1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 * Copyright (C) 2009 Red Hat, Inc
7 *
8 * Permission is hereby granted, free of charge, to any person obtaining a copy
9 * of this software and associated documentation files (the "Software"), to deal
10 * in the Software without restriction, including without limitation the rights
11 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
12 * copies of the Software, and to permit persons to whom the Software is
13 * furnished to do so, subject to the following conditions:
14 *
15 * The above copyright notice and this permission notice shall be included in
16 * all copies or substantial portions of the Software.
17 *
18 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
21 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
24 * THE SOFTWARE.
25 */
26
27 #include "qemu/osdep.h"
28 #include "vnc.h"
29 #include "vnc-jobs.h"
30 #include "trace.h"
31 #include "hw/qdev-core.h"
32 #include "system/system.h"
33 #include "system/runstate.h"
34 #include "qemu/error-report.h"
35 #include "qemu/main-loop.h"
36 #include "qemu/module.h"
37 #include "qemu/option.h"
38 #include "qemu/sockets.h"
39 #include "qemu/timer.h"
40 #include "authz/list.h"
41 #include "qemu/config-file.h"
42 #include "qapi/qapi-emit-events.h"
43 #include "qapi/qapi-events-ui.h"
44 #include "qapi/error.h"
45 #include "qapi/qapi-commands-ui.h"
46 #include "ui/input.h"
47 #include "crypto/hash.h"
48 #include "crypto/tlscreds.h"
49 #include "crypto/tlscredsanon.h"
50 #include "crypto/tlscredsx509.h"
51 #include "crypto/random.h"
52 #include "crypto/secret_common.h"
53 #include "qom/object_interfaces.h"
54 #include "qemu/cutils.h"
55 #include "qemu/help_option.h"
56 #include "io/dns-resolver.h"
57 #include "monitor/monitor.h"
58
59 #define VNC_REFRESH_INTERVAL_BASE GUI_REFRESH_INTERVAL_DEFAULT
60 #define VNC_REFRESH_INTERVAL_INC 50
61 #define VNC_REFRESH_INTERVAL_MAX GUI_REFRESH_INTERVAL_IDLE
62 static const struct timeval VNC_REFRESH_STATS = { 0, 500000 };
63 static const struct timeval VNC_REFRESH_LOSSY = { 2, 0 };
64
65 #include "vnc_keysym.h"
66 #include "crypto/cipher.h"
67
68 static QTAILQ_HEAD(, VncDisplay) vnc_displays =
69 QTAILQ_HEAD_INITIALIZER(vnc_displays);
70
71 static int vnc_cursor_define(VncState *vs);
72 static void vnc_update_throttle_offset(VncState *vs);
73
vnc_set_share_mode(VncState * vs,VncShareMode mode)74 static void vnc_set_share_mode(VncState *vs, VncShareMode mode)
75 {
76 #ifdef _VNC_DEBUG
77 static const char *mn[] = {
78 [0] = "undefined",
79 [VNC_SHARE_MODE_CONNECTING] = "connecting",
80 [VNC_SHARE_MODE_SHARED] = "shared",
81 [VNC_SHARE_MODE_EXCLUSIVE] = "exclusive",
82 [VNC_SHARE_MODE_DISCONNECTED] = "disconnected",
83 };
84 fprintf(stderr, "%s/%p: %s -> %s\n", __func__,
85 vs->ioc, mn[vs->share_mode], mn[mode]);
86 #endif
87
88 switch (vs->share_mode) {
89 case VNC_SHARE_MODE_CONNECTING:
90 vs->vd->num_connecting--;
91 break;
92 case VNC_SHARE_MODE_SHARED:
93 vs->vd->num_shared--;
94 break;
95 case VNC_SHARE_MODE_EXCLUSIVE:
96 vs->vd->num_exclusive--;
97 break;
98 default:
99 break;
100 }
101
102 vs->share_mode = mode;
103
104 switch (vs->share_mode) {
105 case VNC_SHARE_MODE_CONNECTING:
106 vs->vd->num_connecting++;
107 break;
108 case VNC_SHARE_MODE_SHARED:
109 vs->vd->num_shared++;
110 break;
111 case VNC_SHARE_MODE_EXCLUSIVE:
112 vs->vd->num_exclusive++;
113 break;
114 default:
115 break;
116 }
117 }
118
119
vnc_init_basic_info(SocketAddress * addr,VncBasicInfo * info,Error ** errp)120 static void vnc_init_basic_info(SocketAddress *addr,
121 VncBasicInfo *info,
122 Error **errp)
123 {
124 switch (addr->type) {
125 case SOCKET_ADDRESS_TYPE_INET:
126 info->host = g_strdup(addr->u.inet.host);
127 info->service = g_strdup(addr->u.inet.port);
128 if (addr->u.inet.ipv6) {
129 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
130 } else {
131 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
132 }
133 break;
134
135 case SOCKET_ADDRESS_TYPE_UNIX:
136 info->host = g_strdup("");
137 info->service = g_strdup(addr->u.q_unix.path);
138 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
139 break;
140
141 case SOCKET_ADDRESS_TYPE_VSOCK:
142 case SOCKET_ADDRESS_TYPE_FD:
143 error_setg(errp, "Unsupported socket address type %s",
144 SocketAddressType_str(addr->type));
145 break;
146 default:
147 abort();
148 }
149 }
150
vnc_init_basic_info_from_server_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)151 static void vnc_init_basic_info_from_server_addr(QIOChannelSocket *ioc,
152 VncBasicInfo *info,
153 Error **errp)
154 {
155 SocketAddress *addr = NULL;
156
157 if (!ioc) {
158 error_setg(errp, "No listener socket available");
159 return;
160 }
161
162 addr = qio_channel_socket_get_local_address(ioc, errp);
163 if (!addr) {
164 return;
165 }
166
167 vnc_init_basic_info(addr, info, errp);
168 qapi_free_SocketAddress(addr);
169 }
170
vnc_init_basic_info_from_remote_addr(QIOChannelSocket * ioc,VncBasicInfo * info,Error ** errp)171 static void vnc_init_basic_info_from_remote_addr(QIOChannelSocket *ioc,
172 VncBasicInfo *info,
173 Error **errp)
174 {
175 SocketAddress *addr = NULL;
176
177 addr = qio_channel_socket_get_remote_address(ioc, errp);
178 if (!addr) {
179 return;
180 }
181
182 vnc_init_basic_info(addr, info, errp);
183 qapi_free_SocketAddress(addr);
184 }
185
vnc_auth_name(VncDisplay * vd)186 static const char *vnc_auth_name(VncDisplay *vd) {
187 switch (vd->auth) {
188 case VNC_AUTH_INVALID:
189 return "invalid";
190 case VNC_AUTH_NONE:
191 return "none";
192 case VNC_AUTH_VNC:
193 return "vnc";
