncDisplay *vd) 637 { 638 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds)); 639 } 640 641 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT], 642 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT), 643 VncDisplay *vd, 644 int x, int y, int w, int h) 645 { 646 int width = vnc_width(vd); 647 int height = vnc_height(vd); 648 649 /* this is needed this to ensure we updated all affected 650 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */ 651 w += (x % VNC_DIRTY_PIXELS_PER_BIT); 652 x -= (x % VNC_DIRTY_PIXELS_PER_BIT); 653 654 x = MIN(x, width); 655 y = MIN(y, height); 656 w = MIN(x + w, width) - x; 657 h = MIN(y + h, height); 658 659 for (; y < h; y++) { 660 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT, 661 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT)); 662 } 663 } 664 vnc_dpy_update(DisplayChangeListener * dcl,int x,int y,int w,int h)665 static void vnc_dpy_update(DisplayChangeListener *dcl, 666 int x, int y, int w, int h) 667 { 668 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 669 struct VncSurface *s = &vd->guest; 670 671 vnc_set_area_dirty(s->dirty, vd, x, y, w, h); 672 } 673 vnc_framebuffer_update(VncState * vs,int x,int y,int w,int h,int32_t encoding)674 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h, 675 int32_t encoding) 676 { 677 vnc_write_u16(vs, x); 678 vnc_write_u16(vs, y); 679 vnc_write_u16(vs, w); 680 vnc_write_u16(vs, h); 681 682 vnc_write_s32(vs, encoding); 683 } 684 vnc_desktop_resize_ext(VncState * vs,int reject_reason)685 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason) 686 { 687 trace_vnc_msg_server_ext_desktop_resize( 688 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason); 689 690 vnc_lock_output(vs); 691 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 692 vnc_write_u8(vs, 0); 693 vnc_write_u16(vs, 1); /* number of rects */ 694 vnc_framebuffer_update(vs, 695 reject_reason ? 1 : 0, 696 reject_reason, 697 vs->client_width, vs->client_height, 698 VNC_ENCODING_DESKTOP_RESIZE_EXT); 699 vnc_write_u8(vs, 1); /* number of screens */ 700 vnc_write_u8(vs, 0); /* padding */ 701 vnc_write_u8(vs, 0); /* padding */ 702 vnc_write_u8(vs, 0); /* padding */ 703 vnc_write_u32(vs, 0); /* screen id */ 704 vnc_write_u16(vs, 0); /* screen x-pos */ 705 vnc_write_u16(vs, 0); /* screen y-pos */ 706 vnc_write_u16(vs, vs->client_width); 707 vnc_write_u16(vs, vs->client_height); 708 vnc_write_u32(vs, 0); /* screen flags */ 709 vnc_unlock_output(vs); 710 vnc_flush(vs); 711 } 712 vnc_desktop_resize(VncState * vs)713 static void vnc_desktop_resize(VncState *vs) 714 { 715 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) && 716 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) { 717 return; 718 } 719 if (vs->client_width == vs->vd->true_width && 720 vs->client_height == pixman_image_get_height(vs->vd->server)) { 721 return; 722 } 723 724 assert(vs->vd->true_width < 65536 && 725 vs->vd->true_width >= 0); 726 assert(pixman_image_get_height(vs->vd->server) < 65536 && 727 pixman_image_get_height(vs->vd->server) >= 0); 728 vs->client_width = vs->vd->true_width; 729 vs->client_height = pixman_image_get_height(vs->vd->server); 730 731 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 732 vnc_desktop_resize_ext(vs, 0); 733 return; 734 } 735 736 trace_vnc_msg_server_desktop_resize( 737 vs, vs->ioc, vs->client_width, vs->client_height); 738 739 vnc_lock_output(vs); 740 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 741 vnc_write_u8(vs, 0); 742 vnc_write_u16(vs, 1); /* number of rects */ 743 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height, 744 VNC_ENCODING_DESKTOPRESIZE); 745 vnc_unlock_output(vs); 746 vnc_flush(vs); 747 } 748 vnc_abort_display_jobs(VncDisplay * vd)749 static void vnc_abort_display_jobs(VncDisplay *vd) 750 { 751 VncState *vs; 752 753 QTAILQ_FOREACH(vs, &vd->clients, next) { 754 vnc_lock_output(vs); 755 vs->abort = true; 756 vnc_unlock_output(vs); 757 } 758 QTAILQ_FOREACH(vs, &vd->clients, next) { 759 vnc_jobs_join(vs); 760 } 761 QTAILQ_FOREACH(vs, &vd->clients, next) { 762 vnc_lock_output(vs); 763 if (vs->update == VNC_STATE_UPDATE_NONE && 764 vs->job_update != VNC_STATE_UPDATE_NONE) { 765 /* job aborted before completion */ 766 vs->update = vs->job_update; 767 vs->job_update = VNC_STATE_UPDATE_NONE; 768 } 769 vs->abort = false; 770 vnc_unlock_output(vs); 771 } 772 } 773 vnc_server_fb_stride(VncDisplay * vd)774 int vnc_server_fb_stride(VncDisplay *vd) 775 { 776 return pixman_image_get_stride(vd->server); 777 } 778 vnc_server_fb_ptr(VncDisplay * vd,int x,int y)779 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y) 780 { 781 uint8_t *ptr; 782 783 ptr = (uint8_t *)pixman_image_get_data(vd->server); 784 ptr += y * vnc_server_fb_stride(vd); 785 ptr += x * VNC_SERVER_FB_BYTES; 786 return ptr; 787 } 788 vnc_update_server_surface(VncDisplay * vd)789 static void vnc_update_server_surface(VncDisplay *vd) 790 { 791 int width, height; 792 793 qemu_pixman_image_unref(vd->server); 794 vd->server = NULL; 795 796 if (QTAILQ_EMPTY(&vd->clients)) { 797 return; 798 } 799 800 width = vnc_width(vd); 801 height = vnc_height(vd); 802 vd->true_width = vnc_true_width(vd); 803 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT, 804 width, height, 805 NULL, 0); 806 807 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty)); 808 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 809 width, height); 810 } 811 vnc_check_pageflip(DisplaySurface * s1,DisplaySurface * s2)812 static bool vnc_check_pageflip(DisplaySurface *s1, 813 DisplaySurface *s2) 814 { 815 return (s1 != NULL && 816 s2 != NULL && 817 surface_width(s1) == surface_width(s2) && 818 surface_height(s1) == surface_height(s2) && 819 surface_format(s1) == surface_format(s2)); 820 821 } 822 vnc_dpy_switch(DisplayChangeListener * dcl,DisplaySurface * surface)823 static void vnc_dpy_switch(DisplayChangeListener *dcl, 824 DisplaySurface *surface) 825 { 826 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 827 bool pageflip = vnc_check_pageflip(vd->ds, surface); 828 VncState *vs; 829 830 vnc_abort_display_jobs(vd); 831 vd->ds = surface; 832 833 /* guest surface */ 834 qemu_pixman_image_unref(vd->guest.fb); 835 vd->guest.fb = pixman_image_ref(surface->image); 836 vd->guest.format = surface_format(surface); 837 838 839 if (pageflip) { 840 trace_vnc_server_dpy_pageflip(vd, 841 surface_width(surface), 842 surface_height(surface), 843 surface_format(surface)); 844 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0, 845 surface_width(surface), 846 surface_height(surface)); 847 return; 848 } 849 850 trace_vnc_server_dpy_recreate(vd, 851 surface_width(surface), 852 surface_height(surface), 853 surface_format(surface)); 854 /* server surface */ 855 vnc_update_server_surface(vd); 856 857 QTAILQ_FOREACH(vs, &vd->clients, next) { 858 vnc_colordepth(vs); 859 vnc_desktop_resize(vs); 860 vnc_cursor_define(vs); 861 memset(vs->dirty, 0x00, sizeof(vs->dirty)); 862 vnc_set_area_dirty(vs->dirty, vd, 0, 0, 863 vnc_width(vd), 864 vnc_height(vd)); 865 vnc_update_throttle_offset(vs); 866 } 867 } 868 869 /* fastest code */ vnc_write_pixels_copy(VncState * vs,void * pixels,int size)870 static void vnc_write_pixels_copy(VncState *vs, 871 void *pixels, int size) 872 { 873 vnc_write(vs, pixels, size); 874 } 875 876 /* slowest but generic code. */ vnc_convert_pixel(VncState * vs,uint8_t * buf,uint32_t v)877 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v) 878 { 879 uint8_t r, g, b; 880 881 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8) 882 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8; 883 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8; 884 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8; 885 #else 886 # error need some bits here if you change VNC_SERVER_FB_FORMAT 887 #endif 888 v = (r << vs->client_pf.rshift) | 889 (g << vs->client_pf.gshift) | 890 (b << vs->client_pf.bshift); 891 switch (vs->client_pf.bytes_per_pixel) { 892 case 1: 893 buf[0] = v; 894 break; 895 case 2: 896 if (vs->client_be) { 897 buf[0] = v >> 8; 898 buf[1] = v; 899 } else { 900 buf[1] = v >> 8; 901 buf[0] = v; 902 } 903 break; 904 default: 905 case 4: 906 if (vs->client_be) { 907 buf[0] = v >> 24; 908 buf[1] = v >> 16; 909 buf[2] = v >> 8; 910 buf[3] = v; 911 } else { 912 buf[3] = v >> 24; 913 buf[2] = v >> 16; 914 buf[1] = v >> 8; 915 buf[0] = v; 916 } 917 break; 918 } 919 } 920 vnc_write_pixels_generic(VncState * vs,void * pixels1,int size)921 static void vnc_write_pixels_generic(VncState *vs, 922 void *pixels1, int size) 923 { 924 uint8_t buf[4]; 925 926 if (VNC_SERVER_FB_BYTES == 4) { 927 uint32_t *pixels = pixels1; 928 int n, i; 929 n = size >> 2; 930 for (i = 0; i < n; i++) { 931 vnc_convert_pixel(vs, buf, pixels[i]); 932 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel); 933 } 934 } 935 } 936 vnc_raw_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)937 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 938 { 939 int i; 940 uint8_t *row; 941 VncDisplay *vd = vs->vd; 942 943 row = vnc_server_fb_ptr(vd, x, y); 944 for (i = 0; i < h; i++) { 945 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES); 946 row += vnc_server_fb_stride(vd); 947 } 948 return 1; 949 } 950 vnc_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)951 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h) 952 { 953 int n = 0; 954 955 switch(vs->vnc_encoding) { 956 case VNC_ENCODING_ZLIB: 957 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h); 958 break; 959 case VNC_ENCODING_HEXTILE: 960 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE); 961 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h); 962 break; 963 case VNC_ENCODING_TIGHT: 964 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h); 965 break; 966 case VNC_ENCODING_TIGHT_PNG: 967 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h); 968 break; 969 case VNC_ENCODING_ZRLE: 970 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h); 971 break; 972 case VNC_ENCODING_ZYWRLE: 973 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h); 974 break; 975 default: 976 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW); 977 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h); 978 break; 979 } 980 return n; 981 } 982 vnc_mouse_set(DisplayChangeListener * dcl,int x,int y,bool visible)983 static void vnc_mouse_set(DisplayChangeListener *dcl, 984 int x, int y, bool visible) 985 { 986 /* can we ask the client(s) to move the pointer ??? */ 987 } 988 vnc_cursor_define(VncState * vs)989 static int vnc_cursor_define(VncState *vs) 990 { 991 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con); 992 int isize; 993 994 if (!c) { 995 return -1; 996 } 997 998 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) { 999 vnc_lock_output(vs); 1000 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1001 vnc_write_u8(vs, 0); /* padding */ 1002 vnc_write_u16(vs, 1); /* # of rects */ 1003 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1004 VNC_ENCODING_ALPHA_CURSOR); 1005 vnc_write_s32(vs, VNC_ENCODING_RAW); 1006 vnc_write(vs, c->data, c->width * c->height * 4); 1007 vnc_unlock_output(vs); 1008 return 0; 1009 } 1010 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) { 1011 vnc_lock_output(vs); 1012 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1013 vnc_write_u8(vs, 0); /* padding */ 1014 vnc_write_u16(vs, 1); /* # of rects */ 1015 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height, 1016 VNC_ENCODING_RICH_CURSOR); 1017 isize = c->width * c->height * vs->client_pf.bytes_per_pixel; 1018 vnc_write_pixels_generic(vs, c->data, isize); 1019 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize); 1020 vnc_unlock_output(vs); 1021 return 0; 1022 } 1023 return -1; 1024 } 1025 vnc_dpy_cursor_define(DisplayChangeListener * dcl,QEMUCursor * c)1026 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl, 1027 QEMUCursor *c) 1028 { 1029 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 1030 VncState *vs; 1031 1032 g_free(vd->cursor_mask); 1033 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height; 1034 vd->cursor_mask = g_malloc0(vd->cursor_msize); 1035 cursor_get_mono_mask(c, 0, vd->cursor_mask); 1036 1037 QTAILQ_FOREACH(vs, &vd->clients, next) { 1038 vnc_cursor_define(vs); 1039 } 1040 } 1041 find_and_clear_dirty_height(VncState * vs,int y,int last_x,int x,int height)1042 static int find_and_clear_dirty_height(VncState *vs, 1043 int y, int last_x, int x, int height) 1044 { 1045 int h; 1046 1047 for (h = 1; h < (height - y); h++) { 1048 if (!test_bit(last_x, vs->dirty[y + h])) { 1049 break; 1050 } 1051 bitmap_clear(vs->dirty[y + h], last_x, x - last_x); 1052 } 1053 1054 return h; 1055 } 1056 1057 /* 1058 * Figure out how much pending data we should allow in the output 1059 * buffer before we throttle incremental display updates, and/or 1060 * drop audio samples. 1061 * 1062 * We allow for equiv of 1 full display's worth of FB updates, 1063 * and 1 second of audio samples. If audio backlog was larger 1064 * than that the client would already suffering awful audio 1065 * glitches, so dropping samples is no worse really). 