search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
util/qht: Document memory ordering assumptions
[qemu/ar7.git] / ui / vnc.c
blob3ce3a5beec44867f702696b26399bd64a5e0106f
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qmp/qerror.h"
39 #include "qapi/qmp/types.h"
40 #include "qmp-commands.h"
41 #include "ui/input.h"
42 #include "qapi-event.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47 #include "qemu/cutils.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63
64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65 {
66 #ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76 #endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107 }
108
109
110 static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113 {
114 switch (addr->type) {
115 case SOCKET_ADDRESS_KIND_INET:
116 info->host = g_strdup(addr->u.inet.data->host);
117 info->service = g_strdup(addr->u.inet.data->port);
118 if (addr->u.inet.data->ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_KIND_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.data->path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 default:
132 error_setg(errp, "Unsupported socket kind %d",
133 addr->type);
134 break;
135 }
136
137 return;
138 }
139
140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
141 VncBasicInfo *info,
142 Error **errp)
143 {
144 SocketAddress *addr = NULL;
145
146 addr = qio_channel_socket_get_local_address(ioc, errp);
147 if (!addr) {
148 return;
149 }
150
151 vnc_init_basic_info(addr, info, errp);
152 qapi_free_SocketAddress(addr);
153 }
154
155 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
156 VncBasicInfo *info,
157 Error **errp)
158 {
159 SocketAddress *addr = NULL;
160
161 addr = qio_channel_socket_get_remote_address(ioc, errp);
162 if (!addr) {
163 return;
164 }
165
166 vnc_init_basic_info(addr, info, errp);
167 qapi_free_SocketAddress(addr);
168 }
169
170 static const char *vnc_auth_name(VncDisplay *vd) {
171 switch (vd->auth) {
172 case VNC_AUTH_INVALID:
173 return "invalid";
174 case VNC_AUTH_NONE:
175 return "none";
176 case VNC_AUTH_VNC:
177 return "vnc";
178 case VNC_AUTH_RA2:
179 return "ra2";
180 case VNC_AUTH_RA2NE:
181 return "ra2ne";
182 case VNC_AUTH_TIGHT:
183 return "tight";
184 case VNC_AUTH_ULTRA:
185 return "ultra";
186 case VNC_AUTH_TLS:
187 return "tls";
188 case VNC_AUTH_VENCRYPT:
189 switch (vd->subauth) {
190 case VNC_AUTH_VENCRYPT_PLAIN:
191 return "vencrypt+plain";
192 case VNC_AUTH_VENCRYPT_TLSNONE:
193 return "vencrypt+tls+none";
194 case VNC_AUTH_VENCRYPT_TLSVNC:
195 return "vencrypt+tls+vnc";
196 case VNC_AUTH_VENCRYPT_TLSPLAIN:
197 return "vencrypt+tls+plain";
198 case VNC_AUTH_VENCRYPT_X509NONE:
199 return "vencrypt+x509+none";
200 case VNC_AUTH_VENCRYPT_X509VNC:
201 return "vencrypt+x509+vnc";
202 case VNC_AUTH_VENCRYPT_X509PLAIN:
203 return "vencrypt+x509+plain";
204 case VNC_AUTH_VENCRYPT_TLSSASL:
205 return "vencrypt+tls+sasl";
206 case VNC_AUTH_VENCRYPT_X509SASL:
207 return "vencrypt+x509+sasl";
208 default:
209 return "vencrypt";
210 }
211 case VNC_AUTH_SASL:
212 return "sasl";
213 }
214 return "unknown";
215 }
216
217 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
218 {
219 VncServerInfo *info;
220 Error *err = NULL;
221
222 info = g_malloc(sizeof(*info));
223 vnc_init_basic_info_from_server_addr(vd->lsock,
224 qapi_VncServerInfo_base(info), &err);
225 info->has_auth = true;
226 info->auth = g_strdup(vnc_auth_name(vd));
227 if (err) {
228 qapi_free_VncServerInfo(info);
229 info = NULL;
230 error_free(err);
231 }
232 return info;
233 }
234
235 static void vnc_client_cache_auth(VncState *client)
236 {
237 if (!client->info) {
238 return;
239 }
240
241 if (client->tls) {
242 client->info->x509_dname =
243 qcrypto_tls_session_get_peer_name(client->tls);
244 client->info->has_x509_dname =
245 client->info->x509_dname != NULL;
246 }
247 #ifdef CONFIG_VNC_SASL
248 if (client->sasl.conn &&
249 client->sasl.username) {
250 client->info->has_sasl_username = true;
251 client->info->sasl_username = g_strdup(client->sasl.username);
252 }
253 #endif
254 }
255
256 static void vnc_client_cache_addr(VncState *client)
257 {
258 Error *err = NULL;
259
260 client->info = g_malloc0(sizeof(*client->info));
261 vnc_init_basic_info_from_remote_addr(client->sioc,
262 qapi_VncClientInfo_base(client->info),
263 &err);
264 if (err) {
265 qapi_free_VncClientInfo(client->info);
266 client->info = NULL;
267 error_free(err);
268 }
269 }
270
271 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
272 {
273 VncServerInfo *si;
274
275 if (!vs->info) {
276 return;
277 }
278
279 si = vnc_server_info_get(vs->vd);
280 if (!si) {
281 return;
282 }
283
284 switch (event) {
285 case QAPI_EVENT_VNC_CONNECTED:
286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
287 &error_abort);
288 break;
289 case QAPI_EVENT_VNC_INITIALIZED:
290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
291 break;
292 case QAPI_EVENT_VNC_DISCONNECTED:
293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
294 break;
295 default:
296 break;
297 }
298
299 qapi_free_VncServerInfo(si);
300 }
301
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303 {
304 VncClientInfo *info;
305 Error *err = NULL;
306
307 info = g_malloc0(sizeof(*info));
308
309 vnc_init_basic_info_from_remote_addr(client->sioc,
310 qapi_VncClientInfo_base(info),
311 &err);
312 if (err) {
313 error_free(err);
314 qapi_free_VncClientInfo(info);
315 return NULL;
316 }
317
318 info->websocket = client->websocket;
319
320 if (client->tls) {
321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
322 info->has_x509_dname = info->x509_dname != NULL;
323 }
324 #ifdef CONFIG_VNC_SASL
325 if (client->sasl.conn && client->sasl.username) {
326 info->has_sasl_username = true;
327 info->sasl_username = g_strdup(client->sasl.username);
328 }
329 #endif
330
331 return info;
332 }
333
334 static VncDisplay *vnc_display_find(const char *id)
335 {
336 VncDisplay *vd;
337
338 if (id == NULL) {
339 return QTAILQ_FIRST(&vnc_displays);
340 }
341 QTAILQ_FOREACH(vd, &vnc_displays, next) {
342 if (strcmp(id, vd->id) == 0) {
343 return vd;
344 }
345 }
346 return NULL;
347 }
348
349 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
350 {
351 VncClientInfoList *cinfo, *prev = NULL;
352 VncState *client;
353
354 QTAILQ_FOREACH(client, &vd->clients, next) {
355 cinfo = g_new0(VncClientInfoList, 1);
356 cinfo->value = qmp_query_vnc_client(client);
357 cinfo->next = prev;
358 prev = cinfo;
359 }
360 return prev;
361 }
362
363 VncInfo *qmp_query_vnc(Error **errp)
364 {
365 VncInfo *info = g_malloc0(sizeof(*info));
366 VncDisplay *vd = vnc_display_find(NULL);
367 SocketAddress *addr = NULL;
368
369 if (vd == NULL || !vd->enabled) {
370 info->enabled = false;
371 } else {
372 info->enabled = true;
373
374 /* for compatibility with the original command */
375 info->has_clients = true;
376 info->clients = qmp_query_client_list(vd);
377
378 if (vd->lsock == NULL) {
379 return info;
380 }
381
382 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
383 if (!addr) {
384 goto out_error;
385 }
386
387 switch (addr->type) {
388 case SOCKET_ADDRESS_KIND_INET:
389 info->host = g_strdup(addr->u.inet.data->host);
390 info->service = g_strdup(addr->u.inet.data->port);
391 if (addr->u.inet.data->ipv6) {
392 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
393 } else {
394 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
395 }
396 break;
397
398 case SOCKET_ADDRESS_KIND_UNIX:
399 info->host = g_strdup("");
400 info->service = g_strdup(addr->u.q_unix.data->path);
401 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
402 break;
403
404 default:
405 error_setg(errp, "Unsupported socket kind %d",
406 addr->type);
407 goto out_error;
408 }
409
410 info->has_host = true;
411 info->has_service = true;
412 info->has_family = true;
413
414 info->has_auth = true;
415 info->auth = g_strdup(vnc_auth_name(vd));
416 }
417
418 qapi_free_SocketAddress(addr);
419 return info;
420
421 out_error:
422 qapi_free_SocketAddress(addr);
423 qapi_free_VncInfo(info);
424 return NULL;
425 }
426
427 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
428 bool websocket,
429 VncBasicInfoList *prev)
430 {
431 VncBasicInfoList *list;
432 VncBasicInfo *info;
433 Error *err = NULL;
434 SocketAddress *addr;
435
436 addr = qio_channel_socket_get_local_address(ioc, &err);
437 if (!addr) {
438 error_free(err);
439 return prev;
440 }
441
442 info = g_new0(VncBasicInfo, 1);
443 vnc_init_basic_info(addr, info, &err);
444 qapi_free_SocketAddress(addr);
445 if (err) {
446 qapi_free_VncBasicInfo(info);
447 error_free(err);
448 return prev;
449 }
450 info->websocket = websocket;
451
452 list = g_new0(VncBasicInfoList, 1);
453 list->value = info;
454 list->next = prev;
455 return list;
456 }
457
458 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
459 {
460 switch (vd->auth) {
461 case VNC_AUTH_VNC:
462 info->auth = VNC_PRIMARY_AUTH_VNC;
463 break;
464 case VNC_AUTH_RA2:
465 info->auth = VNC_PRIMARY_AUTH_RA2;
466 break;
467 case VNC_AUTH_RA2NE:
468 info->auth = VNC_PRIMARY_AUTH_RA2NE;
469 break;
470 case VNC_AUTH_TIGHT:
471 info->auth = VNC_PRIMARY_AUTH_TIGHT;
472 break;
473 case VNC_AUTH_ULTRA:
474 info->auth = VNC_PRIMARY_AUTH_ULTRA;
475 break;
476 case VNC_AUTH_TLS:
477 info->auth = VNC_PRIMARY_AUTH_TLS;
478 break;
479 case VNC_AUTH_VENCRYPT:
480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
481 info->has_vencrypt = true;
482 switch (vd->subauth) {
483 case VNC_AUTH_VENCRYPT_PLAIN:
484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
485 break;
486 case VNC_AUTH_VENCRYPT_TLSNONE:
487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
488 break;
489 case VNC_AUTH_VENCRYPT_TLSVNC:
490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
491 break;
492 case VNC_AUTH_VENCRYPT_TLSPLAIN:
493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
494 break;
495 case VNC_AUTH_VENCRYPT_X509NONE:
496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
497 break;
498 case VNC_AUTH_VENCRYPT_X509VNC:
499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
500 break;
501 case VNC_AUTH_VENCRYPT_X509PLAIN:
502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSSASL:
505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
506 break;
507 case VNC_AUTH_VENCRYPT_X509SASL:
508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
509 break;
510 default:
511 info->has_vencrypt = false;
512 break;
513 }
514 break;
515 case VNC_AUTH_SASL:
516 info->auth = VNC_PRIMARY_AUTH_SASL;
517 break;
518 case VNC_AUTH_NONE:
519 default:
520 info->auth = VNC_PRIMARY_AUTH_NONE;
521 break;
522 }
523 }
524
525 VncInfo2List *qmp_query_vnc_servers(Error **errp)
526 {
527 VncInfo2List *item, *prev = NULL;
528 VncInfo2 *info;
529 VncDisplay *vd;
530 DeviceState *dev;
531
532 QTAILQ_FOREACH(vd, &vnc_displays, next) {
533 info = g_new0(VncInfo2, 1);
534 info->id = g_strdup(vd->id);
535 info->clients = qmp_query_client_list(vd);
536 qmp_query_auth(vd, info);
537 if (vd->dcl.con) {
538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
539 "device", NULL));
540 info->has_display = true;
541 info->display = g_strdup(dev->id);
542 }
543 if (vd->lsock != NULL) {
544 info->server = qmp_query_server_entry(
545 vd->lsock, false, info->server);
546 }
547 if (vd->lwebsock != NULL) {
548 info->server = qmp_query_server_entry(
549 vd->lwebsock, true, info->server);
550 }
551
552 item = g_new0(VncInfo2List, 1);
553 item->value = info;
554 item->next = prev;
555 prev = item;
556 }
557 return prev;
558 }
559
560 /* TODO
561 1) Get the queue working for IO.