194 case VNC_AUTH_RA2:
195 return "ra2";
196 case VNC_AUTH_RA2NE:
197 return "ra2ne";
198 case VNC_AUTH_TIGHT:
199 return "tight";
200 case VNC_AUTH_ULTRA:
201 return "ultra";
202 case VNC_AUTH_TLS:
203 return "tls";
204 case VNC_AUTH_VENCRYPT:
205 switch (vd->subauth) {
206 case VNC_AUTH_VENCRYPT_PLAIN:
207 return "vencrypt+plain";
208 case VNC_AUTH_VENCRYPT_TLSNONE:
209 return "vencrypt+tls+none";
210 case VNC_AUTH_VENCRYPT_TLSVNC:
211 return "vencrypt+tls+vnc";
212 case VNC_AUTH_VENCRYPT_TLSPLAIN:
213 return "vencrypt+tls+plain";
214 case VNC_AUTH_VENCRYPT_X509NONE:
215 return "vencrypt+x509+none";
216 case VNC_AUTH_VENCRYPT_X509VNC:
217 return "vencrypt+x509+vnc";
218 case VNC_AUTH_VENCRYPT_X509PLAIN:
219 return "vencrypt+x509+plain";
220 case VNC_AUTH_VENCRYPT_TLSSASL:
221 return "vencrypt+tls+sasl";
222 case VNC_AUTH_VENCRYPT_X509SASL:
223 return "vencrypt+x509+sasl";
224 default:
225 return "vencrypt";
226 }
227 case VNC_AUTH_SASL:
228 return "sasl";
229 }
230 return "unknown";
231 }
232
vnc_server_info_get(VncDisplay * vd)233 static VncServerInfo *vnc_server_info_get(VncDisplay *vd)
234 {
235 VncServerInfo *info;
236 Error *err = NULL;
237
238 if (!vd->listener || !vd->listener->nsioc) {
239 return NULL;
240 }
241
242 info = g_malloc0(sizeof(*info));
243 vnc_init_basic_info_from_server_addr(vd->listener->sioc[0],
244 qapi_VncServerInfo_base(info), &err);
245 info->auth = g_strdup(vnc_auth_name(vd));
246 if (err) {
247 qapi_free_VncServerInfo(info);
248 info = NULL;
249 error_free(err);
250 }
251 return info;
252 }
253
vnc_client_cache_auth(VncState * client)254 static void vnc_client_cache_auth(VncState *client)
255 {
256 if (!client->info) {
257 return;
258 }
259
260 if (client->tls) {
261 client->info->x509_dname =
262 qcrypto_tls_session_get_peer_name(client->tls);
263 }
264 #ifdef CONFIG_VNC_SASL
265 if (client->sasl.conn &&
266 client->sasl.username) {
267 client->info->sasl_username = g_strdup(client->sasl.username);
268 }
269 #endif
270 }
271
vnc_client_cache_addr(VncState * client)272 static void vnc_client_cache_addr(VncState *client)
273 {
274 Error *err = NULL;
275
276 client->info = g_malloc0(sizeof(*client->info));
277 vnc_init_basic_info_from_remote_addr(client->sioc,
278 qapi_VncClientInfo_base(client->info),
279 &err);
280 client->info->websocket = client->websocket;
281 if (err) {
282 qapi_free_VncClientInfo(client->info);
283 client->info = NULL;
284 error_free(err);
285 }
286 }
287
vnc_qmp_event(VncState * vs,QAPIEvent event)288 static void vnc_qmp_event(VncState *vs, QAPIEvent event)
289 {
290 VncServerInfo *si;
291
292 if (!vs->info) {
293 return;
294 }
295
296 si = vnc_server_info_get(vs->vd);
297 if (!si) {
298 return;
299 }
300
301 switch (event) {
302 case QAPI_EVENT_VNC_CONNECTED:
303 qapi_event_send_vnc_connected(si, qapi_VncClientInfo_base(vs->info));
304 break;
305 case QAPI_EVENT_VNC_INITIALIZED:
306 qapi_event_send_vnc_initialized(si, vs->info);
307 break;
308 case QAPI_EVENT_VNC_DISCONNECTED:
309 qapi_event_send_vnc_disconnected(si, vs->info);
310 break;
311 default:
312 break;
313 }
314
315 qapi_free_VncServerInfo(si);
316 }
317
qmp_query_vnc_client(const VncState * client)318 static VncClientInfo *qmp_query_vnc_client(const VncState *client)
319 {
320 VncClientInfo *info;
321 Error *err = NULL;
322
323 info = g_malloc0(sizeof(*info));
324
325 vnc_init_basic_info_from_remote_addr(client->sioc,
326 qapi_VncClientInfo_base(info),
327 &err);
328 if (err) {
329 error_free(err);
330 qapi_free_VncClientInfo(info);
331 return NULL;
332 }
333
334 info->websocket = client->websocket;
335
336 if (client->tls) {
337 info->x509_dname = qcrypto_tls_session_get_peer_name(client->tls);
338 }
339 #ifdef CONFIG_VNC_SASL
340 if (client->sasl.conn && client->sasl.username) {
341 info->sasl_username = g_strdup(client->sasl.username);
342 }
343 #endif
344
345 return info;
346 }
347
vnc_display_find(const char * id)348 static VncDisplay *vnc_display_find(const char *id)
349 {
350 VncDisplay *vd;
351
352 if (id == NULL) {
353 return QTAILQ_FIRST(&vnc_displays);
354 }
355 QTAILQ_FOREACH(vd, &vnc_displays, next) {
356 if (strcmp(id, vd->id) == 0) {
357 return vd;
358 }
359 }
360 return NULL;
361 }
362
qmp_query_client_list(VncDisplay * vd)363 static VncClientInfoList *qmp_query_client_list(VncDisplay *vd)
364 {
365 VncClientInfoList *prev = NULL;
366 VncState *client;
367
368 QTAILQ_FOREACH(client, &vd->clients, next) {
369 QAPI_LIST_PREPEND(prev, qmp_query_vnc_client(client));
370 }
371 return prev;
372 }
373
qmp_query_vnc(Error ** errp)374 VncInfo *qmp_query_vnc(Error **errp)
375 {
376 VncInfo *info = g_malloc0(sizeof(*info));
377 VncDisplay *vd = vnc_display_find(NULL);
378 SocketAddress *addr = NULL;
379
380 if (vd == NULL || !vd->listener || !vd->listener->nsioc) {
381 info->enabled = false;
382 } else {
383 info->enabled = true;
384
385 /* for compatibility with the original command */
386 info->has_clients = true;
387 info->clients = qmp_query_client_list(vd);
388
389 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0],
390 errp);
391 if (!addr) {
392 goto out_error;
393 }
394
395 switch (addr->type) {
396 case SOCKET_ADDRESS_TYPE_INET:
397 info->host = g_strdup(addr->u.inet.host);
398 info->service = g_strdup(addr->u.inet.port);
399 if (addr->u.inet.ipv6) {
400 info->family = NETWORK_ADDRESS_FAMILY_IPV6;
401 } else {
402 info->family = NETWORK_ADDRESS_FAMILY_IPV4;
403 }
404 break;
405
406 case SOCKET_ADDRESS_TYPE_UNIX:
407 info->host = g_strdup("");
408 info->service = g_strdup(addr->u.q_unix.path);
409 info->family = NETWORK_ADDRESS_FAMILY_UNIX;
