search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
ui: avoid crash if vnc client disconnects with writes pending
[qemu/ar7.git] / ui / vnc.c
blobe3f857cc903071ea3e5c1f51bb1ca47faf851ab2
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev.h"
32 #include "sysemu/sysemu.h"
33 #include "qemu/error-report.h"
34 #include "qemu/sockets.h"
35 #include "qemu/timer.h"
36 #include "qemu/acl.h"
37 #include "qemu/config-file.h"
38 #include "qapi/qmp/qerror.h"
39 #include "qapi/qmp/types.h"
40 #include "qmp-commands.h"
41 #include "ui/input.h"
42 #include "qapi-event.h"
43 #include "crypto/hash.h"
44 #include "crypto/tlscredsanon.h"
45 #include "crypto/tlscredsx509.h"
46 #include "qom/object_interfaces.h"
47 #include "qemu/cutils.h"
48
49 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
50 #define VNC_REFRESH_INTERVAL_INC 50
51 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
52 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
53 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
54
55 #include "vnc_keysym.h"
56 #include "crypto/cipher.h"
57
58 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
59 QTAILQ_HEAD_INITIALIZER(vnc_displays);
60
61 static int vnc_cursor_define(VncState *vs);
62 static void vnc_release_modifiers(VncState *vs);
63
64 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
65 {
66 #ifdef _VNC_DEBUG
67 static const char *mn[] = {
68 [0] = "undefined",
69 [VNC_SHARE_MODE_CONNECTING] = "connecting",
70 [VNC_SHARE_MODE_SHARED] = "shared",
71 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
72 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
73 };
74 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
75 vs->ioc, mn[vs->share_mode], mn[mode]);
76 #endif
77
78 switch (vs->share_mode) {
79 case VNC_SHARE_MODE_CONNECTING:
80 vs->vd->num_connecting--;
81 break;
82 case VNC_SHARE_MODE_SHARED:
83 vs->vd->num_shared--;
84 break;
85 case VNC_SHARE_MODE_EXCLUSIVE:
86 vs->vd->num_exclusive--;
87 break;
88 default:
89 break;
90 }
91
92 vs->share_mode = mode;
93
94 switch (vs->share_mode) {
95 case VNC_SHARE_MODE_CONNECTING:
96 vs->vd->num_connecting++;
97 break;
98 case VNC_SHARE_MODE_SHARED:
99 vs->vd->num_shared++;
100 break;
101 case VNC_SHARE_MODE_EXCLUSIVE:
102 vs->vd->num_exclusive++;
103 break;
104 default:
105 break;
106 }
107 }
108
109
110 static void vnc_init_basic_info(SocketAddress *addr,
111 VncBasicInfo *info,
112 Error **errp)
113 {
114 switch (addr->type) {
115 case SOCKET_ADDRESS_KIND_INET:
116 info->host = g_strdup(addr->u.inet.data->host);
117 info->service = g_strdup(addr->u.inet.data->port);
118 if (addr->u.inet.data->ipv6) {
119 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
120 } else {
121 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
122 }
123 break;
124
125 case SOCKET_ADDRESS_KIND_UNIX:
126 info->host = g_strdup("");
127 info->service = g_strdup(addr->u.q_unix.data->path);
128 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
129 break;
130
131 default:
132 error_setg(errp, "Unsupported socket kind %d",
133 addr->type);
134 break;
135 }
136
137 return;
138 }
139
140 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
141 VncBasicInfo *info,
142 Error **errp)
143 {
144 SocketAddress *addr = NULL;
145
146 addr = qio_channel_socket_get_local_address(ioc, errp);
147 if (!addr) {
148 return;
149 }
150
151 vnc_init_basic_info(addr, info, errp);
152 qapi_free_SocketAddress(addr);
153 }
154
155 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
156 VncBasicInfo *info,
157 Error **errp)
158 {
159 SocketAddress *addr = NULL;
160
161 addr = qio_channel_socket_get_remote_address(ioc, errp);
162 if (!addr) {
163 return;
164 }
165
166 vnc_init_basic_info(addr, info, errp);
167 qapi_free_SocketAddress(addr);
168 }
169
170 static const char *vnc_auth_name(VncDisplay *vd) {
171 switch (vd->auth) {
172 case VNC_AUTH_INVALID:
173 return "invalid";
174 case VNC_AUTH_NONE:
175 return "none";
176 case VNC_AUTH_VNC:
177 return "vnc";
178 case VNC_AUTH_RA2:
179 return "ra2";
180 case VNC_AUTH_RA2NE:
181 return "ra2ne";
182 case VNC_AUTH_TIGHT:
183 return "tight";
184 case VNC_AUTH_ULTRA:
185 return "ultra";
186 case VNC_AUTH_TLS:
187 return "tls";
188 case VNC_AUTH_VENCRYPT:
189 switch (vd->subauth) {
190 case VNC_AUTH_VENCRYPT_PLAIN:
191 return "vencrypt+plain";
192 case VNC_AUTH_VENCRYPT_TLSNONE:
193 return "vencrypt+tls+none";
194 case VNC_AUTH_VENCRYPT_TLSVNC:
195 return "vencrypt+tls+vnc";
196 case VNC_AUTH_VENCRYPT_TLSPLAIN:
197 return "vencrypt+tls+plain";
198 case VNC_AUTH_VENCRYPT_X509NONE:
199 return "vencrypt+x509+none";
200 case VNC_AUTH_VENCRYPT_X509VNC:
201 return "vencrypt+x509+vnc";
202 case VNC_AUTH_VENCRYPT_X509PLAIN:
203 return "vencrypt+x509+plain";
204 case VNC_AUTH_VENCRYPT_TLSSASL:
205 return "vencrypt+tls+sasl";
206 case VNC_AUTH_VENCRYPT_X509SASL:
207 return "vencrypt+x509+sasl";
208 default:
209 return "vencrypt";
210 }
211 case VNC_AUTH_SASL:
212 return "sasl";
213 }
214 return "unknown";
215 }
216
217 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
218 {
219 VncServerInfo *info;
220 Error *err = NULL;
221
222 info = g_malloc(sizeof(*info));
223 vnc_init_basic_info_from_server_addr(vd->lsock,
224 qapi_VncServerInfo_base(info), &err);
225 info->has_auth = true;
226 info->auth = g_strdup(vnc_auth_name(vd));
227 if (err) {
228 qapi_free_VncServerInfo(info);
229 info = NULL;
230 error_free(err);
231 }
232 return info;
233 }
234
235 static void vnc_client_cache_auth(VncState *client)
236 {
237 if (!client->info) {
238 return;
239 }
240
241 if (client->tls) {
242 client->info->x509_dname =
243 qcrypto_tls_session_get_peer_name(client->tls);
244 client->info->has_x509_dname =
245 client->info->x509_dname != NULL;
246 }
247 #ifdef CONFIG_VNC_SASL
248 if (client->sasl.conn &&
249 client->sasl.username) {
250 client->info->has_sasl_username = true;
251 client->info->sasl_username = g_strdup(client->sasl.username);
252 }
253 #endif
254 }
255
256 static void vnc_client_cache_addr(VncState *client)
257 {
258 Error *err = NULL;
259
260 client->info = g_malloc0(sizeof(*client->info));
261 vnc_init_basic_info_from_remote_addr(client->sioc,
262 qapi_VncClientInfo_base(client->info),
263 &err);
264 if (err) {
265 qapi_free_VncClientInfo(client->info);
266 client->info = NULL;
267 error_free(err);
268 }
269 }
270
271 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
272 {
273 VncServerInfo *si;
274
275 if (!vs->info) {
276 return;
277 }
278
279 si = vnc_server_info_get(vs->vd);
280 if (!si) {
281 return;
282 }
283
284 switch (event) {
285 case QAPI_EVENT_VNC_CONNECTED:
286 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info),
287 &error_abort);
288 break;
289 case QAPI_EVENT_VNC_INITIALIZED:
290 qapi_event_send_vnc_initialized(si, vs->info, &error_abort);
291 break;
292 case QAPI_EVENT_VNC_DISCONNECTED:
293 qapi_event_send_vnc_disconnected(si, vs->info, &error_abort);
294 break;
295 default:
296 break;
297 }
298
299 qapi_free_VncServerInfo(si);
300 }
301
302 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
303 {
304 VncClientInfo *info;
305 Error *err = NULL;
306
307 info = g_malloc0(sizeof(*info));
308
309 vnc_init_basic_info_from_remote_addr(client->sioc,
310 qapi_VncClientInfo_base(info),
311 &err);
312 if (err) {
313 error_free(err);
314 qapi_free_VncClientInfo(info);
315 return NULL;
316 }
317
318 info->websocket = client->websocket;
319
320 if (client->tls) {
321 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
322 info->has_x509_dname = info->x509_dname != NULL;
323 }
324 #ifdef CONFIG_VNC_SASL
325 if (client->sasl.conn && client->sasl.username) {
326 info->has_sasl_username = true;
327 info->sasl_username = g_strdup(client->sasl.username);
328 }
329 #endif
330
331 return info;
332 }
333
334 static VncDisplay *vnc_display_find(const char *id)
335 {
336 VncDisplay *vd;
337
338 if (id == NULL) {
339 return QTAILQ_FIRST(&vnc_displays);
340 }
341 QTAILQ_FOREACH(vd, &vnc_displays, next) {
342 if (strcmp(id, vd->id) == 0) {
343 return vd;
344 }
345 }
346 return NULL;
347 }
348
349 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
350 {
351 VncClientInfoList *cinfo, *prev = NULL;
352 VncState *client;
353
354 QTAILQ_FOREACH(client, &vd->clients, next) {
355 cinfo = g_new0(VncClientInfoList, 1);
356 cinfo->value = qmp_query_vnc_client(client);
357 cinfo->next = prev;
358 prev = cinfo;
359 }
360 return prev;
361 }
362
363 VncInfo *qmp_query_vnc(Error **errp)
364 {
365 VncInfo *info = g_malloc0(sizeof(*info));
366 VncDisplay *vd = vnc_display_find(NULL);
367 SocketAddress *addr = NULL;
368
369 if (vd == NULL || !vd->enabled) {
370 info->enabled = false;
371 } else {
372 info->enabled = true;
373
374 /* for compatibility with the original command */
375 info->has_clients = true;
376 info->clients = qmp_query_client_list(vd);
377
378 if (vd->lsock == NULL) {
379 return info;
380 }
381
382 addr = qio_channel_socket_get_local_address(vd->lsock, errp);
383 if (!addr) {
384 goto out_error;
385 }
386
387 switch (addr->type) {
388 case SOCKET_ADDRESS_KIND_INET:
389 info->host = g_strdup(addr->u.inet.data->host);
390 info->service = g_strdup(addr->u.inet.data->port);
391 if (addr->u.inet.data->ipv6) {
392 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
393 } else {
394 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
395 }
396 break;
397
398 case SOCKET_ADDRESS_KIND_UNIX:
399 info->host = g_strdup("");
400 info->service = g_strdup(addr->u.q_unix.data->path);
401 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
402 break;
403
404 default:
405 error_setg(errp, "Unsupported socket kind %d",
406 addr->type);
407 goto out_error;
408 }
409
410 info->has_host = true;
411 info->has_service = true;
412 info->has_family = true;
413
414 info->has_auth = true;
415 info->auth = g_strdup(vnc_auth_name(vd));
416 }
417
418 qapi_free_SocketAddress(addr);
419 return info;
420
421 out_error:
422 qapi_free_SocketAddress(addr);
423 qapi_free_VncInfo(info);
424 return NULL;
425 }
426
427 static VncBasicInfoList *qmp_query_server_entry(QIOChannelSocket *ioc,
428 bool websocket,
429 VncBasicInfoList *prev)
430 {
431 VncBasicInfoList *list;
432 VncBasicInfo *info;
433 Error *err = NULL;
434 SocketAddress *addr;
435
436 addr = qio_channel_socket_get_local_address(ioc, &err);
437 if (!addr) {
438 error_free(err);
439 return prev;
440 }
441
442 info = g_new0(VncBasicInfo, 1);
443 vnc_init_basic_info(addr, info, &err);
444 qapi_free_SocketAddress(addr);
445 if (err) {
446 qapi_free_VncBasicInfo(info);
447 error_free(err);
448 return prev;
449 }
450 info->websocket = websocket;
451
452 list = g_new0(VncBasicInfoList, 1);
453 list->value = info;
454 list->next = prev;
455 return list;
456 }
457
458 static void qmp_query_auth(VncDisplay *vd, VncInfo2 *info)
459 {
460 switch (vd->auth) {
461 case VNC_AUTH_VNC:
462 info->auth = VNC_PRIMARY_AUTH_VNC;
463 break;
464 case VNC_AUTH_RA2:
465 info->auth = VNC_PRIMARY_AUTH_RA2;
466 break;
467 case VNC_AUTH_RA2NE:
468 info->auth = VNC_PRIMARY_AUTH_RA2NE;
469 break;
470 case VNC_AUTH_TIGHT:
471 info->auth = VNC_PRIMARY_AUTH_TIGHT;
472 break;
473 case VNC_AUTH_ULTRA:
474 info->auth = VNC_PRIMARY_AUTH_ULTRA;
475 break;
476 case VNC_AUTH_TLS:
477 info->auth = VNC_PRIMARY_AUTH_TLS;
478 break;
479 case VNC_AUTH_VENCRYPT:
480 info->auth = VNC_PRIMARY_AUTH_VENCRYPT;
481 info->has_vencrypt = true;
482 switch (vd->subauth) {
483 case VNC_AUTH_VENCRYPT_PLAIN:
484 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
485 break;
486 case VNC_AUTH_VENCRYPT_TLSNONE:
487 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
488 break;
489 case VNC_AUTH_VENCRYPT_TLSVNC:
490 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
491 break;
492 case VNC_AUTH_VENCRYPT_TLSPLAIN:
493 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
494 break;
495 case VNC_AUTH_VENCRYPT_X509NONE:
496 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
497 break;
498 case VNC_AUTH_VENCRYPT_X509VNC:
499 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
500 break;
501 case VNC_AUTH_VENCRYPT_X509PLAIN:
502 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSSASL:
505 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
506 break;
507 case VNC_AUTH_VENCRYPT_X509SASL:
508 info->vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
509 break;
510 default:
511 info->has_vencrypt = false;
512 break;
513 }
514 break;
515 case VNC_AUTH_SASL:
516 info->auth = VNC_PRIMARY_AUTH_SASL;
517 break;
518 case VNC_AUTH_NONE:
519 default:
520 info->auth = VNC_PRIMARY_AUTH_NONE;
521 break;
522 }
523 }
524
525 VncInfo2List *qmp_query_vnc_servers(Error **errp)
526 {
527 VncInfo2List *item, *prev = NULL;
528 VncInfo2 *info;
529 VncDisplay *vd;
530 DeviceState *dev;
531
532 QTAILQ_FOREACH(vd, &vnc_displays, next) {
533 info = g_new0(VncInfo2, 1);
534 info->id = g_strdup(vd->id);
535 info->clients = qmp_query_client_list(vd);
536 qmp_query_auth(vd, info);
537 if (vd->dcl.con) {
538 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
539 "device", NULL));
540 info->has_display = true;
541 info->display = g_strdup(dev->id);
542 }
543 if (vd->lsock != NULL) {
544 info->server = qmp_query_server_entry(
545 vd->lsock, false, info->server);
546 }
547 if (vd->lwebsock != NULL) {
548 info->server = qmp_query_server_entry(
549 vd->lwebsock, true, info->server);
550 }
551
552 item = g_new0(VncInfo2List, 1);
553 item->value = info;
554 item->next = prev;
555 prev = item;
556 }
557 return prev;
558 }
559
560 /* TODO
561 1) Get the queue working for IO.