562 2) there is some weirdness when using the -S option (the screen is grey
563 and not totally invalidated
564 3) resolutions > 1024
565 */
566
567 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
568 static void vnc_disconnect_start(VncState *vs);
569
570 static void vnc_colordepth(VncState *vs);
571 static void framebuffer_update_request(VncState *vs, int incremental,
572 int x_position, int y_position,
573 int w, int h);
574 static void vnc_refresh(DisplayChangeListener *dcl);
575 static int vnc_refresh_server_surface(VncDisplay *vd);
576
577 static int vnc_width(VncDisplay *vd)
578 {
579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
580 VNC_DIRTY_PIXELS_PER_BIT));
581 }
582
583 static int vnc_height(VncDisplay *vd)
584 {
585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
586 }
587
588 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
590 VncDisplay *vd,
591 int x, int y, int w, int h)
592 {
593 int width = vnc_width(vd);
594 int height = vnc_height(vd);
595
596 /* this is needed this to ensure we updated all affected
597 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
598 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
600
601 x = MIN(x, width);
602 y = MIN(y, height);
603 w = MIN(x + w, width) - x;
604 h = MIN(y + h, height);
605
606 for (; y < h; y++) {
607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
609 }
610 }
611
612 static void vnc_dpy_update(DisplayChangeListener *dcl,
613 int x, int y, int w, int h)
614 {
615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
616 struct VncSurface *s = &vd->guest;
617
618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
619 }
620
621 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
622 int32_t encoding)
623 {
624 vnc_write_u16(vs, x);
625 vnc_write_u16(vs, y);
626 vnc_write_u16(vs, w);
627 vnc_write_u16(vs, h);
628
629 vnc_write_s32(vs, encoding);
630 }
631
632
633 static void vnc_desktop_resize(VncState *vs)
634 {
635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
636 return;
637 }
638 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
639 vs->client_height == pixman_image_get_height(vs->vd->server)) {
640 return;
641 }
642 vs->client_width = pixman_image_get_width(vs->vd->server);
643 vs->client_height = pixman_image_get_height(vs->vd->server);
644 vnc_lock_output(vs);
645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
646 vnc_write_u8(vs, 0);
647 vnc_write_u16(vs, 1); /* number of rects */
648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
649 VNC_ENCODING_DESKTOPRESIZE);
650 vnc_unlock_output(vs);
651 vnc_flush(vs);
652 }
653
654 static void vnc_abort_display_jobs(VncDisplay *vd)
655 {
656 VncState *vs;
657
658 QTAILQ_FOREACH(vs, &vd->clients, next) {
659 vnc_lock_output(vs);
660 vs->abort = true;
661 vnc_unlock_output(vs);
662 }
663 QTAILQ_FOREACH(vs, &vd->clients, next) {
664 vnc_jobs_join(vs);
665 }
666 QTAILQ_FOREACH(vs, &vd->clients, next) {
667 vnc_lock_output(vs);
668 vs->abort = false;
669 vnc_unlock_output(vs);
670 }
671 }
672
673 int vnc_server_fb_stride(VncDisplay *vd)
674 {
675 return pixman_image_get_stride(vd->server);
676 }
677
678 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
679 {
680 uint8_t *ptr;
681
682 ptr = (uint8_t *)pixman_image_get_data(vd->server);
683 ptr += y * vnc_server_fb_stride(vd);
684 ptr += x * VNC_SERVER_FB_BYTES;
685 return ptr;
686 }
687
688 static void vnc_update_server_surface(VncDisplay *vd)
689 {
690 qemu_pixman_image_unref(vd->server);
691 vd->server = NULL;
692
693 if (QTAILQ_EMPTY(&vd->clients)) {
694 return;
695 }
696
697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
698 vnc_width(vd),
699 vnc_height(vd),
700 NULL, 0);
701 }
702
703 static void vnc_dpy_switch(DisplayChangeListener *dcl,
704 DisplaySurface *surface)
705 {
706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
707 VncState *vs;
708 int width, height;
709
710 vnc_abort_display_jobs(vd);
711 vd->ds = surface;
712
713 /* server surface */
714 vnc_update_server_surface(vd);
715
716 /* guest surface */
717 qemu_pixman_image_unref(vd->guest.fb);
718 vd->guest.fb = pixman_image_ref(surface->image);
719 vd->guest.format = surface->format;
720 width = vnc_width(vd);
721 height = vnc_height(vd);
722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
724 width, height);
725
726 QTAILQ_FOREACH(vs, &vd->clients, next) {
727 vnc_colordepth(vs);
728 vnc_desktop_resize(vs);
729 if (vs->vd->cursor) {
730 vnc_cursor_define(vs);
731 }
732 memset(vs->dirty, 0x00, sizeof(vs->dirty));
733 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
734 width, height);
735 }
736 }
737
738 /* fastest code */
739 static void vnc_write_pixels_copy(VncState *vs,
740 void *pixels, int size)
741 {
742 vnc_write(vs, pixels, size);
743 }
744
745 /* slowest but generic code. */
746 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
747 {
748 uint8_t r, g, b;
749
750 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
754 #else
755 # error need some bits here if you change VNC_SERVER_FB_FORMAT
756 #endif
757 v = (r << vs->client_pf.rshift) |
758 (g << vs->client_pf.gshift) |
759 (b << vs->client_pf.bshift);
760 switch (vs->client_pf.bytes_per_pixel) {
761 case 1:
762 buf[0] = v;
763 break;
764 case 2:
765 if (vs->client_be) {
766 buf[0] = v >> 8;
767 buf[1] = v;
768 } else {
769 buf[1] = v >> 8;
770 buf[0] = v;
771 }
772 break;
773 default:
774 case 4:
775 if (vs->client_be) {
776 buf[0] = v >> 24;
777 buf[1] = v >> 16;
778 buf[2] = v >> 8;
779 buf[3] = v;
780 } else {
781 buf[3] = v >> 24;
782 buf[2] = v >> 16;
783 buf[1] = v >> 8;
784 buf[0] = v;
785 }
786 break;
787 }
788 }
789
790 static void vnc_write_pixels_generic(VncState *vs,
791 void *pixels1, int size)
792 {
793 uint8_t buf[4];
794
795 if (VNC_SERVER_FB_BYTES == 4) {
796 uint32_t *pixels = pixels1;
797 int n, i;
798 n = size >> 2;
799 for (i = 0; i < n; i++) {
800 vnc_convert_pixel(vs, buf, pixels[i]);
801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
802 }
803 }
804 }
805
806 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
807 {
808 int i;
809 uint8_t *row;
810 VncDisplay *vd = vs->vd;
811
812 row = vnc_server_fb_ptr(vd, x, y);
813 for (i = 0; i < h; i++) {
814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
815 row += vnc_server_fb_stride(vd);
816 }
817 return 1;
818 }
819
820 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
821 {
822 int n = 0;
823 bool encode_raw = false;
824 size_t saved_offs = vs->output.offset;
825
826 switch(vs->vnc_encoding) {
827 case VNC_ENCODING_ZLIB:
828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
829 break;
830 case VNC_ENCODING_HEXTILE:
831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
833 break;
834 case VNC_ENCODING_TIGHT:
835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
836 break;
837 case VNC_ENCODING_TIGHT_PNG:
838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
839 break;
840 case VNC_ENCODING_ZRLE:
841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
842 break;
843 case VNC_ENCODING_ZYWRLE:
844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
845 break;
846 default:
847 encode_raw = true;
848 break;
849 }
850
851 /* If the client has the same pixel format as our internal buffer and
852 * a RAW encoding would need less space fall back to RAW encoding to
853 * save bandwidth and processing power in the client. */
854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
856 vs->output.offset = saved_offs;
857 encode_raw = true;
858 }
859
860 if (encode_raw) {
861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
863 }
864
865 return n;
866 }
867
868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
869 {
870 /* send bitblit op to the vnc client */
871 vnc_lock_output(vs);
872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
873 vnc_write_u8(vs, 0);
874 vnc_write_u16(vs, 1); /* number of rects */
875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
876 vnc_write_u16(vs, src_x);
877 vnc_write_u16(vs, src_y);
878 vnc_unlock_output(vs);
879 vnc_flush(vs);
880 }
881
882 static void vnc_dpy_copy(DisplayChangeListener *dcl,
883 int src_x, int src_y,
884 int dst_x, int dst_y, int w, int h)
885 {
886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
887 VncState *vs, *vn;
888 uint8_t *src_row;
889 uint8_t *dst_row;
890 int i, x, y, pitch, inc, w_lim, s;
891 int cmp_bytes;
892
893 if (!vd->server) {
894 /* no client connected */
895 return;
896 }
897
898 vnc_refresh_server_surface(vd);
899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
901 vs->force_update = 1;
902 vnc_update_client(vs, 1, true);
903 /* vs might be free()ed here */
904 }
905 }
906
907 /* do bitblit op on the local surface too */
908 pitch = vnc_server_fb_stride(vd);
909 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
911 y = dst_y;
912 inc = 1;
913 if (dst_y > src_y) {
914 /* copy backwards */
915 src_row += pitch * (h-1);
916 dst_row += pitch * (h-1);
917 pitch = -pitch;
918 y = dst_y + h - 1;
919 inc = -1;
920 }
921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
922 if (w_lim < 0) {
923 w_lim = w;
924 } else {
925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
926 }
927 for (i = 0; i < h; i++) {
928 for (x = 0; x <= w_lim;
929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
930 if (x == w_lim) {
931 if ((s = w - w_lim) == 0)
932 break;
933 } else if (!x) {
934 s = (VNC_DIRTY_PIXELS_PER_BIT -
935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
936 s = MIN(s, w_lim);
937 } else {
938 s = VNC_DIRTY_PIXELS_PER_BIT;
939 }
940 cmp_bytes = s * VNC_SERVER_FB_BYTES;
941 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
942 continue;
943 memmove(dst_row, src_row, cmp_bytes);
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
947 vs->dirty[y]);
948 }
949 }
950 }
951 src_row += pitch - w * VNC_SERVER_FB_BYTES;
952 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
953 y += inc;
954 }
955
956 QTAILQ_FOREACH(vs, &vd->clients, next) {
957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
959 }
960 }
961 }
962
963 static void vnc_mouse_set(DisplayChangeListener *dcl,
964 int x, int y, int visible)
965 {
966 /* can we ask the client(s) to move the pointer ??? */
967 }
968
969 static int vnc_cursor_define(VncState *vs)
970 {
971 QEMUCursor *c = vs->vd->cursor;
972 int isize;
973
974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
977 vnc_write_u8(vs, 0); /* padding */
978 vnc_write_u16(vs, 1); /* # of rects */
979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
980 VNC_ENCODING_RICH_CURSOR);
981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
982 vnc_write_pixels_generic(vs, c->data, isize);
983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
984 vnc_unlock_output(vs);
985 return 0;
986 }
987 return -1;
988 }
989
990 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
991 QEMUCursor *c)
992 {
993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
994 VncState *vs;
995
996 cursor_put(vd->cursor);
997 g_free(vd->cursor_mask);
998
999 vd->cursor = c;
1000 cursor_get(vd->cursor);
1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1002 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1003 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1004
1005 QTAILQ_FOREACH(vs, &vd->clients, next) {
1006 vnc_cursor_define(vs);
1007 }
1008 }
1009
1010 static int find_and_clear_dirty_height(VncState *vs,
1011 int y, int last_x, int x, int height)
1012 {
1013 int h;
1014
1015 for (h = 1; h < (height - y); h++) {
1016 if (!test_bit(last_x, vs->dirty[y + h])) {
1017 break;
1018 }
1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1020 }
1021
1022 return h;
1023 }
1024
1025 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1026 {
1027 if (vs->disconnecting) {
1028 vnc_disconnect_finish(vs);
1029 return 0;
1030 }
1031
1032 vs->has_dirty += has_dirty;
1033 if (vs->need_update && !vs->disconnecting) {
1034 VncDisplay *vd = vs->vd;
1035 VncJob *job;
1036 int y;
1037 int height, width;
1038 int n = 0;
1039
1040 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1041 /* kernel send buffers are full -> drop frames to throttle */
1042 return 0;
1043
1044 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1045 return 0;
1046
1047 /*
1048 * Send screen updates to the vnc client using the server
1049 * surface and server dirty map. guest surface updates
1050 * happening in parallel don't disturb us, the next pass will
1051 * send them to the client.