410 break;
411
412 case SOCKET_ADDRESS_TYPE_VSOCK:
413 case SOCKET_ADDRESS_TYPE_FD:
414 error_setg(errp, "Unsupported socket address type %s",
415 SocketAddressType_str(addr->type));
416 goto out_error;
417 default:
418 abort();
419 }
420
421 info->has_family = true;
422
423 info->auth = g_strdup(vnc_auth_name(vd));
424 }
425
426 qapi_free_SocketAddress(addr);
427 return info;
428
429 out_error:
430 qapi_free_SocketAddress(addr);
431 qapi_free_VncInfo(info);
432 return NULL;
433 }
434
435
436 static void qmp_query_auth(int auth, int subauth,
437 VncPrimaryAuth *qmp_auth,
438 VncVencryptSubAuth *qmp_vencrypt,
439 bool *qmp_has_vencrypt);
440
qmp_query_server_entry(QIOChannelSocket * ioc,bool websocket,int auth,int subauth,VncServerInfo2List * prev)441 static VncServerInfo2List *qmp_query_server_entry(QIOChannelSocket *ioc,
442 bool websocket,
443 int auth,
444 int subauth,
445 VncServerInfo2List *prev)
446 {
447 VncServerInfo2 *info;
448 Error *err = NULL;
449 SocketAddress *addr;
450
451 addr = qio_channel_socket_get_local_address(ioc, NULL);
452 if (!addr) {
453 return prev;
454 }
455
456 info = g_new0(VncServerInfo2, 1);
457 vnc_init_basic_info(addr, qapi_VncServerInfo2_base(info), &err);
458 qapi_free_SocketAddress(addr);
459 if (err) {
460 qapi_free_VncServerInfo2(info);
461 error_free(err);
462 return prev;
463 }
464 info->websocket = websocket;
465
466 qmp_query_auth(auth, subauth, &info->auth,
467 &info->vencrypt, &info->has_vencrypt);
468
469 QAPI_LIST_PREPEND(prev, info);
470 return prev;
471 }
472
qmp_query_auth(int auth,int subauth,VncPrimaryAuth * qmp_auth,VncVencryptSubAuth * qmp_vencrypt,bool * qmp_has_vencrypt)473 static void qmp_query_auth(int auth, int subauth,
474 VncPrimaryAuth *qmp_auth,
475 VncVencryptSubAuth *qmp_vencrypt,
476 bool *qmp_has_vencrypt)
477 {
478 switch (auth) {
479 case VNC_AUTH_VNC:
480 *qmp_auth = VNC_PRIMARY_AUTH_VNC;
481 break;
482 case VNC_AUTH_RA2:
483 *qmp_auth = VNC_PRIMARY_AUTH_RA2;
484 break;
485 case VNC_AUTH_RA2NE:
486 *qmp_auth = VNC_PRIMARY_AUTH_RA2NE;
487 break;
488 case VNC_AUTH_TIGHT:
489 *qmp_auth = VNC_PRIMARY_AUTH_TIGHT;
490 break;
491 case VNC_AUTH_ULTRA:
492 *qmp_auth = VNC_PRIMARY_AUTH_ULTRA;
493 break;
494 case VNC_AUTH_TLS:
495 *qmp_auth = VNC_PRIMARY_AUTH_TLS;
496 break;
497 case VNC_AUTH_VENCRYPT:
498 *qmp_auth = VNC_PRIMARY_AUTH_VENCRYPT;
499 *qmp_has_vencrypt = true;
500 switch (subauth) {
501 case VNC_AUTH_VENCRYPT_PLAIN:
502 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_PLAIN;
503 break;
504 case VNC_AUTH_VENCRYPT_TLSNONE:
505 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_NONE;
506 break;
507 case VNC_AUTH_VENCRYPT_TLSVNC:
508 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_VNC;
509 break;
510 case VNC_AUTH_VENCRYPT_TLSPLAIN:
511 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_PLAIN;
512 break;
513 case VNC_AUTH_VENCRYPT_X509NONE:
514 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_NONE;
515 break;
516 case VNC_AUTH_VENCRYPT_X509VNC:
517 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_VNC;
518 break;
519 case VNC_AUTH_VENCRYPT_X509PLAIN:
520 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_PLAIN;
521 break;
522 case VNC_AUTH_VENCRYPT_TLSSASL:
523 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_TLS_SASL;
524 break;
525 case VNC_AUTH_VENCRYPT_X509SASL:
526 *qmp_vencrypt = VNC_VENCRYPT_SUB_AUTH_X509_SASL;
527 break;
528 default:
529 *qmp_has_vencrypt = false;
530 break;
531 }
532 break;
533 case VNC_AUTH_SASL:
534 *qmp_auth = VNC_PRIMARY_AUTH_SASL;
535 break;
536 case VNC_AUTH_NONE:
537 default:
538 *qmp_auth = VNC_PRIMARY_AUTH_NONE;
539 break;
540 }
541 }
542
qmp_query_vnc_servers(Error ** errp)543 VncInfo2List *qmp_query_vnc_servers(Error **errp)
544 {
545 VncInfo2List *prev = NULL;
546 VncInfo2 *info;
547 VncDisplay *vd;
548 DeviceState *dev;
549 size_t i;
550
551 QTAILQ_FOREACH(vd, &vnc_displays, next) {
552 info = g_new0(VncInfo2, 1);
553 info->id = g_strdup(vd->id);
554 info->clients = qmp_query_client_list(vd);
555 qmp_query_auth(vd->auth, vd->subauth, &info->auth,
556 &info->vencrypt, &info->has_vencrypt);
557 if (vd->dcl.con) {
558 dev = DEVICE(object_property_get_link(OBJECT(vd->dcl.con),
559 "device", &error_abort));
560 info->display = g_strdup(dev->id);
561 }
562 for (i = 0; vd->listener != NULL && i < vd->listener->nsioc; i++) {
563 info->server = qmp_query_server_entry(
564 vd->listener->sioc[i], false, vd->auth, vd->subauth,
565 info->server);
566 }
567 for (i = 0; vd->wslistener != NULL && i < vd->wslistener->nsioc; i++) {
568 info->server = qmp_query_server_entry(
569 vd->wslistener->sioc[i], true, vd->ws_auth,
570 vd->ws_subauth, info->server);
571 }
572
573 QAPI_LIST_PREPEND(prev, info);
574 }
575 return prev;
576 }
577
vnc_display_reload_certs(const char * id,Error ** errp)578 bool vnc_display_reload_certs(const char *id, Error **errp)
579 {
580 VncDisplay *vd = vnc_display_find(id);
581 QCryptoTLSCredsClass *creds = NULL;
582
583 if (!vd) {
584 error_setg(errp, "Can not find vnc display");
585 return false;
586 }
587
588 if (!vd->tlscreds) {
589 error_setg(errp, "vnc tls is not enabled");
590 return false;
591 }
592
593 creds = QCRYPTO_TLS_CREDS_GET_CLASS(OBJECT(vd->tlscreds));
594 if (creds->reload == NULL) {
595 error_setg(errp, "%s doesn't support to reload TLS credential",
596 object_get_typename(OBJECT(vd->tlscreds)));
597 return false;
598 }
599 if (!creds->reload(vd->tlscreds, errp)) {
600 return false;
601 }
602
603 return true;
604 }
605
606 /* TODO
607 1) Get the queue working for IO.