1066 */ vnc_update_throttle_offset(VncState * vs)1067 static void vnc_update_throttle_offset(VncState *vs) 1068 { 1069 size_t offset = 1070 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel; 1071 1072 if (vs->audio_cap) { 1073 int bps; 1074 switch (vs->as.fmt) { 1075 default: 1076 case AUDIO_FORMAT_U8: 1077 case AUDIO_FORMAT_S8: 1078 bps = 1; 1079 break; 1080 case AUDIO_FORMAT_U16: 1081 case AUDIO_FORMAT_S16: 1082 bps = 2; 1083 break; 1084 case AUDIO_FORMAT_U32: 1085 case AUDIO_FORMAT_S32: 1086 bps = 4; 1087 break; 1088 } 1089 offset += vs->as.freq * bps * vs->as.nchannels; 1090 } 1091 1092 /* Put a floor of 1MB on offset, so that if we have a large pending 1093 * buffer and the display is resized to a small size & back again 1094 * we don't suddenly apply a tiny send limit 1095 */ 1096 offset = MAX(offset, 1024 * 1024); 1097 1098 if (vs->throttle_output_offset != offset) { 1099 trace_vnc_client_throttle_threshold( 1100 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width, 1101 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap); 1102 } 1103 1104 vs->throttle_output_offset = offset; 1105 } 1106 vnc_should_update(VncState * vs)1107 static bool vnc_should_update(VncState *vs) 1108 { 1109 switch (vs->update) { 1110 case VNC_STATE_UPDATE_NONE: 1111 break; 1112 case VNC_STATE_UPDATE_INCREMENTAL: 1113 /* Only allow incremental updates if the pending send queue 1114 * is less than the permitted threshold, and the job worker 1115 * is completely idle. 1116 */ 1117 if (vs->output.offset < vs->throttle_output_offset && 1118 vs->job_update == VNC_STATE_UPDATE_NONE) { 1119 return true; 1120 } 1121 trace_vnc_client_throttle_incremental( 1122 vs, vs->ioc, vs->job_update, vs->output.offset); 1123 break; 1124 case VNC_STATE_UPDATE_FORCE: 1125 /* Only allow forced updates if the pending send queue 1126 * does not contain a previous forced update, and the 1127 * job worker is completely idle. 1128 * 1129 * Note this means we'll queue a forced update, even if 1130 * the output buffer size is otherwise over the throttle 1131 * output limit. 1132 */ 1133 if (vs->force_update_offset == 0 && 1134 vs->job_update == VNC_STATE_UPDATE_NONE) { 1135 return true; 1136 } 1137 trace_vnc_client_throttle_forced( 1138 vs, vs->ioc, vs->job_update, vs->force_update_offset); 1139 break; 1140 } 1141 return false; 1142 } 1143 vnc_update_client(VncState * vs,int has_dirty)1144 static int vnc_update_client(VncState *vs, int has_dirty) 1145 { 1146 VncDisplay *vd = vs->vd; 1147 VncJob *job; 1148 int y; 1149 int height, width; 1150 int n = 0; 1151 1152 if (vs->disconnecting) { 1153 vnc_disconnect_finish(vs); 1154 return 0; 1155 } 1156 1157 vs->has_dirty += has_dirty; 1158 if (!vnc_should_update(vs)) { 1159 return 0; 1160 } 1161 1162 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) { 1163 return 0; 1164 } 1165 1166 /* 1167 * Send screen updates to the vnc client using the server 1168 * surface and server dirty map. guest surface updates 1169 * happening in parallel don't disturb us, the next pass will 1170 * send them to the client. 1171 */ 1172 job = vnc_job_new(vs); 1173 1174 height = pixman_image_get_height(vd->server); 1175 width = pixman_image_get_width(vd->server); 1176 1177 y = 0; 1178 for (;;) { 1179 int x, h; 1180 unsigned long x2; 1181 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty, 1182 height * VNC_DIRTY_BPL(vs), 1183 y * VNC_DIRTY_BPL(vs)); 1184 if (offset == height * VNC_DIRTY_BPL(vs)) { 1185 /* no more dirty bits */ 1186 break; 1187 } 1188 y = offset / VNC_DIRTY_BPL(vs); 1189 x = offset % VNC_DIRTY_BPL(vs); 1190 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y], 1191 VNC_DIRTY_BPL(vs), x); 1192 bitmap_clear(vs->dirty[y], x, x2 - x); 1193 h = find_and_clear_dirty_height(vs, y, x, x2, height); 1194 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT); 1195 if (x2 > x) { 1196 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y, 1197 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h); 1198 } 1199 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) { 1200 y += h; 1201 if (y == height) { 1202 break; 1203 } 1204 } 1205 } 1206 1207 vs->job_update = vs->update; 1208 vs->update = VNC_STATE_UPDATE_NONE; 1209 vnc_job_push(job); 1210 vs->has_dirty = 0; 1211 return n; 1212 } 1213 1214 /* audio */ audio_capture_notify(void * opaque,audcnotification_e cmd)1215 static void audio_capture_notify(void *opaque, audcnotification_e cmd) 1216 { 1217 VncState *vs = opaque; 1218 1219 assert(vs->magic == VNC_MAGIC); 1220 switch (cmd) { 1221 case AUD_CNOTIFY_DISABLE: 1222 trace_vnc_msg_server_audio_end(vs, vs->ioc); 1223 vnc_lock_output(vs); 1224 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1225 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1226 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END); 1227 vnc_unlock_output(vs); 1228 vnc_flush(vs); 1229 break; 1230 1231 case AUD_CNOTIFY_ENABLE: 1232 trace_vnc_msg_server_audio_begin(vs, vs->ioc); 1233 vnc_lock_output(vs); 1234 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1235 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1236 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN); 1237 vnc_unlock_output(vs); 1238 vnc_flush(vs); 1239 break; 1240 } 1241 } 1242 audio_capture_destroy(void * opaque)1243 static void audio_capture_destroy(void *opaque) 1244 { 1245 } 1246 audio_capture(void * opaque,const void * buf,int size)1247 static void audio_capture(void *opaque, const void *buf, int size) 1248 { 1249 VncState *vs = opaque; 1250 1251 assert(vs->magic == VNC_MAGIC); 1252 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size); 1253 vnc_lock_output(vs); 1254 if (vs->output.offset < vs->throttle_output_offset) { 1255 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU); 1256 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO); 1257 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA); 1258 vnc_write_u32(vs, size); 1259 vnc_write(vs, buf, size); 1260 } else { 1261 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset); 1262 } 1263 vnc_unlock_output(vs); 1264 vnc_flush(vs); 1265 } 1266 audio_add(VncState * vs)1267 static void audio_add(VncState *vs) 1268 { 1269 struct audio_capture_ops ops; 1270 1271 if (vs->audio_cap) { 1272 error_report("audio already running"); 1273 return; 1274 } 1275 1276 ops.notify = audio_capture_notify; 1277 ops.destroy = audio_capture_destroy; 1278 ops.capture = audio_capture; 1279 1280 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs); 1281 if (!vs->audio_cap) { 1282 error_report("Failed to add audio capture"); 1283 } 1284 } 1285 audio_del(VncState * vs)1286 static void audio_del(VncState *vs) 1287 { 1288 if (vs->audio_cap) { 1289 AUD_del_capture(vs->audio_cap, vs); 1290 vs->audio_cap = NULL; 1291 } 1292 } 1293 vnc_disconnect_start(VncState * vs)1294 static void vnc_disconnect_start(VncState *vs) 1295 { 1296 if (vs->disconnecting) { 1297 return; 1298 } 1299 trace_vnc_client_disconnect_start(vs, vs->ioc); 1300 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED); 1301 if (vs->ioc_tag) { 1302 g_source_remove(vs->ioc_tag); 1303 vs->ioc_tag = 0; 1304 } 1305 qio_channel_close(vs->ioc, NULL); 1306 vs->disconnecting = TRUE; 1307 } 1308 vnc_disconnect_finish(VncState * vs)1309 void vnc_disconnect_finish(VncState *vs) 1310 { 1311 int i; 1312 1313 trace_vnc_client_disconnect_finish(vs, vs->ioc); 1314 1315 vnc_jobs_join(vs); /* Wait encoding jobs */ 1316 1317 vnc_lock_output(vs); 1318 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED); 1319 1320 buffer_free(&vs->input); 1321 buffer_free(&vs->output); 1322 1323 qapi_free_VncClientInfo(vs->info); 1324 1325 vnc_zlib_clear(vs); 1326 vnc_tight_clear(vs); 1327 vnc_zrle_clear(vs); 1328 1329 #ifdef CONFIG_VNC_SASL 1330 vnc_sasl_client_cleanup(vs); 1331 #endif /* CONFIG_VNC_SASL */ 1332 audio_del(vs); 1333 qkbd_state_lift_all_keys(vs->vd->kbd); 1334 1335 if (vs->mouse_mode_notifier.notify != NULL) { 1336 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 1337 } 1338 QTAILQ_REMOVE(&vs->vd->clients, vs, next); 1339 if (QTAILQ_EMPTY(&vs->vd->clients)) { 1340 /* last client gone */ 1341 vnc_update_server_surface(vs->vd); 1342 } 1343 vnc_unlock_output(vs); 1344 1345 if (vs->cbpeer.notifier.notify) { 1346 qemu_clipboard_peer_unregister(&vs->cbpeer); 1347 } 1348 1349 qemu_mutex_destroy(&vs->output_mutex); 1350 if (vs->bh != NULL) { 1351 qemu_bh_delete(vs->bh); 1352 } 1353 buffer_free(&vs->jobs_buffer); 1354 1355 for (i = 0; i < VNC_STAT_ROWS; ++i) { 1356 g_free(vs->lossy_rect[i]); 1357 } 1358 g_free(vs->lossy_rect); 1359 1360 object_unref(OBJECT(vs->ioc)); 1361 vs->ioc = NULL; 1362 object_unref(OBJECT(vs->sioc)); 1363 vs->sioc = NULL; 1364 vs->magic = 0; 1365 g_free(vs->zrle); 1366 g_free(vs->tight); 1367 g_free(vs); 1368 } 1369 vnc_client_io_error(VncState * vs,ssize_t ret,Error * err)1370 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err) 1371 { 1372 if (ret <= 0) { 1373 if (ret == 0) { 1374 trace_vnc_client_eof(vs, vs->ioc); 1375 vnc_disconnect_start(vs); 1376 } else if (ret != QIO_CHANNEL_ERR_BLOCK) { 1377 trace_vnc_client_io_error(vs, vs->ioc, 1378 err ? error_get_pretty(err) : "Unknown"); 1379 vnc_disconnect_start(vs); 1380 } 1381 1382 error_free(err); 1383 return 0; 1384 } 1385 return ret; 1386 } 1387 1388 vnc_client_error(VncState * vs)1389 void vnc_client_error(VncState *vs) 1390 { 1391 VNC_DEBUG("Closing down client sock: protocol error\n"); 1392 vnc_disconnect_start(vs); 1393 } 1394 1395 1396 /* 1397 * Called to write a chunk of data to the client socket. The data may 1398 * be the raw data, or may have already been encoded by SASL. 1399 * The data will be written either straight onto the socket, or 1400 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1401 * 1402 * NB, it is theoretically possible to have 2 layers of encryption, 1403 * both SASL, and this TLS layer. It is highly unlikely in practice 1404 * though, since SASL encryption will typically be a no-op if TLS 1405 * is active 1406 * 1407 * Returns the number of bytes written, which may be less than 1408 * the requested 'datalen' if the socket would block. Returns 1409 * 0 on I/O error, and disconnects the client socket. 1410 */ vnc_client_write_buf(VncState * vs,const uint8_t * data,size_t datalen)1411 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen) 1412 { 1413 Error *err = NULL; 1414 ssize_t ret; 1415 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err); 1416 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret); 1417 return vnc_client_io_error(vs, ret, err); 1418 } 1419 1420 1421 /* 1422 * Called to write buffered data to the client socket, when not 1423 * using any SASL SSF encryption layers. Will write as much data 1424 * as possible without blocking. If all buffered data is written, 1425 * will switch the FD poll() handler back to read monitoring. 1426 * 1427 * Returns the number of bytes written, which may be less than 1428 * the buffered output data if the socket would block. Returns 1429 * 0 on I/O error, and disconnects the client socket. 1430 */ vnc_client_write_plain(VncState * vs)1431 static size_t vnc_client_write_plain(VncState *vs) 1432 { 1433 size_t offset; 1434 size_t ret; 1435 1436 #ifdef CONFIG_VNC_SASL 1437 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n", 1438 vs->output.buffer, vs->output.capacity, vs->output.offset, 1439 vs->sasl.waitWriteSSF); 1440 1441 if (vs->sasl.conn && 1442 vs->sasl.runSSF && 1443 vs->sasl.waitWriteSSF) { 1444 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF); 1445 if (ret) 1446 vs->sasl.waitWriteSSF -= ret; 1447 } else 1448 #endif /* CONFIG_VNC_SASL */ 1449 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset); 1450 if (!ret) 1451 return 0; 1452 1453 if (ret >= vs->force_update_offset) { 1454 if (vs->force_update_offset != 0) { 1455 trace_vnc_client_unthrottle_forced(vs, vs->ioc); 1456 } 1457 vs->force_update_offset = 0; 1458 } else { 1459 vs->force_update_offset -= ret; 1460 } 1461 offset = vs->output.offset; 1462 buffer_advance(&vs->output, ret); 1463 if (offset >= vs->throttle_output_offset && 1464 vs->output.offset < vs->throttle_output_offset) { 1465 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset); 1466 } 1467 1468 if (vs->output.offset == 0) { 1469 if (vs->ioc_tag) { 1470 g_source_remove(vs->ioc_tag); 1471 } 1472 vs->ioc_tag = qio_channel_add_watch( 1473 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1474 vnc_client_io, vs, NULL); 1475 } 1476 1477 return ret; 1478 } 1479 1480 1481 /* 1482 * First function called whenever there is data to be written to 1483 * the client socket. Will delegate actual work according to whether 1484 * SASL SSF layers are enabled (thus requiring encryption calls) 1485 */ vnc_client_write_locked(VncState * vs)1486 static void vnc_client_write_locked(VncState *vs) 1487 { 1488 #ifdef CONFIG_VNC_SASL 1489 if (vs->sasl.conn && 1490 vs->sasl.runSSF && 1491 !vs->sasl.waitWriteSSF) { 1492 vnc_client_write_sasl(vs); 1493 } else 1494 #endif /* CONFIG_VNC_SASL */ 1495 { 1496 vnc_client_write_plain(vs); 1497 } 1498 } 1499 vnc_client_write(VncState * vs)1500 static void vnc_client_write(VncState *vs) 1501 { 1502 assert(vs->magic == VNC_MAGIC); 1503 vnc_lock_output(vs); 1504 if (vs->output.offset) { 1505 vnc_client_write_locked(vs); 1506 } else if (vs->ioc != NULL) { 1507 if (vs->ioc_tag) { 1508 g_source_remove(vs->ioc_tag); 1509 } 1510 vs->ioc_tag = qio_channel_add_watch( 1511 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 1512 vnc_client_io, vs, NULL); 1513 } 1514 vnc_unlock_output(vs); 1515 } 1516 vnc_read_when(VncState * vs,VncReadEvent * func,size_t expecting)1517 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting) 1518 { 1519 vs->read_handler = func; 1520 vs->read_handler_expect = expecting; 1521 } 1522 1523 1524 /* 1525 * Called to read a chunk of data from the client socket. The data may 1526 * be the raw data, or may need to be further decoded by SASL. 1527 * The data will be read either straight from to the socket, or 1528 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled 1529 * 1530 * NB, it is theoretically possible to have 2 layers of encryption, 1531 * both SASL, and this TLS layer. It is highly unlikely in practice 1532 * though, since SASL encryption will typically be a no-op if TLS 1533 * is active 1534 * 1535 * Returns the number of bytes read, which may be less than 1536 * the requested 'datalen' if the socket would block. Returns 1537 * 0 on I/O error or EOF, and disconnects the client socket. 