1052 */
1053 job = vnc_job_new(vs);
1054
1055 height = pixman_image_get_height(vd->server);
1056 width = pixman_image_get_width(vd->server);
1057
1058 y = 0;
1059 for (;;) {
1060 int x, h;
1061 unsigned long x2;
1062 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1063 height * VNC_DIRTY_BPL(vs),
1064 y * VNC_DIRTY_BPL(vs));
1065 if (offset == height * VNC_DIRTY_BPL(vs)) {
1066 /* no more dirty bits */
1067 break;
1068 }
1069 y = offset / VNC_DIRTY_BPL(vs);
1070 x = offset % VNC_DIRTY_BPL(vs);
1071 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1072 VNC_DIRTY_BPL(vs), x);
1073 bitmap_clear(vs->dirty[y], x, x2 - x);
1074 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1075 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1076 if (x2 > x) {
1077 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1078 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1079 }
1080 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1081 y += h;
1082 if (y == height) {
1083 break;
1084 }
1085 }
1086 }
1087
1088 vnc_job_push(job);
1089 if (sync) {
1090 vnc_jobs_join(vs);
1091 }
1092 vs->force_update = 0;
1093 vs->has_dirty = 0;
1094 return n;
1095 }
1096
1097 if (vs->disconnecting) {
1098 vnc_disconnect_finish(vs);
1099 } else if (sync) {
1100 vnc_jobs_join(vs);
1101 }
1102
1103 return 0;
1104 }
1105
1106 /* audio */
1107 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1108 {
1109 VncState *vs = opaque;
1110
1111 switch (cmd) {
1112 case AUD_CNOTIFY_DISABLE:
1113 vnc_lock_output(vs);
1114 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1115 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1116 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1117 vnc_unlock_output(vs);
1118 vnc_flush(vs);
1119 break;
1120
1121 case AUD_CNOTIFY_ENABLE:
1122 vnc_lock_output(vs);
1123 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1124 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1125 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1126 vnc_unlock_output(vs);
1127 vnc_flush(vs);
1128 break;
1129 }
1130 }
1131
1132 static void audio_capture_destroy(void *opaque)
1133 {
1134 }
1135
1136 static void audio_capture(void *opaque, void *buf, int size)
1137 {
1138 VncState *vs = opaque;
1139
1140 vnc_lock_output(vs);
1141 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1142 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1143 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1144 vnc_write_u32(vs, size);
1145 vnc_write(vs, buf, size);
1146 vnc_unlock_output(vs);
1147 vnc_flush(vs);
1148 }
1149
1150 static void audio_add(VncState *vs)
1151 {
1152 struct audio_capture_ops ops;
1153
1154 if (vs->audio_cap) {
1155 error_report("audio already running");
1156 return;
1157 }
1158
1159 ops.notify = audio_capture_notify;
1160 ops.destroy = audio_capture_destroy;
1161 ops.capture = audio_capture;
1162
1163 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1164 if (!vs->audio_cap) {
1165 error_report("Failed to add audio capture");
1166 }
1167 }
1168
1169 static void audio_del(VncState *vs)
1170 {
1171 if (vs->audio_cap) {
1172 AUD_del_capture(vs->audio_cap, vs);
1173 vs->audio_cap = NULL;
1174 }
1175 }
1176
1177 static void vnc_disconnect_start(VncState *vs)
1178 {
1179 if (vs->disconnecting) {
1180 return;
1181 }
1182 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1183 if (vs->ioc_tag) {
1184 g_source_remove(vs->ioc_tag);
1185 }
1186 qio_channel_close(vs->ioc, NULL);
1187 vs->disconnecting = TRUE;
1188 }
1189
1190 void vnc_disconnect_finish(VncState *vs)
1191 {
1192 int i;
1193
1194 vnc_jobs_join(vs); /* Wait encoding jobs */
1195
1196 vnc_lock_output(vs);
1197 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1198
1199 buffer_free(&vs->input);
1200 buffer_free(&vs->output);
1201
1202 qapi_free_VncClientInfo(vs->info);
1203
1204 vnc_zlib_clear(vs);
1205 vnc_tight_clear(vs);
1206 vnc_zrle_clear(vs);
1207
1208 #ifdef CONFIG_VNC_SASL
1209 vnc_sasl_client_cleanup(vs);
1210 #endif /* CONFIG_VNC_SASL */
1211 audio_del(vs);
1212 vnc_release_modifiers(vs);
1213
1214 if (vs->initialized) {
1215 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1216 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1217 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1218 /* last client gone */
1219 vnc_update_server_surface(vs->vd);
1220 }
1221 }
1222
1223 if (vs->vd->lock_key_sync)
1224 qemu_remove_led_event_handler(vs->led);
1225 vnc_unlock_output(vs);
1226
1227 qemu_mutex_destroy(&vs->output_mutex);
1228 if (vs->bh != NULL) {
1229 qemu_bh_delete(vs->bh);
1230 }
1231 buffer_free(&vs->jobs_buffer);
1232
1233 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1234 g_free(vs->lossy_rect[i]);
1235 }
1236 g_free(vs->lossy_rect);
1237
1238 object_unref(OBJECT(vs->ioc));
1239 vs->ioc = NULL;
1240 object_unref(OBJECT(vs->sioc));
1241 vs->sioc = NULL;
1242 g_free(vs);
1243 }
1244
1245 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1246 {
1247 if (ret <= 0) {
1248 if (ret == 0) {
1249 VNC_DEBUG("Closing down client sock: EOF\n");
1250 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1251 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1252 ret, errp ? error_get_pretty(*errp) : "Unknown");
1253 }
1254
1255 vnc_disconnect_start(vs);
1256 if (errp) {
1257 error_free(*errp);
1258 *errp = NULL;
1259 }
1260 return 0;
1261 }
1262 return ret;
1263 }
1264
1265
1266 void vnc_client_error(VncState *vs)
1267 {
1268 VNC_DEBUG("Closing down client sock: protocol error\n");
1269 vnc_disconnect_start(vs);
1270 }
1271
1272
1273 /*
1274 * Called to write a chunk of data to the client socket. The data may
1275 * be the raw data, or may have already been encoded by SASL.
1276 * The data will be written either straight onto the socket, or
1277 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1278 *
1279 * NB, it is theoretically possible to have 2 layers of encryption,
1280 * both SASL, and this TLS layer. It is highly unlikely in practice
1281 * though, since SASL encryption will typically be a no-op if TLS
1282 * is active
1283 *
1284 * Returns the number of bytes written, which may be less than
1285 * the requested 'datalen' if the socket would block. Returns
1286 * -1 on error, and disconnects the client socket.
1287 */
1288 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1289 {
1290 Error *err = NULL;
1291 ssize_t ret;
1292 ret = qio_channel_write(
1293 vs->ioc, (const char *)data, datalen, &err);
1294 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1295 return vnc_client_io_error(vs, ret, &err);
1296 }
1297
1298
1299 /*
1300 * Called to write buffered data to the client socket, when not
1301 * using any SASL SSF encryption layers. Will write as much data
1302 * as possible without blocking. If all buffered data is written,
1303 * will switch the FD poll() handler back to read monitoring.
1304 *
1305 * Returns the number of bytes written, which may be less than
1306 * the buffered output data if the socket would block. Returns
1307 * -1 on error, and disconnects the client socket.
1308 */
1309 static ssize_t vnc_client_write_plain(VncState *vs)
1310 {
1311 ssize_t ret;
1312
1313 #ifdef CONFIG_VNC_SASL
1314 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1315 vs->output.buffer, vs->output.capacity, vs->output.offset,
1316 vs->sasl.waitWriteSSF);
1317
1318 if (vs->sasl.conn &&
1319 vs->sasl.runSSF &&
1320 vs->sasl.waitWriteSSF) {
1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1322 if (ret)
1323 vs->sasl.waitWriteSSF -= ret;
1324 } else
1325 #endif /* CONFIG_VNC_SASL */
1326 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1327 if (!ret)
1328 return 0;
1329
1330 buffer_advance(&vs->output, ret);
1331
1332 if (vs->output.offset == 0) {
1333 if (vs->ioc_tag) {
1334 g_source_remove(vs->ioc_tag);
1335 }
1336 vs->ioc_tag = qio_channel_add_watch(
1337 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1338 }
1339
1340 return ret;
1341 }
1342
1343
1344 /*
1345 * First function called whenever there is data to be written to
1346 * the client socket. Will delegate actual work according to whether
1347 * SASL SSF layers are enabled (thus requiring encryption calls)
1348 */
1349 static void vnc_client_write_locked(VncState *vs)
1350 {
1351 #ifdef CONFIG_VNC_SASL
1352 if (vs->sasl.conn &&
1353 vs->sasl.runSSF &&
1354 !vs->sasl.waitWriteSSF) {
1355 vnc_client_write_sasl(vs);
1356 } else
1357 #endif /* CONFIG_VNC_SASL */
1358 {
1359 vnc_client_write_plain(vs);
1360 }
1361 }
1362
1363 static void vnc_client_write(VncState *vs)
1364 {
1365
1366 vnc_lock_output(vs);
1367 if (vs->output.offset) {
1368 vnc_client_write_locked(vs);
1369 } else if (vs->ioc != NULL) {
1370 if (vs->ioc_tag) {
1371 g_source_remove(vs->ioc_tag);
1372 }
1373 vs->ioc_tag = qio_channel_add_watch(
1374 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1375 }
1376 vnc_unlock_output(vs);
1377 }
1378
1379 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1380 {
1381 vs->read_handler = func;
1382 vs->read_handler_expect = expecting;
1383 }
1384
1385
1386 /*
1387 * Called to read a chunk of data from the client socket. The data may
1388 * be the raw data, or may need to be further decoded by SASL.
1389 * The data will be read either straight from to the socket, or
1390 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1391 *
1392 * NB, it is theoretically possible to have 2 layers of encryption,
1393 * both SASL, and this TLS layer. It is highly unlikely in practice
1394 * though, since SASL encryption will typically be a no-op if TLS
1395 * is active
1396 *
1397 * Returns the number of bytes read, which may be less than
1398 * the requested 'datalen' if the socket would block. Returns
1399 * -1 on error, and disconnects the client socket.
1400 */
1401 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1402 {
1403 ssize_t ret;
1404 Error *err = NULL;
1405 ret = qio_channel_read(
1406 vs->ioc, (char *)data, datalen, &err);
1407 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1408 return vnc_client_io_error(vs, ret, &err);
1409 }
1410
1411
1412 /*
1413 * Called to read data from the client socket to the input buffer,
1414 * when not using any SASL SSF encryption layers. Will read as much
1415 * data as possible without blocking.
1416 *
1417 * Returns the number of bytes read. Returns -1 on error, and
1418 * disconnects the client socket.
1419 */
1420 static ssize_t vnc_client_read_plain(VncState *vs)
1421 {
1422 ssize_t ret;
1423 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1424 vs->input.buffer, vs->input.capacity, vs->input.offset);
1425 buffer_reserve(&vs->input, 4096);
1426 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1427 if (!ret)
1428 return 0;
1429 vs->input.offset += ret;
1430 return ret;
1431 }
1432
1433 static void vnc_jobs_bh(void *opaque)
1434 {
1435 VncState *vs = opaque;
1436
1437 vnc_jobs_consume_buffer(vs);
1438 }
1439
1440 /*
1441 * First function called whenever there is more data to be read from
1442 * the client socket. Will delegate actual work according to whether
1443 * SASL SSF layers are enabled (thus requiring decryption calls)
1444 * Returns 0 on success, -1 if client disconnected
1445 */
1446 static int vnc_client_read(VncState *vs)
1447 {
1448 ssize_t ret;
1449
1450 #ifdef CONFIG_VNC_SASL
1451 if (vs->sasl.conn && vs->sasl.runSSF)
1452 ret = vnc_client_read_sasl(vs);
1453 else
1454 #endif /* CONFIG_VNC_SASL */
1455 ret = vnc_client_read_plain(vs);
1456 if (!ret) {
1457 if (vs->disconnecting) {
1458 vnc_disconnect_finish(vs);
1459 return -1;
1460 }
1461 return 0;
1462 }
1463
1464 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1465 size_t len = vs->read_handler_expect;
1466 int ret;
1467
1468 ret = vs->read_handler(vs, vs->input.buffer, len);
1469 if (vs->disconnecting) {
1470 vnc_disconnect_finish(vs);
1471 return -1;
1472 }
1473
1474 if (!ret) {
1475 buffer_advance(&vs->input, len);
1476 } else {
1477 vs->read_handler_expect = ret;
1478 }
1479 }
1480 return 0;
1481 }
1482
1483 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1484 GIOCondition condition, void *opaque)
1485 {
1486 VncState *vs = opaque;
1487 if (condition & G_IO_IN) {
1488 if (vnc_client_read(vs) < 0) {
1489 return TRUE;
1490 }
1491 }
1492 if (condition & G_IO_OUT) {
1493 vnc_client_write(vs);
1494 }
1495 return TRUE;
1496 }
1497
1498
1499 void vnc_write(VncState *vs, const void *data, size_t len)
1500 {
1501 buffer_reserve(&vs->output, len);
1502
1503 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1504 if (vs->ioc_tag) {
1505 g_source_remove(vs->ioc_tag);
1506 }
1507 vs->ioc_tag = qio_channel_add_watch(
1508 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1509 }
1510
1511 buffer_append(&vs->output, data, len);
1512 }
1513
1514 void vnc_write_s32(VncState *vs, int32_t value)
1515 {
1516 vnc_write_u32(vs, *(uint32_t *)&value);
1517 }
1518
1519 void vnc_write_u32(VncState *vs, uint32_t value)
1520 {
1521 uint8_t buf[4];
1522
1523 buf[0] = (value >> 24) & 0xFF;
1524 buf[1] = (value >> 16) & 0xFF;
1525 buf[2] = (value >> 8) & 0xFF;
1526 buf[3] = value & 0xFF;
1527
1528 vnc_write(vs, buf, 4);
1529 }
1530
1531 void vnc_write_u16(VncState *vs, uint16_t value)
1532 {
1533 uint8_t buf[2];
1534
1535 buf[0] = (value >> 8) & 0xFF;
1536 buf[1] = value & 0xFF;
1537
1538 vnc_write(vs, buf, 2);
1539 }
1540
1541 void vnc_write_u8(VncState *vs, uint8_t value)
1542 {
1543 vnc_write(vs, (char *)&value, 1);