608 2) there is some weirdness when using the -S option (the screen is grey
609 and not totally invalidated
610 3) resolutions > 1024
611 */
612
613 static int vnc_update_client(VncState *vs, int has_dirty);
614 static void vnc_disconnect_start(VncState *vs);
615
616 static void vnc_colordepth(VncState *vs);
617 static void framebuffer_update_request(VncState *vs, int incremental,
618 int x_position, int y_position,
619 int w, int h);
620 static void vnc_refresh(DisplayChangeListener *dcl);
621 static int vnc_refresh_server_surface(VncDisplay *vd);
622
vnc_width(VncDisplay * vd)623 static int vnc_width(VncDisplay *vd)
624 {
625 return MIN(VNC_MAX_WIDTH, ROUND_UP(surface_width(vd->ds),
626 VNC_DIRTY_PIXELS_PER_BIT));
627 }
628
vnc_true_width(VncDisplay * vd)629 static int vnc_true_width(VncDisplay *vd)
630 {
631 return MIN(VNC_MAX_WIDTH, surface_width(vd->ds));
632 }
633
vnc_height(VncDisplay * vd)634 static int vnc_height(VncDisplay *vd)
635 {
636 return MIN(VNC_MAX_HEIGHT, surface_height(vd->ds));
637 }
638
639 static void vnc_set_area_dirty(DECLARE_BITMAP(dirty[VNC_MAX_HEIGHT],
640 VNC_MAX_WIDTH / VNC_DIRTY_PIXELS_PER_BIT),
641 VncDisplay *vd,
642 int x, int y, int w, int h)
643 {
644 int width = vnc_width(vd);
645 int height = vnc_height(vd);
646
647 /* this is needed this to ensure we updated all affected
648 * blocks if x % VNC_DIRTY_PIXELS_PER_BIT != 0 */
649 w += (x % VNC_DIRTY_PIXELS_PER_BIT);
650 x -= (x % VNC_DIRTY_PIXELS_PER_BIT);
651
652 x = MIN(x, width);
653 y = MIN(y, height);
654 w = MIN(x + w, width) - x;
655 h = MIN(y + h, height);
656
657 for (; y < h; y++) {
658 bitmap_set(dirty[y], x / VNC_DIRTY_PIXELS_PER_BIT,
659 DIV_ROUND_UP(w, VNC_DIRTY_PIXELS_PER_BIT));
660 }
661 }
662
vnc_dpy_update(DisplayChangeListener * dcl,int x,int y,int w,int h)663 static void vnc_dpy_update(DisplayChangeListener *dcl,
664 int x, int y, int w, int h)
665 {
666 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
667 struct VncSurface *s = &vd->guest;
668
669 vnc_set_area_dirty(s->dirty, vd, x, y, w, h);
670 }
671
vnc_framebuffer_update(VncState * vs,int x,int y,int w,int h,int32_t encoding)672 void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
673 int32_t encoding)
674 {
675 vnc_write_u16(vs, x);
676 vnc_write_u16(vs, y);
677 vnc_write_u16(vs, w);
678 vnc_write_u16(vs, h);
679
680 vnc_write_s32(vs, encoding);
681 }
682
vnc_desktop_resize_ext(VncState * vs,int reject_reason)683 static void vnc_desktop_resize_ext(VncState *vs, int reject_reason)
684 {
685 trace_vnc_msg_server_ext_desktop_resize(
686 vs, vs->ioc, vs->client_width, vs->client_height, reject_reason);
687
688 vnc_lock_output(vs);
689 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
690 vnc_write_u8(vs, 0);
691 vnc_write_u16(vs, 1); /* number of rects */
692 vnc_framebuffer_update(vs,
693 reject_reason ? 1 : 0,
694 reject_reason,
695 vs->client_width, vs->client_height,
696 VNC_ENCODING_DESKTOP_RESIZE_EXT);
697 vnc_write_u8(vs, 1); /* number of screens */
698 vnc_write_u8(vs, 0); /* padding */
699 vnc_write_u8(vs, 0); /* padding */
700 vnc_write_u8(vs, 0); /* padding */
701 vnc_write_u32(vs, 0); /* screen id */
702 vnc_write_u16(vs, 0); /* screen x-pos */
703 vnc_write_u16(vs, 0); /* screen y-pos */
704 vnc_write_u16(vs, vs->client_width);
705 vnc_write_u16(vs, vs->client_height);
706 vnc_write_u32(vs, 0); /* screen flags */
707 vnc_unlock_output(vs);
708 vnc_flush(vs);
709 }
710
vnc_desktop_resize(VncState * vs)711 static void vnc_desktop_resize(VncState *vs)
712 {
713 if (vs->ioc == NULL || (!vnc_has_feature(vs, VNC_FEATURE_RESIZE) &&
714 !vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT))) {
715 return;
716 }
717 if (vs->client_width == vs->vd->true_width &&
718 vs->client_height == pixman_image_get_height(vs->vd->server)) {
719 return;
720 }
721
722 assert(vs->vd->true_width < 65536 &&
723 vs->vd->true_width >= 0);
724 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
725 pixman_image_get_height(vs->vd->server) >= 0);
726 vs->client_width = vs->vd->true_width;
727 vs->client_height = pixman_image_get_height(vs->vd->server);
728
729 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
730 vnc_desktop_resize_ext(vs, 0);
731 return;
732 }
733
734 trace_vnc_msg_server_desktop_resize(
735 vs, vs->ioc, vs->client_width, vs->client_height);
736
737 vnc_lock_output(vs);
738 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
739 vnc_write_u8(vs, 0);
740 vnc_write_u16(vs, 1); /* number of rects */
741 vnc_framebuffer_update(vs, 0, 0, vs->client_width, vs->client_height,
742 VNC_ENCODING_DESKTOPRESIZE);
743 vnc_unlock_output(vs);
744 vnc_flush(vs);
745 }
746
vnc_abort_display_jobs(VncDisplay * vd)747 static void vnc_abort_display_jobs(VncDisplay *vd)
748 {
749 VncState *vs;
750
751 QTAILQ_FOREACH(vs, &vd->clients, next) {
752 vnc_lock_output(vs);
753 vs->abort = true;
754 vnc_unlock_output(vs);
755 }
756 QTAILQ_FOREACH(vs, &vd->clients, next) {
757 vnc_jobs_join(vs);
758 }
759 QTAILQ_FOREACH(vs, &vd->clients, next) {
760 vnc_lock_output(vs);
761 if (vs->update == VNC_STATE_UPDATE_NONE &&
762 vs->job_update != VNC_STATE_UPDATE_NONE) {
763 /* job aborted before completion */
764 vs->update = vs->job_update;
765 vs->job_update = VNC_STATE_UPDATE_NONE;
766 }
767 vs->abort = false;
768 vnc_unlock_output(vs);
769 }
770 }
771
vnc_server_fb_stride(VncDisplay * vd)772 int vnc_server_fb_stride(VncDisplay *vd)
773 {
774 return pixman_image_get_stride(vd->server);
775 }
776
vnc_server_fb_ptr(VncDisplay * vd,int x,int y)777 void *vnc_server_fb_ptr(VncDisplay *vd, int x, int y)
778 {
779 uint8_t *ptr;
780
781 ptr = (uint8_t *)pixman_image_get_data(vd->server);
782 ptr += y * vnc_server_fb_stride(vd);
783 ptr += x * VNC_SERVER_FB_BYTES;
784 return ptr;
785 }
786
vnc_update_server_surface(VncDisplay * vd)787 static void vnc_update_server_surface(VncDisplay *vd)
788 {
789 int width, height;
790
791 qemu_pixman_image_unref(vd->server);
792 vd->server = NULL;
793
794 if (QTAILQ_EMPTY(&vd->clients)) {
795 return;
796 }
797
798 width = vnc_width(vd);
799 height = vnc_height(vd);
800 vd->true_width = vnc_true_width(vd);
801 vd->server = pixman_image_create_bits(VNC_SERVER_FB_FORMAT,
802 width, height,
803 NULL, 0);
804
805 memset(vd->guest.dirty, 0x00, sizeof(vd->guest.dirty));
806 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
807 width, height);
808 }
809
vnc_check_pageflip(DisplaySurface * s1,DisplaySurface * s2)810 static bool vnc_check_pageflip(DisplaySurface *s1,
811 DisplaySurface *s2)
812 {
813 return (s1 != NULL &&
814 s2 != NULL &&
815 surface_width(s1) == surface_width(s2) &&
816 surface_height(s1) == surface_height(s2) &&
817 surface_format(s1) == surface_format(s2));
818
819 }
820
vnc_dpy_switch(DisplayChangeListener * dcl,DisplaySurface * surface)821 static void vnc_dpy_switch(DisplayChangeListener *dcl,
822 DisplaySurface *surface)
823 {
824 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
825 bool pageflip = vnc_check_pageflip(vd->ds, surface);
826 VncState *vs;
827
828 vnc_abort_display_jobs(vd);
829 vd->ds = surface;