562 2) there is some weirdness when using the -S option (the screen is grey
563 and not totally invalidated
564 3) resolutions > 1024
565 */
566
567 static int vnc_update_client(VncState *vs, int has_dirty, bool sync);
568 static void vnc_disconnect_start(VncState *vs);
569
570 static void vnc_colordepth(VncState *vs);
571 static void framebuffer_update_request(VncState *vs, int incremental,
572 int x_position, int y_position,
573 int w, int h);
574 static void vnc_refresh(DisplayChangeListener *dcl);
575 static int vnc_refresh_server_surface(VncDisplay *vd);
576
577 static int vnc_width(VncDisplay *vd)
578 {
579 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
580 VNC_DIRTY_PIXELS_PER_BIT));
581 }
582
583 static int vnc_height(VncDisplay *vd)
584 {
585 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
586 }
587
588 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
589 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
590 VncDisplay *vd,
591 int x, int y, int w, int h)
592 {
593 int width = vnc_width(vd);
594 int height = vnc_height(vd);
595
596 /* this is needed this to ensure we updated all affected
597 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
598 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
599 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
600
601 x = MIN(x, width);
602 y = MIN(y, height);
603 w = MIN(x + w, width) - x;
604 h = MIN(y + h, height);
605
606 for (; y < h; y++) {
607 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
608 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
609 }
610 }
611
612 static void vnc_dpy_update(DisplayChangeListener *dcl,
613 int x, int y, int w, int h)
614 {
615 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
616 struct VncSurface *s = &vd->guest;
617
618 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
619 }
620
621 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
622 int32_t encoding)
623 {
624 vnc_write_u16(vs, x);
625 vnc_write_u16(vs, y);
626 vnc_write_u16(vs, w);
627 vnc_write_u16(vs, h);
628
629 vnc_write_s32(vs, encoding);
630 }
631
632
633 static void vnc_desktop_resize(VncState *vs)
634 {
635 if (vs->ioc == NULL || !vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
636 return;
637 }
638 if (vs->client_width == pixman_image_get_width(vs->vd->server) &&
639 vs->client_height == pixman_image_get_height(vs->vd->server)) {
640 return;
641 }
642 vs->client_width = pixman_image_get_width(vs->vd->server);
643 vs->client_height = pixman_image_get_height(vs->vd->server);
644 vnc_lock_output(vs);
645 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
646 vnc_write_u8(vs, 0);
647 vnc_write_u16(vs, 1); /* number of rects */
648 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
649 VNC_ENCODING_DESKTOPRESIZE);
650 vnc_unlock_output(vs);
651 vnc_flush(vs);
652 }
653
654 static void vnc_abort_display_jobs(VncDisplay *vd)
655 {
656 VncState *vs;
657
658 QTAILQ_FOREACH(vs, &vd->clients, next) {
659 vnc_lock_output(vs);
660 vs->abort = true;
661 vnc_unlock_output(vs);
662 }
663 QTAILQ_FOREACH(vs, &vd->clients, next) {
664 vnc_jobs_join(vs);
665 }
666 QTAILQ_FOREACH(vs, &vd->clients, next) {
667 vnc_lock_output(vs);
668 vs->abort = false;
669 vnc_unlock_output(vs);
670 }
671 }
672
673 int vnc_server_fb_stride(VncDisplay *vd)
674 {
675 return pixman_image_get_stride(vd->server);
676 }
677
678 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
679 {
680 uint8_t *ptr;
681
682 ptr = (uint8_t *)pixman_image_get_data(vd->server);
683 ptr += y * vnc_server_fb_stride(vd);
684 ptr += x * VNC_SERVER_FB_BYTES;
685 return ptr;
686 }
687
688 static void vnc_update_server_surface(VncDisplay *vd)
689 {
690 qemu_pixman_image_unref(vd->server);
691 vd->server = NULL;
692
693 if (QTAILQ_EMPTY(&vd->clients)) {
694 return;
695 }
696
697 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
698 vnc_width(vd),
699 vnc_height(vd),
700 NULL, 0);
701 }
702
703 static void vnc_dpy_switch(DisplayChangeListener *dcl,
704 DisplaySurface *surface)
705 {
706 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
707 VncState *vs;
708 int width, height;
709
710 vnc_abort_display_jobs(vd);
711 vd->ds = surface;
712
713 /* server surface */
714 vnc_update_server_surface(vd);
715
716 /* guest surface */
717 qemu_pixman_image_unref(vd->guest.fb);
718 vd->guest.fb = pixman_image_ref(surface->image);
719 vd->guest.format = surface->format;
720 width = vnc_width(vd);
721 height = vnc_height(vd);
722 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
723 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
724 width, height);
725
726 QTAILQ_FOREACH(vs, &vd->clients, next) {
727 vnc_colordepth(vs);
728 vnc_desktop_resize(vs);
729 if (vs->vd->cursor) {
730 vnc_cursor_define(vs);
731 }
732 memset(vs->dirty, 0x00, sizeof(vs->dirty));
733 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
734 width, height);
735 }
736 }
737
738 /* fastest code */
739 static void vnc_write_pixels_copy(VncState *vs,
740 void *pixels, int size)
741 {
742 vnc_write(vs, pixels, size);
743 }
744
745 /* slowest but generic code. */
746 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
747 {
748 uint8_t r, g, b;
749
750 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
751 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
752 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
753 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
754 #else
755 # error need some bits here if you change VNC_SERVER_FB_FORMAT
756 #endif
757 v = (r << vs->client_pf.rshift) |
758 (g << vs->client_pf.gshift) |
759 (b << vs->client_pf.bshift);
760 switch (vs->client_pf.bytes_per_pixel) {
761 case 1:
762 buf[0] = v;
763 break;
764 case 2:
765 if (vs->client_be) {
766 buf[0] = v >> 8;
767 buf[1] = v;
768 } else {
769 buf[1] = v >> 8;
770 buf[0] = v;
771 }
772 break;
773 default:
774 case 4:
775 if (vs->client_be) {
776 buf[0] = v >> 24;
777 buf[1] = v >> 16;
778 buf[2] = v >> 8;
779 buf[3] = v;
780 } else {
781 buf[3] = v >> 24;
782 buf[2] = v >> 16;
783 buf[1] = v >> 8;
784 buf[0] = v;
785 }
786 break;
787 }
788 }
789
790 static void vnc_write_pixels_generic(VncState *vs,
791 void *pixels1, int size)
792 {
793 uint8_t buf[4];
794
795 if (VNC_SERVER_FB_BYTES == 4) {
796 uint32_t *pixels = pixels1;
797 int n, i;
798 n = size >> 2;
799 for (i = 0; i < n; i++) {
800 vnc_convert_pixel(vs, buf, pixels[i]);
801 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
802 }
803 }
804 }
805
806 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
807 {
808 int i;
809 uint8_t *row;
810 VncDisplay *vd = vs->vd;
811
812 row = vnc_server_fb_ptr(vd, x, y);
813 for (i = 0; i < h; i++) {
814 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
815 row += vnc_server_fb_stride(vd);
816 }
817 return 1;
818 }
819
820 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
821 {
822 int n = 0;
823 bool encode_raw = false;
824 size_t saved_offs = vs->output.offset;
825
826 switch(vs->vnc_encoding) {
827 case VNC_ENCODING_ZLIB:
828 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
829 break;
830 case VNC_ENCODING_HEXTILE:
831 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
832 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
833 break;
834 case VNC_ENCODING_TIGHT:
835 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
836 break;
837 case VNC_ENCODING_TIGHT_PNG:
838 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
839 break;
840 case VNC_ENCODING_ZRLE:
841 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
842 break;
843 case VNC_ENCODING_ZYWRLE:
844 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
845 break;
846 default:
847 encode_raw = true;
848 break;
849 }
850
851 /* If the client has the same pixel format as our internal buffer and
852 * a RAW encoding would need less space fall back to RAW encoding to
853 * save bandwidth and processing power in the client. */
854 if (!encode_raw && vs->write_pixels == vnc_write_pixels_copy &&
855 12 + h * w * VNC_SERVER_FB_BYTES <= (vs->output.offset - saved_offs)) {
856 vs->output.offset = saved_offs;
857 encode_raw = true;
858 }
859
860 if (encode_raw) {
861 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
862 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
863 }
864
865 return n;
866 }
867
868 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
869 {
870 /* send bitblit op to the vnc client */
871 vnc_lock_output(vs);
872 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
873 vnc_write_u8(vs, 0);
874 vnc_write_u16(vs, 1); /* number of rects */
875 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
876 vnc_write_u16(vs, src_x);
877 vnc_write_u16(vs, src_y);
878 vnc_unlock_output(vs);
879 vnc_flush(vs);
880 }
881
882 static void vnc_dpy_copy(DisplayChangeListener *dcl,
883 int src_x, int src_y,
884 int dst_x, int dst_y, int w, int h)
885 {
886 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
887 VncState *vs, *vn;
888 uint8_t *src_row;
889 uint8_t *dst_row;
890 int i, x, y, pitch, inc, w_lim, s;
891 int cmp_bytes;
892
893 if (!vd->server) {
894 /* no client connected */
895 return;
896 }
897
898 vnc_refresh_server_surface(vd);
899 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
900 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
901 vs->force_update = 1;
902 vnc_update_client(vs, 1, true);
903 /* vs might be free()ed here */
904 }
905 }
906
907 /* do bitblit op on the local surface too */
908 pitch = vnc_server_fb_stride(vd);
909 src_row = vnc_server_fb_ptr(vd, src_x, src_y);
910 dst_row = vnc_server_fb_ptr(vd, dst_x, dst_y);
911 y = dst_y;
912 inc = 1;
913 if (dst_y > src_y) {
914 /* copy backwards */
915 src_row += pitch * (h-1);
916 dst_row += pitch * (h-1);
917 pitch = -pitch;
918 y = dst_y + h - 1;
919 inc = -1;
920 }
921 w_lim = w - (VNC_DIRTY_PIXELS_PER_BIT - (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
922 if (w_lim < 0) {
923 w_lim = w;
924 } else {
925 w_lim = w - (w_lim % VNC_DIRTY_PIXELS_PER_BIT);
926 }
927 for (i = 0; i < h; i++) {
928 for (x = 0; x <= w_lim;
929 x += s, src_row += cmp_bytes, dst_row += cmp_bytes) {
930 if (x == w_lim) {
931 if ((s = w - w_lim) == 0)
932 break;
933 } else if (!x) {
934 s = (VNC_DIRTY_PIXELS_PER_BIT -
935 (dst_x % VNC_DIRTY_PIXELS_PER_BIT));
936 s = MIN(s, w_lim);
937 } else {
938 s = VNC_DIRTY_PIXELS_PER_BIT;
939 }
940 cmp_bytes = s * VNC_SERVER_FB_BYTES;
941 if (memcmp(src_row, dst_row, cmp_bytes) == 0)
942 continue;
943 memmove(dst_row, src_row, cmp_bytes);
944 QTAILQ_FOREACH(vs, &vd->clients, next) {
945 if (!vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
946 set_bit(((x + dst_x) / VNC_DIRTY_PIXELS_PER_BIT),
947 vs->dirty[y]);
948 }
949 }
950 }
951 src_row += pitch - w * VNC_SERVER_FB_BYTES;
952 dst_row += pitch - w * VNC_SERVER_FB_BYTES;
953 y += inc;
954 }
955
956 QTAILQ_FOREACH(vs, &vd->clients, next) {
957 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT)) {
958 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
959 }
960 }
961 }
962
963 static void vnc_mouse_set(DisplayChangeListener *dcl,
964 int x, int y, int visible)
965 {
966 /* can we ask the client(s) to move the pointer ??? */
967 }
968
969 static int vnc_cursor_define(VncState *vs)
970 {
971 QEMUCursor *c = vs->vd->cursor;
972 int isize;
973
974 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
975 vnc_lock_output(vs);
976 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
977 vnc_write_u8(vs, 0); /* padding */
978 vnc_write_u16(vs, 1); /* # of rects */
979 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
980 VNC_ENCODING_RICH_CURSOR);
981 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
982 vnc_write_pixels_generic(vs, c->data, isize);
983 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
984 vnc_unlock_output(vs);
985 return 0;
986 }
987 return -1;
988 }
989
990 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
991 QEMUCursor *c)
992 {
993 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
994 VncState *vs;
995
996 cursor_put(vd->cursor);
997 g_free(vd->cursor_mask);
998
999 vd->cursor = c;
1000 cursor_get(vd->cursor);
1001 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1002 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1003 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1004
1005 QTAILQ_FOREACH(vs, &vd->clients, next) {
1006 vnc_cursor_define(vs);
1007 }
1008 }
1009
1010 static int find_and_clear_dirty_height(VncState *vs,
1011 int y, int last_x, int x, int height)
1012 {
1013 int h;
1014
1015 for (h = 1; h < (height - y); h++) {
1016 if (!test_bit(last_x, vs->dirty[y + h])) {
1017 break;
1018 }
1019 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1020 }
1021
1022 return h;
1023 }
1024
1025 static int vnc_update_client(VncState *vs, int has_dirty, bool sync)
1026 {
1027 vs->has_dirty += has_dirty;
1028 if (vs->need_update && !vs->disconnecting) {
1029 VncDisplay *vd = vs->vd;
1030 VncJob *job;
1031 int y;
1032 int height, width;
1033 int n = 0;
1034
1035 if (vs->output.offset && !vs->audio_cap && !vs->force_update)
1036 /* kernel send buffers are full -> drop frames to throttle */
1037 return 0;
1038
1039 if (!vs->has_dirty && !vs->audio_cap && !vs->force_update)
1040 return 0;
1041
1042 /*
1043 * Send screen updates to the vnc client using the server
1044 * surface and server dirty map. guest surface updates
1045 * happening in parallel don't disturb us, the next pass will
1046 * send them to the client.