1538 */ vnc_client_read_buf(VncState * vs,uint8_t * data,size_t datalen)1539 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen) 1540 { 1541 ssize_t ret; 1542 Error *err = NULL; 1543 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err); 1544 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret); 1545 return vnc_client_io_error(vs, ret, err); 1546 } 1547 1548 1549 /* 1550 * Called to read data from the client socket to the input buffer, 1551 * when not using any SASL SSF encryption layers. Will read as much 1552 * data as possible without blocking. 1553 * 1554 * Returns the number of bytes read, which may be less than 1555 * the requested 'datalen' if the socket would block. Returns 1556 * 0 on I/O error or EOF, and disconnects the client socket. 1557 */ vnc_client_read_plain(VncState * vs)1558 static size_t vnc_client_read_plain(VncState *vs) 1559 { 1560 size_t ret; 1561 VNC_DEBUG("Read plain %p size %zd offset %zd\n", 1562 vs->input.buffer, vs->input.capacity, vs->input.offset); 1563 buffer_reserve(&vs->input, 4096); 1564 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096); 1565 if (!ret) 1566 return 0; 1567 vs->input.offset += ret; 1568 return ret; 1569 } 1570 vnc_jobs_bh(void * opaque)1571 static void vnc_jobs_bh(void *opaque) 1572 { 1573 VncState *vs = opaque; 1574 1575 assert(vs->magic == VNC_MAGIC); 1576 vnc_jobs_consume_buffer(vs); 1577 } 1578 1579 /* 1580 * First function called whenever there is more data to be read from 1581 * the client socket. Will delegate actual work according to whether 1582 * SASL SSF layers are enabled (thus requiring decryption calls) 1583 * Returns 0 on success, -1 if client disconnected 1584 */ vnc_client_read(VncState * vs)1585 static int vnc_client_read(VncState *vs) 1586 { 1587 size_t sz; 1588 1589 #ifdef CONFIG_VNC_SASL 1590 if (vs->sasl.conn && vs->sasl.runSSF) 1591 sz = vnc_client_read_sasl(vs); 1592 else 1593 #endif /* CONFIG_VNC_SASL */ 1594 sz = vnc_client_read_plain(vs); 1595 if (!sz) { 1596 if (vs->disconnecting) { 1597 vnc_disconnect_finish(vs); 1598 return -1; 1599 } 1600 return 0; 1601 } 1602 1603 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) { 1604 size_t len = vs->read_handler_expect; 1605 int ret; 1606 1607 ret = vs->read_handler(vs, vs->input.buffer, len); 1608 if (vs->disconnecting) { 1609 vnc_disconnect_finish(vs); 1610 return -1; 1611 } 1612 1613 if (!ret) { 1614 buffer_advance(&vs->input, len); 1615 } else { 1616 vs->read_handler_expect = ret; 1617 } 1618 } 1619 return 0; 1620 } 1621 vnc_client_io(QIOChannel * ioc G_GNUC_UNUSED,GIOCondition condition,void * opaque)1622 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED, 1623 GIOCondition condition, void *opaque) 1624 { 1625 VncState *vs = opaque; 1626 1627 assert(vs->magic == VNC_MAGIC); 1628 1629 if (condition & (G_IO_HUP | G_IO_ERR)) { 1630 vnc_disconnect_start(vs); 1631 return TRUE; 1632 } 1633 1634 if (condition & G_IO_IN) { 1635 if (vnc_client_read(vs) < 0) { 1636 /* vs is free()ed here */ 1637 return TRUE; 1638 } 1639 } 1640 if (condition & G_IO_OUT) { 1641 vnc_client_write(vs); 1642 } 1643 1644 if (vs->disconnecting) { 1645 if (vs->ioc_tag != 0) { 1646 g_source_remove(vs->ioc_tag); 1647 } 1648 vs->ioc_tag = 0; 1649 } 1650 return TRUE; 1651 } 1652 1653 1654 /* 1655 * Scale factor to apply to vs->throttle_output_offset when checking for 1656 * hard limit. Worst case normal usage could be x2, if we have a complete 1657 * incremental update and complete forced update in the output buffer. 1658 * So x3 should be good enough, but we pick x5 to be conservative and thus 1659 * (hopefully) never trigger incorrectly. 1660 */ 1661 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5 1662 vnc_write(VncState * vs,const void * data,size_t len)1663 void vnc_write(VncState *vs, const void *data, size_t len) 1664 { 1665 assert(vs->magic == VNC_MAGIC); 1666 if (vs->disconnecting) { 1667 return; 1668 } 1669 /* Protection against malicious client/guest to prevent our output 1670 * buffer growing without bound if client stops reading data. This 1671 * should rarely trigger, because we have earlier throttling code 1672 * which stops issuing framebuffer updates and drops audio data 1673 * if the throttle_output_offset value is exceeded. So we only reach 1674 * this higher level if a huge number of pseudo-encodings get 1675 * triggered while data can't be sent on the socket. 1676 * 1677 * NB throttle_output_offset can be zero during early protocol 1678 * handshake, or from the job thread's VncState clone 1679 */ 1680 if (vs->throttle_output_offset != 0 && 1681 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) > 1682 vs->throttle_output_offset) { 1683 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset, 1684 vs->throttle_output_offset); 1685 vnc_disconnect_start(vs); 1686 return; 1687 } 1688 buffer_reserve(&vs->output, len); 1689 1690 if (vs->ioc != NULL && buffer_empty(&vs->output)) { 1691 if (vs->ioc_tag) { 1692 g_source_remove(vs->ioc_tag); 1693 } 1694 vs->ioc_tag = qio_channel_add_watch( 1695 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT, 1696 vnc_client_io, vs, NULL); 1697 } 1698 1699 buffer_append(&vs->output, data, len); 1700 } 1701 vnc_write_s32(VncState * vs,int32_t value)1702 void vnc_write_s32(VncState *vs, int32_t value) 1703 { 1704 vnc_write_u32(vs, *(uint32_t *)&value); 1705 } 1706 vnc_write_u32(VncState * vs,uint32_t value)1707 void vnc_write_u32(VncState *vs, uint32_t value) 1708 { 1709 uint8_t buf[4]; 1710 1711 buf[0] = (value >> 24) & 0xFF; 1712 buf[1] = (value >> 16) & 0xFF; 1713 buf[2] = (value >> 8) & 0xFF; 1714 buf[3] = value & 0xFF; 1715 1716 vnc_write(vs, buf, 4); 1717 } 1718 vnc_write_u16(VncState * vs,uint16_t value)1719 void vnc_write_u16(VncState *vs, uint16_t value) 1720 { 1721 uint8_t buf[2]; 1722 1723 buf[0] = (value >> 8) & 0xFF; 1724 buf[1] = value & 0xFF; 1725 1726 vnc_write(vs, buf, 2); 1727 } 1728 vnc_write_u8(VncState * vs,uint8_t value)1729 void vnc_write_u8(VncState *vs, uint8_t value) 1730 { 1731 vnc_write(vs, (char *)&value, 1); 1732 } 1733 vnc_flush(VncState * vs)1734 void vnc_flush(VncState *vs) 1735 { 1736 vnc_lock_output(vs); 1737 if (vs->ioc != NULL && vs->output.offset) { 1738 vnc_client_write_locked(vs); 1739 } 1740 if (vs->disconnecting) { 1741 if (vs->ioc_tag != 0) { 1742 g_source_remove(vs->ioc_tag); 1743 } 1744 vs->ioc_tag = 0; 1745 } 1746 vnc_unlock_output(vs); 1747 } 1748 read_u8(uint8_t * data,size_t offset)1749 static uint8_t read_u8(uint8_t *data, size_t offset) 1750 { 1751 return data[offset]; 1752 } 1753 read_u16(uint8_t * data,size_t offset)1754 static uint16_t read_u16(uint8_t *data, size_t offset) 1755 { 1756 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF); 1757 } 1758 read_s32(uint8_t * data,size_t offset)1759 static int32_t read_s32(uint8_t *data, size_t offset) 1760 { 1761 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) | 1762 (data[offset + 2] << 8) | data[offset + 3]); 1763 } 1764 read_u32(uint8_t * data,size_t offset)1765 uint32_t read_u32(uint8_t *data, size_t offset) 1766 { 1767 return ((data[offset] << 24) | (data[offset + 1] << 16) | 1768 (data[offset + 2] << 8) | data[offset + 3]); 1769 } 1770 check_pointer_type_change(Notifier * notifier,void * data)1771 static void check_pointer_type_change(Notifier *notifier, void *data) 1772 { 1773 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier); 1774 int absolute = qemu_input_is_absolute(vs->vd->dcl.con); 1775 1776 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) { 1777 vnc_lock_output(vs); 1778 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1779 vnc_write_u8(vs, 0); 1780 vnc_write_u16(vs, 1); 1781 vnc_framebuffer_update(vs, absolute, 0, 1782 pixman_image_get_width(vs->vd->server), 1783 pixman_image_get_height(vs->vd->server), 1784 VNC_ENCODING_POINTER_TYPE_CHANGE); 1785 vnc_unlock_output(vs); 1786 vnc_flush(vs); 1787 } 1788 vs->absolute = absolute; 1789 } 1790 pointer_event(VncState * vs,int button_mask,int x,int y)1791 static void pointer_event(VncState *vs, int button_mask, int x, int y) 1792 { 1793 static uint32_t bmap[INPUT_BUTTON__MAX] = { 1794 [INPUT_BUTTON_LEFT] = 0x01, 1795 [INPUT_BUTTON_MIDDLE] = 0x02, 1796 [INPUT_BUTTON_RIGHT] = 0x04, 1797 [INPUT_BUTTON_WHEEL_UP] = 0x08, 1798 [INPUT_BUTTON_WHEEL_DOWN] = 0x10, 1799 }; 1800 QemuConsole *con = vs->vd->dcl.con; 1801 int width = pixman_image_get_width(vs->vd->server); 1802 int height = pixman_image_get_height(vs->vd->server); 1803 1804 if (vs->last_bmask != button_mask) { 1805 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask); 1806 vs->last_bmask = button_mask; 1807 } 1808 1809 if (vs->absolute) { 1810 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width); 1811 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height); 1812 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) { 1813 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF); 1814 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF); 1815 } else { 1816 if (vs->last_x != -1) { 1817 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x); 1818 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y); 1819 } 1820 vs->last_x = x; 1821 vs->last_y = y; 1822 } 1823 qemu_input_event_sync(); 1824 } 1825 press_key(VncState * vs,QKeyCode qcode)1826 static void press_key(VncState *vs, QKeyCode qcode) 1827 { 1828 qkbd_state_key_event(vs->vd->kbd, qcode, true); 1829 qkbd_state_key_event(vs->vd->kbd, qcode, false); 1830 } 1831 vnc_led_state_change(VncState * vs)1832 static void vnc_led_state_change(VncState *vs) 1833 { 1834 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) { 1835 return; 1836 } 1837 1838 vnc_lock_output(vs); 1839 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 1840 vnc_write_u8(vs, 0); 1841 vnc_write_u16(vs, 1); 1842 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE); 1843 vnc_write_u8(vs, vs->vd->ledstate); 1844 vnc_unlock_output(vs); 1845 vnc_flush(vs); 1846 } 1847 kbd_leds(void * opaque,int ledstate)1848 static void kbd_leds(void *opaque, int ledstate) 1849 { 1850 VncDisplay *vd = opaque; 1851 VncState *client; 1852 1853 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED), 1854 (ledstate & QEMU_NUM_LOCK_LED), 1855 (ledstate & QEMU_SCROLL_LOCK_LED)); 1856 1857 if (ledstate == vd->ledstate) { 1858 return; 1859 } 1860 1861 vd->ledstate = ledstate; 1862 1863 QTAILQ_FOREACH(client, &vd->clients, next) { 1864 vnc_led_state_change(client); 1865 } 1866 } 1867 do_key_event(VncState * vs,int down,int keycode,int sym)1868 static void do_key_event(VncState *vs, int down, int keycode, int sym) 1869 { 1870 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode); 1871 1872 /* QEMU console switch */ 1873 switch (qcode) { 1874 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */ 1875 if (down && 1876 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) && 1877 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) { 1878 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1); 1879 if (con) { 1880 unregister_displaychangelistener(&vs->vd->dcl); 1881 qkbd_state_switch_console(vs->vd->kbd, con); 1882 vs->vd->dcl.con = con; 1883 register_displaychangelistener(&vs->vd->dcl); 1884 } 1885 return; 1886 } 1887 default: 1888 break; 1889 } 1890 1891 /* Turn off the lock state sync logic if the client support the led 1892 state extension. 1893 */ 1894 if (down && vs->vd->lock_key_sync && 1895 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1896 keycode_is_keypad(vs->vd->kbd_layout, keycode)) { 1897 /* If the numlock state needs to change then simulate an additional 1898 keypress before sending this one. This will happen if the user 1899 toggles numlock away from the VNC window. 1900 */ 1901 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) { 1902 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1903 trace_vnc_key_sync_numlock(true); 1904 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1905 } 1906 } else { 1907 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) { 1908 trace_vnc_key_sync_numlock(false); 1909 press_key(vs, Q_KEY_CODE_NUM_LOCK); 1910 } 1911 } 1912 } 1913 1914 if (down && vs->vd->lock_key_sync && 1915 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) && 1916 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) { 1917 /* If the capslock state needs to change then simulate an additional 1918 keypress before sending this one. This will happen if the user 1919 toggles capslock away from the VNC window. 1920 */ 1921 int uppercase = !!