830
831 /* guest surface */
832 qemu_pixman_image_unref(vd->guest.fb);
833 vd->guest.fb = pixman_image_ref(surface->image);
834 vd->guest.format = surface_format(surface);
835
836
837 if (pageflip) {
838 trace_vnc_server_dpy_pageflip(vd,
839 surface_width(surface),
840 surface_height(surface),
841 surface_format(surface));
842 vnc_set_area_dirty(vd->guest.dirty, vd, 0, 0,
843 surface_width(surface),
844 surface_height(surface));
845 return;
846 }
847
848 trace_vnc_server_dpy_recreate(vd,
849 surface_width(surface),
850 surface_height(surface),
851 surface_format(surface));
852 /* server surface */
853 vnc_update_server_surface(vd);
854
855 QTAILQ_FOREACH(vs, &vd->clients, next) {
856 vnc_colordepth(vs);
857 vnc_desktop_resize(vs);
858 vnc_cursor_define(vs);
859 memset(vs->dirty, 0x00, sizeof(vs->dirty));
860 vnc_set_area_dirty(vs->dirty, vd, 0, 0,
861 vnc_width(vd),
862 vnc_height(vd));
863 vnc_update_throttle_offset(vs);
864 }
865 }
866
867 /* fastest code */
vnc_write_pixels_copy(VncState * vs,void * pixels,int size)868 static void vnc_write_pixels_copy(VncState *vs,
869 void *pixels, int size)
870 {
871 vnc_write(vs, pixels, size);
872 }
873
874 /* slowest but generic code. */
vnc_convert_pixel(VncState * vs,uint8_t * buf,uint32_t v)875 void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
876 {
877 uint8_t r, g, b;
878
879 #if VNC_SERVER_FB_FORMAT == PIXMAN_FORMAT(32, PIXMAN_TYPE_ARGB, 0, 8, 8, 8)
880 r = (((v & 0x00ff0000) >> 16) << vs->client_pf.rbits) >> 8;
881 g = (((v & 0x0000ff00) >> 8) << vs->client_pf.gbits) >> 8;
882 b = (((v & 0x000000ff) >> 0) << vs->client_pf.bbits) >> 8;
883 #else
884 # error need some bits here if you change VNC_SERVER_FB_FORMAT
885 #endif
886 v = (r << vs->client_pf.rshift) |
887 (g << vs->client_pf.gshift) |
888 (b << vs->client_pf.bshift);
889 switch (vs->client_pf.bytes_per_pixel) {
890 case 1:
891 buf[0] = v;
892 break;
893 case 2:
894 if (vs->client_endian == G_BIG_ENDIAN) {
895 buf[0] = v >> 8;
896 buf[1] = v;
897 } else {
898 buf[1] = v >> 8;
899 buf[0] = v;
900 }
901 break;
902 default:
903 case 4:
904 if (vs->client_endian == G_BIG_ENDIAN) {
905 buf[0] = v >> 24;
906 buf[1] = v >> 16;
907 buf[2] = v >> 8;
908 buf[3] = v;
909 } else {
910 buf[3] = v >> 24;
911 buf[2] = v >> 16;
912 buf[1] = v >> 8;
913 buf[0] = v;
914 }
915 break;
916 }
917 }
918
vnc_write_pixels_generic(VncState * vs,void * pixels1,int size)919 static void vnc_write_pixels_generic(VncState *vs,
920 void *pixels1, int size)
921 {
922 uint8_t buf[4];
923
924 if (VNC_SERVER_FB_BYTES == 4) {
925 uint32_t *pixels = pixels1;
926 int n, i;
927 n = size >> 2;
928 for (i = 0; i < n; i++) {
929 vnc_convert_pixel(vs, buf, pixels[i]);
930 vnc_write(vs, buf, vs->client_pf.bytes_per_pixel);
931 }
932 }
933 }
934
vnc_raw_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)935 int vnc_raw_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
936 {
937 int i;
938 uint8_t *row;
939 VncDisplay *vd = vs->vd;
940
941 row = vnc_server_fb_ptr(vd, x, y);
942 for (i = 0; i < h; i++) {
943 vs->write_pixels(vs, row, w * VNC_SERVER_FB_BYTES);
944 row += vnc_server_fb_stride(vd);
945 }
946 return 1;
947 }
948
vnc_send_framebuffer_update(VncState * vs,int x,int y,int w,int h)949 int vnc_send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
950 {
951 int n = 0;
952
953 switch(vs->vnc_encoding) {
954 case VNC_ENCODING_ZLIB:
955 n = vnc_zlib_send_framebuffer_update(vs, x, y, w, h);
956 break;
957 case VNC_ENCODING_HEXTILE:
958 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
959 n = vnc_hextile_send_framebuffer_update(vs, x, y, w, h);
960 break;
961 case VNC_ENCODING_TIGHT:
962 n = vnc_tight_send_framebuffer_update(vs, x, y, w, h);
963 break;
964 case VNC_ENCODING_TIGHT_PNG:
965 n = vnc_tight_png_send_framebuffer_update(vs, x, y, w, h);
966 break;
967 case VNC_ENCODING_ZRLE:
968 n = vnc_zrle_send_framebuffer_update(vs, x, y, w, h);
969 break;
970 case VNC_ENCODING_ZYWRLE:
971 n = vnc_zywrle_send_framebuffer_update(vs, x, y, w, h);
972 break;
973 default:
974 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
975 n = vnc_raw_send_framebuffer_update(vs, x, y, w, h);
976 break;
977 }
978 return n;
979 }
980
vnc_mouse_set(DisplayChangeListener * dcl,int x,int y,bool visible)981 static void vnc_mouse_set(DisplayChangeListener *dcl,
982 int x, int y, bool visible)
983 {
984 /* can we ask the client(s) to move the pointer ??? */
985 }
986
vnc_cursor_define(VncState * vs)987 static int vnc_cursor_define(VncState *vs)
988 {
989 QEMUCursor *c = qemu_console_get_cursor(vs->vd->dcl.con);
990 int isize;
991
992 if (!c) {
993 return -1;
994 }
995
996 if (vnc_has_feature(vs, VNC_FEATURE_ALPHA_CURSOR)) {
997 vnc_lock_output(vs);
998 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
999 vnc_write_u8(vs, 0); /* padding */
1000 vnc_write_u16(vs, 1); /* # of rects */
1001 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1002 VNC_ENCODING_ALPHA_CURSOR);
1003 vnc_write_s32(vs, VNC_ENCODING_RAW);
1004 vnc_write(vs, c->data, c->width * c->height * 4);
1005 vnc_unlock_output(vs);
1006 return 0;
1007 }
1008 if (vnc_has_feature(vs, VNC_FEATURE_RICH_CURSOR)) {
1009 vnc_lock_output(vs);
1010 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1011 vnc_write_u8(vs, 0); /* padding */
1012 vnc_write_u16(vs, 1); /* # of rects */
1013 vnc_framebuffer_update(vs, c->hot_x, c->hot_y, c->width, c->height,
1014 VNC_ENCODING_RICH_CURSOR);
1015 isize = c->width * c->height * vs->client_pf.bytes_per_pixel;
1016 vnc_write_pixels_generic(vs, c->data, isize);
1017 vnc_write(vs, vs->vd->cursor_mask, vs->vd->cursor_msize);
1018 vnc_unlock_output(vs);
1019 return 0;
1020 }
1021 return -1;
1022 }
1023
vnc_dpy_cursor_define(DisplayChangeListener * dcl,QEMUCursor * c)1024 static void vnc_dpy_cursor_define(DisplayChangeListener *dcl,
1025 QEMUCursor *c)
1026 {
1027 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
1028 VncState *vs;
1029
1030 g_free(vd->cursor_mask);
1031 vd->cursor_msize = cursor_get_mono_bpl(c) * c->height;
1032 vd->cursor_mask = g_malloc0(vd->cursor_msize);
1033 cursor_get_mono_mask(c, 0, vd->cursor_mask);
1034
1035 QTAILQ_FOREACH(vs, &vd->clients, next) {
1036 vnc_cursor_define(vs);
1037 }
1038 }
1039
find_and_clear_dirty_height(VncState * vs,int y,int last_x,int x,int height)1040 static int find_and_clear_dirty_height(VncState *vs,
1041 int y, int last_x, int x, int height)
1042 {
1043 int h;
1044
1045 for (h = 1; h < (height - y); h++) {
1046 if (!test_bit(last_x, vs->dirty[y + h])) {
1047 break;
1048 }
1049 bitmap_clear(vs->dirty[y + h], last_x, x - last_x);
1050 }
1051
1052 return h;
1053 }
1054
1055 /*
1056 * Figure out how much pending data we should allow in the output
1057 * buffer before we throttle incremental display updates, and/or
1058 * drop audio samples.
1059 *
1060 * We allow for equiv of 1 full display's worth of FB updates,
1061 * and 1 second of audio samples. If audio backlog was larger
1062 * than that the client would already suffering awful audio
1063 * glitches, so dropping samples is no worse really).