1047 */
1048 job = vnc_job_new(vs);
1049
1050 height = pixman_image_get_height(vd->server);
1051 width = pixman_image_get_width(vd->server);
1052
1053 y = 0;
1054 for (;;) {
1055 int x, h;
1056 unsigned long x2;
1057 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1058 height * VNC_DIRTY_BPL(vs),
1059 y * VNC_DIRTY_BPL(vs));
1060 if (offset == height * VNC_DIRTY_BPL(vs)) {
1061 /* no more dirty bits */
1062 break;
1063 }
1064 y = offset / VNC_DIRTY_BPL(vs);
1065 x = offset % VNC_DIRTY_BPL(vs);
1066 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1067 VNC_DIRTY_BPL(vs), x);
1068 bitmap_clear(vs->dirty[y], x, x2 - x);
1069 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1070 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1071 if (x2 > x) {
1072 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1073 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1074 }
1075 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1076 y += h;
1077 if (y == height) {
1078 break;
1079 }
1080 }
1081 }
1082
1083 vnc_job_push(job);
1084 if (sync) {
1085 vnc_jobs_join(vs);
1086 }
1087 vs->force_update = 0;
1088 vs->has_dirty = 0;
1089 return n;
1090 }
1091
1092 if (vs->disconnecting) {
1093 vnc_disconnect_finish(vs);
1094 } else if (sync) {
1095 vnc_jobs_join(vs);
1096 }
1097
1098 return 0;
1099 }
1100
1101 /* audio */
1102 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1103 {
1104 VncState *vs = opaque;
1105
1106 switch (cmd) {
1107 case AUD_CNOTIFY_DISABLE:
1108 vnc_lock_output(vs);
1109 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1110 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1111 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1112 vnc_unlock_output(vs);
1113 vnc_flush(vs);
1114 break;
1115
1116 case AUD_CNOTIFY_ENABLE:
1117 vnc_lock_output(vs);
1118 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1119 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1120 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1121 vnc_unlock_output(vs);
1122 vnc_flush(vs);
1123 break;
1124 }
1125 }
1126
1127 static void audio_capture_destroy(void *opaque)
1128 {
1129 }
1130
1131 static void audio_capture(void *opaque, void *buf, int size)
1132 {
1133 VncState *vs = opaque;
1134
1135 vnc_lock_output(vs);
1136 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1137 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1138 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1139 vnc_write_u32(vs, size);
1140 vnc_write(vs, buf, size);
1141 vnc_unlock_output(vs);
1142 vnc_flush(vs);
1143 }
1144
1145 static void audio_add(VncState *vs)
1146 {
1147 struct audio_capture_ops ops;
1148
1149 if (vs->audio_cap) {
1150 error_report("audio already running");
1151 return;
1152 }
1153
1154 ops.notify = audio_capture_notify;
1155 ops.destroy = audio_capture_destroy;
1156 ops.capture = audio_capture;
1157
1158 vs->audio_cap = AUD_add_capture(&vs->as, &ops, vs);
1159 if (!vs->audio_cap) {
1160 error_report("Failed to add audio capture");
1161 }
1162 }
1163
1164 static void audio_del(VncState *vs)
1165 {
1166 if (vs->audio_cap) {
1167 AUD_del_capture(vs->audio_cap, vs);
1168 vs->audio_cap = NULL;
1169 }
1170 }
1171
1172 static void vnc_disconnect_start(VncState *vs)
1173 {
1174 if (vs->disconnecting) {
1175 return;
1176 }
1177 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1178 if (vs->ioc_tag) {
1179 g_source_remove(vs->ioc_tag);
1180 }
1181 qio_channel_close(vs->ioc, NULL);
1182 vs->disconnecting = TRUE;
1183 }
1184
1185 void vnc_disconnect_finish(VncState *vs)
1186 {
1187 int i;
1188
1189 vnc_jobs_join(vs); /* Wait encoding jobs */
1190
1191 vnc_lock_output(vs);
1192 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1193
1194 buffer_free(&vs->input);
1195 buffer_free(&vs->output);
1196
1197 qapi_free_VncClientInfo(vs->info);
1198
1199 vnc_zlib_clear(vs);
1200 vnc_tight_clear(vs);
1201 vnc_zrle_clear(vs);
1202
1203 #ifdef CONFIG_VNC_SASL
1204 vnc_sasl_client_cleanup(vs);
1205 #endif /* CONFIG_VNC_SASL */
1206 audio_del(vs);
1207 vnc_release_modifiers(vs);
1208
1209 if (vs->initialized) {
1210 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1211 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1212 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1213 /* last client gone */
1214 vnc_update_server_surface(vs->vd);
1215 }
1216 }
1217
1218 if (vs->vd->lock_key_sync)
1219 qemu_remove_led_event_handler(vs->led);
1220 vnc_unlock_output(vs);
1221
1222 qemu_mutex_destroy(&vs->output_mutex);
1223 if (vs->bh != NULL) {
1224 qemu_bh_delete(vs->bh);
1225 }
1226 buffer_free(&vs->jobs_buffer);
1227
1228 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1229 g_free(vs->lossy_rect[i]);
1230 }
1231 g_free(vs->lossy_rect);
1232
1233 object_unref(OBJECT(vs->ioc));
1234 vs->ioc = NULL;
1235 object_unref(OBJECT(vs->sioc));
1236 vs->sioc = NULL;
1237 g_free(vs);
1238 }
1239
1240 ssize_t vnc_client_io_error(VncState *vs, ssize_t ret, Error **errp)
1241 {
1242 if (ret <= 0) {
1243 if (ret == 0) {
1244 VNC_DEBUG("Closing down client sock: EOF\n");
1245 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1246 VNC_DEBUG("Closing down client sock: ret %d (%s)\n",
1247 ret, errp ? error_get_pretty(*errp) : "Unknown");
1248 }
1249
1250 vnc_disconnect_start(vs);
1251 if (errp) {
1252 error_free(*errp);
1253 *errp = NULL;
1254 }
1255 return 0;
1256 }
1257 return ret;
1258 }
1259
1260
1261 void vnc_client_error(VncState *vs)
1262 {
1263 VNC_DEBUG("Closing down client sock: protocol error\n");
1264 vnc_disconnect_start(vs);
1265 }
1266
1267
1268 /*
1269 * Called to write a chunk of data to the client socket. The data may
1270 * be the raw data, or may have already been encoded by SASL.
1271 * The data will be written either straight onto the socket, or
1272 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1273 *
1274 * NB, it is theoretically possible to have 2 layers of encryption,
1275 * both SASL, and this TLS layer. It is highly unlikely in practice
1276 * though, since SASL encryption will typically be a no-op if TLS
1277 * is active
1278 *
1279 * Returns the number of bytes written, which may be less than
1280 * the requested 'datalen' if the socket would block. Returns
1281 * -1 on error, and disconnects the client socket.
1282 */
1283 ssize_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1284 {
1285 Error *err = NULL;
1286 ssize_t ret;
1287 ret = qio_channel_write(
1288 vs->ioc, (const char *)data, datalen, &err);
1289 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1290 return vnc_client_io_error(vs, ret, &err);
1291 }
1292
1293
1294 /*
1295 * Called to write buffered data to the client socket, when not
1296 * using any SASL SSF encryption layers. Will write as much data
1297 * as possible without blocking. If all buffered data is written,
1298 * will switch the FD poll() handler back to read monitoring.
1299 *
1300 * Returns the number of bytes written, which may be less than
1301 * the buffered output data if the socket would block. Returns
1302 * -1 on error, and disconnects the client socket.
1303 */
1304 static ssize_t vnc_client_write_plain(VncState *vs)
1305 {
1306 ssize_t ret;
1307
1308 #ifdef CONFIG_VNC_SASL
1309 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1310 vs->output.buffer, vs->output.capacity, vs->output.offset,
1311 vs->sasl.waitWriteSSF);
1312
1313 if (vs->sasl.conn &&
1314 vs->sasl.runSSF &&
1315 vs->sasl.waitWriteSSF) {
1316 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1317 if (ret)
1318 vs->sasl.waitWriteSSF -= ret;
1319 } else
1320 #endif /* CONFIG_VNC_SASL */
1321 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1322 if (!ret)
1323 return 0;
1324
1325 buffer_advance(&vs->output, ret);
1326
1327 if (vs->output.offset == 0) {
1328 if (vs->ioc_tag) {
1329 g_source_remove(vs->ioc_tag);
1330 }
1331 vs->ioc_tag = qio_channel_add_watch(
1332 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1333 }
1334
1335 return ret;
1336 }
1337
1338
1339 /*
1340 * First function called whenever there is data to be written to
1341 * the client socket. Will delegate actual work according to whether
1342 * SASL SSF layers are enabled (thus requiring encryption calls)
1343 */
1344 static void vnc_client_write_locked(VncState *vs)
1345 {
1346 #ifdef CONFIG_VNC_SASL
1347 if (vs->sasl.conn &&
1348 vs->sasl.runSSF &&
1349 !vs->sasl.waitWriteSSF) {
1350 vnc_client_write_sasl(vs);
1351 } else
1352 #endif /* CONFIG_VNC_SASL */
1353 {
1354 vnc_client_write_plain(vs);
1355 }
1356 }
1357
1358 static void vnc_client_write(VncState *vs)
1359 {
1360
1361 vnc_lock_output(vs);
1362 if (vs->output.offset) {
1363 vnc_client_write_locked(vs);
1364 } else if (vs->ioc != NULL) {
1365 if (vs->ioc_tag) {
1366 g_source_remove(vs->ioc_tag);
1367 }
1368 vs->ioc_tag = qio_channel_add_watch(
1369 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
1370 }
1371 vnc_unlock_output(vs);
1372 }
1373
1374 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1375 {
1376 vs->read_handler = func;
1377 vs->read_handler_expect = expecting;
1378 }
1379
1380
1381 /*
1382 * Called to read a chunk of data from the client socket. The data may
1383 * be the raw data, or may need to be further decoded by SASL.
1384 * The data will be read either straight from to the socket, or
1385 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1386 *
1387 * NB, it is theoretically possible to have 2 layers of encryption,
1388 * both SASL, and this TLS layer. It is highly unlikely in practice
1389 * though, since SASL encryption will typically be a no-op if TLS
1390 * is active
1391 *
1392 * Returns the number of bytes read, which may be less than
1393 * the requested 'datalen' if the socket would block. Returns
1394 * -1 on error, and disconnects the client socket.
1395 */
1396 ssize_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1397 {
1398 ssize_t ret;
1399 Error *err = NULL;
1400 ret = qio_channel_read(
1401 vs->ioc, (char *)data, datalen, &err);
1402 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1403 return vnc_client_io_error(vs, ret, &err);
1404 }
1405
1406
1407 /*
1408 * Called to read data from the client socket to the input buffer,
1409 * when not using any SASL SSF encryption layers. Will read as much
1410 * data as possible without blocking.
1411 *
1412 * Returns the number of bytes read. Returns -1 on error, and
1413 * disconnects the client socket.
1414 */
1415 static ssize_t vnc_client_read_plain(VncState *vs)
1416 {
1417 ssize_t ret;
1418 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1419 vs->input.buffer, vs->input.capacity, vs->input.offset);
1420 buffer_reserve(&vs->input, 4096);
1421 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1422 if (!ret)
1423 return 0;
1424 vs->input.offset += ret;
1425 return ret;
1426 }
1427
1428 static void vnc_jobs_bh(void *opaque)
1429 {
1430 VncState *vs = opaque;
1431
1432 vnc_jobs_consume_buffer(vs);
1433 }
1434
1435 /*
1436 * First function called whenever there is more data to be read from
1437 * the client socket. Will delegate actual work according to whether
1438 * SASL SSF layers are enabled (thus requiring decryption calls)
1439 * Returns 0 on success, -1 if client disconnected
1440 */
1441 static int vnc_client_read(VncState *vs)
1442 {
1443 ssize_t ret;
1444
1445 #ifdef CONFIG_VNC_SASL
1446 if (vs->sasl.conn && vs->sasl.runSSF)
1447 ret = vnc_client_read_sasl(vs);
1448 else
1449 #endif /* CONFIG_VNC_SASL */
1450 ret = vnc_client_read_plain(vs);
1451 if (!ret) {
1452 if (vs->disconnecting) {
1453 vnc_disconnect_finish(vs);
1454 return -1;
1455 }
1456 return 0;
1457 }
1458
1459 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1460 size_t len = vs->read_handler_expect;
1461 int ret;
1462
1463 ret = vs->read_handler(vs, vs->input.buffer, len);
1464 if (vs->disconnecting) {
1465 vnc_disconnect_finish(vs);
1466 return -1;
1467 }
1468
1469 if (!ret) {
1470 buffer_advance(&vs->input, len);
1471 } else {
1472 vs->read_handler_expect = ret;
1473 }
1474 }
1475 return 0;
1476 }
1477
1478 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1479 GIOCondition condition, void *opaque)
1480 {
1481 VncState *vs = opaque;
1482 if (condition & G_IO_IN) {
1483 if (vnc_client_read(vs) < 0) {
1484 return TRUE;
1485 }
1486 }
1487 if (condition & G_IO_OUT) {
1488 vnc_client_write(vs);
1489 }
1490 return TRUE;
1491 }
1492
1493
1494 void vnc_write(VncState *vs, const void *data, size_t len)
1495 {
1496 buffer_reserve(&vs->output, len);
1497
1498 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1499 if (vs->ioc_tag) {
1500 g_source_remove(vs->ioc_tag);
1501 }
1502 vs->ioc_tag = qio_channel_add_watch(
1503 vs->ioc, G_IO_IN | G_IO_OUT, vnc_client_io, vs, NULL);
1504 }
1505
1506 buffer_append(&vs->output, data, len);
1507 }
1508
1509 void vnc_write_s32(VncState *vs, int32_t value)
1510 {
1511 vnc_write_u32(vs, *(uint32_t *)&value);
1512 }
1513
1514 void vnc_write_u32(VncState *vs, uint32_t value)
1515 {
1516 uint8_t buf[4];
1517
1518 buf[0] = (value >> 24) & 0xFF;
1519 buf[1] = (value >> 16) & 0xFF;
1520 buf[2] = (value >> 8) & 0xFF;
1521 buf[3] = value & 0xFF;
1522
1523 vnc_write(vs, buf, 4);
1524 }
1525
1526 void vnc_write_u16(VncState *vs, uint16_t value)
1527 {
1528 uint8_t buf[2];
1529
1530 buf[0] = (value >> 8) & 0xFF;
1531 buf[1] = value & 0xFF;
1532
1533 vnc_write(vs, buf, 2);
1534 }
1535
1536 void vnc_write_u8(VncState *vs, uint8_t value)
1537 {
1538 vnc_write(vs, (char *)&value, 1);
1539 }