(sym >= 'A' && sym <= 'Z'); 1922 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT); 1923 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK); 1924 if (capslock) { 1925 if (uppercase == shift) { 1926 trace_vnc_key_sync_capslock(false); 1927 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1928 } 1929 } else { 1930 if (uppercase != shift) { 1931 trace_vnc_key_sync_capslock(true); 1932 press_key(vs, Q_KEY_CODE_CAPS_LOCK); 1933 } 1934 } 1935 } 1936 1937 qkbd_state_key_event(vs->vd->kbd, qcode, down); 1938 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) { 1939 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con); 1940 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK); 1941 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL); 1942 /* QEMU console emulation */ 1943 if (down) { 1944 switch (keycode) { 1945 case 0x2a: /* Left Shift */ 1946 case 0x36: /* Right Shift */ 1947 case 0x1d: /* Left CTRL */ 1948 case 0x9d: /* Right CTRL */ 1949 case 0x38: /* Left ALT */ 1950 case 0xb8: /* Right ALT */ 1951 break; 1952 case 0xc8: 1953 qemu_text_console_put_keysym(con, QEMU_KEY_UP); 1954 break; 1955 case 0xd0: 1956 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN); 1957 break; 1958 case 0xcb: 1959 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT); 1960 break; 1961 case 0xcd: 1962 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT); 1963 break; 1964 case 0xd3: 1965 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE); 1966 break; 1967 case 0xc7: 1968 qemu_text_console_put_keysym(con, QEMU_KEY_HOME); 1969 break; 1970 case 0xcf: 1971 qemu_text_console_put_keysym(con, QEMU_KEY_END); 1972 break; 1973 case 0xc9: 1974 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP); 1975 break; 1976 case 0xd1: 1977 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN); 1978 break; 1979 1980 case 0x47: 1981 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME); 1982 break; 1983 case 0x48: 1984 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP); 1985 break; 1986 case 0x49: 1987 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP); 1988 break; 1989 case 0x4b: 1990 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT); 1991 break; 1992 case 0x4c: 1993 qemu_text_console_put_keysym(con, '5'); 1994 break; 1995 case 0x4d: 1996 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT); 1997 break; 1998 case 0x4f: 1999 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END); 2000 break; 2001 case 0x50: 2002 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN); 2003 break; 2004 case 0x51: 2005 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN); 2006 break; 2007 case 0x52: 2008 qemu_text_console_put_keysym(con, '0'); 2009 break; 2010 case 0x53: 2011 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE); 2012 break; 2013 2014 case 0xb5: 2015 qemu_text_console_put_keysym(con, '/'); 2016 break; 2017 case 0x37: 2018 qemu_text_console_put_keysym(con, '*'); 2019 break; 2020 case 0x4a: 2021 qemu_text_console_put_keysym(con, '-'); 2022 break; 2023 case 0x4e: 2024 qemu_text_console_put_keysym(con, '+'); 2025 break; 2026 case 0x9c: 2027 qemu_text_console_put_keysym(con, '\n'); 2028 break; 2029 2030 default: 2031 if (control) { 2032 qemu_text_console_put_keysym(con, sym & 0x1f); 2033 } else { 2034 qemu_text_console_put_keysym(con, sym); 2035 } 2036 break; 2037 } 2038 } 2039 } 2040 } 2041 code2name(int keycode)2042 static const char *code2name(int keycode) 2043 { 2044 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode)); 2045 } 2046 key_event(VncState * vs,int down,uint32_t sym)2047 static void key_event(VncState *vs, int down, uint32_t sym) 2048 { 2049 int keycode; 2050 int lsym = sym; 2051 2052 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) { 2053 lsym = lsym - 'A' + 'a'; 2054 } 2055 2056 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF, 2057 vs->vd->kbd, down) & SCANCODE_KEYMASK; 2058 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode)); 2059 do_key_event(vs, down, keycode, sym); 2060 } 2061 ext_key_event(VncState * vs,int down,uint32_t sym,uint16_t keycode)2062 static void ext_key_event(VncState *vs, int down, 2063 uint32_t sym, uint16_t keycode) 2064 { 2065 /* if the user specifies a keyboard layout, always use it */ 2066 if (keyboard_layout) { 2067 key_event(vs, down, sym); 2068 } else { 2069 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode)); 2070 do_key_event(vs, down, keycode, sym); 2071 } 2072 } 2073 framebuffer_update_request(VncState * vs,int incremental,int x,int y,int w,int h)2074 static void framebuffer_update_request(VncState *vs, int incremental, 2075 int x, int y, int w, int h) 2076 { 2077 if (incremental) { 2078 if (vs->update != VNC_STATE_UPDATE_FORCE) { 2079 vs->update = VNC_STATE_UPDATE_INCREMENTAL; 2080 } 2081 } else { 2082 vs->update = VNC_STATE_UPDATE_FORCE; 2083 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h); 2084 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) { 2085 vnc_desktop_resize_ext(vs, 0); 2086 } 2087 } 2088 } 2089 send_ext_key_event_ack(VncState * vs)2090 static void send_ext_key_event_ack(VncState *vs) 2091 { 2092 vnc_lock_output(vs); 2093 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2094 vnc_write_u8(vs, 0); 2095 vnc_write_u16(vs, 1); 2096 vnc_framebuffer_update(vs, 0, 0, 2097 pixman_image_get_width(vs->vd->server), 2098 pixman_image_get_height(vs->vd->server), 2099 VNC_ENCODING_EXT_KEY_EVENT); 2100 vnc_unlock_output(vs); 2101 vnc_flush(vs); 2102 } 2103 send_ext_audio_ack(VncState * vs)2104 static void send_ext_audio_ack(VncState *vs) 2105 { 2106 vnc_lock_output(vs); 2107 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2108 vnc_write_u8(vs, 0); 2109 vnc_write_u16(vs, 1); 2110 vnc_framebuffer_update(vs, 0, 0, 2111 pixman_image_get_width(vs->vd->server), 2112 pixman_image_get_height(vs->vd->server), 2113 VNC_ENCODING_AUDIO); 2114 vnc_unlock_output(vs); 2115 vnc_flush(vs); 2116 } 2117 send_xvp_message(VncState * vs,int code)2118 static void send_xvp_message(VncState *vs, int code) 2119 { 2120 vnc_lock_output(vs); 2121 vnc_write_u8(vs, VNC_MSG_SERVER_XVP); 2122 vnc_write_u8(vs, 0); /* pad */ 2123 vnc_write_u8(vs, 1); /* version */ 2124 vnc_write_u8(vs, code); 2125 vnc_unlock_output(vs); 2126 vnc_flush(vs); 2127 } 2128 set_encodings(VncState * vs,int32_t * encodings,size_t n_encodings)2129 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) 2130 { 2131 int i; 2132 unsigned int enc = 0; 2133 2134 vs->features = 0; 2135 vs->vnc_encoding = 0; 2136 vs->tight->compression = 9; 2137 vs->tight->quality = -1; /* Lossless by default */ 2138 vs->absolute = -1; 2139 2140 /* 2141 * Start from the end because the encodings are sent in order of preference. 2142 * This way the preferred encoding (first encoding defined in the array) 2143 * will be set at the end of the loop. 2144 */ 2145 for (i = n_encodings - 1; i >= 0; i--) { 2146 enc = encodings[i]; 2147 switch (enc) { 2148 case VNC_ENCODING_RAW: 2149 vs->vnc_encoding = enc; 2150 break; 2151 case VNC_ENCODING_HEXTILE: 2152 vnc_set_feature(vs, VNC_FEATURE_HEXTILE); 2153 vs->vnc_encoding = enc; 2154 break; 2155 case VNC_ENCODING_TIGHT: 2156 vnc_set_feature(vs, VNC_FEATURE_TIGHT); 2157 vs->vnc_encoding = enc; 2158 break; 2159 #ifdef CONFIG_PNG 2160 case VNC_ENCODING_TIGHT_PNG: 2161 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG); 2162 vs->vnc_encoding = enc; 2163 break; 2164 #endif 2165 case VNC_ENCODING_ZLIB: 2166 /* 2167 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB. 2168 * So prioritize ZRLE, even if the client hints that it prefers 2169 * ZLIB. 2170 */ 2171 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) { 2172 vnc_set_feature(vs, VNC_FEATURE_ZLIB); 2173 vs->vnc_encoding = enc; 2174 } 2175 break; 2176 case VNC_ENCODING_ZRLE: 2177 vnc_set_feature(vs, VNC_FEATURE_ZRLE); 2178 vs->vnc_encoding = enc; 2179 break; 2180 case VNC_ENCODING_ZYWRLE: 2181 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE); 2182 vs->vnc_encoding = enc; 2183 break; 2184 case VNC_ENCODING_DESKTOPRESIZE: 2185 vnc_set_feature(vs, VNC_FEATURE_RESIZE); 2186 break; 2187 case VNC_ENCODING_DESKTOP_RESIZE_EXT: 2188 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT); 2189 break; 2190 case VNC_ENCODING_POINTER_TYPE_CHANGE: 2191 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE); 2192 break; 2193 case VNC_ENCODING_RICH_CURSOR: 2194 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR); 2195 break; 2196 case VNC_ENCODING_ALPHA_CURSOR: 2197 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR); 2198 break; 2199 case VNC_ENCODING_EXT_KEY_EVENT: 2200 send_ext_key_event_ack(vs); 2201 break; 2202 case VNC_ENCODING_AUDIO: 2203 if (vs->vd->audio_state) { 2204 vnc_set_feature(vs, VNC_FEATURE_AUDIO); 2205 send_ext_audio_ack(vs); 2206 } 2207 break; 2208 case VNC_ENCODING_WMVi: 2209 vnc_set_feature(vs, VNC_FEATURE_WMVI); 2210 break; 2211 case VNC_ENCODING_LED_STATE: 2212 vnc_set_feature(vs, VNC_FEATURE_LED_STATE); 2213 break; 2214 case VNC_ENCODING_XVP: 2215 if (vs->vd->power_control) { 2216 vnc_set_feature(vs, VNC_FEATURE_XVP); 2217 send_xvp_message(vs, VNC_XVP_CODE_INIT); 2218 } 2219 break; 2220 case VNC_ENCODING_CLIPBOARD_EXT: 2221 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT); 2222 vnc_server_cut_text_caps(vs); 2223 break; 2224 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9: 2225 vs->tight->compression = (enc & 0x0F); 2226 break; 2227 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9: 2228 if (vs->vd->lossy) { 2229 vs->tight->quality = (enc & 0x0F); 2230 } 2231 break; 2232 default: 2233 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc); 2234 break; 2235 } 2236 } 2237 vnc_desktop_resize(vs); 2238 check_pointer_type_change(&vs->mouse_mode_notifier, NULL); 2239 vnc_led_state_change(vs); 2240 vnc_cursor_define(vs); 2241 } 2242 set_pixel_conversion(VncState * vs)2243 static void set_pixel_conversion(VncState *vs) 2244 { 2245 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf); 2246 2247 if (fmt == VNC_SERVER_FB_FORMAT) { 2248 vs->write_pixels = vnc_write_pixels_copy; 2249 vnc_hextile_set_pixel_conversion(vs, 0); 2250 } else { 2251 vs->write_pixels = vnc_write_pixels_generic; 2252 vnc_hextile_set_pixel_conversion(vs, 1); 2253 } 2254 } 2255 send_color_map(VncState * vs)2256 static void send_color_map(VncState *vs) 2257 { 2258 int i; 2259 2260 vnc_lock_output(vs); 2261 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES); 2262 vnc_write_u8(vs, 0); /* padding */ 2263 vnc_write_u16(vs, 0); /* first color */ 2264 vnc_write_u16(vs, 256); /* # of colors */ 2265 2266 for (i = 0; i < 256; i++) { 2267 PixelFormat *pf = &vs->client_pf; 2268 2269 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits))); 2270 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits))); 2271 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits))); 2272 } 2273 vnc_unlock_output(vs); 2274 } 2275 set_pixel_format(VncState * vs,int bits_per_pixel,int big_endian_flag,int true_color_flag,int red_max,int green_max,int blue_max,int red_shift,int green_shift,int blue_shift)2276 static void set_pixel_format(VncState *vs, int bits_per_pixel, 2277 int big_endian_flag, int true_color_flag, 2278 int red_max, int green_max, int blue_max, 2279 int red_shift, int green_shift, int blue_shift) 2280 { 2281 if (!true_color_flag) { 2282 /* Expose a reasonable default 256 color map */ 2283 bits_per_pixel = 8; 2284 red_max = 7; 2285 green_max = 7; 2286 blue_max = 3; 2287 red_shift = 0; 2288 green_shift = 3; 2289 blue_shift = 6; 2290 } 2291 2292 switch (bits_per_pixel) { 2293 case 8: 2294 case 16: 2295 case 32: 2296 break; 2297 default: 2298 vnc_client_error(vs); 2299 return; 2300 } 2301 2302 vs->client_pf.rmax = red_max ? red_max : 0xFF; 2303 vs->client_pf.rbits = ctpopl(red_max); 2304 vs->client_pf.rshift = red_shift; 2305 vs->client_pf.rmask = red_max << red_shift; 2306 vs->client_pf.gmax = green_max ? green_max : 0xFF; 2307 vs->client_pf.gbits = ctpopl(green_max); 2308 vs->client_pf.gshift = green_shift; 2309 vs->client_pf.gmask = green_max << green_shift; 2310 vs->client_pf.bmax = blue_max ? blue_max : 0xFF; 2311 vs->client_pf.bbits = ctpopl(blue_max); 2312 vs->client_pf.bshift = blue_shift; 2313 vs->client_pf.bmask = blue_max << blue_shift; 2314 vs->client_pf.bits_per_pixel = bits_per_pixel; 2315 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8; 2316 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel; 2317 vs->client_be = big_endian_flag; 2318 2319 if (!true_color_flag) { 2320 send_color_map(vs); 2321 } 2322 2323 set_pixel_conversion(vs); 2324 2325 graphic_hw_invalidate(vs->vd->dcl.con); 2326 graphic_hw_update(vs->vd->dcl.con); 2327 } 2328 pixel_format_message(VncState * vs)2329 static void pixel_format_message (VncState *vs) { 2330 char pad[3] = { 0, 0, 0 }; 2331 2332 vs->client_pf = qemu_default_pixelformat(32); 2333 2334 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */ 2335 vnc_write_u8(vs, vs->client_pf.depth); /* depth */ 2336 2337 #if HOST_BIG_ENDIAN 2338 vnc_write_u8(vs, 1); /* big-endian-flag */ 2339 #else 2340 vnc_write_u8(vs, 0); /* big-endian-flag */ 2341 #endif 2342 vnc_write_u8(vs, 1); /* true-color-flag */ 2343 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */ 2344 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */ 2345 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */ 2346 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */ 2347 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */ 2348 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */ 2349 vnc_write(vs, pad, 3); /* padding */ 2350 2351 vnc_hextile_set_pixel_conversion(vs, 0); 2352 vs->write_pixels = vnc_write_pixels_copy; 2353 } 2354 vnc_colordepth(VncState * vs)2355 static void vnc_colordepth(VncState *vs) 2356 { 2357 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) { 2358 /* Sending a WMVi message to notify the client*/ 2359 vnc_lock_output(vs); 2360 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE); 2361 vnc_write_u8(vs, 0); 2362 vnc_write_u16(vs, 1); /* number of rects */ 2363 vnc_framebuffer_update(vs, 0, 0, 2364 vs->client_width, 2365 vs->client_height, 2366 VNC_ENCODING_WMVi); 2367 pixel_format_message(vs); 2368 vnc_unlock_output(vs); 2369 vnc_flush(vs); 2370 } else { 2371 set_pixel_conversion(vs); 2372 } 2373 } 2374 protocol_client_msg(VncState * vs,uint8_t * data,size_t len)2375 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) 2376 { 2377 int i; 2378 uint16_t limit; 2379 uint32_t freq; 2380 VncDisplay *vd = vs->vd; 2381 2382 if (data[0] > 3) { 2383 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 2384 } 2385 2386 switch (data[0]) { 2387 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT: 2388 if (len == 1) 2389 return 20; 2390 2391 set_pixel_format(vs, read_u8(data, 4), 2392 read_u8(data, 6), read_u8(data, 7), 2393 read_u16(data, 8), read_u16(data, 10), 2394 read_u16(data, 12), read_u8(data, 14), 2395 read_u8(data, 