1544 }
1545
1546 void vnc_flush(VncState *vs)
1547 {
1548 vnc_lock_output(vs);
1549 if (vs->ioc != NULL && vs->output.offset) {
1550 vnc_client_write_locked(vs);
1551 }
1552 vnc_unlock_output(vs);
1553 }
1554
1555 static uint8_t read_u8(uint8_t *data, size_t offset)
1556 {
1557 return data[offset];
1558 }
1559
1560 static uint16_t read_u16(uint8_t *data, size_t offset)
1561 {
1562 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1563 }
1564
1565 static int32_t read_s32(uint8_t *data, size_t offset)
1566 {
1567 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1568 (data[offset + 2] << 8) | data[offset + 3]);
1569 }
1570
1571 uint32_t read_u32(uint8_t *data, size_t offset)
1572 {
1573 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1574 (data[offset + 2] << 8) | data[offset + 3]);
1575 }
1576
1577 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1578 {
1579 }
1580
1581 static void check_pointer_type_change(Notifier *notifier, void *data)
1582 {
1583 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1584 int absolute = qemu_input_is_absolute();
1585
1586 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1587 vnc_lock_output(vs);
1588 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1589 vnc_write_u8(vs, 0);
1590 vnc_write_u16(vs, 1);
1591 vnc_framebuffer_update(vs, absolute, 0,
1592 pixman_image_get_width(vs->vd->server),
1593 pixman_image_get_height(vs->vd->server),
1594 VNC_ENCODING_POINTER_TYPE_CHANGE);
1595 vnc_unlock_output(vs);
1596 vnc_flush(vs);
1597 }
1598 vs->absolute = absolute;
1599 }
1600
1601 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1602 {
1603 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1604 [INPUT_BUTTON_LEFT] = 0x01,
1605 [INPUT_BUTTON_MIDDLE] = 0x02,
1606 [INPUT_BUTTON_RIGHT] = 0x04,
1607 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1608 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1609 };
1610 QemuConsole *con = vs->vd->dcl.con;
1611 int width = pixman_image_get_width(vs->vd->server);
1612 int height = pixman_image_get_height(vs->vd->server);
1613
1614 if (vs->last_bmask != button_mask) {
1615 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1616 vs->last_bmask = button_mask;
1617 }
1618
1619 if (vs->absolute) {
1620 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1621 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1622 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1623 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1624 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1625 } else {
1626 if (vs->last_x != -1) {
1627 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1628 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1629 }
1630 vs->last_x = x;
1631 vs->last_y = y;
1632 }
1633 qemu_input_event_sync();
1634 }
1635
1636 static void reset_keys(VncState *vs)
1637 {
1638 int i;
1639 for(i = 0; i < 256; i++) {
1640 if (vs->modifiers_state[i]) {
1641 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1642 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1643 vs->modifiers_state[i] = 0;
1644 }
1645 }
1646 }
1647
1648 static void press_key(VncState *vs, int keysym)
1649 {
1650 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1651 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1652 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1653 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1654 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1655 }
1656
1657 static int current_led_state(VncState *vs)
1658 {
1659 int ledstate = 0;
1660
1661 if (vs->modifiers_state[0x46]) {
1662 ledstate |= QEMU_SCROLL_LOCK_LED;
1663 }
1664 if (vs->modifiers_state[0x45]) {
1665 ledstate |= QEMU_NUM_LOCK_LED;
1666 }
1667 if (vs->modifiers_state[0x3a]) {
1668 ledstate |= QEMU_CAPS_LOCK_LED;
1669 }
1670
1671 return ledstate;
1672 }
1673
1674 static void vnc_led_state_change(VncState *vs)
1675 {
1676 int ledstate = 0;
1677
1678 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1679 return;
1680 }
1681
1682 ledstate = current_led_state(vs);
1683 vnc_lock_output(vs);
1684 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1685 vnc_write_u8(vs, 0);
1686 vnc_write_u16(vs, 1);
1687 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1688 vnc_write_u8(vs, ledstate);
1689 vnc_unlock_output(vs);
1690 vnc_flush(vs);
1691 }
1692
1693 static void kbd_leds(void *opaque, int ledstate)
1694 {
1695 VncState *vs = opaque;
1696 int caps, num, scr;
1697 bool has_changed = (ledstate != current_led_state(vs));
1698
1699 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1700 (ledstate & QEMU_NUM_LOCK_LED),
1701 (ledstate & QEMU_SCROLL_LOCK_LED));
1702
1703 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1704 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1705 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1706
1707 if (vs->modifiers_state[0x3a] != caps) {
1708 vs->modifiers_state[0x3a] = caps;
1709 }
1710 if (vs->modifiers_state[0x45] != num) {
1711 vs->modifiers_state[0x45] = num;
1712 }
1713 if (vs->modifiers_state[0x46] != scr) {
1714 vs->modifiers_state[0x46] = scr;
1715 }
1716
1717 /* Sending the current led state message to the client */
1718 if (has_changed) {
1719 vnc_led_state_change(vs);
1720 }
1721 }
1722
1723 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1724 {
1725 /* QEMU console switch */
1726 switch(keycode) {
1727 case 0x2a: /* Left Shift */
1728 case 0x36: /* Right Shift */
1729 case 0x1d: /* Left CTRL */
1730 case 0x9d: /* Right CTRL */
1731 case 0x38: /* Left ALT */
1732 case 0xb8: /* Right ALT */
1733 if (down)
1734 vs->modifiers_state[keycode] = 1;
1735 else
1736 vs->modifiers_state[keycode] = 0;
1737 break;
1738 case 0x02 ... 0x0a: /* '1' to '9' keys */
1739 if (vs->vd->dcl.con == NULL &&
1740 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1741 /* Reset the modifiers sent to the current console */
1742 reset_keys(vs);
1743 console_select(keycode - 0x02);
1744 return;
1745 }
1746 break;
1747 case 0x3a: /* CapsLock */
1748 case 0x45: /* NumLock */
1749 if (down)
1750 vs->modifiers_state[keycode] ^= 1;
1751 break;
1752 }
1753
1754 /* Turn off the lock state sync logic if the client support the led
1755 state extension.
1756 */
1757 if (down && vs->vd->lock_key_sync &&
1758 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1759 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1760 /* If the numlock state needs to change then simulate an additional
1761 keypress before sending this one. This will happen if the user
1762 toggles numlock away from the VNC window.
1763 */
1764 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1765 if (!vs->modifiers_state[0x45]) {
1766 trace_vnc_key_sync_numlock(true);
1767 vs->modifiers_state[0x45] = 1;
1768 press_key(vs, 0xff7f);
1769 }
1770 } else {
1771 if (vs->modifiers_state[0x45]) {
1772 trace_vnc_key_sync_numlock(false);
1773 vs->modifiers_state[0x45] = 0;
1774 press_key(vs, 0xff7f);
1775 }
1776 }
1777 }
1778
1779 if (down && vs->vd->lock_key_sync &&
1780 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1781 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1782 /* If the capslock state needs to change then simulate an additional
1783 keypress before sending this one. This will happen if the user
1784 toggles capslock away from the VNC window.
1785 */
1786 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1787 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1788 int capslock = !!(vs->modifiers_state[0x3a]);
1789 if (capslock) {
1790 if (uppercase == shift) {
1791 trace_vnc_key_sync_capslock(false);
1792 vs->modifiers_state[0x3a] = 0;
1793 press_key(vs, 0xffe5);
1794 }
1795 } else {
1796 if (uppercase != shift) {
1797 trace_vnc_key_sync_capslock(true);
1798 vs->modifiers_state[0x3a] = 1;
1799 press_key(vs, 0xffe5);
1800 }
1801 }
1802 }
1803
1804 if (qemu_console_is_graphic(NULL)) {
1805 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1806 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1807 } else {
1808 bool numlock = vs->modifiers_state[0x45];
1809 bool control = (vs->modifiers_state[0x1d] ||
1810 vs->modifiers_state[0x9d]);
1811 /* QEMU console emulation */
1812 if (down) {
1813 switch (keycode) {
1814 case 0x2a: /* Left Shift */
1815 case 0x36: /* Right Shift */
1816 case 0x1d: /* Left CTRL */
1817 case 0x9d: /* Right CTRL */
1818 case 0x38: /* Left ALT */
1819 case 0xb8: /* Right ALT */
1820 break;
1821 case 0xc8:
1822 kbd_put_keysym(QEMU_KEY_UP);
1823 break;
1824 case 0xd0:
1825 kbd_put_keysym(QEMU_KEY_DOWN);
1826 break;
1827 case 0xcb:
1828 kbd_put_keysym(QEMU_KEY_LEFT);
1829 break;
1830 case 0xcd:
1831 kbd_put_keysym(QEMU_KEY_RIGHT);
1832 break;
1833 case 0xd3:
1834 kbd_put_keysym(QEMU_KEY_DELETE);
1835 break;
1836 case 0xc7:
1837 kbd_put_keysym(QEMU_KEY_HOME);
1838 break;
1839 case 0xcf:
1840 kbd_put_keysym(QEMU_KEY_END);
1841 break;
1842 case 0xc9:
1843 kbd_put_keysym(QEMU_KEY_PAGEUP);
1844 break;
1845 case 0xd1:
1846 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1847 break;
1848
1849 case 0x47:
1850 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1851 break;
1852 case 0x48:
1853 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1854 break;
1855 case 0x49:
1856 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1857 break;
1858 case 0x4b:
1859 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1860 break;
1861 case 0x4c:
1862 kbd_put_keysym('5');
1863 break;
1864 case 0x4d:
1865 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1866 break;
1867 case 0x4f:
1868 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1869 break;
1870 case 0x50:
1871 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1872 break;
1873 case 0x51:
1874 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1875 break;
1876 case 0x52:
1877 kbd_put_keysym('0');
1878 break;
1879 case 0x53:
1880 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1881 break;
1882
1883 case 0xb5:
1884 kbd_put_keysym('/');
1885 break;
1886 case 0x37:
1887 kbd_put_keysym('*');
1888 break;
1889 case 0x4a:
1890 kbd_put_keysym('-');
1891 break;
1892 case 0x4e:
1893 kbd_put_keysym('+');
1894 break;
1895 case 0x9c:
1896 kbd_put_keysym('\n');
1897 break;
1898
1899 default:
1900 if (control) {
1901 kbd_put_keysym(sym & 0x1f);
1902 } else {
1903 kbd_put_keysym(sym);
1904 }
1905 break;
1906 }
1907 }
1908 }
1909 }
1910
1911 static void vnc_release_modifiers(VncState *vs)
1912 {
1913 static const int keycodes[] = {
1914 /* shift, control, alt keys, both left & right */
1915 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1916 };
1917 int i, keycode;
1918
1919 if (!qemu_console_is_graphic(NULL)) {
1920 return;
1921 }
1922 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1923 keycode = keycodes[i];
1924 if (!vs->modifiers_state[keycode]) {
1925 continue;
1926 }
1927 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1928 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1929 }
1930 }
1931
1932 static const char *code2name(int keycode)
1933 {
1934 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1935 }
1936
1937 static void key_event(VncState *vs, int down, uint32_t sym)
1938 {
1939 int keycode;
1940 int lsym = sym;
1941
1942 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1943 lsym = lsym - 'A' + 'a';
1944 }
1945
1946 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1947 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1948 do_key_event(vs, down, keycode, sym);
1949 }
1950
1951 static void ext_key_event(VncState *vs, int down,
1952 uint32_t sym, uint16_t keycode)
1953 {
1954 /* if the user specifies a keyboard layout, always use it */
1955 if (keyboard_layout) {
1956 key_event(vs, down, sym);
1957 } else {
1958 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1959 do_key_event(vs, down, keycode, sym);
1960 }
1961 }
1962
1963 static void framebuffer_update_request(VncState *vs, int incremental,
1964 int x, int y, int w, int h)
1965 {
1966 vs->need_update = 1;
1967
1968 if (incremental) {
1969 return;
1970 }
1971
1972 vs->force_update = 1;
1973 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1974 }
1975
1976 static void send_ext_key_event_ack(VncState *vs)
1977 {
1978 vnc_lock_output(vs);
1979 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1980 vnc_write_u8(vs, 0);
1981 vnc_write_u16(vs, 1);
1982 vnc_framebuffer_update(vs, 0, 0,
1983 pixman_image_get_width(vs->vd->server),
1984 pixman_image_get_height(vs->vd->server),
1985 VNC_ENCODING_EXT_KEY_EVENT);
1986 vnc_unlock_output(vs);
1987 vnc_flush(vs);
1988 }
1989
1990 static void send_ext_audio_ack(VncState *vs)
1991 {
1992 vnc_lock_output(vs);
1993 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1994 vnc_write_u8(vs, 0);
1995 vnc_write_u16(vs, 1);
1996 vnc_framebuffer_update(vs, 0, 0,
1997 pixman_image_get_width(vs->vd->server),
1998 pixman_image_get_height(vs->vd->server),
1999 VNC_ENCODING_AUDIO);
2000 vnc_unlock_output(vs);
2001 vnc_flush(vs);
2002 }
2003
2004 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2005 {
2006 int i;
2007 unsigned int enc = 0;
2008
2009 vs->features = 0;
2010 vs->vnc_encoding = 0;
2011 vs->tight.compression = 9;
2012 vs->tight.quality = -1; /* Lossless by default */
2013 vs->absolute = -1;
2014
2015 /*
2016 * Start from the end because the encodings are sent in order of preference.
2017 * This way the preferred encoding (first encoding defined in the array)
2018 * will be set at the end of the loop.