1540
1541 void vnc_flush(VncState *vs)
1542 {
1543 vnc_lock_output(vs);
1544 if (vs->ioc != NULL && vs->output.offset) {
1545 vnc_client_write_locked(vs);
1546 }
1547 vnc_unlock_output(vs);
1548 }
1549
1550 static uint8_t read_u8(uint8_t *data, size_t offset)
1551 {
1552 return data[offset];
1553 }
1554
1555 static uint16_t read_u16(uint8_t *data, size_t offset)
1556 {
1557 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1558 }
1559
1560 static int32_t read_s32(uint8_t *data, size_t offset)
1561 {
1562 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1563 (data[offset + 2] << 8) | data[offset + 3]);
1564 }
1565
1566 uint32_t read_u32(uint8_t *data, size_t offset)
1567 {
1568 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1569 (data[offset + 2] << 8) | data[offset + 3]);
1570 }
1571
1572 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1573 {
1574 }
1575
1576 static void check_pointer_type_change(Notifier *notifier, void *data)
1577 {
1578 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1579 int absolute = qemu_input_is_absolute();
1580
1581 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1582 vnc_lock_output(vs);
1583 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1584 vnc_write_u8(vs, 0);
1585 vnc_write_u16(vs, 1);
1586 vnc_framebuffer_update(vs, absolute, 0,
1587 pixman_image_get_width(vs->vd->server),
1588 pixman_image_get_height(vs->vd->server),
1589 VNC_ENCODING_POINTER_TYPE_CHANGE);
1590 vnc_unlock_output(vs);
1591 vnc_flush(vs);
1592 }
1593 vs->absolute = absolute;
1594 }
1595
1596 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1597 {
1598 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1599 [INPUT_BUTTON_LEFT] = 0x01,
1600 [INPUT_BUTTON_MIDDLE] = 0x02,
1601 [INPUT_BUTTON_RIGHT] = 0x04,
1602 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1603 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1604 };
1605 QemuConsole *con = vs->vd->dcl.con;
1606 int width = pixman_image_get_width(vs->vd->server);
1607 int height = pixman_image_get_height(vs->vd->server);
1608
1609 if (vs->last_bmask != button_mask) {
1610 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1611 vs->last_bmask = button_mask;
1612 }
1613
1614 if (vs->absolute) {
1615 qemu_input_queue_abs(con, INPUT_AXIS_X, x, width);
1616 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, height);
1617 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1618 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1619 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1620 } else {
1621 if (vs->last_x != -1) {
1622 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1623 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1624 }
1625 vs->last_x = x;
1626 vs->last_y = y;
1627 }
1628 qemu_input_event_sync();
1629 }
1630
1631 static void reset_keys(VncState *vs)
1632 {
1633 int i;
1634 for(i = 0; i < 256; i++) {
1635 if (vs->modifiers_state[i]) {
1636 qemu_input_event_send_key_number(vs->vd->dcl.con, i, false);
1637 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1638 vs->modifiers_state[i] = 0;
1639 }
1640 }
1641 }
1642
1643 static void press_key(VncState *vs, int keysym)
1644 {
1645 int keycode = keysym2scancode(vs->vd->kbd_layout, keysym) & SCANCODE_KEYMASK;
1646 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, true);
1647 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1648 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1649 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1650 }
1651
1652 static int current_led_state(VncState *vs)
1653 {
1654 int ledstate = 0;
1655
1656 if (vs->modifiers_state[0x46]) {
1657 ledstate |= QEMU_SCROLL_LOCK_LED;
1658 }
1659 if (vs->modifiers_state[0x45]) {
1660 ledstate |= QEMU_NUM_LOCK_LED;
1661 }
1662 if (vs->modifiers_state[0x3a]) {
1663 ledstate |= QEMU_CAPS_LOCK_LED;
1664 }
1665
1666 return ledstate;
1667 }
1668
1669 static void vnc_led_state_change(VncState *vs)
1670 {
1671 int ledstate = 0;
1672
1673 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1674 return;
1675 }
1676
1677 ledstate = current_led_state(vs);
1678 vnc_lock_output(vs);
1679 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1680 vnc_write_u8(vs, 0);
1681 vnc_write_u16(vs, 1);
1682 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1683 vnc_write_u8(vs, ledstate);
1684 vnc_unlock_output(vs);
1685 vnc_flush(vs);
1686 }
1687
1688 static void kbd_leds(void *opaque, int ledstate)
1689 {
1690 VncState *vs = opaque;
1691 int caps, num, scr;
1692 bool has_changed = (ledstate != current_led_state(vs));
1693
1694 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1695 (ledstate & QEMU_NUM_LOCK_LED),
1696 (ledstate & QEMU_SCROLL_LOCK_LED));
1697
1698 caps = ledstate & QEMU_CAPS_LOCK_LED ? 1 : 0;
1699 num = ledstate & QEMU_NUM_LOCK_LED ? 1 : 0;
1700 scr = ledstate & QEMU_SCROLL_LOCK_LED ? 1 : 0;
1701
1702 if (vs->modifiers_state[0x3a] != caps) {
1703 vs->modifiers_state[0x3a] = caps;
1704 }
1705 if (vs->modifiers_state[0x45] != num) {
1706 vs->modifiers_state[0x45] = num;
1707 }
1708 if (vs->modifiers_state[0x46] != scr) {
1709 vs->modifiers_state[0x46] = scr;
1710 }
1711
1712 /* Sending the current led state message to the client */
1713 if (has_changed) {
1714 vnc_led_state_change(vs);
1715 }
1716 }
1717
1718 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1719 {
1720 /* QEMU console switch */
1721 switch(keycode) {
1722 case 0x2a: /* Left Shift */
1723 case 0x36: /* Right Shift */
1724 case 0x1d: /* Left CTRL */
1725 case 0x9d: /* Right CTRL */
1726 case 0x38: /* Left ALT */
1727 case 0xb8: /* Right ALT */
1728 if (down)
1729 vs->modifiers_state[keycode] = 1;
1730 else
1731 vs->modifiers_state[keycode] = 0;
1732 break;
1733 case 0x02 ... 0x0a: /* '1' to '9' keys */
1734 if (vs->vd->dcl.con == NULL &&
1735 down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1736 /* Reset the modifiers sent to the current console */
1737 reset_keys(vs);
1738 console_select(keycode - 0x02);
1739 return;
1740 }
1741 break;
1742 case 0x3a: /* CapsLock */
1743 case 0x45: /* NumLock */
1744 if (down)
1745 vs->modifiers_state[keycode] ^= 1;
1746 break;
1747 }
1748
1749 /* Turn off the lock state sync logic if the client support the led
1750 state extension.
1751 */
1752 if (down && vs->vd->lock_key_sync &&
1753 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1754 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1755 /* If the numlock state needs to change then simulate an additional
1756 keypress before sending this one. This will happen if the user
1757 toggles numlock away from the VNC window.
1758 */
1759 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1760 if (!vs->modifiers_state[0x45]) {
1761 trace_vnc_key_sync_numlock(true);
1762 vs->modifiers_state[0x45] = 1;
1763 press_key(vs, 0xff7f);
1764 }
1765 } else {
1766 if (vs->modifiers_state[0x45]) {
1767 trace_vnc_key_sync_numlock(false);
1768 vs->modifiers_state[0x45] = 0;
1769 press_key(vs, 0xff7f);
1770 }
1771 }
1772 }
1773
1774 if (down && vs->vd->lock_key_sync &&
1775 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1776 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1777 /* If the capslock state needs to change then simulate an additional
1778 keypress before sending this one. This will happen if the user
1779 toggles capslock away from the VNC window.
1780 */
1781 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1782 int shift = !!(vs->modifiers_state[0x2a] | vs->modifiers_state[0x36]);
1783 int capslock = !!(vs->modifiers_state[0x3a]);
1784 if (capslock) {
1785 if (uppercase == shift) {
1786 trace_vnc_key_sync_capslock(false);
1787 vs->modifiers_state[0x3a] = 0;
1788 press_key(vs, 0xffe5);
1789 }
1790 } else {
1791 if (uppercase != shift) {
1792 trace_vnc_key_sync_capslock(true);
1793 vs->modifiers_state[0x3a] = 1;
1794 press_key(vs, 0xffe5);
1795 }
1796 }
1797 }
1798
1799 if (qemu_console_is_graphic(NULL)) {
1800 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, down);
1801 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1802 } else {
1803 bool numlock = vs->modifiers_state[0x45];
1804 bool control = (vs->modifiers_state[0x1d] ||
1805 vs->modifiers_state[0x9d]);
1806 /* QEMU console emulation */
1807 if (down) {
1808 switch (keycode) {
1809 case 0x2a: /* Left Shift */
1810 case 0x36: /* Right Shift */
1811 case 0x1d: /* Left CTRL */
1812 case 0x9d: /* Right CTRL */
1813 case 0x38: /* Left ALT */
1814 case 0xb8: /* Right ALT */
1815 break;
1816 case 0xc8:
1817 kbd_put_keysym(QEMU_KEY_UP);
1818 break;
1819 case 0xd0:
1820 kbd_put_keysym(QEMU_KEY_DOWN);
1821 break;
1822 case 0xcb:
1823 kbd_put_keysym(QEMU_KEY_LEFT);
1824 break;
1825 case 0xcd:
1826 kbd_put_keysym(QEMU_KEY_RIGHT);
1827 break;
1828 case 0xd3:
1829 kbd_put_keysym(QEMU_KEY_DELETE);
1830 break;
1831 case 0xc7:
1832 kbd_put_keysym(QEMU_KEY_HOME);
1833 break;
1834 case 0xcf:
1835 kbd_put_keysym(QEMU_KEY_END);
1836 break;
1837 case 0xc9:
1838 kbd_put_keysym(QEMU_KEY_PAGEUP);
1839 break;
1840 case 0xd1:
1841 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1842 break;
1843
1844 case 0x47:
1845 kbd_put_keysym(numlock ? '7' : QEMU_KEY_HOME);
1846 break;
1847 case 0x48:
1848 kbd_put_keysym(numlock ? '8' : QEMU_KEY_UP);
1849 break;
1850 case 0x49:
1851 kbd_put_keysym(numlock ? '9' : QEMU_KEY_PAGEUP);
1852 break;
1853 case 0x4b:
1854 kbd_put_keysym(numlock ? '4' : QEMU_KEY_LEFT);
1855 break;
1856 case 0x4c:
1857 kbd_put_keysym('5');
1858 break;
1859 case 0x4d:
1860 kbd_put_keysym(numlock ? '6' : QEMU_KEY_RIGHT);
1861 break;
1862 case 0x4f:
1863 kbd_put_keysym(numlock ? '1' : QEMU_KEY_END);
1864 break;
1865 case 0x50:
1866 kbd_put_keysym(numlock ? '2' : QEMU_KEY_DOWN);
1867 break;
1868 case 0x51:
1869 kbd_put_keysym(numlock ? '3' : QEMU_KEY_PAGEDOWN);
1870 break;
1871 case 0x52:
1872 kbd_put_keysym('0');
1873 break;
1874 case 0x53:
1875 kbd_put_keysym(numlock ? '.' : QEMU_KEY_DELETE);
1876 break;
1877
1878 case 0xb5:
1879 kbd_put_keysym('/');
1880 break;
1881 case 0x37:
1882 kbd_put_keysym('*');
1883 break;
1884 case 0x4a:
1885 kbd_put_keysym('-');
1886 break;
1887 case 0x4e:
1888 kbd_put_keysym('+');
1889 break;
1890 case 0x9c:
1891 kbd_put_keysym('\n');
1892 break;
1893
1894 default:
1895 if (control) {
1896 kbd_put_keysym(sym & 0x1f);
1897 } else {
1898 kbd_put_keysym(sym);
1899 }
1900 break;
1901 }
1902 }
1903 }
1904 }
1905
1906 static void vnc_release_modifiers(VncState *vs)
1907 {
1908 static const int keycodes[] = {
1909 /* shift, control, alt keys, both left & right */
1910 0x2a, 0x36, 0x1d, 0x9d, 0x38, 0xb8,
1911 };
1912 int i, keycode;
1913
1914 if (!qemu_console_is_graphic(NULL)) {
1915 return;
1916 }
1917 for (i = 0; i < ARRAY_SIZE(keycodes); i++) {
1918 keycode = keycodes[i];
1919 if (!vs->modifiers_state[keycode]) {
1920 continue;
1921 }
1922 qemu_input_event_send_key_number(vs->vd->dcl.con, keycode, false);
1923 qemu_input_event_send_key_delay(vs->vd->key_delay_ms);
1924 }
1925 }
1926
1927 static const char *code2name(int keycode)
1928 {
1929 return QKeyCode_lookup[qemu_input_key_number_to_qcode(keycode)];
1930 }
1931
1932 static void key_event(VncState *vs, int down, uint32_t sym)
1933 {
1934 int keycode;
1935 int lsym = sym;
1936
1937 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(NULL)) {
1938 lsym = lsym - 'A' + 'a';
1939 }
1940
1941 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF) & SCANCODE_KEYMASK;
1942 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
1943 do_key_event(vs, down, keycode, sym);
1944 }
1945
1946 static void ext_key_event(VncState *vs, int down,
1947 uint32_t sym, uint16_t keycode)
1948 {
1949 /* if the user specifies a keyboard layout, always use it */
1950 if (keyboard_layout) {
1951 key_event(vs, down, sym);
1952 } else {
1953 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
1954 do_key_event(vs, down, keycode, sym);
1955 }
1956 }
1957
1958 static void framebuffer_update_request(VncState *vs, int incremental,
1959 int x, int y, int w, int h)
1960 {
1961 vs->need_update = 1;
1962
1963 if (incremental) {
1964 return;
1965 }
1966
1967 vs->force_update = 1;
1968 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
1969 }
1970
1971 static void send_ext_key_event_ack(VncState *vs)
1972 {
1973 vnc_lock_output(vs);
1974 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1975 vnc_write_u8(vs, 0);
1976 vnc_write_u16(vs, 1);
1977 vnc_framebuffer_update(vs, 0, 0,
1978 pixman_image_get_width(vs->vd->server),
1979 pixman_image_get_height(vs->vd->server),
1980 VNC_ENCODING_EXT_KEY_EVENT);
1981 vnc_unlock_output(vs);
1982 vnc_flush(vs);
1983 }
1984
1985 static void send_ext_audio_ack(VncState *vs)
1986 {
1987 vnc_lock_output(vs);
1988 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1989 vnc_write_u8(vs, 0);
1990 vnc_write_u16(vs, 1);
1991 vnc_framebuffer_update(vs, 0, 0,
1992 pixman_image_get_width(vs->vd->server),
1993 pixman_image_get_height(vs->vd->server),
1994 VNC_ENCODING_AUDIO);
1995 vnc_unlock_output(vs);
1996 vnc_flush(vs);
1997 }
1998
1999 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2000 {
2001 int i;
2002 unsigned int enc = 0;
2003
2004 vs->features = 0;
2005 vs->vnc_encoding = 0;
2006 vs->tight.compression = 9;
2007 vs->tight.quality = -1; /* Lossless by default */
2008 vs->absolute = -1;
2009
2010 /*
2011 * Start from the end because the encodings are sent in order of preference.
2012 * This way the preferred encoding (first encoding defined in the array)
2013 * will be set at the end of the loop.