15), read_u8(data, 16)); 2396 break; 2397 case VNC_MSG_CLIENT_SET_ENCODINGS: 2398 if (len == 1) 2399 return 4; 2400 2401 if (len == 4) { 2402 limit = read_u16(data, 2); 2403 if (limit > 0) 2404 return 4 + (limit * 4); 2405 } else 2406 limit = read_u16(data, 2); 2407 2408 for (i = 0; i < limit; i++) { 2409 int32_t val = read_s32(data, 4 + (i * 4)); 2410 memcpy(data + 4 + (i * 4), &val, sizeof(val)); 2411 } 2412 2413 set_encodings(vs, (int32_t *)(data + 4), limit); 2414 break; 2415 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST: 2416 if (len == 1) 2417 return 10; 2418 2419 framebuffer_update_request(vs, 2420 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4), 2421 read_u16(data, 6), read_u16(data, 8)); 2422 break; 2423 case VNC_MSG_CLIENT_KEY_EVENT: 2424 if (len == 1) 2425 return 8; 2426 2427 key_event(vs, read_u8(data, 1), read_u32(data, 4)); 2428 break; 2429 case VNC_MSG_CLIENT_POINTER_EVENT: 2430 if (len == 1) 2431 return 6; 2432 2433 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4)); 2434 break; 2435 case VNC_MSG_CLIENT_CUT_TEXT: 2436 if (len == 1) { 2437 return 8; 2438 } 2439 uint32_t dlen = abs(read_s32(data, 4)); 2440 if (len == 8) { 2441 if (dlen > (1 << 20)) { 2442 error_report("vnc: client_cut_text msg payload has %u bytes" 2443 " which exceeds our limit of 1MB.", dlen); 2444 vnc_client_error(vs); 2445 break; 2446 } 2447 if (dlen > 0) { 2448 return 8 + dlen; 2449 } 2450 } 2451 2452 if (read_s32(data, 4) < 0) { 2453 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) { 2454 error_report("vnc: extended clipboard message while disabled"); 2455 vnc_client_error(vs); 2456 break; 2457 } 2458 if (dlen < 4) { 2459 error_report("vnc: malformed payload (header less than 4 bytes)" 2460 " in extended clipboard pseudo-encoding."); 2461 vnc_client_error(vs); 2462 break; 2463 } 2464 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12); 2465 break; 2466 } 2467 vnc_client_cut_text(vs, read_u32(data, 4), data + 8); 2468 break; 2469 case VNC_MSG_CLIENT_XVP: 2470 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) { 2471 error_report("vnc: xvp client message while disabled"); 2472 vnc_client_error(vs); 2473 break; 2474 } 2475 if (len == 1) { 2476 return 4; 2477 } 2478 if (len == 4) { 2479 uint8_t version = read_u8(data, 2); 2480 uint8_t action = read_u8(data, 3); 2481 2482 if (version != 1) { 2483 error_report("vnc: xvp client message version %d != 1", 2484 version); 2485 vnc_client_error(vs); 2486 break; 2487 } 2488 2489 switch (action) { 2490 case VNC_XVP_ACTION_SHUTDOWN: 2491 qemu_system_powerdown_request(); 2492 break; 2493 case VNC_XVP_ACTION_REBOOT: 2494 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2495 break; 2496 case VNC_XVP_ACTION_RESET: 2497 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET); 2498 break; 2499 default: 2500 send_xvp_message(vs, VNC_XVP_CODE_FAIL); 2501 break; 2502 } 2503 } 2504 break; 2505 case VNC_MSG_CLIENT_QEMU: 2506 if (len == 1) 2507 return 2; 2508 2509 switch (read_u8(data, 1)) { 2510 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT: 2511 if (len == 2) 2512 return 12; 2513 2514 ext_key_event(vs, read_u16(data, 2), 2515 read_u32(data, 4), read_u32(data, 8)); 2516 break; 2517 case VNC_MSG_CLIENT_QEMU_AUDIO: 2518 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) { 2519 error_report("Audio message %d with audio disabled", read_u8(data, 2)); 2520 vnc_client_error(vs); 2521 break; 2522 } 2523 2524 if (len == 2) 2525 return 4; 2526 2527 switch (read_u16 (data, 2)) { 2528 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE: 2529 trace_vnc_msg_client_audio_enable(vs, vs->ioc); 2530 audio_add(vs); 2531 break; 2532 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE: 2533 trace_vnc_msg_client_audio_disable(vs, vs->ioc); 2534 audio_del(vs); 2535 break; 2536 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT: 2537 if (len == 4) 2538 return 10; 2539 switch (read_u8(data, 4)) { 2540 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break; 2541 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break; 2542 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break; 2543 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break; 2544 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break; 2545 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break; 2546 default: 2547 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4)); 2548 vnc_client_error(vs); 2549 break; 2550 } 2551 vs->as.nchannels = read_u8(data, 5); 2552 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) { 2553 VNC_DEBUG("Invalid audio channel count %d\n", 2554 read_u8(data, 5)); 2555 vnc_client_error(vs); 2556 break; 2557 } 2558 freq = read_u32(data, 6); 2559 /* No official limit for protocol, but 48khz is a sensible 2560 * upper bound for trustworthy clients, and this limit 2561 * protects calculations involving 'vs->as.freq' later. 2562 */ 2563 if (freq > 48000) { 2564 VNC_DEBUG("Invalid audio frequency %u > 48000", freq); 2565 vnc_client_error(vs); 2566 break; 2567 } 2568 vs->as.freq = freq; 2569 trace_vnc_msg_client_audio_format( 2570 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq); 2571 break; 2572 default: 2573 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2)); 2574 vnc_client_error(vs); 2575 break; 2576 } 2577 break; 2578 2579 default: 2580 VNC_DEBUG("Msg: %d\n", read_u16(data, 0)); 2581 vnc_client_error(vs); 2582 break; 2583 } 2584 break; 2585 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE: 2586 { 2587 size_t size; 2588 uint8_t screens; 2589 int w, h; 2590 2591 if (len < 8) { 2592 return 8; 2593 } 2594 2595 screens = read_u8(data, 6); 2596 size = 8 + screens * 16; 2597 if (len < size) { 2598 return size; 2599 } 2600 w = read_u16(data, 2); 2601 h = read_u16(data, 4); 2602 2603 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens); 2604 if (dpy_ui_info_supported(vs->vd->dcl.con)) { 2605 QemuUIInfo info; 2606 memset(&info, 0, sizeof(info)); 2607 info.width = w; 2608 info.height = h; 2609 dpy_set_ui_info(vs->vd->dcl.con, &info, false); 2610 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */); 2611 } else { 2612 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */); 2613 } 2614 2615 break; 2616 } 2617 default: 2618 VNC_DEBUG("Msg: %d\n", data[0]); 2619 vnc_client_error(vs); 2620 break; 2621 } 2622 2623 vnc_update_throttle_offset(vs); 2624 vnc_read_when(vs, protocol_client_msg, 1); 2625 return 0; 2626 } 2627 protocol_client_init(VncState * vs,uint8_t * data,size_t len)2628 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len) 2629 { 2630 char buf[1024]; 2631 VncShareMode mode; 2632 int size; 2633 2634 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE; 2635 switch (vs->vd->share_policy) { 2636 case VNC_SHARE_POLICY_IGNORE: 2637 /* 2638 * Ignore the shared flag. Nothing to do here. 2639 * 2640 * Doesn't conform to the rfb spec but is traditional qemu 2641 * behavior, thus left here as option for compatibility 2642 * reasons. 2643 */ 2644 break; 2645 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE: 2646 /* 2647 * Policy: Allow clients ask for exclusive access. 2648 * 2649 * Implementation: When a client asks for exclusive access, 2650 * disconnect all others. Shared connects are allowed as long 2651 * as no exclusive connection exists. 2652 * 2653 * This is how the rfb spec suggests to handle the shared flag. 2654 */ 2655 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2656 VncState *client; 2657 QTAILQ_FOREACH(client, &vs->vd->clients, next) { 2658 if (vs == client) { 2659 continue; 2660 } 2661 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE && 2662 client->share_mode != VNC_SHARE_MODE_SHARED) { 2663 continue; 2664 } 2665 vnc_disconnect_start(client); 2666 } 2667 } 2668 if (mode == VNC_SHARE_MODE_SHARED) { 2669 if (vs->vd->num_exclusive > 0) { 2670 vnc_disconnect_start(vs); 2671 return 0; 2672 } 2673 } 2674 break; 2675 case VNC_SHARE_POLICY_FORCE_SHARED: 2676 /* 2677 * Policy: Shared connects only. 2678 * Implementation: Disallow clients asking for exclusive access. 2679 * 2680 * Useful for shared desktop sessions where you don't want 2681 * someone forgetting to say -shared when running the vnc 2682 * client disconnect everybody else. 2683 */ 2684 if (mode == VNC_SHARE_MODE_EXCLUSIVE) { 2685 vnc_disconnect_start(vs); 2686 return 0; 2687 } 2688 break; 2689 } 2690 vnc_set_share_mode(vs, mode); 2691 2692 if (vs->vd->num_shared > vs->vd->connections_limit) { 2693 vnc_disconnect_start(vs); 2694 return 0; 2695 } 2696 2697 assert(pixman_image_get_width(vs->vd->server) < 65536 && 2698 pixman_image_get_width(vs->vd->server) >= 0); 2699 assert(pixman_image_get_height(vs->vd->server) < 65536 && 2700 pixman_image_get_height(vs->vd->server) >= 0); 2701 vs->client_width = pixman_image_get_width(vs->vd->server); 2702 vs->client_height = pixman_image_get_height(vs->vd->server); 2703 vnc_write_u16(vs, vs->client_width); 2704 vnc_write_u16(vs, vs->client_height); 2705 2706 pixel_format_message(vs); 2707 2708 if (qemu_name) { 2709 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name); 2710 if (size > sizeof(buf)) { 2711 size = sizeof(buf); 2712 } 2713 } else { 2714 size = snprintf(buf, sizeof(buf), "QEMU"); 2715 } 2716 2717 vnc_write_u32(vs, size); 2718 vnc_write(vs, buf, size); 2719 vnc_flush(vs); 2720 2721 vnc_client_cache_auth(vs); 2722 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED); 2723 2724 vnc_read_when(vs, protocol_client_msg, 1); 2725 2726 return 0; 2727 } 2728 start_client_init(VncState * vs)2729 void start_client_init(VncState *vs) 2730 { 2731 vnc_read_when(vs, protocol_client_init, 1); 2732 } 2733 authentication_failed(VncState * vs)2734 static void authentication_failed(VncState *vs) 2735 { 2736 vnc_write_u32(vs, 1); /* Reject auth */ 2737 if (vs->minor >= 8) { 2738 static const char err[] = "Authentication failed"; 2739 vnc_write_u32(vs, sizeof(err)); 2740 vnc_write(vs, err, sizeof(err)); 2741 } 2742 vnc_flush(vs); 2743 vnc_client_error(vs); 2744 } 2745 2746 static void vnc_munge_des_rfb_key(unsigned char * key,size_t nkey)2747 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey) 2748 { 2749 size_t i; 2750 for (i = 0; i < nkey; i++) { 2751 uint8_t r = key[i]; 2752 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4; 2753 r = (r & 0xcc) >> 2 | (r & 0x33) << 2; 2754 r = (r & 0xaa) >> 1 | (r & 0x55) << 1; 2755 key[i] = r; 2756 } 2757 } 2758 protocol_client_auth_vnc(VncState * vs,uint8_t * data,size_t len)2759 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len) 2760 { 2761 unsigned char response[VNC_AUTH_CHALLENGE_SIZE]; 2762 size_t i, pwlen; 2763 unsigned char key[8]; 2764 time_t now = time(NULL); 2765 QCryptoCipher *cipher = NULL; 2766 Error *err = NULL; 2767 2768 if (!vs->vd->password) { 2769 trace_vnc_auth_fail(vs, vs->auth, "password is not set", ""); 2770 goto reject; 2771 } 2772 if (vs->vd->expires < now) { 2773 trace_vnc_auth_fail(vs, vs->auth, "password is expired", ""); 2774 goto reject; 2775 } 2776 2777 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE); 2778 2779 /* Calculate the expected challenge response */ 2780 pwlen = strlen(vs->vd->password); 2781 for (i=0; i<sizeof(key); i++) 2782 key[i] = i<pwlen ? vs->vd->password[i] : 0; 2783 vnc_munge_des_rfb_key(key, sizeof(key)); 2784 2785 cipher = qcrypto_cipher_new( 2786 QCRYPTO_CIPHER_ALGO_DES, 2787 QCRYPTO_CIPHER_MODE_ECB, 2788 key, G_N_ELEMENTS(key), 2789 &err); 2790 if (!cipher) { 2791 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher", 2792 error_get_pretty(err)); 2793 error_free(err); 2794 goto reject; 2795 } 2796 2797 if (qcrypto_cipher_encrypt(cipher, 2798 vs->challenge, 2799 response, 2800 VNC_AUTH_CHALLENGE_SIZE, 2801 &err) < 0) { 2802 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response", 2803 error_get_pretty(err)); 2804 error_free(err); 2805 goto reject; 2806 } 2807 2808 /* Compare expected vs actual challenge response */ 2809 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) { 2810 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", ""); 2811 goto reject; 2812 } else { 2813 trace_vnc_auth_pass(vs, vs->auth); 2814 vnc_write_u32(vs, 0); /* Accept auth */ 2815 vnc_flush(vs); 2816 2817 start_client_init(vs); 2818 } 2819 2820 qcrypto_cipher_free(cipher); 2821 return 0; 2822 2823 reject: 2824 authentication_failed(vs); 2825 qcrypto_cipher_free(cipher); 2826 return 0; 2827 } 2828 start_auth_vnc(VncState * vs)2829 void start_auth_vnc(VncState *vs) 2830 { 2831 Error *err = NULL; 2832 2833 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) { 2834 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes", 2835 error_get_pretty(err)); 2836 error_free(err); 2837 authentication_failed(vs); 2838 return; 2839 } 2840 2841 /* Send client a 'random' challenge */ 2842 vnc_write(vs, vs->challenge, sizeof(vs->challenge)); 2843 vnc_flush(vs); 2844 2845 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge)); 2846 } 2847 2848 protocol_client_auth(VncState * vs,uint8_t * data,size_t len)2849 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len) 2850 { 2851 /* We only advertise 1 auth scheme at a time, so client 2852 * must pick the one we sent. Verify this */ 2853 if (data[0] != vs->auth) { /* Reject auth */ 2854 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]); 2855 authentication_failed(vs); 2856 } else { /* Accept requested auth */ 2857 trace_vnc_auth_start(vs, vs->auth); 2858 switch (vs->auth) { 2859 case VNC_AUTH_NONE: 2860 if (vs->minor >= 8) { 2861 vnc_write_u32(vs, 0); /* Accept auth completion */ 2862 vnc_flush(vs); 2863 } 2864 trace_vnc_auth_pass(vs, vs->auth); 2865 start_client_init(vs); 2866 break; 2867 2868 case VNC_AUTH_VNC: 2869 start_auth_vnc(vs); 2870 break; 2871 2872 case VNC_AUTH_VENCRYPT: 2873 