2019 */
2020 for (i = n_encodings - 1; i >= 0; i--) {
2021 enc = encodings[i];
2022 switch (enc) {
2023 case VNC_ENCODING_RAW:
2024 vs->vnc_encoding = enc;
2025 break;
2026 case VNC_ENCODING_COPYRECT:
2027 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2028 break;
2029 case VNC_ENCODING_HEXTILE:
2030 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2031 vs->vnc_encoding = enc;
2032 break;
2033 case VNC_ENCODING_TIGHT:
2034 vs->features |= VNC_FEATURE_TIGHT_MASK;
2035 vs->vnc_encoding = enc;
2036 break;
2037 #ifdef CONFIG_VNC_PNG
2038 case VNC_ENCODING_TIGHT_PNG:
2039 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2040 vs->vnc_encoding = enc;
2041 break;
2042 #endif
2043 case VNC_ENCODING_ZLIB:
2044 vs->features |= VNC_FEATURE_ZLIB_MASK;
2045 vs->vnc_encoding = enc;
2046 break;
2047 case VNC_ENCODING_ZRLE:
2048 vs->features |= VNC_FEATURE_ZRLE_MASK;
2049 vs->vnc_encoding = enc;
2050 break;
2051 case VNC_ENCODING_ZYWRLE:
2052 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2053 vs->vnc_encoding = enc;
2054 break;
2055 case VNC_ENCODING_DESKTOPRESIZE:
2056 vs->features |= VNC_FEATURE_RESIZE_MASK;
2057 break;
2058 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2059 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2060 break;
2061 case VNC_ENCODING_RICH_CURSOR:
2062 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2063 if (vs->vd->cursor) {
2064 vnc_cursor_define(vs);
2065 }
2066 break;
2067 case VNC_ENCODING_EXT_KEY_EVENT:
2068 send_ext_key_event_ack(vs);
2069 break;
2070 case VNC_ENCODING_AUDIO:
2071 send_ext_audio_ack(vs);
2072 break;
2073 case VNC_ENCODING_WMVi:
2074 vs->features |= VNC_FEATURE_WMVI_MASK;
2075 break;
2076 case VNC_ENCODING_LED_STATE:
2077 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2078 break;
2079 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2080 vs->tight.compression = (enc & 0x0F);
2081 break;
2082 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2083 if (vs->vd->lossy) {
2084 vs->tight.quality = (enc & 0x0F);
2085 }
2086 break;
2087 default:
2088 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2089 break;
2090 }
2091 }
2092 vnc_desktop_resize(vs);
2093 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2094 vnc_led_state_change(vs);
2095 }
2096
2097 static void set_pixel_conversion(VncState *vs)
2098 {
2099 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2100
2101 if (fmt == VNC_SERVER_FB_FORMAT) {
2102 vs->write_pixels = vnc_write_pixels_copy;
2103 vnc_hextile_set_pixel_conversion(vs, 0);
2104 } else {
2105 vs->write_pixels = vnc_write_pixels_generic;
2106 vnc_hextile_set_pixel_conversion(vs, 1);
2107 }
2108 }
2109
2110 static void send_color_map(VncState *vs)
2111 {
2112 int i;
2113
2114 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2115 vnc_write_u8(vs, 0); /* padding */
2116 vnc_write_u16(vs, 0); /* first color */
2117 vnc_write_u16(vs, 256); /* # of colors */
2118
2119 for (i = 0; i < 256; i++) {
2120 PixelFormat *pf = &vs->client_pf;
2121
2122 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2123 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2124 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2125 }
2126 }
2127
2128 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2129 int big_endian_flag, int true_color_flag,
2130 int red_max, int green_max, int blue_max,
2131 int red_shift, int green_shift, int blue_shift)
2132 {
2133 if (!true_color_flag) {
2134 /* Expose a reasonable default 256 color map */
2135 bits_per_pixel = 8;
2136 red_max = 7;
2137 green_max = 7;
2138 blue_max = 3;
2139 red_shift = 0;
2140 green_shift = 3;
2141 blue_shift = 6;
2142 }
2143
2144 switch (bits_per_pixel) {
2145 case 8:
2146 case 16:
2147 case 32:
2148 break;
2149 default:
2150 vnc_client_error(vs);
2151 return;
2152 }
2153
2154 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2155 vs->client_pf.rbits = hweight_long(red_max);
2156 vs->client_pf.rshift = red_shift;
2157 vs->client_pf.rmask = red_max << red_shift;
2158 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2159 vs->client_pf.gbits = hweight_long(green_max);
2160 vs->client_pf.gshift = green_shift;
2161 vs->client_pf.gmask = green_max << green_shift;
2162 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2163 vs->client_pf.bbits = hweight_long(blue_max);
2164 vs->client_pf.bshift = blue_shift;
2165 vs->client_pf.bmask = blue_max << blue_shift;
2166 vs->client_pf.bits_per_pixel = bits_per_pixel;
2167 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2168 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2169 vs->client_be = big_endian_flag;
2170
2171 if (!true_color_flag) {
2172 send_color_map(vs);
2173 }
2174
2175 set_pixel_conversion(vs);
2176
2177 graphic_hw_invalidate(vs->vd->dcl.con);
2178 graphic_hw_update(vs->vd->dcl.con);
2179 }
2180
2181 static void pixel_format_message (VncState *vs) {
2182 char pad[3] = { 0, 0, 0 };
2183
2184 vs->client_pf = qemu_default_pixelformat(32);
2185
2186 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2187 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2188
2189 #ifdef HOST_WORDS_BIGENDIAN
2190 vnc_write_u8(vs, 1); /* big-endian-flag */
2191 #else
2192 vnc_write_u8(vs, 0); /* big-endian-flag */
2193 #endif
2194 vnc_write_u8(vs, 1); /* true-color-flag */
2195 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2196 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2197 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2198 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2199 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2200 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2201 vnc_write(vs, pad, 3); /* padding */
2202
2203 vnc_hextile_set_pixel_conversion(vs, 0);
2204 vs->write_pixels = vnc_write_pixels_copy;
2205 }
2206
2207 static void vnc_colordepth(VncState *vs)
2208 {
2209 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2210 /* Sending a WMVi message to notify the client*/
2211 vnc_lock_output(vs);
2212 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2213 vnc_write_u8(vs, 0);
2214 vnc_write_u16(vs, 1); /* number of rects */
2215 vnc_framebuffer_update(vs, 0, 0,
2216 pixman_image_get_width(vs->vd->server),
2217 pixman_image_get_height(vs->vd->server),
2218 VNC_ENCODING_WMVi);
2219 pixel_format_message(vs);
2220 vnc_unlock_output(vs);
2221 vnc_flush(vs);
2222 } else {
2223 set_pixel_conversion(vs);
2224 }
2225 }
2226
2227 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2228 {
2229 int i;
2230 uint16_t limit;
2231 VncDisplay *vd = vs->vd;
2232
2233 if (data[0] > 3) {
2234 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2235 }
2236
2237 switch (data[0]) {
2238 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2239 if (len == 1)
2240 return 20;
2241
2242 set_pixel_format(vs, read_u8(data, 4),
2243 read_u8(data, 6), read_u8(data, 7),
2244 read_u16(data, 8), read_u16(data, 10),
2245 read_u16(data, 12), read_u8(data, 14),
2246 read_u8(data, 15), read_u8(data, 16));
2247 break;
2248 case VNC_MSG_CLIENT_SET_ENCODINGS:
2249 if (len == 1)
2250 return 4;
2251
2252 if (len == 4) {
2253 limit = read_u16(data, 2);
2254 if (limit > 0)
2255 return 4 + (limit * 4);
2256 } else
2257 limit = read_u16(data, 2);
2258
2259 for (i = 0; i < limit; i++) {
2260 int32_t val = read_s32(data, 4 + (i * 4));
2261 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2262 }
2263
2264 set_encodings(vs, (int32_t *)(data + 4), limit);
2265 break;
2266 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2267 if (len == 1)
2268 return 10;
2269
2270 framebuffer_update_request(vs,
2271 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2272 read_u16(data, 6), read_u16(data, 8));
2273 break;
2274 case VNC_MSG_CLIENT_KEY_EVENT:
2275 if (len == 1)
2276 return 8;
2277
2278 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2279 break;
2280 case VNC_MSG_CLIENT_POINTER_EVENT:
2281 if (len == 1)
2282 return 6;
2283
2284 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2285 break;
2286 case VNC_MSG_CLIENT_CUT_TEXT:
2287 if (len == 1) {
2288 return 8;
2289 }
2290 if (len == 8) {
2291 uint32_t dlen = read_u32(data, 4);
2292 if (dlen > (1 << 20)) {
2293 error_report("vnc: client_cut_text msg payload has %u bytes"
2294 " which exceeds our limit of 1MB.", dlen);
2295 vnc_client_error(vs);
2296 break;
2297 }
2298 if (dlen > 0) {
2299 return 8 + dlen;
2300 }
2301 }
2302
2303 client_cut_text(vs, read_u32(data, 4), data + 8);
2304 break;
2305 case VNC_MSG_CLIENT_QEMU:
2306 if (len == 1)
2307 return 2;
2308
2309 switch (read_u8(data, 1)) {
2310 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2311 if (len == 2)
2312 return 12;
2313
2314 ext_key_event(vs, read_u16(data, 2),
2315 read_u32(data, 4), read_u32(data, 8));
2316 break;
2317 case VNC_MSG_CLIENT_QEMU_AUDIO:
2318 if (len == 2)
2319 return 4;
2320
2321 switch (read_u16 (data, 2)) {
2322 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2323 audio_add(vs);
2324 break;
2325 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2326 audio_del(vs);
2327 break;
2328 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2329 if (len == 4)
2330 return 10;
2331 switch (read_u8(data, 4)) {
2332 case 0: vs->as.fmt = AUD_FMT_U8; break;
2333 case 1: vs->as.fmt = AUD_FMT_S8; break;
2334 case 2: vs->as.fmt = AUD_FMT_U16; break;
2335 case 3: vs->as.fmt = AUD_FMT_S16; break;
2336 case 4: vs->as.fmt = AUD_FMT_U32; break;
2337 case 5: vs->as.fmt = AUD_FMT_S32; break;
2338 default:
2339 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2340 vnc_client_error(vs);
2341 break;
2342 }
2343 vs->as.nchannels = read_u8(data, 5);
2344 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2345 VNC_DEBUG("Invalid audio channel coount %d\n",
2346 read_u8(data, 5));
2347 vnc_client_error(vs);
2348 break;
2349 }
2350 vs->as.freq = read_u32(data, 6);
2351 break;
2352 default:
2353 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2354 vnc_client_error(vs);
2355 break;
2356 }
2357 break;
2358
2359 default:
2360 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2361 vnc_client_error(vs);
2362 break;
2363 }
2364 break;
2365 default:
2366 VNC_DEBUG("Msg: %d\n", data[0]);
2367 vnc_client_error(vs);
2368 break;
2369 }
2370
2371 vnc_read_when(vs, protocol_client_msg, 1);
2372 return 0;
2373 }
2374
2375 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2376 {
2377 char buf[1024];
2378 VncShareMode mode;
2379 int size;
2380
2381 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2382 switch (vs->vd->share_policy) {
2383 case VNC_SHARE_POLICY_IGNORE:
2384 /*
2385 * Ignore the shared flag. Nothing to do here.
2386 *
2387 * Doesn't conform to the rfb spec but is traditional qemu
2388 * behavior, thus left here as option for compatibility
2389 * reasons.
2390 */
2391 break;
2392 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2393 /*
2394 * Policy: Allow clients ask for exclusive access.
2395 *
2396 * Implementation: When a client asks for exclusive access,
2397 * disconnect all others. Shared connects are allowed as long
2398 * as no exclusive connection exists.
2399 *
2400 * This is how the rfb spec suggests to handle the shared flag.
2401 */
2402 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2403 VncState *client;
2404 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2405 if (vs == client) {
2406 continue;
2407 }
2408 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2409 client->share_mode != VNC_SHARE_MODE_SHARED) {
2410 continue;
2411 }
2412 vnc_disconnect_start(client);
2413 }
2414 }
2415 if (mode == VNC_SHARE_MODE_SHARED) {
2416 if (vs->vd->num_exclusive > 0) {
2417 vnc_disconnect_start(vs);
2418 return 0;
2419 }
2420 }
2421 break;
2422 case VNC_SHARE_POLICY_FORCE_SHARED:
2423 /*
2424 * Policy: Shared connects only.
2425 * Implementation: Disallow clients asking for exclusive access.
2426 *
2427 * Useful for shared desktop sessions where you don't want
2428 * someone forgetting to say -shared when running the vnc
2429 * client disconnect everybody else.