2014 */
2015 for (i = n_encodings - 1; i >= 0; i--) {
2016 enc = encodings[i];
2017 switch (enc) {
2018 case VNC_ENCODING_RAW:
2019 vs->vnc_encoding = enc;
2020 break;
2021 case VNC_ENCODING_COPYRECT:
2022 vs->features |= VNC_FEATURE_COPYRECT_MASK;
2023 break;
2024 case VNC_ENCODING_HEXTILE:
2025 vs->features |= VNC_FEATURE_HEXTILE_MASK;
2026 vs->vnc_encoding = enc;
2027 break;
2028 case VNC_ENCODING_TIGHT:
2029 vs->features |= VNC_FEATURE_TIGHT_MASK;
2030 vs->vnc_encoding = enc;
2031 break;
2032 #ifdef CONFIG_VNC_PNG
2033 case VNC_ENCODING_TIGHT_PNG:
2034 vs->features |= VNC_FEATURE_TIGHT_PNG_MASK;
2035 vs->vnc_encoding = enc;
2036 break;
2037 #endif
2038 case VNC_ENCODING_ZLIB:
2039 vs->features |= VNC_FEATURE_ZLIB_MASK;
2040 vs->vnc_encoding = enc;
2041 break;
2042 case VNC_ENCODING_ZRLE:
2043 vs->features |= VNC_FEATURE_ZRLE_MASK;
2044 vs->vnc_encoding = enc;
2045 break;
2046 case VNC_ENCODING_ZYWRLE:
2047 vs->features |= VNC_FEATURE_ZYWRLE_MASK;
2048 vs->vnc_encoding = enc;
2049 break;
2050 case VNC_ENCODING_DESKTOPRESIZE:
2051 vs->features |= VNC_FEATURE_RESIZE_MASK;
2052 break;
2053 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2054 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
2055 break;
2056 case VNC_ENCODING_RICH_CURSOR:
2057 vs->features |= VNC_FEATURE_RICH_CURSOR_MASK;
2058 if (vs->vd->cursor) {
2059 vnc_cursor_define(vs);
2060 }
2061 break;
2062 case VNC_ENCODING_EXT_KEY_EVENT:
2063 send_ext_key_event_ack(vs);
2064 break;
2065 case VNC_ENCODING_AUDIO:
2066 send_ext_audio_ack(vs);
2067 break;
2068 case VNC_ENCODING_WMVi:
2069 vs->features |= VNC_FEATURE_WMVI_MASK;
2070 break;
2071 case VNC_ENCODING_LED_STATE:
2072 vs->features |= VNC_FEATURE_LED_STATE_MASK;
2073 break;
2074 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2075 vs->tight.compression = (enc & 0x0F);
2076 break;
2077 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2078 if (vs->vd->lossy) {
2079 vs->tight.quality = (enc & 0x0F);
2080 }
2081 break;
2082 default:
2083 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2084 break;
2085 }
2086 }
2087 vnc_desktop_resize(vs);
2088 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2089 vnc_led_state_change(vs);
2090 }
2091
2092 static void set_pixel_conversion(VncState *vs)
2093 {
2094 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf);
2095
2096 if (fmt == VNC_SERVER_FB_FORMAT) {
2097 vs->write_pixels = vnc_write_pixels_copy;
2098 vnc_hextile_set_pixel_conversion(vs, 0);
2099 } else {
2100 vs->write_pixels = vnc_write_pixels_generic;
2101 vnc_hextile_set_pixel_conversion(vs, 1);
2102 }
2103 }
2104
2105 static void send_color_map(VncState *vs)
2106 {
2107 int i;
2108
2109 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2110 vnc_write_u8(vs, 0); /* padding */
2111 vnc_write_u16(vs, 0); /* first color */
2112 vnc_write_u16(vs, 256); /* # of colors */
2113
2114 for (i = 0; i < 256; i++) {
2115 PixelFormat *pf = &vs->client_pf;
2116
2117 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2118 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2119 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2120 }
2121 }
2122
2123 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2124 int big_endian_flag, int true_color_flag,
2125 int red_max, int green_max, int blue_max,
2126 int red_shift, int green_shift, int blue_shift)
2127 {
2128 if (!true_color_flag) {
2129 /* Expose a reasonable default 256 color map */
2130 bits_per_pixel = 8;
2131 red_max = 7;
2132 green_max = 7;
2133 blue_max = 3;
2134 red_shift = 0;
2135 green_shift = 3;
2136 blue_shift = 6;
2137 }
2138
2139 switch (bits_per_pixel) {
2140 case 8:
2141 case 16:
2142 case 32:
2143 break;
2144 default:
2145 vnc_client_error(vs);
2146 return;
2147 }
2148
2149 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2150 vs->client_pf.rbits = hweight_long(red_max);
2151 vs->client_pf.rshift = red_shift;
2152 vs->client_pf.rmask = red_max << red_shift;
2153 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2154 vs->client_pf.gbits = hweight_long(green_max);
2155 vs->client_pf.gshift = green_shift;
2156 vs->client_pf.gmask = green_max << green_shift;
2157 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2158 vs->client_pf.bbits = hweight_long(blue_max);
2159 vs->client_pf.bshift = blue_shift;
2160 vs->client_pf.bmask = blue_max << blue_shift;
2161 vs->client_pf.bits_per_pixel = bits_per_pixel;
2162 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2163 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2164 vs->client_be = big_endian_flag;
2165
2166 if (!true_color_flag) {
2167 send_color_map(vs);
2168 }
2169
2170 set_pixel_conversion(vs);
2171
2172 graphic_hw_invalidate(vs->vd->dcl.con);
2173 graphic_hw_update(vs->vd->dcl.con);
2174 }
2175
2176 static void pixel_format_message (VncState *vs) {
2177 char pad[3] = { 0, 0, 0 };
2178
2179 vs->client_pf = qemu_default_pixelformat(32);
2180
2181 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2182 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2183
2184 #ifdef HOST_WORDS_BIGENDIAN
2185 vnc_write_u8(vs, 1); /* big-endian-flag */
2186 #else
2187 vnc_write_u8(vs, 0); /* big-endian-flag */
2188 #endif
2189 vnc_write_u8(vs, 1); /* true-color-flag */
2190 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2191 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2192 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2193 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2194 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2195 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2196 vnc_write(vs, pad, 3); /* padding */
2197
2198 vnc_hextile_set_pixel_conversion(vs, 0);
2199 vs->write_pixels = vnc_write_pixels_copy;
2200 }
2201
2202 static void vnc_colordepth(VncState *vs)
2203 {
2204 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2205 /* Sending a WMVi message to notify the client*/
2206 vnc_lock_output(vs);
2207 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2208 vnc_write_u8(vs, 0);
2209 vnc_write_u16(vs, 1); /* number of rects */
2210 vnc_framebuffer_update(vs, 0, 0,
2211 pixman_image_get_width(vs->vd->server),
2212 pixman_image_get_height(vs->vd->server),
2213 VNC_ENCODING_WMVi);
2214 pixel_format_message(vs);
2215 vnc_unlock_output(vs);
2216 vnc_flush(vs);
2217 } else {
2218 set_pixel_conversion(vs);
2219 }
2220 }
2221
2222 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2223 {
2224 int i;
2225 uint16_t limit;
2226 VncDisplay *vd = vs->vd;
2227
2228 if (data[0] > 3) {
2229 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2230 }
2231
2232 switch (data[0]) {
2233 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2234 if (len == 1)
2235 return 20;
2236
2237 set_pixel_format(vs, read_u8(data, 4),
2238 read_u8(data, 6), read_u8(data, 7),
2239 read_u16(data, 8), read_u16(data, 10),
2240 read_u16(data, 12), read_u8(data, 14),
2241 read_u8(data, 15), read_u8(data, 16));
2242 break;
2243 case VNC_MSG_CLIENT_SET_ENCODINGS:
2244 if (len == 1)
2245 return 4;
2246
2247 if (len == 4) {
2248 limit = read_u16(data, 2);
2249 if (limit > 0)
2250 return 4 + (limit * 4);
2251 } else
2252 limit = read_u16(data, 2);
2253
2254 for (i = 0; i < limit; i++) {
2255 int32_t val = read_s32(data, 4 + (i * 4));
2256 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2257 }
2258
2259 set_encodings(vs, (int32_t *)(data + 4), limit);
2260 break;
2261 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2262 if (len == 1)
2263 return 10;
2264
2265 framebuffer_update_request(vs,
2266 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2267 read_u16(data, 6), read_u16(data, 8));
2268 break;
2269 case VNC_MSG_CLIENT_KEY_EVENT:
2270 if (len == 1)
2271 return 8;
2272
2273 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2274 break;
2275 case VNC_MSG_CLIENT_POINTER_EVENT:
2276 if (len == 1)
2277 return 6;
2278
2279 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2280 break;
2281 case VNC_MSG_CLIENT_CUT_TEXT:
2282 if (len == 1) {
2283 return 8;
2284 }
2285 if (len == 8) {
2286 uint32_t dlen = read_u32(data, 4);
2287 if (dlen > (1 << 20)) {
2288 error_report("vnc: client_cut_text msg payload has %u bytes"
2289 " which exceeds our limit of 1MB.", dlen);
2290 vnc_client_error(vs);
2291 break;
2292 }
2293 if (dlen > 0) {
2294 return 8 + dlen;
2295 }
2296 }
2297
2298 client_cut_text(vs, read_u32(data, 4), data + 8);
2299 break;
2300 case VNC_MSG_CLIENT_QEMU:
2301 if (len == 1)
2302 return 2;
2303
2304 switch (read_u8(data, 1)) {
2305 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2306 if (len == 2)
2307 return 12;
2308
2309 ext_key_event(vs, read_u16(data, 2),
2310 read_u32(data, 4), read_u32(data, 8));
2311 break;
2312 case VNC_MSG_CLIENT_QEMU_AUDIO:
2313 if (len == 2)
2314 return 4;
2315
2316 switch (read_u16 (data, 2)) {
2317 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2318 audio_add(vs);
2319 break;
2320 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2321 audio_del(vs);
2322 break;
2323 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2324 if (len == 4)
2325 return 10;
2326 switch (read_u8(data, 4)) {
2327 case 0: vs->as.fmt = AUD_FMT_U8; break;
2328 case 1: vs->as.fmt = AUD_FMT_S8; break;
2329 case 2: vs->as.fmt = AUD_FMT_U16; break;
2330 case 3: vs->as.fmt = AUD_FMT_S16; break;
2331 case 4: vs->as.fmt = AUD_FMT_U32; break;
2332 case 5: vs->as.fmt = AUD_FMT_S32; break;
2333 default:
2334 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2335 vnc_client_error(vs);
2336 break;
2337 }
2338 vs->as.nchannels = read_u8(data, 5);
2339 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2340 VNC_DEBUG("Invalid audio channel coount %d\n",
2341 read_u8(data, 5));
2342 vnc_client_error(vs);
2343 break;
2344 }
2345 vs->as.freq = read_u32(data, 6);
2346 break;
2347 default:
2348 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 4));
2349 vnc_client_error(vs);
2350 break;
2351 }
2352 break;
2353
2354 default:
2355 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2356 vnc_client_error(vs);
2357 break;
2358 }
2359 break;
2360 default:
2361 VNC_DEBUG("Msg: %d\n", data[0]);
2362 vnc_client_error(vs);
2363 break;
2364 }
2365
2366 vnc_read_when(vs, protocol_client_msg, 1);
2367 return 0;
2368 }
2369
2370 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2371 {
2372 char buf[1024];
2373 VncShareMode mode;
2374 int size;
2375
2376 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2377 switch (vs->vd->share_policy) {
2378 case VNC_SHARE_POLICY_IGNORE:
2379 /*
2380 * Ignore the shared flag. Nothing to do here.
2381 *
2382 * Doesn't conform to the rfb spec but is traditional qemu
2383 * behavior, thus left here as option for compatibility
2384 * reasons.
2385 */
2386 break;
2387 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2388 /*
2389 * Policy: Allow clients ask for exclusive access.
2390 *
2391 * Implementation: When a client asks for exclusive access,
2392 * disconnect all others. Shared connects are allowed as long
2393 * as no exclusive connection exists.
2394 *
2395 * This is how the rfb spec suggests to handle the shared flag.
2396 */
2397 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2398 VncState *client;
2399 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2400 if (vs == client) {
2401 continue;
2402 }
2403 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2404 client->share_mode != VNC_SHARE_MODE_SHARED) {
2405 continue;
2406 }
2407 vnc_disconnect_start(client);
2408 }
2409 }
2410 if (mode == VNC_SHARE_MODE_SHARED) {
2411 if (vs->vd->num_exclusive > 0) {
2412 vnc_disconnect_start(vs);
2413 return 0;
2414 }
2415 }
2416 break;
2417 case VNC_SHARE_POLICY_FORCE_SHARED:
2418 /*
2419 * Policy: Shared connects only.
2420 * Implementation: Disallow clients asking for exclusive access.
2421 *
2422 * Useful for shared desktop sessions where you don't want
2423 * someone forgetting to say -shared when running the vnc
2424 * client disconnect everybody else.