start_auth_vencrypt(vs); 2874 break; 2875 2876 #ifdef CONFIG_VNC_SASL 2877 case VNC_AUTH_SASL: 2878 start_auth_sasl(vs); 2879 break; 2880 #endif /* CONFIG_VNC_SASL */ 2881 2882 default: /* Should not be possible, but just in case */ 2883 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", ""); 2884 authentication_failed(vs); 2885 } 2886 } 2887 return 0; 2888 } 2889 protocol_version(VncState * vs,uint8_t * version,size_t len)2890 static int protocol_version(VncState *vs, uint8_t *version, size_t len) 2891 { 2892 char local[13]; 2893 2894 memcpy(local, version, 12); 2895 local[12] = 0; 2896 2897 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) { 2898 VNC_DEBUG("Malformed protocol version %s\n", local); 2899 vnc_client_error(vs); 2900 return 0; 2901 } 2902 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor); 2903 if (vs->major != 3 || 2904 (vs->minor != 3 && 2905 vs->minor != 4 && 2906 vs->minor != 5 && 2907 vs->minor != 7 && 2908 vs->minor != 8)) { 2909 VNC_DEBUG("Unsupported client version\n"); 2910 vnc_write_u32(vs, VNC_AUTH_INVALID); 2911 vnc_flush(vs); 2912 vnc_client_error(vs); 2913 return 0; 2914 } 2915 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated 2916 * as equivalent to v3.3 by servers 2917 */ 2918 if (vs->minor == 4 || vs->minor == 5) 2919 vs->minor = 3; 2920 2921 if (vs->minor == 3) { 2922 trace_vnc_auth_start(vs, vs->auth); 2923 if (vs->auth == VNC_AUTH_NONE) { 2924 vnc_write_u32(vs, vs->auth); 2925 vnc_flush(vs); 2926 trace_vnc_auth_pass(vs, vs->auth); 2927 start_client_init(vs); 2928 } else if (vs->auth == VNC_AUTH_VNC) { 2929 VNC_DEBUG("Tell client VNC auth\n"); 2930 vnc_write_u32(vs, vs->auth); 2931 vnc_flush(vs); 2932 start_auth_vnc(vs); 2933 } else { 2934 trace_vnc_auth_fail(vs, vs->auth, 2935 "Unsupported auth method for v3.3", ""); 2936 vnc_write_u32(vs, VNC_AUTH_INVALID); 2937 vnc_flush(vs); 2938 vnc_client_error(vs); 2939 } 2940 } else { 2941 vnc_write_u8(vs, 1); /* num auth */ 2942 vnc_write_u8(vs, vs->auth); 2943 vnc_read_when(vs, protocol_client_auth, 1); 2944 vnc_flush(vs); 2945 } 2946 2947 return 0; 2948 } 2949 vnc_stat_rect(VncDisplay * vd,int x,int y)2950 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y) 2951 { 2952 struct VncSurface *vs = &vd->guest; 2953 2954 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT]; 2955 } 2956 vnc_sent_lossy_rect(VncState * vs,int x,int y,int w,int h)2957 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h) 2958 { 2959 int i, j; 2960 2961 w = (x + w) / VNC_STAT_RECT; 2962 h = (y + h) / VNC_STAT_RECT; 2963 x /= VNC_STAT_RECT; 2964 y /= VNC_STAT_RECT; 2965 2966 for (j = y; j <= h; j++) { 2967 for (i = x; i <= w; i++) { 2968 vs->lossy_rect[j][i] = 1; 2969 } 2970 } 2971 } 2972 vnc_refresh_lossy_rect(VncDisplay * vd,int x,int y)2973 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y) 2974 { 2975 VncState *vs; 2976 int sty = y / VNC_STAT_RECT; 2977 int stx = x / VNC_STAT_RECT; 2978 int has_dirty = 0; 2979 2980 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 2981 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 2982 2983 QTAILQ_FOREACH(vs, &vd->clients, next) { 2984 int j; 2985 2986 /* kernel send buffers are full -> refresh later */ 2987 if (vs->output.offset) { 2988 continue; 2989 } 2990 2991 if (!vs->lossy_rect[sty][stx]) { 2992 continue; 2993 } 2994 2995 vs->lossy_rect[sty][stx] = 0; 2996 for (j = 0; j < VNC_STAT_RECT; ++j) { 2997 bitmap_set(vs->dirty[y + j], 2998 x / VNC_DIRTY_PIXELS_PER_BIT, 2999 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT); 3000 } 3001 has_dirty++; 3002 } 3003 3004 return has_dirty; 3005 } 3006 vnc_update_stats(VncDisplay * vd,struct timeval * tv)3007 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv) 3008 { 3009 int width = MIN(pixman_image_get_width(vd->guest.fb), 3010 pixman_image_get_width(vd->server)); 3011 int height = MIN(pixman_image_get_height(vd->guest.fb), 3012 pixman_image_get_height(vd->server)); 3013 int x, y; 3014 struct timeval res; 3015 int has_dirty = 0; 3016 3017 for (y = 0; y < height; y += VNC_STAT_RECT) { 3018 for (x = 0; x < width; x += VNC_STAT_RECT) { 3019 VncRectStat *rect = vnc_stat_rect(vd, x, y); 3020 3021 rect->updated = false; 3022 } 3023 } 3024 3025 qemu_timersub(tv, &VNC_REFRESH_STATS, &res); 3026 3027 if (timercmp(&vd->guest.last_freq_check, &res, >)) { 3028 return has_dirty; 3029 } 3030 vd->guest.last_freq_check = *tv; 3031 3032 for (y = 0; y < height; y += VNC_STAT_RECT) { 3033 for (x = 0; x < width; x += VNC_STAT_RECT) { 3034 VncRectStat *rect= vnc_stat_rect(vd, x, y); 3035 int count = ARRAY_SIZE(rect->times); 3036 struct timeval min, max; 3037 3038 if (!timerisset(&rect->times[count - 1])) { 3039 continue ; 3040 } 3041 3042 max = rect->times[(rect->idx + count - 1) % count]; 3043 qemu_timersub(tv, &max, &res); 3044 3045 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) { 3046 rect->freq = 0; 3047 has_dirty += vnc_refresh_lossy_rect(vd, x, y); 3048 memset(rect->times, 0, sizeof (rect->times)); 3049 continue ; 3050 } 3051 3052 min = rect->times[rect->idx]; 3053 max = rect->times[(rect->idx + count - 1) % count]; 3054 qemu_timersub(&max, &min, &res); 3055 3056 rect->freq = res.tv_sec + res.tv_usec / 1000000.; 3057 rect->freq /= count; 3058 rect->freq = 1. / rect->freq; 3059 } 3060 } 3061 return has_dirty; 3062 } 3063 vnc_update_freq(VncState * vs,int x,int y,int w,int h)3064 double vnc_update_freq(VncState *vs, int x, int y, int w, int h) 3065 { 3066 int i, j; 3067 double total = 0; 3068 int num = 0; 3069 3070 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT); 3071 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT); 3072 3073 for (j = y; j <= y + h; j += VNC_STAT_RECT) { 3074 for (i = x; i <= x + w; i += VNC_STAT_RECT) { 3075 total += vnc_stat_rect(vs->vd, i, j)->freq; 3076 num++; 3077 } 3078 } 3079 3080 if (num) { 3081 return total / num; 3082 } else { 3083 return 0; 3084 } 3085 } 3086 vnc_rect_updated(VncDisplay * vd,int x,int y,struct timeval * tv)3087 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv) 3088 { 3089 VncRectStat *rect; 3090 3091 rect = vnc_stat_rect(vd, x, y); 3092 if (rect->updated) { 3093 return; 3094 } 3095 rect->times[rect->idx] = *tv; 3096 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times); 3097 rect->updated = true; 3098 } 3099 vnc_refresh_server_surface(VncDisplay * vd)3100 static int vnc_refresh_server_surface(VncDisplay *vd) 3101 { 3102 int width = MIN(pixman_image_get_width(vd->guest.fb), 3103 pixman_image_get_width(vd->server)); 3104 int height = MIN(pixman_image_get_height(vd->guest.fb), 3105 pixman_image_get_height(vd->server)); 3106 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0; 3107 uint8_t *guest_row0 = NULL, *server_row0; 3108 VncState *vs; 3109 int has_dirty = 0; 3110 pixman_image_t *tmpbuf = NULL; 3111 unsigned long offset; 3112 int x; 3113 uint8_t *guest_ptr, *server_ptr; 3114 3115 struct timeval tv = { 0, 0 }; 3116 3117 if (!vd->non_adaptive) { 3118 gettimeofday(&tv, NULL); 3119 has_dirty = vnc_update_stats(vd, &tv); 3120 } 3121 3122 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3123 height * VNC_DIRTY_BPL(&vd->guest), 0); 3124 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3125 /* no dirty bits in guest surface */ 3126 return has_dirty; 3127 } 3128 3129 /* 3130 * Walk through the guest dirty map. 3131 * Check and copy modified bits from guest to server surface. 3132 * Update server dirty map. 3133 */ 3134 server_row0 = (uint8_t *)pixman_image_get_data(vd->server); 3135 server_stride = guest_stride = guest_ll = 3136 pixman_image_get_stride(vd->server); 3137 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES, 3138 server_stride); 3139 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3140 int w = pixman_image_get_width(vd->server); 3141 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w); 3142 } else { 3143 int guest_bpp = 3144 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb)); 3145 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb); 3146 guest_stride = pixman_image_get_stride(vd->guest.fb); 3147 guest_ll = pixman_image_get_width(vd->guest.fb) 3148 * DIV_ROUND_UP(guest_bpp, 8); 3149 } 3150 line_bytes = MIN(server_stride, guest_ll); 3151 3152 for (;;) { 3153 y = offset / VNC_DIRTY_BPL(&vd->guest); 3154 x = offset % VNC_DIRTY_BPL(&vd->guest); 3155 3156 server_ptr = server_row0 + y * server_stride + x * cmp_bytes; 3157 3158 if (vd->guest.format != VNC_SERVER_FB_FORMAT) { 3159 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y); 3160 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf); 3161 } else { 3162 guest_ptr = guest_row0 + y * guest_stride; 3163 } 3164 guest_ptr += x * cmp_bytes; 3165 3166 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT); 3167 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) { 3168 int _cmp_bytes = cmp_bytes; 3169 if (!test_and_clear_bit(x, vd->guest.dirty[y])) { 3170 continue; 3171 } 3172 if ((x + 1) * cmp_bytes > line_bytes) { 3173 _cmp_bytes = line_bytes - x * cmp_bytes; 3174 } 3175 assert(_cmp_bytes >= 0); 3176 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) { 3177 continue; 3178 } 3179 memcpy(server_ptr, guest_ptr, _cmp_bytes); 3180 if (!vd->non_adaptive) { 3181 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT, 3182 y, &tv); 3183 } 3184 QTAILQ_FOREACH(vs, &vd->clients, next) { 3185 set_bit(x, vs->dirty[y]); 3186 } 3187 has_dirty++; 3188 } 3189 3190 y++; 3191 offset = find_next_bit((unsigned long *) &vd->guest.dirty, 3192 height * VNC_DIRTY_BPL(&vd->guest), 3193 y * VNC_DIRTY_BPL(&vd->guest)); 3194 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) { 3195 /* no more dirty bits */ 3196 break; 3197 } 3198 } 3199 qemu_pixman_image_unref(tmpbuf); 3200 return has_dirty; 3201 } 3202 vnc_refresh(DisplayChangeListener * dcl)3203 static void vnc_refresh(DisplayChangeListener *dcl) 3204 { 3205 VncDisplay *vd = container_of(dcl, VncDisplay, dcl); 3206 VncState *vs, *vn; 3207 int has_dirty, rects = 0; 3208 3209 if (QTAILQ_EMPTY(&vd->clients)) { 3210 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX); 3211 return; 3212 } 3213 3214 graphic_hw_update(vd->dcl.con); 3215 3216 if (vnc_trylock_display(vd)) { 3217 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3218 return; 3219 } 3220 3221 has_dirty = vnc_refresh_server_surface(vd); 3222 vnc_unlock_display(vd); 3223 3224 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) { 3225 rects += vnc_update_client(vs, has_dirty); 3226 /* vs might be free()ed here */ 3227 } 3228 3229 if (has_dirty && rects) { 3230 vd->dcl.update_interval /= 2; 3231 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) { 3232 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE; 3233 } 3234 } else { 3235 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC; 3236 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) { 3237 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX; 3238 } 3239 } 3240 } 3241 vnc_connect(VncDisplay * vd,QIOChannelSocket * sioc,bool skipauth,bool websocket)3242 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc, 3243 bool skipauth, bool websocket) 3244 { 3245 VncState *vs = g_new0(VncState, 1); 3246 bool first_client = QTAILQ_EMPTY(&vd->clients); 3247 int i; 3248 3249 trace_vnc_client_connect(vs, sioc); 3250 vs->zrle = g_new0(VncZrle, 1); 3251 vs->tight = g_new0(VncTight, 1); 3252 vs->magic = VNC_MAGIC; 3253 vs->sioc = sioc; 3254 object_ref(OBJECT(vs->sioc)); 3255 vs->ioc = QIO_CHANNEL(sioc); 3256 object_ref(OBJECT(vs->ioc)); 3257 vs->vd = vd; 3258 3259 buffer_init(&vs->input, "vnc-input/%p", sioc); 3260 buffer_init(&vs->output, "vnc-output/%p", sioc); 3261 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc); 3262 3263 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc); 3264 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc); 3265 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc); 3266 #ifdef CONFIG_VNC_JPEG 3267 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc); 3268 #endif 3269 #ifdef CONFIG_PNG 3270 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc); 3271 #endif 3272 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc); 3273 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc); 3274 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc); 3275 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc); 3276 3277 if (skipauth) { 3278 vs->auth = VNC_AUTH_NONE; 3279 vs->subauth = VNC_AUTH_INVALID; 3280 } else { 3281 if (websocket) { 3282 vs->auth = vd->ws_auth; 3283 vs->subauth = VNC_AUTH_INVALID; 3284 } else { 3285 vs->auth = vd->auth; 3286 vs->subauth = vd->subauth; 3287 } 3288 } 3289 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n", 3290 sioc, websocket, vs->auth, vs->subauth); 3291 3292 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect)); 3293 for (i = 0; i < VNC_STAT_ROWS; ++i) { 3294 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS); 3295 } 3296 3297 VNC_DEBUG("New client on socket %p\n", vs->sioc); 3298 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE); 3299 qio_channel_set_blocking(vs->ioc, false, NULL); 3300 if (vs->ioc_tag) { 3301 g_source_remove(vs->ioc_tag); 3302 } 3303 if (websocket) { 3304 vs->websocket = 1; 3305 if (vd->tlscreds) { 3306 vs->ioc_tag = qio_channel_add_watch( 3307 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3308 vncws_tls_handshake_io, vs, NULL); 3309 } else { 3310 vs->ioc_tag = qio_channel_add_watch( 3311 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3312 vncws_handshake_io, vs, NULL); 3313 } 3314 } else { 3315 vs->ioc_tag = qio_channel_add_watch( 3316 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR, 3317 vnc_client_io, vs, NULL); 3318 } 3319 3320 vnc_client_cache_addr(vs); 3321 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED); 3322 