1064 */
vnc_update_throttle_offset(VncState * vs)1065 static void vnc_update_throttle_offset(VncState *vs)
1066 {
1067 size_t offset =
1068 vs->client_width * vs->client_height * vs->client_pf.bytes_per_pixel;
1069
1070 if (vs->audio_cap) {
1071 int bps;
1072 switch (vs->as.fmt) {
1073 default:
1074 case AUDIO_FORMAT_U8:
1075 case AUDIO_FORMAT_S8:
1076 bps = 1;
1077 break;
1078 case AUDIO_FORMAT_U16:
1079 case AUDIO_FORMAT_S16:
1080 bps = 2;
1081 break;
1082 case AUDIO_FORMAT_U32:
1083 case AUDIO_FORMAT_S32:
1084 bps = 4;
1085 break;
1086 }
1087 offset += vs->as.freq * bps * vs->as.nchannels;
1088 }
1089
1090 /* Put a floor of 1MB on offset, so that if we have a large pending
1091 * buffer and the display is resized to a small size & back again
1092 * we don't suddenly apply a tiny send limit
1093 */
1094 offset = MAX(offset, 1024 * 1024);
1095
1096 if (vs->throttle_output_offset != offset) {
1097 trace_vnc_client_throttle_threshold(
1098 vs, vs->ioc, vs->throttle_output_offset, offset, vs->client_width,
1099 vs->client_height, vs->client_pf.bytes_per_pixel, vs->audio_cap);
1100 }
1101
1102 vs->throttle_output_offset = offset;
1103 }
1104
vnc_should_update(VncState * vs)1105 static bool vnc_should_update(VncState *vs)
1106 {
1107 switch (vs->update) {
1108 case VNC_STATE_UPDATE_NONE:
1109 break;
1110 case VNC_STATE_UPDATE_INCREMENTAL:
1111 /* Only allow incremental updates if the pending send queue
1112 * is less than the permitted threshold, and the job worker
1113 * is completely idle.
1114 */
1115 if (vs->output.offset < vs->throttle_output_offset &&
1116 vs->job_update == VNC_STATE_UPDATE_NONE) {
1117 return true;
1118 }
1119 trace_vnc_client_throttle_incremental(
1120 vs, vs->ioc, vs->job_update, vs->output.offset);
1121 break;
1122 case VNC_STATE_UPDATE_FORCE:
1123 /* Only allow forced updates if the pending send queue
1124 * does not contain a previous forced update, and the
1125 * job worker is completely idle.
1126 *
1127 * Note this means we'll queue a forced update, even if
1128 * the output buffer size is otherwise over the throttle
1129 * output limit.
1130 */
1131 if (vs->force_update_offset == 0 &&
1132 vs->job_update == VNC_STATE_UPDATE_NONE) {
1133 return true;
1134 }
1135 trace_vnc_client_throttle_forced(
1136 vs, vs->ioc, vs->job_update, vs->force_update_offset);
1137 break;
1138 }
1139 return false;
1140 }
1141
vnc_update_client(VncState * vs,int has_dirty)1142 static int vnc_update_client(VncState *vs, int has_dirty)
1143 {
1144 VncDisplay *vd = vs->vd;
1145 VncJob *job;
1146 int y;
1147 int height, width;
1148 int n = 0;
1149
1150 if (vs->disconnecting) {
1151 vnc_disconnect_finish(vs);
1152 return 0;
1153 }
1154
1155 vs->has_dirty += has_dirty;
1156 if (!vnc_should_update(vs)) {
1157 return 0;
1158 }
1159
1160 if (!vs->has_dirty && vs->update != VNC_STATE_UPDATE_FORCE) {
1161 return 0;
1162 }
1163
1164 /*
1165 * Send screen updates to the vnc client using the server
1166 * surface and server dirty map. guest surface updates
1167 * happening in parallel don't disturb us, the next pass will
1168 * send them to the client.
1169 */
1170 job = vnc_job_new(vs);
1171
1172 height = pixman_image_get_height(vd->server);
1173 width = pixman_image_get_width(vd->server);
1174
1175 y = 0;
1176 for (;;) {
1177 int x, h;
1178 unsigned long x2;
1179 unsigned long offset = find_next_bit((unsigned long *) &vs->dirty,
1180 height * VNC_DIRTY_BPL(vs),
1181 y * VNC_DIRTY_BPL(vs));
1182 if (offset == height * VNC_DIRTY_BPL(vs)) {
1183 /* no more dirty bits */
1184 break;
1185 }
1186 y = offset / VNC_DIRTY_BPL(vs);
1187 x = offset % VNC_DIRTY_BPL(vs);
1188 x2 = find_next_zero_bit((unsigned long *) &vs->dirty[y],
1189 VNC_DIRTY_BPL(vs), x);
1190 bitmap_clear(vs->dirty[y], x, x2 - x);
1191 h = find_and_clear_dirty_height(vs, y, x, x2, height);
1192 x2 = MIN(x2, width / VNC_DIRTY_PIXELS_PER_BIT);
1193 if (x2 > x) {
1194 n += vnc_job_add_rect(job, x * VNC_DIRTY_PIXELS_PER_BIT, y,
1195 (x2 - x) * VNC_DIRTY_PIXELS_PER_BIT, h);
1196 }
1197 if (!x && x2 == width / VNC_DIRTY_PIXELS_PER_BIT) {
1198 y += h;
1199 if (y == height) {
1200 break;
1201 }
1202 }
1203 }
1204
1205 vs->job_update = vs->update;
1206 vs->update = VNC_STATE_UPDATE_NONE;
1207 vnc_job_push(job);
1208 vs->has_dirty = 0;
1209 return n;
1210 }
1211
1212 /* audio */
audio_capture_notify(void * opaque,audcnotification_e cmd)1213 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
1214 {
1215 VncState *vs = opaque;
1216
1217 assert(vs->magic == VNC_MAGIC);
1218 switch (cmd) {
1219 case AUD_CNOTIFY_DISABLE:
1220 trace_vnc_msg_server_audio_end(vs, vs->ioc);
1221 vnc_lock_output(vs);
1222 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1223 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1224 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_END);
1225 vnc_unlock_output(vs);
1226 vnc_flush(vs);
1227 break;
1228
1229 case AUD_CNOTIFY_ENABLE:
1230 trace_vnc_msg_server_audio_begin(vs, vs->ioc);
1231 vnc_lock_output(vs);
1232 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1233 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1234 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_BEGIN);
1235 vnc_unlock_output(vs);
1236 vnc_flush(vs);
1237 break;
1238 }
1239 }
1240
audio_capture_destroy(void * opaque)1241 static void audio_capture_destroy(void *opaque)
1242 {
1243 }
1244
audio_capture(void * opaque,const void * buf,int size)1245 static void audio_capture(void *opaque, const void *buf, int size)
1246 {
1247 VncState *vs = opaque;
1248
1249 assert(vs->magic == VNC_MAGIC);
1250 trace_vnc_msg_server_audio_data(vs, vs->ioc, buf, size);
1251 vnc_lock_output(vs);
1252 if (vs->output.offset < vs->throttle_output_offset) {
1253 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU);
1254 vnc_write_u8(vs, VNC_MSG_SERVER_QEMU_AUDIO);
1255 vnc_write_u16(vs, VNC_MSG_SERVER_QEMU_AUDIO_DATA);
1256 vnc_write_u32(vs, size);
1257 vnc_write(vs, buf, size);
1258 } else {
1259 trace_vnc_client_throttle_audio(vs, vs->ioc, vs->output.offset);
1260 }
1261 vnc_unlock_output(vs);
1262 vnc_flush(vs);
1263 }
1264
audio_add(VncState * vs)1265 static void audio_add(VncState *vs)
1266 {
1267 struct audio_capture_ops ops;
1268
1269 if (vs->audio_cap) {
1270 error_report("audio already running");
1271 return;
1272 }
1273
1274 ops.notify = audio_capture_notify;
1275 ops.destroy = audio_capture_destroy;
1276 ops.capture = audio_capture;
1277
1278 vs->audio_cap = AUD_add_capture(vs->vd->audio_state, &vs->as, &ops, vs);
1279 if (!vs->audio_cap) {
1280 error_report("Failed to add audio capture");
1281 }
1282 }
1283
audio_del(VncState * vs)1284 static void audio_del(VncState *vs)
1285 {
1286 if (vs->audio_cap) {
1287 AUD_del_capture(vs->audio_cap, vs);
1288 vs->audio_cap = NULL;
1289 }
1290 }
1291
vnc_disconnect_start(VncState * vs)1292 static void vnc_disconnect_start(VncState *vs)
1293 {
1294 if (vs->disconnecting) {
1295 return;
1296 }
1297 trace_vnc_client_disconnect_start(vs, vs->ioc);
1298 vnc_set_share_mode(vs, VNC_SHARE_MODE_DISCONNECTED);