2425 */
2426 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2427 vnc_disconnect_start(vs);
2428 return 0;
2429 }
2430 break;
2431 }
2432 vnc_set_share_mode(vs, mode);
2433
2434 if (vs->vd->num_shared > vs->vd->connections_limit) {
2435 vnc_disconnect_start(vs);
2436 return 0;
2437 }
2438
2439 vs->client_width = pixman_image_get_width(vs->vd->server);
2440 vs->client_height = pixman_image_get_height(vs->vd->server);
2441 vnc_write_u16(vs, vs->client_width);
2442 vnc_write_u16(vs, vs->client_height);
2443
2444 pixel_format_message(vs);
2445
2446 if (qemu_name)
2447 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2448 else
2449 size = snprintf(buf, sizeof(buf), "QEMU");
2450
2451 vnc_write_u32(vs, size);
2452 vnc_write(vs, buf, size);
2453 vnc_flush(vs);
2454
2455 vnc_client_cache_auth(vs);
2456 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2457
2458 vnc_read_when(vs, protocol_client_msg, 1);
2459
2460 return 0;
2461 }
2462
2463 void start_client_init(VncState *vs)
2464 {
2465 vnc_read_when(vs, protocol_client_init, 1);
2466 }
2467
2468 static void make_challenge(VncState *vs)
2469 {
2470 int i;
2471
2472 srand(time(NULL)+getpid()+getpid()*987654+rand());
2473
2474 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
2475 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
2476 }
2477
2478 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2479 {
2480 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2481 size_t i, pwlen;
2482 unsigned char key[8];
2483 time_t now = time(NULL);
2484 QCryptoCipher *cipher = NULL;
2485 Error *err = NULL;
2486
2487 if (!vs->vd->password) {
2488 VNC_DEBUG("No password configured on server");
2489 goto reject;
2490 }
2491 if (vs->vd->expires < now) {
2492 VNC_DEBUG("Password is expired");
2493 goto reject;
2494 }
2495
2496 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2497
2498 /* Calculate the expected challenge response */
2499 pwlen = strlen(vs->vd->password);
2500 for (i=0; i<sizeof(key); i++)
2501 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2502
2503 cipher = qcrypto_cipher_new(
2504 QCRYPTO_CIPHER_ALG_DES_RFB,
2505 QCRYPTO_CIPHER_MODE_ECB,
2506 key, G_N_ELEMENTS(key),
2507 &err);
2508 if (!cipher) {
2509 VNC_DEBUG("Cannot initialize cipher %s",
2510 error_get_pretty(err));
2511 error_free(err);
2512 goto reject;
2513 }
2514
2515 if (qcrypto_cipher_encrypt(cipher,
2516 vs->challenge,
2517 response,
2518 VNC_AUTH_CHALLENGE_SIZE,
2519 &err) < 0) {
2520 VNC_DEBUG("Cannot encrypt challenge %s",
2521 error_get_pretty(err));
2522 error_free(err);
2523 goto reject;
2524 }
2525
2526 /* Compare expected vs actual challenge response */
2527 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2528 VNC_DEBUG("Client challenge response did not match\n");
2529 goto reject;
2530 } else {
2531 VNC_DEBUG("Accepting VNC challenge response\n");
2532 vnc_write_u32(vs, 0); /* Accept auth */
2533 vnc_flush(vs);
2534
2535 start_client_init(vs);
2536 }
2537
2538 qcrypto_cipher_free(cipher);
2539 return 0;
2540
2541 reject:
2542 vnc_write_u32(vs, 1); /* Reject auth */
2543 if (vs->minor >= 8) {
2544 static const char err[] = "Authentication failed";
2545 vnc_write_u32(vs, sizeof(err));
2546 vnc_write(vs, err, sizeof(err));
2547 }
2548 vnc_flush(vs);
2549 vnc_client_error(vs);
2550 qcrypto_cipher_free(cipher);
2551 return 0;
2552 }
2553
2554 void start_auth_vnc(VncState *vs)
2555 {
2556 make_challenge(vs);
2557 /* Send client a 'random' challenge */
2558 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2559 vnc_flush(vs);
2560
2561 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2562 }
2563
2564
2565 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2566 {
2567 /* We only advertise 1 auth scheme at a time, so client
2568 * must pick the one we sent. Verify this */
2569 if (data[0] != vs->auth) { /* Reject auth */
2570 VNC_DEBUG("Reject auth %d because it didn't match advertized\n", (int)data[0]);
2571 vnc_write_u32(vs, 1);
2572 if (vs->minor >= 8) {
2573 static const char err[] = "Authentication failed";
2574 vnc_write_u32(vs, sizeof(err));
2575 vnc_write(vs, err, sizeof(err));
2576 }
2577 vnc_client_error(vs);
2578 } else { /* Accept requested auth */
2579 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2580 switch (vs->auth) {
2581 case VNC_AUTH_NONE:
2582 VNC_DEBUG("Accept auth none\n");
2583 if (vs->minor >= 8) {
2584 vnc_write_u32(vs, 0); /* Accept auth completion */
2585 vnc_flush(vs);
2586 }
2587 start_client_init(vs);
2588 break;
2589
2590 case VNC_AUTH_VNC:
2591 VNC_DEBUG("Start VNC auth\n");
2592 start_auth_vnc(vs);
2593 break;
2594
2595 case VNC_AUTH_VENCRYPT:
2596 VNC_DEBUG("Accept VeNCrypt auth\n");
2597 start_auth_vencrypt(vs);
2598 break;
2599
2600 #ifdef CONFIG_VNC_SASL
2601 case VNC_AUTH_SASL:
2602 VNC_DEBUG("Accept SASL auth\n");
2603 start_auth_sasl(vs);
2604 break;
2605 #endif /* CONFIG_VNC_SASL */
2606
2607 default: /* Should not be possible, but just in case */
2608 VNC_DEBUG("Reject auth %d server code bug\n", vs->auth);
2609 vnc_write_u8(vs, 1);
2610 if (vs->minor >= 8) {
2611 static const char err[] = "Authentication failed";
2612 vnc_write_u32(vs, sizeof(err));
2613 vnc_write(vs, err, sizeof(err));
2614 }
2615 vnc_client_error(vs);
2616 }
2617 }
2618 return 0;
2619 }
2620
2621 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2622 {
2623 char local[13];
2624
2625 memcpy(local, version, 12);
2626 local[12] = 0;
2627
2628 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2629 VNC_DEBUG("Malformed protocol version %s\n", local);
2630 vnc_client_error(vs);
2631 return 0;
2632 }
2633 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2634 if (vs->major != 3 ||
2635 (vs->minor != 3 &&
2636 vs->minor != 4 &&
2637 vs->minor != 5 &&
2638 vs->minor != 7 &&
2639 vs->minor != 8)) {
2640 VNC_DEBUG("Unsupported client version\n");
2641 vnc_write_u32(vs, VNC_AUTH_INVALID);
2642 vnc_flush(vs);
2643 vnc_client_error(vs);
2644 return 0;
2645 }
2646 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2647 * as equivalent to v3.3 by servers
2648 */
2649 if (vs->minor == 4 || vs->minor == 5)
2650 vs->minor = 3;
2651
2652 if (vs->minor == 3) {
2653 if (vs->auth == VNC_AUTH_NONE) {
2654 VNC_DEBUG("Tell client auth none\n");
2655 vnc_write_u32(vs, vs->auth);
2656 vnc_flush(vs);
2657 start_client_init(vs);
2658 } else if (vs->auth == VNC_AUTH_VNC) {
2659 VNC_DEBUG("Tell client VNC auth\n");
2660 vnc_write_u32(vs, vs->auth);
2661 vnc_flush(vs);
2662 start_auth_vnc(vs);
2663 } else {
2664 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2665 vnc_write_u32(vs, VNC_AUTH_INVALID);
2666 vnc_flush(vs);
2667 vnc_client_error(vs);
2668 }
2669 } else {
2670 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2671 vnc_write_u8(vs, 1); /* num auth */
2672 vnc_write_u8(vs, vs->auth);
2673 vnc_read_when(vs, protocol_client_auth, 1);
2674 vnc_flush(vs);
2675 }
2676
2677 return 0;
2678 }
2679
2680 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2681 {
2682 struct VncSurface *vs = &vd->guest;
2683
2684 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2685 }
2686
2687 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2688 {
2689 int i, j;
2690
2691 w = (x + w) / VNC_STAT_RECT;
2692 h = (y + h) / VNC_STAT_RECT;
2693 x /= VNC_STAT_RECT;
2694 y /= VNC_STAT_RECT;
2695
2696 for (j = y; j <= h; j++) {
2697 for (i = x; i <= w; i++) {
2698 vs->lossy_rect[j][i] = 1;
2699 }
2700 }
2701 }
2702
2703 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2704 {
2705 VncState *vs;
2706 int sty = y / VNC_STAT_RECT;
2707 int stx = x / VNC_STAT_RECT;
2708 int has_dirty = 0;
2709
2710 y = y / VNC_STAT_RECT * VNC_STAT_RECT;
2711 x = x / VNC_STAT_RECT * VNC_STAT_RECT;
2712
2713 QTAILQ_FOREACH(vs, &vd->clients, next) {
2714 int j;
2715
2716 /* kernel send buffers are full -> refresh later */
2717 if (vs->output.offset) {
2718 continue;
2719 }
2720
2721 if (!vs->lossy_rect[sty][stx]) {
2722 continue;
2723 }
2724
2725 vs->lossy_rect[sty][stx] = 0;
2726 for (j = 0; j < VNC_STAT_RECT; ++j) {
2727 bitmap_set(vs->dirty[y + j],
2728 x / VNC_DIRTY_PIXELS_PER_BIT,
2729 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2730 }
2731 has_dirty++;
2732 }
2733
2734 return has_dirty;
2735 }
2736
2737 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
2738 {
2739 int width = pixman_image_get_width(vd->guest.fb);
2740 int height = pixman_image_get_height(vd->guest.fb);
2741 int x, y;
2742 struct timeval res;
2743 int has_dirty = 0;
2744
2745 for (y = 0; y < height; y += VNC_STAT_RECT) {
2746 for (x = 0; x < width; x += VNC_STAT_RECT) {
2747 VncRectStat *rect = vnc_stat_rect(vd, x, y);
2748
2749 rect->updated = false;
2750 }
2751 }
2752
2753 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
2754
2755 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
2756 return has_dirty;
2757 }
2758 vd->guest.last_freq_check = *tv;
2759
2760 for (y = 0; y < height; y += VNC_STAT_RECT) {
2761 for (x = 0; x < width; x += VNC_STAT_RECT) {
2762 VncRectStat *rect= vnc_stat_rect(vd, x, y);
2763 int count = ARRAY_SIZE(rect->times);
2764 struct timeval min, max;
2765
2766 if (!timerisset(&rect->times[count - 1])) {
2767 continue ;
2768 }
2769
2770 max = rect->times[(rect->idx + count - 1) % count];
2771 qemu_timersub(tv, &max, &res);
2772
2773 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
2774 rect->freq = 0;
2775 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
2776 memset(rect->times, 0, sizeof (rect->times));
2777 continue ;
2778 }
2779
2780 min = rect->times[rect->idx];
2781 max = rect->times[(rect->idx + count - 1) % count];
2782 qemu_timersub(&max, &min, &res);
2783
2784 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
2785 rect->freq /= count;
2786 rect->freq = 1. / rect->freq;
2787 }
2788 }
2789 return has_dirty;
2790 }
2791
2792 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
2793 {
2794 int i, j;
2795 double total = 0;
2796 int num = 0;
2797
2798 x = (x / VNC_STAT_RECT) * VNC_STAT_RECT;
2799 y = (y / VNC_STAT_RECT) * VNC_STAT_RECT;
2800
2801 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
2802 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
2803 total += vnc_stat_rect(vs->vd, i, j)->freq;
2804 num++;
2805 }
2806 }
2807
2808 if (num) {
2809 return total / num;
2810 } else {
2811 return 0;
2812 }
2813 }
2814
2815 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
2816 {
2817 VncRectStat *rect;
2818
2819 rect = vnc_stat_rect(vd, x, y);
2820 if (rect->updated) {
2821 return ;
2822 }
2823 rect->times[rect->idx] = *tv;
2824 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
2825 rect->updated = true;
2826 }
2827
2828 static int vnc_refresh_server_surface(VncDisplay *vd)
2829 {
2830 int width = MIN(pixman_image_get_width(vd->guest.fb),
2831 pixman_image_get_width(vd->server));
2832 int height = MIN(pixman_image_get_height(vd->guest.fb),
2833 pixman_image_get_height(vd->server));
2834 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
2835 uint8_t *guest_row0 = NULL, *server_row0;
2836 VncState *vs;
2837 int has_dirty = 0;
2838 pixman_image_t *tmpbuf = NULL;
2839
2840 struct timeval tv = { 0, 0 };
2841
2842 if (!vd->non_adaptive) {
2843 gettimeofday(&tv, NULL);
2844 has_dirty = vnc_update_stats(vd, &tv);
2845 }
2846
2847 /*
2848 * Walk through the guest dirty map.
2849 * Check and copy modified bits from guest to server surface.
2850 * Update server dirty map.
2851 */
2852 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
2853 server_stride = guest_stride = guest_ll =
2854 pixman_image_get_stride(vd->server);
2855 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
2856 server_stride);
2857 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2858 int width = pixman_image_get_width(vd->server);
2859 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, width);
2860 } else {
2861 int guest_bpp =
2862 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
2863 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
2864 guest_stride = pixman_image_get_stride(vd->guest.fb);
2865 guest_ll = pixman_image_get_width(vd->guest.fb) * ((guest_bpp + 7) / 8);
2866 }
2867 line_bytes = MIN(server_stride, guest_ll);
2868
2869 for (;;) {
2870 int x;
2871 uint8_t *guest_ptr, *server_ptr;
2872 unsigned long offset = find_next_bit((unsigned long *) &vd->guest.dirty,
2873 height * VNC_DIRTY_BPL(&vd->guest),
2874 y * VNC_DIRTY_BPL(&vd->guest));
2875 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
2876 /* no more dirty bits */
2877 break;
2878 }
2879 y = offset / VNC_DIRTY_BPL(&vd->guest);
2880 x = offset % VNC_DIRTY_BPL(&vd->guest);
2881
2882 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
2883
2884 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
2885 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
2886 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