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING); 3323 3324 vs->last_x = -1; 3325 vs->last_y = -1; 3326 3327 vs->as.freq = 44100; 3328 vs->as.nchannels = 2; 3329 vs->as.fmt = AUDIO_FORMAT_S16; 3330 vs->as.endianness = 0; 3331 3332 qemu_mutex_init(&vs->output_mutex); 3333 vs->bh = qemu_bh_new(vnc_jobs_bh, vs); 3334 3335 QTAILQ_INSERT_TAIL(&vd->clients, vs, next); 3336 if (first_client) { 3337 vnc_update_server_surface(vd); 3338 } 3339 3340 graphic_hw_update(vd->dcl.con); 3341 3342 if (!vs->websocket) { 3343 vnc_start_protocol(vs); 3344 } 3345 3346 if (vd->num_connecting > vd->connections_limit) { 3347 QTAILQ_FOREACH(vs, &vd->clients, next) { 3348 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) { 3349 vnc_disconnect_start(vs); 3350 return; 3351 } 3352 } 3353 } 3354 } 3355 vnc_start_protocol(VncState * vs)3356 void vnc_start_protocol(VncState *vs) 3357 { 3358 vnc_write(vs, "RFB 003.008\n", 12); 3359 vnc_flush(vs); 3360 vnc_read_when(vs, protocol_version, 12); 3361 3362 vs->mouse_mode_notifier.notify = check_pointer_type_change; 3363 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier); 3364 } 3365 vnc_listen_io(QIONetListener * listener,QIOChannelSocket * cioc,void * opaque)3366 static void vnc_listen_io(QIONetListener *listener, 3367 QIOChannelSocket *cioc, 3368 void *opaque) 3369 { 3370 VncDisplay *vd = opaque; 3371 bool isWebsock = listener == vd->wslistener; 3372 3373 qio_channel_set_name(QIO_CHANNEL(cioc), 3374 isWebsock ? "vnc-ws-server" : "vnc-server"); 3375 qio_channel_set_delay(QIO_CHANNEL(cioc), false); 3376 vnc_connect(vd, cioc, false, isWebsock); 3377 } 3378 3379 static const DisplayChangeListenerOps dcl_ops = { 3380 .dpy_name = "vnc", 3381 .dpy_refresh = vnc_refresh, 3382 .dpy_gfx_update = vnc_dpy_update, 3383 .dpy_gfx_switch = vnc_dpy_switch, 3384 .dpy_gfx_check_format = qemu_pixman_check_format, 3385 .dpy_mouse_set = vnc_mouse_set, 3386 .dpy_cursor_define = vnc_dpy_cursor_define, 3387 }; 3388 vnc_display_init(const char * id,Error ** errp)3389 void vnc_display_init(const char *id, Error **errp) 3390 { 3391 VncDisplay *vd; 3392 3393 if (vnc_display_find(id) != NULL) { 3394 return; 3395 } 3396 vd = g_malloc0(sizeof(*vd)); 3397 3398 vd->id = strdup(id); 3399 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next); 3400 3401 QTAILQ_INIT(&vd->clients); 3402 vd->expires = TIME_MAX; 3403 3404 if (keyboard_layout) { 3405 trace_vnc_key_map_init(keyboard_layout); 3406 vd->kbd_layout = init_keyboard_layout(name2keysym, 3407 keyboard_layout, errp); 3408 } else { 3409 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp); 3410 } 3411 3412 if (!vd->kbd_layout) { 3413 return; 3414 } 3415 3416 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 3417 vd->connections_limit = 32; 3418 3419 qemu_mutex_init(&vd->mutex); 3420 vnc_start_worker_thread(); 3421 3422 vd->dcl.ops = &dcl_ops; 3423 register_displaychangelistener(&vd->dcl); 3424 vd->kbd = qkbd_state_init(vd->dcl.con); 3425 } 3426 3427 vnc_display_close(VncDisplay * vd)3428 static void vnc_display_close(VncDisplay *vd) 3429 { 3430 if (!vd) { 3431 return; 3432 } 3433 3434 if (vd->listener) { 3435 qio_net_listener_disconnect(vd->listener); 3436 object_unref(OBJECT(vd->listener)); 3437 } 3438 vd->listener = NULL; 3439 3440 if (vd->wslistener) { 3441 qio_net_listener_disconnect(vd->wslistener); 3442 object_unref(OBJECT(vd->wslistener)); 3443 } 3444 vd->wslistener = NULL; 3445 3446 vd->auth = VNC_AUTH_INVALID; 3447 vd->subauth = VNC_AUTH_INVALID; 3448 if (vd->tlscreds) { 3449 object_unref(OBJECT(vd->tlscreds)); 3450 vd->tlscreds = NULL; 3451 } 3452 if (vd->tlsauthz) { 3453 object_unparent(OBJECT(vd->tlsauthz)); 3454 vd->tlsauthz = NULL; 3455 } 3456 g_free(vd->tlsauthzid); 3457 vd->tlsauthzid = NULL; 3458 if (vd->lock_key_sync) { 3459 qemu_remove_led_event_handler(vd->led); 3460 vd->led = NULL; 3461 } 3462 #ifdef CONFIG_VNC_SASL 3463 if (vd->sasl.authz) { 3464 object_unparent(OBJECT(vd->sasl.authz)); 3465 vd->sasl.authz = NULL; 3466 } 3467 g_free(vd->sasl.authzid); 3468 vd->sasl.authzid = NULL; 3469 #endif 3470 } 3471 vnc_display_password(const char * id,const char * password)3472 int vnc_display_password(const char *id, const char *password) 3473 { 3474 VncDisplay *vd = vnc_display_find(id); 3475 3476 if (!vd) { 3477 return -EINVAL; 3478 } 3479 if (vd->auth == VNC_AUTH_NONE) { 3480 error_printf_unless_qmp("If you want use passwords please enable " 3481 "password auth using '-vnc ${dpy},password'.\n"); 3482 return -EINVAL; 3483 } 3484 3485 g_free(vd->password); 3486 vd->password = g_strdup(password); 3487 3488 return 0; 3489 } 3490 vnc_display_pw_expire(const char * id,time_t expires)3491 int vnc_display_pw_expire(const char *id, time_t expires) 3492 { 3493 VncDisplay *vd = vnc_display_find(id); 3494 3495 if (!vd) { 3496 return -EINVAL; 3497 } 3498 3499 vd->expires = expires; 3500 return 0; 3501 } 3502 vnc_display_print_local_addr(VncDisplay * vd)3503 static void vnc_display_print_local_addr(VncDisplay *vd) 3504 { 3505 SocketAddress *addr; 3506 3507 if (!vd->listener || !vd->listener->nsioc) { 3508 return; 3509 } 3510 3511 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL); 3512 if (!addr) { 3513 return; 3514 } 3515 3516 if (addr->type != SOCKET_ADDRESS_TYPE_INET) { 3517 qapi_free_SocketAddress(addr); 3518 return; 3519 } 3520 error_printf_unless_qmp("VNC server running on %s:%s\n", 3521 addr->u.inet.host, 3522 addr->u.inet.port); 3523 qapi_free_SocketAddress(addr); 3524 } 3525 3526 static QemuOptsList qemu_vnc_opts = { 3527 .name = "vnc", 3528 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head), 3529 .implied_opt_name = "vnc", 3530 .desc = { 3531 { 3532 .name = "vnc", 3533 .type = QEMU_OPT_STRING, 3534 },{ 3535 .name = "websocket", 3536 .type = QEMU_OPT_STRING, 3537 },{ 3538 .name = "tls-creds", 3539 .type = QEMU_OPT_STRING, 3540 },{ 3541 .name = "share", 3542 .type = QEMU_OPT_STRING, 3543 },{ 3544 .name = "display", 3545 .type = QEMU_OPT_STRING, 3546 },{ 3547 .name = "head", 3548 .type = QEMU_OPT_NUMBER, 3549 },{ 3550 .name = "connections", 3551 .type = QEMU_OPT_NUMBER, 3552 },{ 3553 .name = "to", 3554 .type = QEMU_OPT_NUMBER, 3555 },{ 3556 .name = "ipv4", 3557 .type = QEMU_OPT_BOOL, 3558 },{ 3559 .name = "ipv6", 3560 .type = QEMU_OPT_BOOL, 3561 },{ 3562 .name = "password", 3563 .type = QEMU_OPT_BOOL, 3564 },{ 3565 .name = "password-secret", 3566 .type = QEMU_OPT_STRING, 3567 },{ 3568 .name = "reverse", 3569 .type = QEMU_OPT_BOOL, 3570 },{ 3571 .name = "lock-key-sync", 3572 .type = QEMU_OPT_BOOL, 3573 },{ 3574 .name = "key-delay-ms", 3575 .type = QEMU_OPT_NUMBER, 3576 },{ 3577 .name = "sasl", 3578 .type = QEMU_OPT_BOOL, 3579 },{ 3580 .name = "tls-authz", 3581 .type = QEMU_OPT_STRING, 3582 },{ 3583 .name = "sasl-authz", 3584 .type = QEMU_OPT_STRING, 3585 },{ 3586 .name = "lossy", 3587 .type = QEMU_OPT_BOOL, 3588 },{ 3589 .name = "non-adaptive", 3590 .type = QEMU_OPT_BOOL, 3591 },{ 3592 .name = "audiodev", 3593 .type = QEMU_OPT_STRING, 3594 },{ 3595 .name = "power-control", 3596 .type = QEMU_OPT_BOOL, 3597 }, 3598 { /* end of list */ } 3599 }, 3600 }; 3601 3602 3603 static int vnc_display_setup_auth(int * auth,int * subauth,QCryptoTLSCreds * tlscreds,bool password,bool sasl,bool websocket,Error ** errp)3604 vnc_display_setup_auth(int *auth, 3605 int *subauth, 3606 QCryptoTLSCreds *tlscreds, 3607 bool password, 3608 bool sasl, 3609 bool websocket, 3610 Error **errp) 3611 { 3612 /* 3613 * We have a choice of 3 authentication options 3614 * 3615 * 1. none 3616 * 2. vnc 3617 * 3. sasl 3618 * 3619 * The channel can be run in 2 modes 3620 * 3621 * 1. clear 3622 * 2. tls 3623 * 3624 * And TLS can use 2 types of credentials 3625 * 3626 * 1. anon 3627 * 2. x509 3628 * 3629 * We thus have 9 possible logical combinations 3630 * 3631 * 1. clear + none 3632 * 2. clear + vnc 3633 * 3. clear + sasl 3634 * 4. tls + anon + none 3635 * 5. tls + anon + vnc 3636 * 6. tls + anon + sasl 3637 * 7. tls + x509 + none 3638 * 8. tls + x509 + vnc 3639 * 9. tls + x509 + sasl 3640 * 3641 * These need to be mapped into the VNC auth schemes 3642 * in an appropriate manner. In regular VNC, all the 3643 * TLS options get mapped into VNC_AUTH_VENCRYPT 3644 * sub-auth types. 3645 * 3646 * In websockets, the https:// protocol already provides 3647 * TLS support, so there is no need to make use of the 3648 * VeNCrypt extension. Furthermore, websockets browser 3649 * clients could not use VeNCrypt even if they wanted to, 3650 * as they cannot control when the TLS handshake takes 3651 * place. Thus there is no option but to rely on https://, 3652 * meaning combinations 4->6 and 7->9 will be mapped to 3653 * VNC auth schemes in the same way as combos 1->3. 3654 * 3655 * Regardless of fact that we have a different mapping to 3656 * VNC auth mechs for plain VNC vs websockets VNC, the end 3657 * result has the same security characteristics. 3658 */ 3659 if (websocket || !tlscreds) { 3660 if (password) { 3661 VNC_DEBUG("Initializing VNC server with password auth\n"); 3662 *auth = VNC_AUTH_VNC; 3663 } else if (sasl) { 3664 VNC_DEBUG("Initializing VNC server with SASL auth\n"); 3665 *auth = VNC_AUTH_SASL; 3666 } else { 3667 VNC_DEBUG("Initializing VNC server with no auth\n"); 3668 *auth = VNC_AUTH_NONE; 3669 } 3670 *subauth = VNC_AUTH_INVALID; 3671 } else { 3672 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds), 3673 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL; 3674 bool is_anon = object_dynamic_cast(OBJECT(tlscreds), 3675 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL; 3676 3677 if (!is_x509 && !is_anon) { 3678 error_setg(errp, 3679 "Unsupported TLS cred type %s", 3680 object_get_typename(OBJECT(tlscreds))); 3681 return -1; 3682 } 3683 *auth = VNC_AUTH_VENCRYPT; 3684 if (password) { 3685 if (is_x509) { 3686 VNC_DEBUG("Initializing VNC server with x509 password auth\n"); 3687 *subauth = VNC_AUTH_VENCRYPT_X509VNC; 3688 } else { 3689 VNC_DEBUG("Initializing VNC server with TLS password auth\n"); 3690 *subauth = VNC_AUTH_VENCRYPT_TLSVNC; 3691 } 3692 3693 } else if (sasl) { 3694 if (is_x509) { 3695 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n"); 3696 *subauth = VNC_AUTH_VENCRYPT_X509SASL; 3697 } else { 3698 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n"); 3699 *subauth = VNC_AUTH_VENCRYPT_TLSSASL; 3700 } 3701 } else { 3702 if (is_x509) { 3703 VNC_DEBUG("Initializing VNC server with x509 no auth\n"); 3704 *subauth = VNC_AUTH_VENCRYPT_X509NONE; 3705 } else { 3706 VNC_DEBUG("Initializing VNC server with TLS no auth\n"); 3707 *subauth = VNC_AUTH_VENCRYPT_TLSNONE; 3708 } 3709 } 3710 } 3711 return 0; 3712 } 3713 3714 vnc_display_get_address(const char * addrstr,bool websocket,bool reverse,int displaynum,int to,bool has_ipv4,bool has_ipv6,bool ipv4,bool ipv6,SocketAddress ** retaddr,Error ** errp)3715 static int vnc_display_get_address(const char *addrstr, 3716 bool websocket, 3717 bool reverse, 3718 int displaynum, 3719 int to, 3720 bool has_ipv4, 3721 bool has_ipv6, 3722 bool ipv4, 3723 bool ipv6, 3724 SocketAddress **retaddr, 3725 Error **errp) 3726 { 3727 int ret = -1; 3728 SocketAddress *addr = NULL; 3729 3730 addr = g_new0(SocketAddress, 1); 3731 3732 if (strncmp(addrstr, "unix:", 5) == 0) { 3733 addr->type = SOCKET_ADDRESS_TYPE_UNIX; 3734 addr->u.q_unix.path = g_strdup(addrstr + 5); 3735 3736 if (to) { 3737 error_setg(errp, "Port range not support with UNIX socket"); 3738 goto cleanup; 3739 } 3740 ret = 0; 3741 } else { 3742 const char *port; 3743 size_t hostlen; 3744 uint64_t baseport = 0; 3745 InetSocketAddress *inet; 3746 3747 port = strrchr(addrstr, ':'); 3748 if (!port) { 3749 if (websocket) { 3750 hostlen = 0; 3751 port = addrstr; 3752 } else { 3753 error_setg(errp, "no vnc port specified"); 3754 goto cleanup; 3755 } 3756 } else { 3757 hostlen = port - addrstr; 3758 port++; 3759 if (*port == '\0') { 3760 error_setg(errp, "vnc port cannot be empty"); 3761 goto cleanup; 3762 } 3763 } 3764 3765 addr->type = SOCKET_ADDRESS_TYPE_INET; 3766 inet = &addr->u.inet; 3767 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') { 3768 inet->host = g_strndup(addrstr + 1, hostlen - 2); 3769 } else { 3770 inet->host = g_strndup(addrstr, hostlen); 3771 } 3772 /* plain VNC port is just an offset, for websocket 3773 * port is absolute */ 3774 if (websocket) { 3775 if (g_str_equal(addrstr, "") || 3776 g_str_equal(addrstr, "on")) { 3777 if (displaynum == -1) { 3778 error_setg(errp, "explicit websocket port is required"); 3779 goto cleanup; 3780 } 3781 inet->port = g_strdup_printf( 3782 "%d", displaynum + 5700); 3783 if (to) { 3784 inet->has_to = true; 3785 inet->to = to + 5700; 3786 } 3787 } else { 3788 inet->port = g_strdup(port); 3789 } 3790 } else { 3791 int offset = reverse ? 