1299 if (vs->ioc_tag) {
1300 g_source_remove(vs->ioc_tag);
1301 vs->ioc_tag = 0;
1302 }
1303 qio_channel_close(vs->ioc, NULL);
1304 vs->disconnecting = TRUE;
1305 }
1306
vnc_disconnect_finish(VncState * vs)1307 void vnc_disconnect_finish(VncState *vs)
1308 {
1309 int i;
1310
1311 trace_vnc_client_disconnect_finish(vs, vs->ioc);
1312
1313 vnc_jobs_join(vs); /* Wait encoding jobs */
1314
1315 vnc_lock_output(vs);
1316 vnc_qmp_event(vs, QAPI_EVENT_VNC_DISCONNECTED);
1317
1318 buffer_free(&vs->input);
1319 buffer_free(&vs->output);
1320
1321 qapi_free_VncClientInfo(vs->info);
1322
1323 vnc_zlib_clear(vs);
1324 vnc_tight_clear(vs);
1325 vnc_zrle_clear(vs);
1326
1327 #ifdef CONFIG_VNC_SASL
1328 vnc_sasl_client_cleanup(vs);
1329 #endif /* CONFIG_VNC_SASL */
1330 audio_del(vs);
1331 qkbd_state_lift_all_keys(vs->vd->kbd);
1332
1333 if (vs->mouse_mode_notifier.notify != NULL) {
1334 qemu_remove_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
1335 }
1336 QTAILQ_REMOVE(&vs->vd->clients, vs, next);
1337 if (QTAILQ_EMPTY(&vs->vd->clients)) {
1338 /* last client gone */
1339 vnc_update_server_surface(vs->vd);
1340 }
1341 vnc_unlock_output(vs);
1342
1343 if (vs->cbpeer.notifier.notify) {
1344 qemu_clipboard_peer_unregister(&vs->cbpeer);
1345 }
1346
1347 qemu_mutex_destroy(&vs->output_mutex);
1348 if (vs->bh != NULL) {
1349 qemu_bh_delete(vs->bh);
1350 }
1351 buffer_free(&vs->jobs_buffer);
1352
1353 for (i = 0; i < VNC_STAT_ROWS; ++i) {
1354 g_free(vs->lossy_rect[i]);
1355 }
1356 g_free(vs->lossy_rect);
1357
1358 object_unref(OBJECT(vs->ioc));
1359 vs->ioc = NULL;
1360 object_unref(OBJECT(vs->sioc));
1361 vs->sioc = NULL;
1362 vs->magic = 0;
1363 g_free(vs->zrle);
1364 g_free(vs->tight);
1365 g_free(vs);
1366 }
1367
vnc_client_io_error(VncState * vs,ssize_t ret,Error * err)1368 size_t vnc_client_io_error(VncState *vs, ssize_t ret, Error *err)
1369 {
1370 if (ret <= 0) {
1371 if (ret == 0) {
1372 trace_vnc_client_eof(vs, vs->ioc);
1373 vnc_disconnect_start(vs);
1374 } else if (ret != QIO_CHANNEL_ERR_BLOCK) {
1375 trace_vnc_client_io_error(vs, vs->ioc,
1376 err ? error_get_pretty(err) : "Unknown");
1377 vnc_disconnect_start(vs);
1378 }
1379
1380 error_free(err);
1381 return 0;
1382 }
1383 return ret;
1384 }
1385
1386
vnc_client_error(VncState * vs)1387 void vnc_client_error(VncState *vs)
1388 {
1389 VNC_DEBUG("Closing down client sock: protocol error\n");
1390 vnc_disconnect_start(vs);
1391 }
1392
1393
1394 /*
1395 * Called to write a chunk of data to the client socket. The data may
1396 * be the raw data, or may have already been encoded by SASL.
1397 * The data will be written either straight onto the socket, or
1398 * written via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1399 *
1400 * NB, it is theoretically possible to have 2 layers of encryption,
1401 * both SASL, and this TLS layer. It is highly unlikely in practice
1402 * though, since SASL encryption will typically be a no-op if TLS
1403 * is active
1404 *
1405 * Returns the number of bytes written, which may be less than
1406 * the requested 'datalen' if the socket would block. Returns
1407 * 0 on I/O error, and disconnects the client socket.
1408 */
vnc_client_write_buf(VncState * vs,const uint8_t * data,size_t datalen)1409 size_t vnc_client_write_buf(VncState *vs, const uint8_t *data, size_t datalen)
1410 {
1411 Error *err = NULL;
1412 ssize_t ret;
1413 ret = qio_channel_write(vs->ioc, (const char *)data, datalen, &err);
1414 VNC_DEBUG("Wrote wire %p %zd -> %ld\n", data, datalen, ret);
1415 return vnc_client_io_error(vs, ret, err);
1416 }
1417
1418
1419 /*
1420 * Called to write buffered data to the client socket, when not
1421 * using any SASL SSF encryption layers. Will write as much data
1422 * as possible without blocking. If all buffered data is written,
1423 * will switch the FD poll() handler back to read monitoring.
1424 *
1425 * Returns the number of bytes written, which may be less than
1426 * the buffered output data if the socket would block. Returns
1427 * 0 on I/O error, and disconnects the client socket.
1428 */
vnc_client_write_plain(VncState * vs)1429 static size_t vnc_client_write_plain(VncState *vs)
1430 {
1431 size_t offset;
1432 size_t ret;
1433
1434 #ifdef CONFIG_VNC_SASL
1435 VNC_DEBUG("Write Plain: Pending output %p size %zd offset %zd. Wait SSF %d\n",
1436 vs->output.buffer, vs->output.capacity, vs->output.offset,
1437 vs->sasl.waitWriteSSF);
1438
1439 if (vs->sasl.conn &&
1440 vs->sasl.runSSF &&
1441 vs->sasl.waitWriteSSF) {
1442 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->sasl.waitWriteSSF);
1443 if (ret)
1444 vs->sasl.waitWriteSSF -= ret;
1445 } else
1446 #endif /* CONFIG_VNC_SASL */
1447 ret = vnc_client_write_buf(vs, vs->output.buffer, vs->output.offset);
1448 if (!ret)
1449 return 0;
1450
1451 if (ret >= vs->force_update_offset) {
1452 if (vs->force_update_offset != 0) {
1453 trace_vnc_client_unthrottle_forced(vs, vs->ioc);
1454 }
1455 vs->force_update_offset = 0;
1456 } else {
1457 vs->force_update_offset -= ret;
1458 }
1459 offset = vs->output.offset;
1460 buffer_advance(&vs->output, ret);
1461 if (offset >= vs->throttle_output_offset &&
1462 vs->output.offset < vs->throttle_output_offset) {
1463 trace_vnc_client_unthrottle_incremental(vs, vs->ioc, vs->output.offset);
1464 }
1465
1466 if (vs->output.offset == 0) {
1467 if (vs->ioc_tag) {
1468 g_source_remove(vs->ioc_tag);
1469 }
1470 vs->ioc_tag = qio_channel_add_watch(
1471 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1472 vnc_client_io, vs, NULL);
1473 }
1474
1475 return ret;
1476 }
1477
1478
1479 /*
1480 * First function called whenever there is data to be written to
1481 * the client socket. Will delegate actual work according to whether
1482 * SASL SSF layers are enabled (thus requiring encryption calls)
1483 */
vnc_client_write_locked(VncState * vs)1484 static void vnc_client_write_locked(VncState *vs)
1485 {
1486 #ifdef CONFIG_VNC_SASL
1487 if (vs->sasl.conn &&
1488 vs->sasl.runSSF &&
1489 !vs->sasl.waitWriteSSF) {
1490 vnc_client_write_sasl(vs);
1491 } else
1492 #endif /* CONFIG_VNC_SASL */
1493 {
1494 vnc_client_write_plain(vs);
1495 }
1496 }
1497
vnc_client_write(VncState * vs)1498 static void vnc_client_write(VncState *vs)
1499 {
1500 assert(vs->magic == VNC_MAGIC);
1501 vnc_lock_output(vs);
1502 if (vs->output.offset) {
1503 vnc_client_write_locked(vs);
1504 } else if (vs->ioc != NULL) {
1505 if (vs->ioc_tag) {
1506 g_source_remove(vs->ioc_tag);
1507 }
1508 vs->ioc_tag = qio_channel_add_watch(
1509 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
1510 vnc_client_io, vs, NULL);
1511 }
1512 vnc_unlock_output(vs);
1513 }
1514
vnc_read_when(VncState * vs,VncReadEvent * func,size_t expecting)1515 void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
1516 {
1517 vs->read_handler = func;
1518 vs->read_handler_expect = expecting;
1519 }
1520
1521
1522 /*
1523 * Called to read a chunk of data from the client socket. The data may
1524 * be the raw data, or may need to be further decoded by SASL.