2887 } else {
2888 guest_ptr = guest_row0 + y * guest_stride;
2889 }
2890 guest_ptr += x * cmp_bytes;
2891
2892 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
2893 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
2894 int _cmp_bytes = cmp_bytes;
2895 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
2896 continue;
2897 }
2898 if ((x + 1) * cmp_bytes > line_bytes) {
2899 _cmp_bytes = line_bytes - x * cmp_bytes;
2900 }
2901 assert(_cmp_bytes >= 0);
2902 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
2903 continue;
2904 }
2905 memcpy(server_ptr, guest_ptr, _cmp_bytes);
2906 if (!vd->non_adaptive) {
2907 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
2908 y, &tv);
2909 }
2910 QTAILQ_FOREACH(vs, &vd->clients, next) {
2911 set_bit(x, vs->dirty[y]);
2912 }
2913 has_dirty++;
2914 }
2915
2916 y++;
2917 }
2918 qemu_pixman_image_unref(tmpbuf);
2919 return has_dirty;
2920 }
2921
2922 static void vnc_refresh(DisplayChangeListener *dcl)
2923 {
2924 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
2925 VncState *vs, *vn;
2926 int has_dirty, rects = 0;
2927
2928 if (QTAILQ_EMPTY(&vd->clients)) {
2929 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
2930 return;
2931 }
2932
2933 graphic_hw_update(vd->dcl.con);
2934
2935 if (vnc_trylock_display(vd)) {
2936 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2937 return;
2938 }
2939
2940 has_dirty = vnc_refresh_server_surface(vd);
2941 vnc_unlock_display(vd);
2942
2943 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
2944 rects += vnc_update_client(vs, has_dirty, false);
2945 /* vs might be free()ed here */
2946 }
2947
2948 if (has_dirty && rects) {
2949 vd->dcl.update_interval /= 2;
2950 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
2951 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
2952 }
2953 } else {
2954 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
2955 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
2956 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
2957 }
2958 }
2959 }
2960
2961 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
2962 bool skipauth, bool websocket)
2963 {
2964 VncState *vs = g_new0(VncState, 1);
2965 int i;
2966
2967 vs->sioc = sioc;
2968 object_ref(OBJECT(vs->sioc));
2969 vs->ioc = QIO_CHANNEL(sioc);
2970 object_ref(OBJECT(vs->ioc));
2971 vs->vd = vd;
2972
2973 buffer_init(&vs->input, "vnc-input/%p", sioc);
2974 buffer_init(&vs->output, "vnc-output/%p", sioc);
2975 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
2976
2977 buffer_init(&vs->tight.tight, "vnc-tight/%p", sioc);
2978 buffer_init(&vs->tight.zlib, "vnc-tight-zlib/%p", sioc);
2979 buffer_init(&vs->tight.gradient, "vnc-tight-gradient/%p", sioc);
2980 #ifdef CONFIG_VNC_JPEG
2981 buffer_init(&vs->tight.jpeg, "vnc-tight-jpeg/%p", sioc);
2982 #endif
2983 #ifdef CONFIG_VNC_PNG
2984 buffer_init(&vs->tight.png, "vnc-tight-png/%p", sioc);
2985 #endif
2986 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
2987 buffer_init(&vs->zrle.zrle, "vnc-zrle/%p", sioc);
2988 buffer_init(&vs->zrle.fb, "vnc-zrle-fb/%p", sioc);
2989 buffer_init(&vs->zrle.zlib, "vnc-zrle-zlib/%p", sioc);
2990
2991 if (skipauth) {
2992 vs->auth = VNC_AUTH_NONE;
2993 vs->subauth = VNC_AUTH_INVALID;
2994 } else {
2995 if (websocket) {
2996 vs->auth = vd->ws_auth;
2997 vs->subauth = VNC_AUTH_INVALID;
2998 } else {
2999 vs->auth = vd->auth;
3000 vs->subauth = vd->subauth;
3001 }
3002 }
3003 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3004 sioc, websocket, vs->auth, vs->subauth);
3005
3006 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3007 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3008 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3009 }
3010
3011 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3012 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3013 qio_channel_set_blocking(vs->ioc, false, NULL);
3014 if (websocket) {
3015 vs->websocket = 1;
3016 if (vd->ws_tls) {
3017 vs->ioc_tag = qio_channel_add_watch(
3018 vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL);
3019 } else {
3020 vs->ioc_tag = qio_channel_add_watch(
3021 vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL);
3022 }
3023 } else {
3024 vs->ioc_tag = qio_channel_add_watch(
3025 vs->ioc, G_IO_IN, vnc_client_io, vs, NULL);
3026 }
3027
3028 vnc_client_cache_addr(vs);
3029 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3030 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3031
3032 if (!vs->websocket) {
3033 vnc_init_state(vs);
3034 }
3035
3036 if (vd->num_connecting > vd->connections_limit) {
3037 QTAILQ_FOREACH(vs, &vd->clients, next) {
3038 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3039 vnc_disconnect_start(vs);
3040 return;
3041 }
3042 }
3043 }
3044 }
3045
3046 void vnc_init_state(VncState *vs)
3047 {
3048 vs->initialized = true;
3049 VncDisplay *vd = vs->vd;
3050 bool first_client = QTAILQ_EMPTY(&vd->clients);
3051
3052 vs->last_x = -1;
3053 vs->last_y = -1;
3054
3055 vs->as.freq = 44100;
3056 vs->as.nchannels = 2;
3057 vs->as.fmt = AUD_FMT_S16;
3058 vs->as.endianness = 0;
3059
3060 qemu_mutex_init(&vs->output_mutex);
3061 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3062
3063 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3064 if (first_client) {
3065 vnc_update_server_surface(vd);
3066 }
3067
3068 graphic_hw_update(vd->dcl.con);
3069
3070 vnc_write(vs, "RFB 003.008\n", 12);
3071 vnc_flush(vs);
3072 vnc_read_when(vs, protocol_version, 12);
3073 reset_keys(vs);
3074 if (vs->vd->lock_key_sync)
3075 vs->led = qemu_add_led_event_handler(kbd_leds, vs);
3076
3077 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3078 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3079
3080 /* vs might be free()ed here */
3081 }
3082
3083 static gboolean vnc_listen_io(QIOChannel *ioc,
3084 GIOCondition condition,
3085 void *opaque)
3086 {
3087 VncDisplay *vs = opaque;
3088 QIOChannelSocket *sioc = NULL;
3089 Error *err = NULL;
3090
3091 /* Catch-up */
3092 graphic_hw_update(vs->dcl.con);
3093 sioc = qio_channel_socket_accept(QIO_CHANNEL_SOCKET(ioc), &err);
3094 if (sioc != NULL) {
3095 qio_channel_set_delay(QIO_CHANNEL(sioc), false);
3096 vnc_connect(vs, sioc, false,
3097 ioc != QIO_CHANNEL(vs->lsock));
3098 object_unref(OBJECT(sioc));
3099 } else {
3100 /* client probably closed connection before we got there */
3101 error_free(err);
3102 }
3103
3104 return TRUE;
3105 }
3106
3107 static const DisplayChangeListenerOps dcl_ops = {
3108 .dpy_name = "vnc",
3109 .dpy_refresh = vnc_refresh,
3110 .dpy_gfx_copy = vnc_dpy_copy,
3111 .dpy_gfx_update = vnc_dpy_update,
3112 .dpy_gfx_switch = vnc_dpy_switch,
3113 .dpy_gfx_check_format = qemu_pixman_check_format,
3114 .dpy_mouse_set = vnc_mouse_set,
3115 .dpy_cursor_define = vnc_dpy_cursor_define,
3116 };
3117
3118 void vnc_display_init(const char *id)
3119 {
3120 VncDisplay *vs;
3121
3122 if (vnc_display_find(id) != NULL) {
3123 return;
3124 }
3125 vs = g_malloc0(sizeof(*vs));
3126
3127 vs->id = strdup(id);
3128 QTAILQ_INSERT_TAIL(&vnc_displays, vs, next);
3129
3130 QTAILQ_INIT(&vs->clients);
3131 vs->expires = TIME_MAX;
3132
3133 if (keyboard_layout) {
3134 trace_vnc_key_map_init(keyboard_layout);
3135 vs->kbd_layout = init_keyboard_layout(name2keysym, keyboard_layout);
3136 } else {
3137 vs->kbd_layout = init_keyboard_layout(name2keysym, "en-us");
3138 }
3139
3140 if (!vs->kbd_layout)
3141 exit(1);
3142
3143 qemu_mutex_init(&vs->mutex);
3144 vnc_start_worker_thread();
3145
3146 vs->dcl.ops = &dcl_ops;
3147 register_displaychangelistener(&vs->dcl);
3148 }
3149
3150
3151 static void vnc_display_close(VncDisplay *vs)
3152 {
3153 if (!vs)
3154 return;
3155 vs->enabled = false;
3156 vs->is_unix = false;
3157 if (vs->lsock != NULL) {
3158 if (vs->lsock_tag) {
3159 g_source_remove(vs->lsock_tag);
3160 }
3161 object_unref(OBJECT(vs->lsock));
3162 vs->lsock = NULL;
3163 }
3164 vs->ws_enabled = false;
3165 if (vs->lwebsock != NULL) {
3166 if (vs->lwebsock_tag) {
3167 g_source_remove(vs->lwebsock_tag);
3168 }
3169 object_unref(OBJECT(vs->lwebsock));
3170 vs->lwebsock = NULL;
3171 }
3172 vs->auth = VNC_AUTH_INVALID;
3173 vs->subauth = VNC_AUTH_INVALID;
3174 if (vs->tlscreds) {
3175 object_unparent(OBJECT(vs->tlscreds));
3176 vs->tlscreds = NULL;
3177 }
3178 g_free(vs->tlsaclname);
3179 vs->tlsaclname = NULL;
3180 }
3181
3182 int vnc_display_password(const char *id, const char *password)
3183 {
3184 VncDisplay *vs = vnc_display_find(id);
3185
3186 if (!vs) {
3187 return -EINVAL;
3188 }
3189 if (vs->auth == VNC_AUTH_NONE) {
3190 error_printf_unless_qmp("If you want use passwords please enable "
3191 "password auth using '-vnc ${dpy},password'.");
3192 return -EINVAL;
3193 }
3194
3195 g_free(vs->password);
3196 vs->password = g_strdup(password);
3197
3198 return 0;
3199 }
3200
3201 int vnc_display_pw_expire(const char *id, time_t expires)
3202 {
3203 VncDisplay *vs = vnc_display_find(id);
3204
3205 if (!vs) {
3206 return -EINVAL;
3207 }
3208
3209 vs->expires = expires;
3210 return 0;
3211 }
3212
3213 static void vnc_display_print_local_addr(VncDisplay *vs)
3214 {
3215 SocketAddress *addr;
3216 Error *err = NULL;
3217
3218 addr = qio_channel_socket_get_local_address(vs->lsock, &err);
3219 if (!addr) {
3220 return;
3221 }
3222
3223 if (addr->type != SOCKET_ADDRESS_KIND_INET) {
3224 qapi_free_SocketAddress(addr);
3225 return;
3226 }
3227 error_printf_unless_qmp("VNC server running on %s:%s\n",
3228 addr->u.inet.data->host,
3229 addr->u.inet.data->port);
3230 qapi_free_SocketAddress(addr);
3231 }
3232
3233 static QemuOptsList qemu_vnc_opts = {
3234 .name = "vnc",
3235 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3236 .implied_opt_name = "vnc",
3237 .desc = {
3238 {
3239 .name = "vnc",
3240 .type = QEMU_OPT_STRING,
3241 },{
3242 .name = "websocket",
3243 .type = QEMU_OPT_STRING,
3244 },{
3245 .name = "tls-creds",
3246 .type = QEMU_OPT_STRING,
3247 },{
3248 /* Deprecated in favour of tls-creds */
3249 .name = "x509",
3250 .type = QEMU_OPT_STRING,
3251 },{
3252 .name = "share",
3253 .type = QEMU_OPT_STRING,
3254 },{
3255 .name = "display",
3256 .type = QEMU_OPT_STRING,
3257 },{
3258 .name = "head",
3259 .type = QEMU_OPT_NUMBER,
3260 },{
3261 .name = "connections",
3262 .type = QEMU_OPT_NUMBER,
3263 },{
3264 .name = "to",
3265 .type = QEMU_OPT_NUMBER,
3266 },{
3267 .name = "ipv4",
3268 .type = QEMU_OPT_BOOL,
3269 },{
3270 .name = "ipv6",
3271 .type = QEMU_OPT_BOOL,
3272 },{
3273 .name = "password",
3274 .type = QEMU_OPT_BOOL,
3275 },{
3276 .name = "reverse",
3277 .type = QEMU_OPT_BOOL,
3278 },{
3279 .name = "lock-key-sync",
3280 .type = QEMU_OPT_BOOL,
3281 },{
3282 .name = "key-delay-ms",
3283 .type = QEMU_OPT_NUMBER,
3284 },{
3285 .name = "sasl",
3286 .type = QEMU_OPT_BOOL,
3287 },{
3288 /* Deprecated in favour of tls-creds */
3289 .name = "tls",
3290 .type = QEMU_OPT_BOOL,
3291 },{
3292 /* Deprecated in favour of tls-creds */
3293 .name = "x509verify",
3294 .type = QEMU_OPT_STRING,
3295 },{
3296 .name = "acl",
3297 .type = QEMU_OPT_BOOL,
3298 },{
3299 .name = "lossy",
3300 .type = QEMU_OPT_BOOL,
3301 },{
3302 .name = "non-adaptive",
3303 .type = QEMU_OPT_BOOL,
3304 },
3305 { /* end of list */ }
3306 },
3307 };
3308
3309
3310 static int
3311 vnc_display_setup_auth(VncDisplay *vs,
3312 bool password,
3313 bool sasl,
3314 bool websocket,
3315 Error **errp)
3316 {
3317 /*
3318 * We have a choice of 3 authentication options
3319 *
3320 * 1. none
3321 * 2. vnc
3322 * 3. sasl
3323 *
3324 * The channel can be run in 2 modes
3325 *
3326 * 1. clear
3327 * 2. tls
3328 *
3329 * And TLS can use 2 types of credentials
3330 *
3331 * 1. anon
3332 * 2. x509
3333 *
3334 * We thus have 9 possible logical combinations
3335 *
3336 * 1. clear + none
3337 * 2. clear + vnc
3338 * 3. clear + sasl
3339 * 4. tls + anon + none
3340 * 5. tls + anon + vnc
3341 * 6. tls + anon + sasl
3342 * 7. tls + x509 + none
3343 * 8. tls + x509 + vnc
3344 * 9. tls + x509 + sasl
3345 *
3346 * These need to be mapped into the VNC auth schemes
3347 * in an appropriate manner. In regular VNC, all the
3348 * TLS options get mapped into VNC_AUTH_VENCRYPT
3349 * sub-auth types.
3350 *
3351 * In websockets, the https:// protocol already provides
3352 * TLS support, so there is no need to make use of the
3353 * VeNCrypt extension. Furthermore, websockets browser
3354 * clients could not use VeNCrypt even if they wanted to,
3355 * as they cannot control when the TLS handshake takes
3356 * place. Thus there is no option but to rely on https://,
3357 * meaning combinations 4->6 and 7->9 will be mapped to
3358 * VNC auth schemes in the same way as combos 1->3.
3359 *
3360 * Regardless of fact that we have a different mapping to
3361 * VNC auth mechs for plain VNC vs websockets VNC, the end
3362 * result has the same security characteristics.