0 : 5900; 3792 if (parse_uint_full(port, 10, &baseport) < 0) { 3793 error_setg(errp, "can't convert to a number: %s", port); 3794 goto cleanup; 3795 } 3796 if (baseport > 65535 || 3797 baseport + offset > 65535) { 3798 error_setg(errp, "port %s out of range", port); 3799 goto cleanup; 3800 } 3801 inet->port = g_strdup_printf( 3802 "%d", (int)baseport + offset); 3803 3804 if (to) { 3805 inet->has_to = true; 3806 inet->to = to + offset; 3807 } 3808 } 3809 3810 inet->ipv4 = ipv4; 3811 inet->has_ipv4 = has_ipv4; 3812 inet->ipv6 = ipv6; 3813 inet->has_ipv6 = has_ipv6; 3814 3815 ret = baseport; 3816 } 3817 3818 *retaddr = addr; 3819 3820 cleanup: 3821 if (ret < 0) { 3822 qapi_free_SocketAddress(addr); 3823 } 3824 return ret; 3825 } 3826 vnc_display_get_addresses(QemuOpts * opts,bool reverse,SocketAddressList ** saddr_list_ret,SocketAddressList ** wsaddr_list_ret,Error ** errp)3827 static int vnc_display_get_addresses(QemuOpts *opts, 3828 bool reverse, 3829 SocketAddressList **saddr_list_ret, 3830 SocketAddressList **wsaddr_list_ret, 3831 Error **errp) 3832 { 3833 SocketAddress *saddr = NULL; 3834 SocketAddress *wsaddr = NULL; 3835 g_autoptr(SocketAddressList) saddr_list = NULL; 3836 SocketAddressList **saddr_tail = &saddr_list; 3837 SocketAddress *single_saddr = NULL; 3838 g_autoptr(SocketAddressList) wsaddr_list = NULL; 3839 SocketAddressList **wsaddr_tail = &wsaddr_list; 3840 QemuOptsIter addriter; 3841 const char *addr; 3842 int to = qemu_opt_get_number(opts, "to", 0); 3843 bool has_ipv4 = qemu_opt_get(opts, "ipv4"); 3844 bool has_ipv6 = qemu_opt_get(opts, "ipv6"); 3845 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false); 3846 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false); 3847 int displaynum = -1; 3848 3849 addr = qemu_opt_get(opts, "vnc"); 3850 if (addr == NULL || g_str_equal(addr, "none")) { 3851 return 0; 3852 } 3853 if (qemu_opt_get(opts, "websocket") && 3854 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) { 3855 error_setg(errp, 3856 "SHA1 hash support is required for websockets"); 3857 return -1; 3858 } 3859 3860 qemu_opt_iter_init(&addriter, opts, "vnc"); 3861 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3862 int rv; 3863 rv = vnc_display_get_address(addr, false, reverse, 0, to, 3864 has_ipv4, has_ipv6, 3865 ipv4, ipv6, 3866 &saddr, errp); 3867 if (rv < 0) { 3868 return -1; 3869 } 3870 /* Historical compat - first listen address can be used 3871 * to set the default websocket port 3872 */ 3873 if (displaynum == -1) { 3874 displaynum = rv; 3875 } 3876 QAPI_LIST_APPEND(saddr_tail, saddr); 3877 } 3878 3879 if (saddr_list && !saddr_list->next) { 3880 single_saddr = saddr_list->value; 3881 } else { 3882 /* 3883 * If we had multiple primary displays, we don't do defaults 3884 * for websocket, and require explicit config instead. 3885 */ 3886 displaynum = -1; 3887 } 3888 3889 qemu_opt_iter_init(&addriter, opts, "websocket"); 3890 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) { 3891 if (vnc_display_get_address(addr, true, reverse, displaynum, to, 3892 has_ipv4, has_ipv6, 3893 ipv4, ipv6, 3894 &wsaddr, errp) < 0) { 3895 return -1; 3896 } 3897 3898 /* Historical compat - if only a single listen address was 3899 * provided, then this is used to set the default listen 3900 * address for websocket too 3901 */ 3902 if (single_saddr && 3903 single_saddr->type == SOCKET_ADDRESS_TYPE_INET && 3904 wsaddr->type == SOCKET_ADDRESS_TYPE_INET && 3905 g_str_equal(wsaddr->u.inet.host, "") && 3906 !g_str_equal(single_saddr->u.inet.host, "")) { 3907 g_free(wsaddr->u.inet.host); 3908 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host); 3909 } 3910 3911 QAPI_LIST_APPEND(wsaddr_tail, wsaddr); 3912 } 3913 3914 *saddr_list_ret = g_steal_pointer(&saddr_list); 3915 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list); 3916 return 0; 3917 } 3918 vnc_display_connect(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3919 static int vnc_display_connect(VncDisplay *vd, 3920 SocketAddressList *saddr_list, 3921 SocketAddressList *wsaddr_list, 3922 Error **errp) 3923 { 3924 /* connect to viewer */ 3925 QIOChannelSocket *sioc = NULL; 3926 if (wsaddr_list) { 3927 error_setg(errp, "Cannot use websockets in reverse mode"); 3928 return -1; 3929 } 3930 if (!saddr_list || saddr_list->next) { 3931 error_setg(errp, "Expected a single address in reverse mode"); 3932 return -1; 3933 } 3934 sioc = qio_channel_socket_new(); 3935 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse"); 3936 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) { 3937 object_unref(OBJECT(sioc)); 3938 return -1; 3939 } 3940 vnc_connect(vd, sioc, false, false); 3941 object_unref(OBJECT(sioc)); 3942 return 0; 3943 } 3944 3945 vnc_display_listen(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3946 static int vnc_display_listen(VncDisplay *vd, 3947 SocketAddressList *saddr_list, 3948 SocketAddressList *wsaddr_list, 3949 Error **errp) 3950 { 3951 SocketAddressList *el; 3952 3953 if (saddr_list) { 3954 vd->listener = qio_net_listener_new(); 3955 qio_net_listener_set_name(vd->listener, "vnc-listen"); 3956 for (el = saddr_list; el; el = el->next) { 3957 if (qio_net_listener_open_sync(vd->listener, 3958 el->value, 1, 3959 errp) < 0) { 3960 return -1; 3961 } 3962 } 3963 3964 qio_net_listener_set_client_func(vd->listener, 3965 vnc_listen_io, vd, NULL); 3966 } 3967 3968 if (wsaddr_list) { 3969 vd->wslistener = qio_net_listener_new(); 3970 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen"); 3971 for (el = wsaddr_list; el; el = el->next) { 3972 if (qio_net_listener_open_sync(vd->wslistener, 3973 el->value, 1, 3974 errp) < 0) { 3975 return -1; 3976 } 3977 } 3978 3979 qio_net_listener_set_client_func(vd->wslistener, 3980 vnc_listen_io, vd, NULL); 3981 } 3982 3983 return 0; 3984 } 3985 vnc_display_update(DisplayUpdateOptionsVNC * arg,Error ** errp)3986 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp) 3987 { 3988 VncDisplay *vd = vnc_display_find(NULL); 3989 3990 if (!vd) { 3991 error_setg(errp, "Can not find vnc display"); 3992 return false; 3993 } 3994 3995 if (arg->has_addresses) { 3996 if (vd->listener) { 3997 qio_net_listener_disconnect(vd->listener); 3998 object_unref(OBJECT(vd->listener)); 3999 vd->listener = NULL; 4000 } 4001 4002 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) { 4003 return false; 4004 } 4005 } 4006 4007 return true; 4008 } 4009 vnc_display_open(const char * id,Error ** errp)4010 void vnc_display_open(const char *id, Error **errp) 4011 { 4012 VncDisplay *vd = vnc_display_find(id); 4013 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id); 4014 g_autoptr(SocketAddressList) saddr_list = NULL; 4015 g_autoptr(SocketAddressList) wsaddr_list = NULL; 4016 const char *share, *device_id; 4017 QemuConsole *con; 4018 bool password = false; 4019 bool reverse = false; 4020 const char *credid; 4021 bool sasl = false; 4022 const char *tlsauthz; 4023 const char *saslauthz; 4024 int lock_key_sync = 1; 4025 int key_delay_ms; 4026 const char *audiodev; 4027 const char *passwordSecret; 4028 4029 if (!vd) { 4030 error_setg(errp, "VNC display not active"); 4031 return; 4032 } 4033 vnc_display_close(vd); 4034 4035 if (!opts) { 4036 return; 4037 } 4038 4039 reverse = qemu_opt_get_bool(opts, "reverse", false); 4040 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list, 4041 errp) < 0) { 4042 goto fail; 4043 } 4044 4045 4046 passwordSecret = qemu_opt_get(opts, "password-secret"); 4047 if (passwordSecret) { 4048 if (qemu_opt_get(opts, "password")) { 4049 error_setg(errp, 4050 "'password' flag is redundant with 'password-secret'"); 4051 goto fail; 4052 } 4053 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret, 4054 errp); 4055 if (!vd->password) { 4056 goto fail; 4057 } 4058 password = true; 4059 } else { 4060 password = qemu_opt_get_bool(opts, "password", false); 4061 } 4062 if (password) { 4063 if (!qcrypto_cipher_supports( 4064 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) { 4065 error_setg(errp, 4066 "Cipher backend does not support DES algorithm"); 4067 goto fail; 4068 } 4069 } 4070 4071 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true); 4072 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10); 4073 sasl = qemu_opt_get_bool(opts, "sasl", false); 4074 #ifndef CONFIG_VNC_SASL 4075 if (sasl) { 4076 error_setg(errp, "VNC SASL auth requires cyrus-sasl support"); 4077 goto fail; 4078 } 4079 #endif /* CONFIG_VNC_SASL */ 4080 credid = qemu_opt_get(opts, "tls-creds"); 4081 if (credid) { 4082 Object *creds; 4083 creds = object_resolve_path_component( 4084 object_get_objects_root(), credid); 4085 if (!creds) { 4086 error_setg(errp, "No TLS credentials with id '%s'", 4087 credid); 4088 goto fail; 4089 } 4090 vd->tlscreds = (QCryptoTLSCreds *) 4091 object_dynamic_cast(creds, 4092 TYPE_QCRYPTO_TLS_CREDS); 4093 if (!vd->tlscreds) { 4094 error_setg(errp, "Object with id '%s' is not TLS credentials", 4095 credid); 4096 goto fail; 4097 } 4098 object_ref(OBJECT(vd->tlscreds)); 4099 4100 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds, 4101 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, 4102 errp)) { 4103 goto fail; 4104 } 4105 } 4106 tlsauthz = qemu_opt_get(opts, "tls-authz"); 4107 if (tlsauthz && !vd->tlscreds) { 4108 error_setg(errp, "'tls-authz' provided but TLS is not enabled"); 4109 goto fail; 4110 } 4111 4112 saslauthz = qemu_opt_get(opts, "sasl-authz"); 4113 if (saslauthz && !sasl) { 4114 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled"); 4115 goto fail; 4116 } 4117 4118 share = qemu_opt_get(opts, "share"); 4119 if (share) { 4120 if (strcmp(share, "ignore") == 0) { 4121 vd->share_policy = VNC_SHARE_POLICY_IGNORE; 4122 } else if (strcmp(share, "allow-exclusive") == 0) { 4123 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4124 } else if (strcmp(share, "force-shared") == 0) { 4125 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED; 4126 } else { 4127 error_setg(errp, "unknown vnc share= option"); 4128 goto fail; 4129 } 4130 } else { 4131 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE; 4132 } 4133 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32); 4134 4135 #ifdef CONFIG_VNC_JPEG 4136 vd->lossy = qemu_opt_get_bool(opts, "lossy", false); 4137 #endif 4138 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false); 4139 /* adaptive updates are only used with tight encoding and 4140 * if lossy updates are enabled so we can disable all the 4141 * calculations otherwise */ 4142 if (!vd->lossy) { 4143 vd->non_adaptive = true; 4144 } 4145 4146 vd->power_control = qemu_opt_get_bool(opts, "power-control", false); 4147 4148 if (tlsauthz) { 4149 vd->tlsauthzid = g_strdup(tlsauthz); 4150 } 4151 #ifdef CONFIG_VNC_SASL 4152 if (sasl) { 4153 if (saslauthz) { 4154 vd->sasl.authzid = g_strdup(saslauthz); 4155 } 4156 } 4157 #endif 4158 4159 if (vnc_display_setup_auth(&vd->auth, &vd->subauth, 4160 vd->tlscreds, password, 4161 sasl, false, errp) < 0) { 4162 goto fail; 4163 } 4164 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth); 4165 4166 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth, 4167 vd->tlscreds, password, 4168 sasl, true, errp) < 0) { 4169 goto fail; 4170 } 4171 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth); 4172 4173 #ifdef CONFIG_VNC_SASL 4174 if (sasl && !vnc_sasl_server_init(errp)) { 4175 goto fail; 4176 } 4177 #endif 4178 vd->lock_key_sync = lock_key_sync; 4179 if (lock_key_sync) { 4180 vd->led = qemu_add_led_event_handler(kbd_leds, vd); 4181 } 4182 vd->ledstate = 0; 4183 4184 audiodev = qemu_opt_get(opts, "audiodev"); 4185 if (audiodev) { 4186 vd->audio_state = audio_state_by_name(audiodev, errp); 4187 if (!vd->audio_state) { 4188 goto fail; 4189 } 4190 } else { 4191 vd->audio_state = audio_get_default_audio_state(NULL); 4192 } 4193 4194 device_id = qemu_opt_get(opts, "display"); 4195 if (device_id) { 4196 int head = qemu_opt_get_number(opts, "head", 0); 4197 Error *err = NULL; 4198 4199 con = qemu_console_lookup_by_device_name(device_id, head, &err); 4200 if (err) { 4201 error_propagate(errp, err); 4202 goto fail; 4203 } 4204 } else { 4205 con = qemu_console_lookup_default(); 4206 } 4207 4208 if (con != vd->dcl.con) { 4209 qkbd_state_free(vd->kbd); 4210 unregister_displaychangelistener(&vd->dcl); 4211 vd->dcl.con = con; 4212 register_displaychangelistener(&vd->dcl); 4213 vd->kbd = qkbd_state_init(vd->dcl.con); 4214 } 4215 qkbd_state_set_delay(vd->kbd, key_delay_ms); 4216 4217 if (saddr_list == NULL) { 4218 return; 4219 } 4220 4221 if (reverse) { 4222 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) { 4223 goto fail; 4224 } 4225 } else { 4226 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) { 4227 goto fail; 4228 } 4229 } 4230 4231 if (qemu_opt_get(opts, "to")) { 4232 vnc_display_print_local_addr(vd); 4233 } 4234 4235 /* Success */ 4236 return; 4237 4238 fail: 4239 vnc_display_close(vd); 4240 } 4241 vnc_display_add_client(const char * id,int csock,bool skipauth)4242 void vnc_display_add_client(const char *id, int csock, bool skipauth) 4243 { 4244 VncDisplay *vd = vnc_display_find(id); 4245 QIOChannelSocket *sioc; 4246 4247 if (!vd) { 4248 return; 4249 } 4250 4251 sioc = qio_channel_socket_new_fd(csock, NULL); 4252 if (sioc) { 4253 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server"); 4254 vnc_connect(vd, sioc, skipauth, false); 4255 object_unref(OBJECT(sioc)); 4256 } 4257 } 4258 vnc_auto_assign_id(QemuOptsList * olist,QemuOpts * opts)4259 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts) 4260 { 4261 int i = 2; 4262 char *id; 4263 4264 id = g_strdup("default"); 4265 while (qemu_opts_find(olist, id)) { 4266 g_free(id); 4267 id = g_strdup_printf("vnc%d", i++); 4268 } 4269 qemu_opts_set_id(opts, id); 4270 } 4271 vnc_parse(const char * str)4272 void vnc_parse(const char *str) 4273 { 4274 QemuOptsList *olist = qemu_find_opts("vnc"); 4275 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str)); 4276 const char *id; 4277 4278 if (!opts) { 4279 exit(1); 4280 } 4281 4282 id = qemu_opts_id(opts); 4283 if (!id) { 4284 /* auto-assign id if not present */ 4285 vnc_auto_assign_id(olist, opts); 4286 } 4287 } 4288 vnc_init_func(void * opaque,QemuOpts * opts,Error ** errp)4289 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp) 4290 { 4291 Error *local_err = NULL; 4292 char *id = (char *)qemu_opts_id(opts); 4293 4294 assert(id); 4295 vnc_display_init(id, &local_err); 4296 if (local_err) { 4297 error_propagate(errp, local_err); 4298 return -1; 4299 } 4300 vnc_display_open(id, &local_err); 4301 if (local_err != NULL) { 4302 error_propagate(errp, local_err); 4303 return -1; 4304 } 4305 return 0; 4306 } 4307 vnc_register_config(void)4308 static void vnc_register_config(void) 4309 { 4310 qemu_add_opts(&qemu_vnc_opts); 4311 } 4312 opts_init(vnc_register_config); 4313