2430 */
2431 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2432 vnc_disconnect_start(vs);
2433 return 0;
2434 }
2435 break;
2436 }
2437 vnc_set_share_mode(vs, mode);
2438
2439 if (vs->vd->num_shared > vs->vd->connections_limit) {
2440 vnc_disconnect_start(vs);
2441 return 0;
2442 }
2443
2444 vs->client_width = pixman_image_get_width(vs->vd->server);
2445 vs->client_height = pixman_image_get_height(vs->vd->server);
2446 vnc_write_u16(vs, vs->client_width);
2447 vnc_write_u16(vs, vs->client_height);
2448
2449 pixel_format_message(vs);
2450
2451 if (qemu_name)
2452 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2453 else
2454 size = snprintf(buf, sizeof(buf), "QEMU");
2455
2456 vnc_write_u32(vs, size);
2457 vnc_write(vs, buf, size);
2458 vnc_flush(vs);
2459
2460 vnc_client_cache_auth(vs);
2461 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2462
2463 vnc_read_when(vs, protocol_client_msg, 1);
2464
2465 return 0;
2466 }
2467
2468 void start_client_init(VncState *vs)
2469 {
2470 vnc_read_when(vs, protocol_client_init, 1);
2471 }
2472
2473 static void make_challenge(VncState *vs)
2474 {
2475 int i;
2476
2477 srand(time(NULL)+getpid()+getpid()*987654+rand());
2478
2479 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2480 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2481 }
2482
2483 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2484 {
2485 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2486 size_t i, pwlen;
2487 unsigned char key[8];
2488 time_t now = time(NULL);
2489 QCryptoCipher *cipher = NULL;
2490 Error *err = NULL;
2491
2492 if (!vs->vd->password) {
2493 VNC_DEBUG("No password configured on server");
2494 goto reject;
2495 }
2496 if (vs->vd->expires < now) {
2497 VNC_DEBUG("Password is expired");
2498 goto reject;
2499 }
2500
2501 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2502
2503 /* Calculate the expected challenge response */
2504 pwlen = strlen(vs->vd->password);
2505 for (i=0; i<sizeof(key); i++)
2506 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2507
2508 cipher = qcrypto_cipher_new(
2509 QCRYPTO_CIPHER_ALG_DES_RFB,
2510 QCRYPTO_CIPHER_MODE_ECB,
2511 key, G_N_ELEMENTS(key),
2512 &err);
2513 if (!cipher) {
2514 VNC_DEBUG("Cannot initialize cipher %s",
2515 error_get_pretty(err));
2516 error_free(err);
2517 goto reject;
2518 }
2519
2520 if (qcrypto_cipher_encrypt(cipher,
2521 vs->challenge,
2522 response,
2523 VNC_AUTH_CHALLENGE_SIZE,
2524 &err) < 0) {
2525 VNC_DEBUG("Cannot encrypt challenge %s",
2526 error_get_pretty(err));
2527 error_free(err);
2528 goto reject;
2529 }
2530
2531 /* Compare expected vs actual challenge response */
2532 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2533 VNC_DEBUG("Client challenge response did not match\n");
2534 goto reject;
2535 } else {
2536 VNC_DEBUG("Accepting VNC challenge response\n");
2537 vnc_write_u32(vs, 0); /* Accept auth */
2538 vnc_flush(vs);
2539
2540 start_client_init(vs);
2541 }
2542
2543 qcrypto_cipher_free(cipher);
2544 return 0;
2545
2546 reject:
2547 vnc_write_u32(vs, 1); /* Reject auth */
2548 if (vs->minor >= 8) {
2549 static const char err[] = "Authentication failed";
2550 vnc_write_u32(vs, sizeof(err));
2551 vnc_write(vs, err, sizeof(err));
2552 }
2553 vnc_flush(vs);
2554 vnc_client_error(vs);
2555 qcrypto_cipher_free(cipher);
2556 return 0;
2557 }
2558
2559 void start_auth_vnc(VncState *vs)
2560 {
2561 make_challenge(vs);
2562 /* Send client a 'random' challenge */
2563 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2564 vnc_flush(vs);
2565
2566 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2567 }
2568
2569
2570 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2571 {
2572 /* We only advertise 1 auth scheme at a time, so client
2573 * must pick the one we sent. Verify this */
2574 if (data[0] != vs->auth) { /* Reject auth */
2575 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2576 vnc_write_u32(vs, 1);
2577 if (vs->minor >= 8) {
2578 static const char err[] = "Authentication failed";
2579 vnc_write_u32(vs, sizeof(err));
2580 vnc_write(vs, err, sizeof(err));
2581 }
2582 vnc_client_error(vs);
2583 } else { /* Accept requested auth */
2584 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2585 switch (vs->auth) {
2586 case VNC_AUTH_NONE:
2587 VNC_DEBUG("Accept auth none\n");
2588 if (vs->minor >= 8) {
2589 vnc_write_u32(vs, 0); /* Accept auth completion */
2590 vnc_flush(vs);
2591 }
2592 start_client_init(vs);
2593 break;
2594
2595 case VNC_AUTH_VNC:
2596 VNC_DEBUG("Start VNC auth\n");
2597 start_auth_vnc(vs);
2598 break;
2599
2600 case VNC_AUTH_VENCRYPT:
2601 VNC_DEBUG("Accept VeNCrypt auth\n");
2602 start_auth_vencrypt(vs);
2603 break;
2604
2605 #ifdef CONFIG_VNC_SASL
2606 case VNC_AUTH_SASL:
2607 VNC_DEBUG("Accept SASL auth\n");
2608 start_auth_sasl(vs);
2609 break;
2610 #endif /* CONFIG_VNC_SASL */
2611
2612 default: /* Should not be possible, but just in case */
2613 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2614 vnc_write_u8(vs, 1);
2615 if (vs->minor >= 8) {
2616 static const char err[] = "Authentication failed";
2617 vnc_write_u32(vs, sizeof(err));
2618 vnc_write(vs, err, sizeof(err));
2619 }
2620 vnc_client_error(vs);
2621 }
2622 }
2623 return 0;
2624 }
2625
2626 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2627 {
2628 char local[13];
2629
2630 memcpy(local, version, 12);
2631 local[12] = 0;
2632
2633 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2634 VNC_DEBUG("Malformed protocol version %s\n", local);
2635 vnc_client_error(vs);
2636 return 0;
2637 }
2638 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2639 if (vs->major != 3 ||
2640 (vs->minor != 3 &&
2641 vs->minor != 4 &&
2642 vs->minor != 5 &&
2643 vs->minor != 7 &&
2644 vs->minor != 8)) {
2645 VNC_DEBUG("Unsupported client version\n");
2646 vnc_write_u32(vs, VNC_AUTH_INVALID);
2647 vnc_flush(vs);
2648 vnc_client_error(vs);
2649 return 0;
2650 }
2651 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2652 * as equivalent to v3.3 by servers
2653 */
2654 if (vs->minor == 4 || vs->minor == 5)
2655 vs->minor = 3;
2656
2657 if (vs->minor == 3) {
2658 if (vs->auth == VNC_AUTH_NONE) {
2659 VNC_DEBUG("Tell client auth none\n");
2660 vnc_write_u32(vs, vs->auth);
2661 vnc_flush(vs);
2662 start_client_init(vs);
2663 } else if (vs->auth == VNC_AUTH_VNC) {
2664 VNC_DEBUG("Tell client VNC auth\n");
2665 vnc_write_u32(vs, vs->auth);
2666 vnc_flush(vs);
2667 start_auth_vnc(vs);
2668 } else {
2669 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2670 vnc_write_u32(vs, VNC_AUTH_INVALID);
2671 vnc_flush(vs);
2672 vnc_client_error(vs);
2673 }
2674 } else {
2675 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2676 vnc_write_u8(vs, 1); /* num auth */
2677 vnc_write_u8(vs, vs->auth);
2678 vnc_read_when(vs, protocol_client_auth, 1);
2679 vnc_flush(vs);
2680 }
2681
2682 return 0;
2683 }
2684
2685 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2686 {
2687 struct VncSurface *vs = &vd->guest;
2688
2689 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2690 }
2691
2692 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2693 {
2694 int i, j;
2695
2696 w = (x + w) / VNC_STAT_RECT;
2697 h = (y + h) / VNC_STAT_RECT;
2698 x /= VNC_STAT_RECT;
2699 y /= VNC_STAT_RECT;
2700
2701 for (j = y; j <= h; j++) {
2702 for (i = x; i <= w; i++) {
2703 vs->lossy_rect[j][i] = 1;
2704 }
2705 }
2706 }
2707
2708 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2709 {
2710 VncState *vs;
2711 int sty = y / VNC_STAT_RECT;
2712 int stx = x / VNC_STAT_RECT;
2713 int has_dirty = 0;
2714
2715 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2716 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2717
2718 QTAILQ_FOREACH(vs, &vd->clients, next) {
2719 int j;
2720
2721 /* kernel send buffers are full -> refresh later */
2722 if (vs->output.offset) {
2723 continue;
2724 }
2725
2726 if (!vs->lossy_rect[sty][stx]) {
2727 continue;
2728 }
2729
2730 vs->lossy_rect[sty][stx] = 0;
2731 for (j = 0; j < VNC_STAT_RECT; ++j) {
2732 bitmap_set(vs->dirty[y + j],
2733 x / VNC_DIRTY_PIXELS_PER_BIT,
2734 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2735 }
2736 has_dirty++;
2737 }
2738
2739 return has_dirty;
2740 }
2741
2742 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2743 {
2744 int width = pixman_image_get_width(vd->guest.fb);
2745 int height = pixman_image_get_height(vd->guest.fb);
2746 int x, y;
2747 struct timeval res;
2748 int has_dirty = 0;
2749
2750 for (y = 0; y < height; y += VNC_STAT_RECT) {
2751 for (x = 0; x < width; x += VNC_STAT_RECT) {
2752 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2753
2754 rect->updated = false;
2755 }
2756 }
2757
2758 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2759
2760 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2761 return has_dirty;
2762 }
2763 vd->guest.last_freq_check = *tv;
2764
2765 for (y = 0; y < height; y += VNC_STAT_RECT) {
2766 for (x = 0; x < width; x += VNC_STAT_RECT) {
2767 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2768 int count = ARRAY_SIZE(rect->times);
2769 struct timeval min, max;
2770
2771 if (!timerisset(&rect->times[count - 1])) {
2772 continue ;
2773 }
2774
2775 max = rect->times[(rect->idx + count - 1) % count];
2776 qemu_timersub(tv, &max, &res);
2777
2778 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2779 rect->freq = 0;
2780 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2781 memset(rect->times, 0, sizeof (rect->times));
2782 continue ;
2783 }
2784
2785 min = rect->times[rect->idx];
2786 max = rect->times[(rect->idx + count - 1) % count];
2787 qemu_timersub(&max, &min, &res);
2788
2789 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2790 rect->freq /= count;
2791 rect->freq = 1. / rect->freq;
2792 }
2793 }
2794 return has_dirty;
2795 }
2796
2797 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2798 {
2799 int i, j;
2800 double total = 0;
2801 int num = 0;
2802
2803 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2804 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2805
2806 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2807 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2808 total += vnc_stat_rect(vs->vd, i, j)->freq;
2809 num++;
2810 }
2811 }
2812
2813 if (num) {
2814 return total / num;
2815 } else {
2816 return 0;
2817 }
2818 }
2819
2820 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2821 {
2822 VncRectStat *rect;
2823
2824 rect = vnc_stat_rect(vd, x, y);
2825 if (rect->updated) {
2826 return ;
2827 }
2828 rect->times[rect->idx] = *tv;
2829 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2830 rect->updated = true;
2831 }
2832
2833 static int vnc_refresh_server_surface(VncDisplay *vd)
2834 {
2835 int width = MIN(pixman_image_get_width(vd->guest.fb),
2836 pixman_image_get_width(vd->server));
2837 int height = MIN(pixman_image_get_height(vd->guest.fb),
2838 pixman_image_get_height(vd->server));
2839 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2840 uint8_t *guest_row0 = NULL, *server_row0;
2841 VncState *vs;
2842 int has_dirty = 0;
2843 pixman_image_t *tmpbuf = NULL;
2844
2845 struct timeval tv = { 0, 0 };
2846
2847 if (!vd->non_adaptive) {
2848 gettimeofday(&tv, NULL);
2849 has_dirty = vnc_update_stats(vd, &tv);
2850 }
2851
2852 /*
2853 * Walk through the guest dirty map.
2854 * Check and copy modified bits from guest to server surface.
2855 * Update server dirty map.
2856 */
2857 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2858 server_stride = guest_stride = guest_ll =
2859 pixman_image_get_stride(vd->server);
2860 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2861 server_stride);
2862 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2863 int width = pixman_image_get_width(vd->server);
2864 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2865 } else {
2866 int guest_bpp =
2867 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2868 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2869 guest_stride = pixman_image_get_stride(vd->guest.fb);
2870 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2871 }
2872 line_bytes = MIN(server_stride, guest_ll);
2873
2874 for (;;) {
2875 int x;
2876 uint8_t *guest_ptr, *server_ptr;
2877 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2878 height * VNC_DIRTY_BPL(&vd->guest),
2879 y * VNC_DIRTY_BPL(&vd->guest));
2880 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2881 /* no more dirty bits */
2882 break;
2883 }
2884 y = offset / VNC_DIRTY_BPL(&vd->guest);
2885 x = offset % VNC_DIRTY_BPL(&vd->guest);
2886
2887 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2888
2889 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2890 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2891 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2892 } else {