3363 */
3364 if (password) {
3365 if (vs->tlscreds) {
3366 vs->auth = VNC_AUTH_VENCRYPT;
3367 if (websocket) {
3368 vs->ws_tls = true;
3369 }
3370 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3371 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3372 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3373 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
3374 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3375 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3376 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3377 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3378 } else {
3379 error_setg(errp,
3380 "Unsupported TLS cred type %s",
3381 object_get_typename(OBJECT(vs->tlscreds)));
3382 return -1;
3383 }
3384 } else {
3385 VNC_DEBUG("Initializing VNC server with password auth\n");
3386 vs->auth = VNC_AUTH_VNC;
3387 vs->subauth = VNC_AUTH_INVALID;
3388 }
3389 if (websocket) {
3390 vs->ws_auth = VNC_AUTH_VNC;
3391 } else {
3392 vs->ws_auth = VNC_AUTH_INVALID;
3393 }
3394 } else if (sasl) {
3395 if (vs->tlscreds) {
3396 vs->auth = VNC_AUTH_VENCRYPT;
3397 if (websocket) {
3398 vs->ws_tls = true;
3399 }
3400 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3401 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3402 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3403 vs->subauth = VNC_AUTH_VENCRYPT_X509SASL;
3404 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3405 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3406 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3407 vs->subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3408 } else {
3409 error_setg(errp,
3410 "Unsupported TLS cred type %s",
3411 object_get_typename(OBJECT(vs->tlscreds)));
3412 return -1;
3413 }
3414 } else {
3415 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3416 vs->auth = VNC_AUTH_SASL;
3417 vs->subauth = VNC_AUTH_INVALID;
3418 }
3419 if (websocket) {
3420 vs->ws_auth = VNC_AUTH_SASL;
3421 } else {
3422 vs->ws_auth = VNC_AUTH_INVALID;
3423 }
3424 } else {
3425 if (vs->tlscreds) {
3426 vs->auth = VNC_AUTH_VENCRYPT;
3427 if (websocket) {
3428 vs->ws_tls = true;
3429 }
3430 if (object_dynamic_cast(OBJECT(vs->tlscreds),
3431 TYPE_QCRYPTO_TLS_CREDS_X509)) {
3432 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3433 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
3434 } else if (object_dynamic_cast(OBJECT(vs->tlscreds),
3435 TYPE_QCRYPTO_TLS_CREDS_ANON)) {
3436 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3437 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3438 } else {
3439 error_setg(errp,
3440 "Unsupported TLS cred type %s",
3441 object_get_typename(OBJECT(vs->tlscreds)));
3442 return -1;
3443 }
3444 } else {
3445 VNC_DEBUG("Initializing VNC server with no auth\n");
3446 vs->auth = VNC_AUTH_NONE;
3447 vs->subauth = VNC_AUTH_INVALID;
3448 }
3449 if (websocket) {
3450 vs->ws_auth = VNC_AUTH_NONE;
3451 } else {
3452 vs->ws_auth = VNC_AUTH_INVALID;
3453 }
3454 }
3455 return 0;
3456 }
3457
3458
3459 /*
3460 * Handle back compat with old CLI syntax by creating some
3461 * suitable QCryptoTLSCreds objects
3462 */
3463 static QCryptoTLSCreds *
3464 vnc_display_create_creds(bool x509,
3465 bool x509verify,
3466 const char *dir,
3467 const char *id,
3468 Error **errp)
3469 {
3470 gchar *credsid = g_strdup_printf("tlsvnc%s", id);
3471 Object *parent = object_get_objects_root();
3472 Object *creds;
3473 Error *err = NULL;
3474
3475 if (x509) {
3476 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_X509,
3477 parent,
3478 credsid,
3479 &err,
3480 "endpoint", "server",
3481 "dir", dir,
3482 "verify-peer", x509verify ? "yes" : "no",
3483 NULL);
3484 } else {
3485 creds = object_new_with_props(TYPE_QCRYPTO_TLS_CREDS_ANON,
3486 parent,
3487 credsid,
3488 &err,
3489 "endpoint", "server",
3490 NULL);
3491 }
3492
3493 g_free(credsid);
3494
3495 if (err) {
3496 error_propagate(errp, err);
3497 return NULL;
3498 }
3499
3500 return QCRYPTO_TLS_CREDS(creds);
3501 }
3502
3503
3504 void vnc_display_open(const char *id, Error **errp)
3505 {
3506 VncDisplay *vs = vnc_display_find(id);
3507 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
3508 SocketAddress *saddr = NULL, *wsaddr = NULL;
3509 const char *share, *device_id;
3510 QemuConsole *con;
3511 bool password = false;
3512 bool reverse = false;
3513 const char *vnc;
3514 char *h;
3515 const char *credid;
3516 int show_vnc_port = 0;
3517 bool sasl = false;
3518 #ifdef CONFIG_VNC_SASL
3519 int saslErr;
3520 #endif
3521 int acl = 0;
3522 int lock_key_sync = 1;
3523 int key_delay_ms;
3524
3525 if (!vs) {
3526 error_setg(errp, "VNC display not active");
3527 return;
3528 }
3529 vnc_display_close(vs);
3530
3531 if (!opts) {
3532 return;
3533 }
3534 vnc = qemu_opt_get(opts, "vnc");
3535 if (!vnc || strcmp(vnc, "none") == 0) {
3536 return;
3537 }
3538
3539 h = strrchr(vnc, ':');
3540 if (h) {
3541 size_t hlen = h - vnc;
3542
3543 const char *websocket = qemu_opt_get(opts, "websocket");
3544 int to = qemu_opt_get_number(opts, "to", 0);
3545 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3546 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3547 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3548 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3549
3550 saddr = g_new0(SocketAddress, 1);
3551 if (websocket) {
3552 if (!qcrypto_hash_supports(QCRYPTO_HASH_ALG_SHA1)) {
3553 error_setg(errp,
3554 "SHA1 hash support is required for websockets");
3555 goto fail;
3556 }
3557
3558 wsaddr = g_new0(SocketAddress, 1);
3559 vs->ws_enabled = true;
3560 }
3561
3562 if (strncmp(vnc, "unix:", 5) == 0) {
3563 saddr->type = SOCKET_ADDRESS_KIND_UNIX;
3564 saddr->u.q_unix.data = g_new0(UnixSocketAddress, 1);
3565 saddr->u.q_unix.data->path = g_strdup(vnc + 5);
3566
3567 if (vs->ws_enabled) {
3568 error_setg(errp, "UNIX sockets not supported with websock");
3569 goto fail;
3570 }
3571 } else {
3572 unsigned long long baseport;
3573 InetSocketAddress *inet;
3574 saddr->type = SOCKET_ADDRESS_KIND_INET;
3575 inet = saddr->u.inet.data = g_new0(InetSocketAddress, 1);
3576 if (vnc[0] == '[' && vnc[hlen - 1] == ']') {
3577 inet->host = g_strndup(vnc + 1, hlen - 2);
3578 } else {
3579 inet->host = g_strndup(vnc, hlen);
3580 }
3581 if (parse_uint_full(h + 1, &baseport, 10) < 0) {
3582 error_setg(errp, "can't convert to a number: %s", h + 1);
3583 goto fail;
3584 }
3585 if (baseport > 65535 ||
3586 baseport + 5900 > 65535) {
3587 error_setg(errp, "port %s out of range", h + 1);
3588 goto fail;
3589 }
3590 inet->port = g_strdup_printf(
3591 "%d", (int)baseport + 5900);
3592
3593 if (to) {
3594 inet->has_to = true;
3595 inet->to = to + 5900;
3596 show_vnc_port = 1;
3597 }
3598 inet->ipv4 = ipv4;
3599 inet->has_ipv4 = has_ipv4;
3600 inet->ipv6 = ipv6;
3601 inet->has_ipv6 = has_ipv6;
3602
3603 if (vs->ws_enabled) {
3604 wsaddr->type = SOCKET_ADDRESS_KIND_INET;
3605 inet = wsaddr->u.inet.data = g_new0(InetSocketAddress, 1);
3606 inet->host = g_strdup(saddr->u.inet.data->host);
3607 inet->port = g_strdup(websocket);
3608
3609 if (to) {
3610 inet->has_to = true;
3611 inet->to = to;
3612 }
3613 inet->ipv4 = ipv4;
3614 inet->has_ipv4 = has_ipv4;
3615 inet->ipv6 = ipv6;
3616 inet->has_ipv6 = has_ipv6;
3617 }
3618 }
3619 } else {
3620 error_setg(errp, "no vnc port specified");
3621 goto fail;
3622 }
3623
3624 password = qemu_opt_get_bool(opts, "password", false);
3625 if (password) {
3626 if (fips_get_state()) {
3627 error_setg(errp,
3628 "VNC password auth disabled due to FIPS mode, "
3629 "consider using the VeNCrypt or SASL authentication "
3630 "methods as an alternative");
3631 goto fail;
3632 }
3633 if (!qcrypto_cipher_supports(
3634 QCRYPTO_CIPHER_ALG_DES_RFB)) {
3635 error_setg(errp,
3636 "Cipher backend does not support DES RFB algorithm");
3637 goto fail;
3638 }
3639 }
3640
3641 reverse = qemu_opt_get_bool(opts, "reverse", false);
3642 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
3643 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 1);
3644 sasl = qemu_opt_get_bool(opts, "sasl", false);
3645 #ifndef CONFIG_VNC_SASL
3646 if (sasl) {
3647 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
3648 goto fail;
3649 }
3650 #endif /* CONFIG_VNC_SASL */
3651 credid = qemu_opt_get(opts, "tls-creds");
3652 if (credid) {
3653 Object *creds;
3654 if (qemu_opt_get(opts, "tls") ||
3655 qemu_opt_get(opts, "x509") ||
3656 qemu_opt_get(opts, "x509verify")) {
3657 error_setg(errp,
3658 "'tls-creds' parameter is mutually exclusive with "
3659 "'tls', 'x509' and 'x509verify' parameters");
3660 goto fail;
3661 }
3662
3663 creds = object_resolve_path_component(
3664 object_get_objects_root(), credid);
3665 if (!creds) {
3666 error_setg(errp, "No TLS credentials with id '%s'",
3667 credid);
3668 goto fail;
3669 }
3670 vs->tlscreds = (QCryptoTLSCreds *)
3671 object_dynamic_cast(creds,
3672 TYPE_QCRYPTO_TLS_CREDS);
3673 if (!vs->tlscreds) {
3674 error_setg(errp, "Object with id '%s' is not TLS credentials",
3675 credid);
3676 goto fail;
3677 }
3678 object_ref(OBJECT(vs->tlscreds));
3679
3680 if (vs->tlscreds->endpoint != QCRYPTO_TLS_CREDS_ENDPOINT_SERVER) {
3681 error_setg(errp,
3682 "Expecting TLS credentials with a server endpoint");
3683 goto fail;
3684 }
3685 } else {
3686 const char *path;
3687 bool tls = false, x509 = false, x509verify = false;
3688 tls = qemu_opt_get_bool(opts, "tls", false);
3689 if (tls) {
3690 path = qemu_opt_get(opts, "x509");
3691
3692 if (path) {
3693 x509 = true;
3694 } else {
3695 path = qemu_opt_get(opts, "x509verify");
3696 if (path) {
3697 x509 = true;
3698 x509verify = true;
3699 }
3700 }
3701 vs->tlscreds = vnc_display_create_creds(x509,
3702 x509verify,
3703 path,
3704 vs->id,
3705 errp);
3706 if (!vs->tlscreds) {
3707 goto fail;
3708 }
3709 }
3710 }
3711 acl = qemu_opt_get_bool(opts, "acl", false);
3712
3713 share = qemu_opt_get(opts, "share");
3714 if (share) {
3715 if (strcmp(share, "ignore") == 0) {
3716 vs->share_policy = VNC_SHARE_POLICY_IGNORE;
3717 } else if (strcmp(share, "allow-exclusive") == 0) {
3718 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3719 } else if (strcmp(share, "force-shared") == 0) {
3720 vs->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
3721 } else {
3722 error_setg(errp, "unknown vnc share= option");
3723 goto fail;
3724 }
3725 } else {
3726 vs->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3727 }
3728 vs->connections_limit = qemu_opt_get_number(opts, "connections", 32);
3729
3730 #ifdef CONFIG_VNC_JPEG
3731 vs->lossy = qemu_opt_get_bool(opts, "lossy", false);
3732 #endif
3733 vs->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
3734 /* adaptive updates are only used with tight encoding and
3735 * if lossy updates are enabled so we can disable all the
3736 * calculations otherwise */
3737 if (!vs->lossy) {
3738 vs->non_adaptive = true;
3739 }
3740
3741 if (acl) {
3742 if (strcmp(vs->id, "default") == 0) {
3743 vs->tlsaclname = g_strdup("vnc.x509dname");
3744 } else {
3745 vs->tlsaclname = g_strdup_printf("vnc.%s.x509dname", vs->id);
3746 }
3747 qemu_acl_init(vs->tlsaclname);
3748 }
3749 #ifdef CONFIG_VNC_SASL
3750 if (acl && sasl) {
3751 char *aclname;
3752
3753 if (strcmp(vs->id, "default") == 0) {
3754 aclname = g_strdup("vnc.username");
3755 } else {
3756 aclname = g_strdup_printf("vnc.%s.username", vs->id);
3757 }
3758 vs->sasl.acl = qemu_acl_init(aclname);
3759 g_free(aclname);
3760 }
3761 #endif
3762
3763 if (vnc_display_setup_auth(vs, password, sasl, vs->ws_enabled, errp) < 0) {
3764 goto fail;
3765 }
3766
3767 #ifdef CONFIG_VNC_SASL
3768 if ((saslErr = sasl_server_init(NULL, "qemu")) != SASL_OK) {
3769 error_setg(errp, "Failed to initialize SASL auth: %s",
3770 sasl_errstring(saslErr, NULL, NULL));
3771 goto fail;
3772 }
3773 #endif
3774 vs->lock_key_sync = lock_key_sync;
3775 vs->key_delay_ms = key_delay_ms;
3776
3777 device_id = qemu_opt_get(opts, "display");
3778 if (device_id) {
3779 int head = qemu_opt_get_number(opts, "head", 0);
3780 Error *err = NULL;
3781
3782 con = qemu_console_lookup_by_device_name(device_id, head, &err);
3783 if (err) {
3784 error_propagate(errp, err);
3785 goto fail;
3786 }
3787 } else {
3788 con = NULL;
3789 }
3790
3791 if (con != vs->dcl.con) {
3792 unregister_displaychangelistener(&vs->dcl);
3793 vs->dcl.con = con;
3794 register_displaychangelistener(&vs->dcl);
3795 }
3796
3797 if (reverse) {
3798 /* connect to viewer */
3799 QIOChannelSocket *sioc = NULL;
3800 vs->lsock = NULL;
3801 vs->lwebsock = NULL;
3802 if (vs->ws_enabled) {
3803 error_setg(errp, "Cannot use websockets in reverse mode");
3804 goto fail;
3805 }
3806 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3807 sioc = qio_channel_socket_new();
3808 if (qio_channel_socket_connect_sync(sioc, saddr, errp) < 0) {
3809 goto fail;
3810 }
3811 vnc_connect(vs, sioc, false, false);
3812 object_unref(OBJECT(sioc));
3813 } else {
3814 vs->lsock = qio_channel_socket_new();
3815 if (qio_channel_socket_listen_sync(vs->lsock, saddr, errp) < 0) {
3816 goto fail;
3817 }
3818 vs->is_unix = saddr->type == SOCKET_ADDRESS_KIND_UNIX;
3819 vs->enabled = true;
3820
3821 if (vs->ws_enabled) {
3822 vs->lwebsock = qio_channel_socket_new();
3823 if (qio_channel_socket_listen_sync(vs->lwebsock,
3824 wsaddr, errp) < 0) {
3825 object_unref(OBJECT(vs->lsock));
3826 vs->lsock = NULL;
3827 goto fail;
3828 }
3829 }
3830
3831 vs->lsock_tag = qio_channel_add_watch(
3832 QIO_CHANNEL(vs->lsock),
3833 G_IO_IN, vnc_listen_io, vs, NULL);
3834 if (vs->ws_enabled) {
3835 vs->lwebsock_tag = qio_channel_add_watch(
3836 QIO_CHANNEL(vs->lwebsock),
3837 G_IO_IN, vnc_listen_io, vs, NULL);
3838 }
3839 }
3840
3841 if (show_vnc_port) {
3842 vnc_display_print_local_addr(vs);
3843 }
3844
3845 qapi_free_SocketAddress(saddr);
3846 qapi_free_SocketAddress(wsaddr);
3847 return;
3848
3849 fail:
3850 qapi_free_SocketAddress(saddr);
3851 qapi_free_SocketAddress(wsaddr);
3852 vs->enabled = false;
3853 vs->ws_enabled = false;
3854 }
3855
3856 void vnc_display_add_client(const char *id, int csock, bool skipauth)
3857 {
3858 VncDisplay *vs = vnc_display_find(id);
3859 QIOChannelSocket *sioc;
3860
3861 if (!vs) {
3862 return;
3863 }
3864
3865 sioc = qio_channel_socket_new_fd(csock, NULL);
3866 if (sioc) {
3867 vnc_connect(vs, sioc, skipauth, false);
3868 object_unref(OBJECT(sioc));
3869 }
3870 }
3871
3872 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
3873 {
3874 int i = 2;
3875 char *id;
3876
3877 id = g_strdup("default");
3878 while (qemu_opts_find(olist, id)) {
3879 g_free(id);
3880 id = g_strdup_printf("vnc%d", i++);
3881 }
3882 qemu_opts_set_id(opts, id);
3883 }
3884
3885 QemuOpts *vnc_parse(const char *str, Error **errp)
3886 {
3887 QemuOptsList *olist = qemu_find_opts("vnc");
3888 QemuOpts *opts = qemu_opts_parse(olist, str, true, errp);
3889 const char *id;
3890
3891 if (!opts) {
3892 return NULL;
3893 }
3894
3895 id = qemu_opts_id(opts);
3896 if (!id) {
3897 /* auto-assign id if not present */
3898 vnc_auto_assign_id(olist, opts);
3899 }
3900 return opts;
3901 }
3902
3903 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
3904 {
3905 Error *local_err = NULL;
3906 char *id = (char *)qemu_opts_id(opts);
3907
3908 assert(id);
3909 vnc_display_init(id);
3910 vnc_display_open(id, &local_err);
3911 if (local_err != NULL) {
3912 error_reportf_err(local_err, "Failed to start VNC server: ");
3913 exit(1);
3914 }
3915 return 0;
3916 }
3917
3918 static void vnc_register_config(void)
3919 {
3920 qemu_add_opts(&qemu_vnc_opts);
3921 }
3922 opts_init(vnc_register_config);
AR7 emulation for QEMU