2893 guest_ptr = guest_row0 + y * guest_stride;
2894 }
2895 guest_ptr += x * cmp_bytes;
2896
2897 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2898 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2899 int _cmp_bytes = cmp_bytes;
2900 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2901 continue;
2902 }
2903 if ((x + 1) * cmp_bytes > line_bytes) {
2904 _cmp_bytes = line_bytes - x * cmp_bytes;
2905 }
2906 assert(_cmp_bytes >= 0);
2907 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2908 continue;
2909 }
2910 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2911 if (!vd->non_adaptive) {
2912 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2913 y, &tv);
2914 }
2915 QTAILQ_FOREACH(vs, &vd->clients, next) {
2916 set_bit(x, vs->dirty[y]);
2917 }
2918 has_dirty++;
2919 }
2920
2921 y++;
2922 }
2923 qemu_pixman_image_unref(tmpbuf);
2924 return has_dirty;
2925 }
2926
2927 static void vnc_refresh(DisplayChangeListener *dcl)
2928 {
2929 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2930 VncState *vs, *vn;
2931 int has_dirty, rects = 0;
2932
2933 if (QTAILQ_EMPTY(&vd->clients)) {
2934 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2935 return;
2936 }
2937
2938 graphic_hw_update(vd->dcl.con);
2939
2940 if (vnc_trylock_display(vd)) {
2941 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2942 return;
2943 }
2944
2945 has_dirty = vnc_refresh_server_surface(vd);
2946 vnc_unlock_display(vd);
2947
2948 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2949 rects += vnc_update_client(vs, has_dirty, false);
2950 /* vs might be free()ed here */
2951 }
2952
2953 if (has_dirty && rects) {
2954 vd->dcl.update_interval /= 2;
2955 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2956 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2957 }
2958 } else {
2959 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2960 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2961 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2962 }
2963 }
2964 }
2965
2966 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2967 bool skipauth, bool websocket)
2968 {
2969 VncState *vs = g_new0(VncState, 1);
2970 int i;
2971
2972 vs->sioc = sioc;
2973 object_ref(OBJECT(vs->sioc));
2974 vs->ioc = QIO_CHANNEL(sioc);
2975 object_ref(OBJECT(vs->ioc));
2976 vs->vd = vd;
2977
2978 buffer_init(&vs->input, "vnc-input/%p", sioc);
2979 buffer_init(&vs->output, "vnc-output/%p", sioc);
2980 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2981
2982 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2983 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2984 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2985 #ifdef CONFIG_VNC_JPEG
2986 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2987 #endif
2988 #ifdef CONFIG_VNC_PNG
2989 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2990 #endif
2991 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2992 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2993 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2994 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2995
2996 if (skipauth) {
2997 vs->auth = VNC_AUTH_NONE;
2998 vs->subauth = VNC_AUTH_INVALID;
2999 } else {
3000 if (websocket) {
3001 vs->auth = vd->ws_auth;
3002 vs->subauth = VNC_AUTH_INVALID;
3003 } else {
3004 vs->auth = vd->auth;
3005 vs->subauth = vd->subauth;
3006 }
3007 }
3008 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3009 sioc, websocket, vs->auth, vs->subauth);
3010
3011 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3012 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3013 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3014 }
3015
3016 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3017 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3018 qio_channel_set_blocking(vs->ioc, false, NULL);
3019 if (websocket) {
3020 vs->websocket = 1;
3021 if (vd->ws_tls) {
3022 vs->ioc_tag = qio_channel_add_watch(
3023 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3024 } else {
3025 vs->ioc_tag = qio_channel_add_watch(
3026 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3027 }
3028 } else {
3029 vs->ioc_tag = qio_channel_add_watch(
3030 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3031 }
3032
3033 vnc_client_cache_addr(vs);
3034 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3035 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3036
3037 if (!vs->websocket) {
3038 vnc_init_state(vs);
3039 }
3040
3041 if (vd->num_connecting > vd->connections_limit) {
3042 QTAILQ_FOREACH(vs, &vd->clients, next) {
3043 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3044 vnc_disconnect_start(vs);
3045 return;
3046 }
3047 }
3048 }
3049 }
3050
3051 void vnc_init_state(VncState *vs)
3052 {
3053 vs->initialized = true;
3054 VncDisplay *vd = vs->vd;
3055 bool first_client = QTAILQ_EMPTY(&vd->clients);
3056
3057 vs->last_x = -1;
3058 vs->last_y = -1;
3059
3060 vs->as.freq = 44100;
3061 vs->as.nchannels = 2;
3062 vs->as.fmt = AUD_FMT_S16;
3063 vs->as.endianness = 0;
3064
3065 qemu_mutex_init(&vs->output_mutex);
3066 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3067
3068 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3069 if (first_client) {
3070 vnc_update_server_surface(vd);
3071 }
3072
3073 graphic_hw_update(vd->dcl.con);
3074
3075 vnc_write(vs, "RFB 003.008\n", 12);
3076 vnc_flush(vs);
3077 vnc_read_when(vs, protocol_version, 12);
3078 reset_keys(vs);
3079 if (vs->vd->lock_key_sync)
3080 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3081
3082 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3083 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3084
3085 /* vs might be free()ed here */
3086 }
3087
3088 static gboolean vnc_listen_io(QIOChannel *ioc,
3089 GIOCondition condition,
3090 void *opaque)
3091 {
3092 VncDisplay *vs = opaque;
3093 QIOChannelSocket *sioc = NULL;
3094 Error *err = NULL;
3095
3096 /* Catch-up */
3097 graphic_hw_update(vs->dcl.con);
3098 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3099 if (sioc != NULL) {
3100 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3101 vnc_connect(vs, sioc, false,
3102 ioc != QIO_CHANNEL(vs->lsock));
3103 object_unref(OBJECT(sioc));
3104 } else {
3105 /* client probably closed connection before we got there */
3106 error_free(err);
3107 }
3108
3109 return TRUE;
3110 }
3111
3112 static const DisplayChangeListenerOps dcl_ops = {
3113 .dpy_name = "vnc",
3114 .dpy_refresh = vnc_refresh,
3115 .dpy_gfx_copy = vnc_dpy_copy,
3116 .dpy_gfx_update = vnc_dpy_update,
3117 .dpy_gfx_switch = vnc_dpy_switch,
3118 .dpy_gfx_check_format = qemu_pixman_check_format,
3119 .dpy_mouse_set = vnc_mouse_set,
3120 .dpy_cursor_define = vnc_dpy_cursor_define,
3121 };
3122
3123 void vnc_display_init(const char *id)
3124 {
3125 VncDisplay *vs;
3126
3127 if (vnc_display_find(id) != NULL) {
3128 return;
3129 }
3130 vs = g_malloc0(sizeof(*vs));
3131
3132 vs->id = strdup(id);
3133 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3134
3135 QTAILQ_INIT(&vs->clients);
3136 vs->expires = TIME_MAX;
3137
3138 if (keyboard_layout) {
3139 trace_vnc_key_map_init(keyboard_layout);
3140 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3141 } else {
3142 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3143 }
3144
3145 if (!vs->kbd_layout)
3146 exit(1);
3147
3148 qemu_mutex_init(&vs->mutex);
3149 vnc_start_worker_thread();
3150
3151 vs->dcl.ops = &dcl_ops;
3152 register_displaychangelistener(&vs->dcl);
3153 }
3154
3155
3156 static void vnc_display_close(VncDisplay *vs)
3157 {
3158 if (!vs)
3159 return;
3160 vs->enabled = false;
3161 vs->is_unix = false;
3162 if (vs->lsock != NULL) {
3163 if (vs->lsock_tag) {
3164 g_source_remove(vs->lsock_tag);
3165 }
3166 object_unref(OBJECT(vs->lsock));
3167 vs->lsock = NULL;
3168 }
3169 vs->ws_enabled = false;
3170 if (vs->lwebsock != NULL) {
3171 if (vs->lwebsock_tag) {
3172 g_source_remove(vs->lwebsock_tag);
3173 }
3174 object_unref(OBJECT(vs->lwebsock));
3175 vs->lwebsock = NULL;
3176 }
3177 vs->auth = VNC_AUTH_INVALID;
3178 vs->subauth = VNC_AUTH_INVALID;
3179 if (vs->tlscreds) {
3180 object_unparent(OBJECT(vs->tlscreds));
3181 vs->tlscreds = NULL;
3182 }
3183 g_free(vs->tlsaclname);
3184 vs->tlsaclname = NULL;
3185 }
3186
3187 int vnc_display_password(const char *id, const char *password)
3188 {
3189 VncDisplay *vs = vnc_display_find(id);
3190
3191 if (!vs) {
3192 return -EINVAL;
3193 }
3194 if (vs->auth == VNC_AUTH_NONE) {
3195 error_printf_unless_qmp("If you want use passwords please enable "
3196 "password auth using '-vnc ${dpy},password'.");
3197 return -EINVAL;
3198 }
3199
3200 g_free(vs->password);
3201 vs->password = g_strdup(password);
3202
3203 return 0;
3204 }
3205
3206 int vnc_display_pw_expire(const char *id, time_t expires)
3207 {
3208 VncDisplay *vs = vnc_display_find(id);
3209
3210 if (!vs) {
3211 return -EINVAL;
3212 }
3213
3214 vs->expires = expires;
3215 return 0;
3216 }
3217
3218 static void vnc_display_print_local_addr(VncDisplay *vs)
3219 {
3220 SocketAddress *addr;
3221 Error *err = NULL;
3222
3223 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3224 if (!addr) {
3225 return;
3226 }
3227
3228 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3229 qapi_free_SocketAddress(addr);
3230 return;
3231 }
3232 error_printf_unless_qmp("VNC server running on %s:%s\n",
3233 addr->u.inet.data->host,
3234 addr->u.inet.data->port);
3235 qapi_free_SocketAddress(addr);
3236 }
3237
3238 static QemuOptsList qemu_vnc_opts = {
3239 .name = "vnc",
3240 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3241 .implied_opt_name = "vnc",
3242 .desc = {
3243 {
3244 .name = "vnc",
3245 .type = QEMU_OPT_STRING,
3246 },{
3247 .name = "websocket",
3248 .type = QEMU_OPT_STRING,
3249 },{
3250 .name = "tls-creds",
3251 .type = QEMU_OPT_STRING,
3252 },{
3253 /* Deprecated in favour of tls-creds */
3254 .name = "x509",
3255 .type = QEMU_OPT_STRING,
3256 },{
3257 .name = "share",
3258 .type = QEMU_OPT_STRING,
3259 },{
3260 .name = "display",
3261 .type = QEMU_OPT_STRING,
3262 },{
3263 .name = "head",
3264 .type = QEMU_OPT_NUMBER,
3265 },{
3266 .name = "connections",
3267 .type = QEMU_OPT_NUMBER,
3268 },{
3269 .name = "to",
3270 .type = QEMU_OPT_NUMBER,
3271 },{
3272 .name = "ipv4",
3273 .type = QEMU_OPT_BOOL,
3274 },{
3275 .name = "ipv6",
3276 .type = QEMU_OPT_BOOL,
3277 },{
3278 .name = "password",
3279 .type = QEMU_OPT_BOOL,
3280 },{
3281 .name = "reverse",
3282 .type = QEMU_OPT_BOOL,
3283 },{
3284 .name = "lock-key-sync",
3285 .type = QEMU_OPT_BOOL,
3286 },{
3287 .name = "key-delay-ms",
3288 .type = QEMU_OPT_NUMBER,
3289 },{
3290 .name = "sasl",
3291 .type = QEMU_OPT_BOOL,
3292 },{
3293 /* Deprecated in favour of tls-creds */
3294 .name = "tls",
3295 .type = QEMU_OPT_BOOL,
3296 },{
3297 /* Deprecated in favour of tls-creds */
3298 .name = "x509verify",
3299 .type = QEMU_OPT_STRING,
3300 },{
3301 .name = "acl",
3302 .type = QEMU_OPT_BOOL,
3303 },{
3304 .name = "lossy",
3305 .type = QEMU_OPT_BOOL,
3306 },{
3307 .name = "non-adaptive",
3308 .type = QEMU_OPT_BOOL,
3309 },
3310 { /* end of list */ }
3311 },
3312 };
3313
3314
3315 static int
3316 vnc_display_setup_auth(VncDisplay *vs,
3317 bool password,
3318 bool sasl,
3319 bool websocket,
3320 Error **errp)
3321 {
3322 /*
3323 * We have a choice of 3 authentication options
3324 *
3325 * 1. none
3326 * 2. vnc
3327 * 3. sasl
3328 *
3329 * The channel can be run in 2 modes
3330 *
3331 * 1. clear
3332 * 2. tls
3333 *
3334 * And TLS can use 2 types of credentials
3335 *
3336 * 1. anon
3337 * 2. x509
3338 *
3339 * We thus have 9 possible logical combinations
3340 *
3341 * 1. clear + none
3342 * 2. clear + vnc
3343 * 3. clear + sasl
3344 * 4. tls + anon + none
3345 * 5. tls + anon + vnc
3346 * 6. tls + anon + sasl
3347 * 7. tls + x509 + none
3348 * 8. tls + x509 + vnc
3349 * 9. tls + x509 + sasl
3350 *
3351 * These need to be mapped into the VNC auth schemes
3352 * in an appropriate manner. In regular VNC, all the
3353 * TLS options get mapped into VNC_AUTH_VENCRYPT
3354 * sub-auth types.
3355 *
3356 * In websockets, the https:// protocol already provides
3357 * TLS support, so there is no need to make use of the
3358 * VeNCrypt extension. Furthermore, websockets browser
3359 * clients could not use VeNCrypt even if they wanted to,
3360 * as they cannot control when the TLS handshake takes
3361 * place. Thus there is no option but to rely on https://,
3362 * meaning combinations 4->6 and 7->9 will be mapped to
3363 * VNC auth schemes in the same way as combos 1->3.
3364 *
3365 * Regardless of fact that we have a different mapping to
3366 * VNC auth mechs for plain VNC vs websockets VNC, the end
3367 * result has the same security characteristics.
3368 */
3369 if (password) {
3370 if (vs->tlscreds) {
3371 vs->auth = VNC_AUTH_VENCRYPT;
3372 if (websocket) {
3373 vs->ws_tls = true;
3374 }
3375 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3376 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3377 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3378 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3379 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3380 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3381 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3382 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3383 } else {
3384 error_setg(errp,
3385 "Unsupported TLS cred type %s",
3386 object_get_typename(OBJECT(vs->tlscreds)));
3387 return -1;
3388 }
3389 } else {
3390 VNC_DEBUG("Initializing VNC server with password auth\n");
3391 vs->auth = VNC_AUTH_VNC;
3392 vs->subauth = VNC_AUTH_INVALID;
3393 }
3394 if (websocket) {
3395 vs->ws_auth = VNC_AUTH_VNC;
3396 } else {
3397 vs->ws_auth = VNC_AUTH_INVALID;
3398 }
3399 } else if (sasl) {
3400 if (vs->tlscreds) {
3401 vs->auth = VNC_AUTH_VENCRYPT;
3402 if (websocket) {
3403 vs->ws_tls = true;
3404 }
3405 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3406 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3407 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3408 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3409 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3410 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3411 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3412 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3413 } else {
3414 error_setg(errp,
3415 "Unsupported TLS cred type %s",
3416 object_get_typename(OBJECT(vs->tlscreds)));
3417 return -1;
3418 }
3419 } else {
3420 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3421 vs->auth = VNC_AUTH_SASL;
3422 vs->subauth = VNC_AUTH_INVALID;
3423 }
3424 if (websocket) {
3425 vs->ws_auth = VNC_AUTH_SASL;
3426 } else {
3427 vs->ws_auth = VNC_AUTH_INVALID;
3428 }
3429 } else {
3430 if (vs->tlscreds) {
3431 vs->auth = VNC_AUTH_VENCRYPT;
3432 if (websocket) {
3433 vs->ws_tls = true;
3434 }
3435 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3436 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3437 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3438 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3439 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3440 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3441 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3442 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3443 } else {
3444 error_setg(errp,
3445 "Unsupported TLS cred type %s",
3446 object_get_typename(OBJECT(vs->tlscreds)));
3447 return -1;
3448 }
3449 } else {
3450 VNC_DEBUG("Initializing VNC server with no auth\n");
3451 vs->auth = VNC_AUTH_NONE;
3452 vs->subauth = VNC_AUTH_INVALID;
3453 }
3454 if (websocket) {
3455 vs->ws_auth = VNC_AUTH_NONE;
3456 } else {
3457 vs->ws_auth = VNC_AUTH_INVALID;
3458 }
3459 }
3460 return 0;
3461 }
3462
3463
3464 /*
3465 * Handle back compat with old CLI syntax by creating some
3466 * suitable QCryptoTLSCreds objects
3467 */
3468 static QCryptoTLSCreds *
3469 vnc_display_create_creds(bool x509,
3470 bool x509verify,
3471 const char *dir,
3472 const char *id,
3473 Error **errp)
3474 {
3475 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3476 Object *parent = object_get_objects_root();
3477 Object *creds;
3478 Error *err = NULL;
3479
3480 if (x509) {
3481 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3482 parent,
3483 credsid,
3484 &err,
3485 "endpoint", "server",
3486 "dir", dir,
3487 "verify-peer", x509verify ? "yes" : "no",
3488 NULL);
3489 } else {
3490 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3491 parent,
3492 credsid,
3493 &err,
3494 "endpoint", "server",
3495 NULL);
3496 }
3497
3498 g_free(credsid);
3499
3500 if (err) {
3501 error_propagate(errp, err);
3502 return NULL;
3503 }
3504
3505 return QCRYPTO_TLS_CREDS(creds);
3506 }
3507
3508
3509 void vnc_display_open(const char *id, Error **errp)
3510 {
3511 VncDisplay *vs = vnc_display_find(id);
3512 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3513 SocketAddress *saddr = NULL, *wsaddr = NULL;
3514 const char *share, *device_id;
3515 QemuConsole *con;
3516 bool password = false;
3517 bool reverse = false;
3518 const char *vnc;
3519 char *h;
3520 const char *credid;
3521 int show_vnc_port = 0;
3522 bool sasl = false;
3523 #ifdef CONFIG_VNC_SASL
3524 int saslErr;
3525 #endif
3526 int acl = 0;
3527 int lock_key_sync = 1;
3528 int key_delay_ms;
3529
3530 if (!vs) {
3531 error_setg(errp, "VNC display not active");
3532 return;
3533 }
3534 vnc_display_close(vs);
3535
3536 if (!opts) {
3537 return;
3538 }
3539 vnc = qemu_opt_get(opts, "vnc");
3540 if (!vnc || strcmp(vnc, "none") == 0) {
3541 return;
3542 }
3543
3544 h = strrchr(vnc, ':');
3545 if (h) {
3546 size_t hlen = h - vnc;
3547
3548 const char *websocket = qemu_opt_get(opts, "websocket");
3549 int to = qemu_opt_get_number(opts, "to", 0);
3550 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3551 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3552 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3553 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3554
3555 saddr = g_new0(SocketAddress, 1);
3556 if (websocket) {
3557 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3558 error_setg(errp,
3559 "SHA1 hash support is required for websockets");
3560 goto fail;
3561 }
3562
3563 wsaddr = g_new0(SocketAddress, 1);
3564 vs->ws_enabled = true;
3565 }
3566
3567 if (strncmp(vnc, "unix:", 5) == 0) {
3568 saddr->type = SOCKET_ADDRESS_KIND_UNIX;
3569 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3570 saddr->u.q_unix.data->path = g_strdup(vnc + 5);
3571
3572 if (vs->ws_enabled) {
3573 error_setg(errp, "UNIX sockets not supported with websock");
3574 goto fail;
3575 }
3576 } else {
3577 unsigned long long baseport;
3578 InetSocketAddress *inet;
3579 saddr->type = SOCKET_ADDRESS_KIND_INET;
3580 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1);
3581 if (vnc[0] == '[' && vnc[hlen - 1] == ']') {
3582 inet->host = g_strndup(vnc + 1, hlen - 2);
3583 } else {
3584 inet->host = g_strndup(vnc, hlen);
3585 }
3586 if (parse_uint_full(h + 1, &baseport, 10) < 0) {
3587 error_setg(errp, "can't convert to a number: %s", h + 1);
3588 goto fail;
3589 }
3590 if (baseport > 65535 ||
3591 baseport + 5900 > 65535) {
3592 error_setg(errp, "port %s out of range", h + 1);
3593 goto fail;
3594 }
3595 inet->port = g_strdup_printf(
3596 "%d", (int)baseport + 5900);
3597
3598 if (to) {
3599 inet->has_to = true;
3600 inet->to = to + 5900;
3601 show_vnc_port = 1;
3602 }
3603 inet->ipv4 = ipv4;
3604 inet->has_ipv4 = has_ipv4;
3605 inet->ipv6 = ipv6;
3606 inet->has_ipv6 = has_ipv6;
3607
3608 if (vs->ws_enabled) {
3609 wsaddr->type = SOCKET_ADDRESS_KIND_INET;
3610 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1);
3611 inet->host = g_strdup(saddr->u.inet.data->host);
3612 inet->port = g_strdup(websocket);
3613
3614 if (to) {
3615 inet->has_to = true;
3616 inet->to = to;
3617 }
3618 inet->ipv4 = ipv4;
3619 inet->has_ipv4 = has_ipv4;
3620 inet->ipv6 = ipv6;
3621 inet->has_ipv6 = has_ipv6;
3622 }
3623 }
3624 } else {
3625 error_setg(errp, "no vnc port specified");
3626 goto fail;
3627 }
3628
3629 password = qemu_opt_get_bool(opts, "password", false);
3630 if (password) {
3631 if (fips_get_state()) {
3632 error_setg(errp,
3633 "VNC password auth disabled due to FIPS mode, "
3634 "consider using the VeNCrypt or SASL authentication "
3635 "methods as an alternative");
3636 goto fail;
3637 }
3638 if (!qcrypto_cipher_supports(
3639 QCRYPTO_CIPHER_ALG_DES_RFB)) {
3640 error_setg(errp,
3641 "Cipher backend does not support DES RFB algorithm");
3642 goto fail;
3643 }
3644 }
3645
3646 reverse = qemu_opt_get_bool(opts, "reverse", false);
3647 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3648 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
3649 sasl = qemu_opt_get_bool(opts, "sasl", false);
3650 #ifndef CONFIG_VNC_SASL
3651 if (sasl) {
3652 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3653 goto fail;
3654 }
3655 #endif /* CONFIG_VNC_SASL */
3656 credid = qemu_opt_get(opts, "tls-creds");
3657 if (credid) {
3658 Object *creds;
3659 if (qemu_opt_get(opts, "tls") ||
3660 qemu_opt_get(opts, "x509") ||
3661 qemu_opt_get(opts, "x509verify")) {
3662 error_setg(errp,
3663 "'tls-creds' parameter is mutually exclusive with "
3664 "'tls', 'x509' and 'x509verify' parameters");
3665 goto fail;
3666 }
3667
3668 creds = object_resolve_path_component(
3669 object_get_objects_root(), credid);
3670 if (!creds) {
3671 error_setg(errp, "No TLS credentials with id '%s'",
3672 credid);
3673 goto fail;
3674 }
3675 vs->tlscreds = (QCryptoTLSCreds *)
3676 object_dynamic_cast(creds,
3677 TYPE_QCRYPTO_TLS_CREDS);
3678 if (!vs->tlscreds) {
3679 error_setg(errp, "Object with id '%s' is not TLS credentials",
3680 credid);
3681 goto fail;
3682 }
3683 object_ref(OBJECT(vs->tlscreds));
3684
3685 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3686 error_setg(errp,
3687 "Expecting TLS credentials with a server endpoint");
3688 goto fail;
3689 }
3690 } else {
3691 const char *path;
3692 bool tls = false, x509 = false, x509verify = false;
3693 tls = qemu_opt_get_bool(opts, "tls", false);
3694 if (tls) {
3695 path = qemu_opt_get(opts, "x509");
3696
3697 if (path) {
3698 x509 = true;
3699 } else {
3700 path = qemu_opt_get(opts, "x509verify");
3701 if (path) {
3702 x509 = true;
3703 x509verify = true;
3704 }
3705 }
3706 vs->tlscreds = vnc_display_create_creds(x509,
3707 x509verify,
3708 path,
3709 vs->id,
3710 errp);
3711 if (!vs->tlscreds) {
3712 goto fail;
3713 }
3714 }
3715 }
3716 acl = qemu_opt_get_bool(opts, "acl", false);
3717
3718 share = qemu_opt_get(opts, "share");
3719 if (share) {
3720 if (strcmp(share, "ignore") == 0) {
3721 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3722 } else if (strcmp(share, "allow-exclusive") == 0) {
3723 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3724 } else if (strcmp(share, "force-shared") == 0) {
3725 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3726 } else {
3727 error_setg(errp, "unknown vnc share= option");
3728 goto fail;
3729 }
3730 } else {
3731 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3732 }
3733 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3734
3735 #ifdef CONFIG_VNC_JPEG
3736 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3737 #endif
3738 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3739 /* adaptive updates are only used with tight encoding and
3740 * if lossy updates are enabled so we can disable all the
3741 * calculations otherwise */
3742 if (!vs->lossy) {
3743 vs->non_adaptive = true;
3744 }
3745
3746 if (acl) {
3747 if (strcmp(vs->id, "default") == 0) {
3748 vs->tlsaclname = g_strdup("vnc.x509dname");
3749 } else {
3750 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3751 }
3752 qemu_acl_init(vs->tlsaclname);
3753 }
3754 #ifdef CONFIG_VNC_SASL
3755 if (acl && sasl) {
3756 char *aclname;
3757
3758 if (strcmp(vs->id, "default") == 0) {
3759 aclname = g_strdup("vnc.username");
3760 } else {
3761 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3762 }
3763 vs->sasl.acl = qemu_acl_init(aclname);
3764 g_free(aclname);
3765 }
3766 #endif
3767
3768 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) {
3769 goto fail;
3770 }
3771
3772 #ifdef CONFIG_VNC_SASL
3773 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3774 error_setg(errp, "Failed to initialize SASL auth: %s",
3775 sasl_errstring(saslErr, NULL, NULL));
3776 goto fail;
3777 }
3778 #endif
3779 vs->lock_key_sync = lock_key_sync;
3780 vs->key_delay_ms = key_delay_ms;
3781
3782 device_id = qemu_opt_get(opts, "display");
3783 if (device_id) {
3784 int head = qemu_opt_get_number(opts, "head", 0);
3785 Error *err = NULL;
3786
3787 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3788 if (err) {
3789 error_propagate(errp, err);
3790 goto fail;
3791 }
3792 } else {
3793 con = NULL;
3794 }
3795
3796 if (con != vs->dcl.con) {
3797 unregister_displaychangelistener(&vs->dcl);
3798 vs->dcl.con = con;
3799 register_displaychangelistener(&vs->dcl);
3800 }
3801
3802 if (reverse) {
3803 /* connect to viewer */
3804 QIOChannelSocket *sioc = NULL;
3805 vs->lsock = NULL;
3806 vs->lwebsock = NULL;
3807 if (vs->ws_enabled) {
3808 error_setg(errp, "Cannot use websockets in reverse mode");
3809 goto fail;
3810 }
3811 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3812 sioc = qio_channel_socket_new();
3813 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) {
3814 goto fail;
3815 }
3816 vnc_connect(vs, sioc, false, false);
3817 object_unref(OBJECT(sioc));
3818 } else {
3819 vs->lsock = qio_channel_socket_new();
3820 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) {
3821 goto fail;
3822 }
3823 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3824 vs->enabled = true;
3825
3826 if (vs->ws_enabled) {
3827 vs->lwebsock = qio_channel_socket_new();
3828 if (qio_channel_socket_listen_sync(vs->lwebsock,
3829 wsaddr, errp) < 0) {
3830 object_unref(OBJECT(vs->lsock));
3831 vs->lsock = NULL;
3832 goto fail;
3833 }
3834 }
3835
3836 vs->lsock_tag = qio_channel_add_watch(
3837 QIO_CHANNEL(vs->lsock),
3838 G_IO_IN, vnc_listen_io, vs, NULL);
3839 if (vs->ws_enabled) {
3840 vs->lwebsock_tag = qio_channel_add_watch(
3841 QIO_CHANNEL(vs->lwebsock),
3842 G_IO_IN, vnc_listen_io, vs, NULL);
3843 }
3844 }
3845
3846 if (show_vnc_port) {
3847 vnc_display_print_local_addr(vs);
3848 }
3849
3850 qapi_free_SocketAddress(saddr);
3851 qapi_free_SocketAddress(wsaddr);
3852 return;
3853
3854 fail:
3855 qapi_free_SocketAddress(saddr);
3856 qapi_free_SocketAddress(wsaddr);
3857 vs->enabled = false;
3858 vs->ws_enabled = false;
3859 }
3860
3861 void vnc_display_add_client(const char *id, int csock, bool skipauth)
3862 {
3863 VncDisplay *vs = vnc_display_find(id);
3864 QIOChannelSocket *sioc;
3865
3866 if (!vs) {
3867 return;
3868 }
3869
3870 sioc = qio_channel_socket_new_fd(csock, NULL);
3871 if (sioc) {
3872 vnc_connect(vs, sioc, skipauth, false);
3873 object_unref(OBJECT(sioc));
3874 }
3875 }
3876
3877 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
3878 {
3879 int i = 2;
3880 char *id;
3881
3882 id = g_strdup("default");
3883 while (qemu_opts_find(olist, id)) {
3884 g_free(id);
3885 id = g_strdup_printf("vnc%d", i++);
3886 }
3887 qemu_opts_set_id(opts, id);
3888 }
3889
3890 QemuOpts *vnc_parse(const char *str, Error **errp)
3891 {
3892 QemuOptsList *olist = qemu_find_opts("vnc");
3893 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
3894 const char *id;
3895
3896 if (!opts) {
3897 return NULL;
3898 }
3899
3900 id = qemu_opts_id(opts);
3901 if (!id) {
3902 /* auto-assign id if not present */
3903 vnc_auto_assign_id(olist, opts);
3904 }
3905 return opts;
3906 }
3907
3908 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
3909 {
3910 Error *local_err = NULL;
3911 char *id = (char *)qemu_opts_id(opts);
3912
3913 assert(id);
3914 vnc_display_init(id);
3915 vnc_display_open(id, &local_err);
3916 if (local_err != NULL) {
3917 error_reportf_err(local_err, "Failed to start VNC server: ");
3918 exit(1);
3919 }
3920 return 0;
3921 }
3922
3923 static void vnc_register_config(void)
3924 {
3925 qemu_add_opts(&qemu_vnc_opts);
3926 }
3927 opts_init(vnc_register_config);
AR7 emulation for QEMU