1525 * The data will be read either straight from to the socket, or
1526 * read via the GNUTLS wrappers, if TLS/SSL encryption is enabled
1527 *
1528 * NB, it is theoretically possible to have 2 layers of encryption,
1529 * both SASL, and this TLS layer. It is highly unlikely in practice
1530 * though, since SASL encryption will typically be a no-op if TLS
1531 * is active
1532 *
1533 * Returns the number of bytes read, which may be less than
1534 * the requested 'datalen' if the socket would block. Returns
1535 * 0 on I/O error or EOF, and disconnects the client socket.
1536 */
vnc_client_read_buf(VncState * vs,uint8_t * data,size_t datalen)1537 size_t vnc_client_read_buf(VncState *vs, uint8_t *data, size_t datalen)
1538 {
1539 ssize_t ret;
1540 Error *err = NULL;
1541 ret = qio_channel_read(vs->ioc, (char *)data, datalen, &err);
1542 VNC_DEBUG("Read wire %p %zd -> %ld\n", data, datalen, ret);
1543 return vnc_client_io_error(vs, ret, err);
1544 }
1545
1546
1547 /*
1548 * Called to read data from the client socket to the input buffer,
1549 * when not using any SASL SSF encryption layers. Will read as much
1550 * data as possible without blocking.
1551 *
1552 * Returns the number of bytes read, which may be less than
1553 * the requested 'datalen' if the socket would block. Returns
1554 * 0 on I/O error or EOF, and disconnects the client socket.
1555 */
vnc_client_read_plain(VncState * vs)1556 static size_t vnc_client_read_plain(VncState *vs)
1557 {
1558 size_t ret;
1559 VNC_DEBUG("Read plain %p size %zd offset %zd\n",
1560 vs->input.buffer, vs->input.capacity, vs->input.offset);
1561 buffer_reserve(&vs->input, 4096);
1562 ret = vnc_client_read_buf(vs, buffer_end(&vs->input), 4096);
1563 if (!ret)
1564 return 0;
1565 vs->input.offset += ret;
1566 return ret;
1567 }
1568
vnc_jobs_bh(void * opaque)1569 static void vnc_jobs_bh(void *opaque)
1570 {
1571 VncState *vs = opaque;
1572
1573 assert(vs->magic == VNC_MAGIC);
1574 vnc_jobs_consume_buffer(vs);
1575 }
1576
1577 /*
1578 * First function called whenever there is more data to be read from
1579 * the client socket. Will delegate actual work according to whether
1580 * SASL SSF layers are enabled (thus requiring decryption calls)
1581 * Returns 0 on success, -1 if client disconnected
1582 */
vnc_client_read(VncState * vs)1583 static int vnc_client_read(VncState *vs)
1584 {
1585 size_t sz;
1586
1587 #ifdef CONFIG_VNC_SASL
1588 if (vs->sasl.conn && vs->sasl.runSSF)
1589 sz = vnc_client_read_sasl(vs);
1590 else
1591 #endif /* CONFIG_VNC_SASL */
1592 sz = vnc_client_read_plain(vs);
1593 if (!sz) {
1594 if (vs->disconnecting) {
1595 vnc_disconnect_finish(vs);
1596 return -1;
1597 }
1598 return 0;
1599 }
1600
1601 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
1602 size_t len = vs->read_handler_expect;
1603 int ret;
1604
1605 ret = vs->read_handler(vs, vs->input.buffer, len);
1606 if (vs->disconnecting) {
1607 vnc_disconnect_finish(vs);
1608 return -1;
1609 }
1610
1611 if (!ret) {
1612 buffer_advance(&vs->input, len);
1613 } else {
1614 vs->read_handler_expect = ret;
1615 }
1616 }
1617 return 0;
1618 }
1619
vnc_client_io(QIOChannel * ioc G_GNUC_UNUSED,GIOCondition condition,void * opaque)1620 gboolean vnc_client_io(QIOChannel *ioc G_GNUC_UNUSED,
1621 GIOCondition condition, void *opaque)
1622 {
1623 VncState *vs = opaque;
1624
1625 assert(vs->magic == VNC_MAGIC);
1626
1627 if (condition & (G_IO_HUP | G_IO_ERR)) {
1628 vnc_disconnect_start(vs);
1629 return TRUE;
1630 }
1631
1632 if (condition & G_IO_IN) {
1633 if (vnc_client_read(vs) < 0) {
1634 /* vs is free()ed here */
1635 return TRUE;
1636 }
1637 }
1638 if (condition & G_IO_OUT) {
1639 vnc_client_write(vs);
1640 }
1641
1642 if (vs->disconnecting) {
1643 if (vs->ioc_tag != 0) {
1644 g_source_remove(vs->ioc_tag);
1645 }
1646 vs->ioc_tag = 0;
1647 }
1648 return TRUE;
1649 }
1650
1651
1652 /*
1653 * Scale factor to apply to vs->throttle_output_offset when checking for
1654 * hard limit. Worst case normal usage could be x2, if we have a complete
1655 * incremental update and complete forced update in the output buffer.
1656 * So x3 should be good enough, but we pick x5 to be conservative and thus
1657 * (hopefully) never trigger incorrectly.
1658 */
1659 #define VNC_THROTTLE_OUTPUT_LIMIT_SCALE 5
1660
vnc_write(VncState * vs,const void * data,size_t len)1661 void vnc_write(VncState *vs, const void *data, size_t len)
1662 {
1663 assert(vs->magic == VNC_MAGIC);
1664 if (vs->disconnecting) {
1665 return;
1666 }
1667 /* Protection against malicious client/guest to prevent our output
1668 * buffer growing without bound if client stops reading data. This
1669 * should rarely trigger, because we have earlier throttling code
1670 * which stops issuing framebuffer updates and drops audio data
1671 * if the throttle_output_offset value is exceeded. So we only reach
1672 * this higher level if a huge number of pseudo-encodings get
1673 * triggered while data can't be sent on the socket.
1674 *
1675 * NB throttle_output_offset can be zero during early protocol
1676 * handshake, or from the job thread's VncState clone
1677 */
1678 if (vs->throttle_output_offset != 0 &&
1679 (vs->output.offset / VNC_THROTTLE_OUTPUT_LIMIT_SCALE) >
1680 vs->throttle_output_offset) {
1681 trace_vnc_client_output_limit(vs, vs->ioc, vs->output.offset,
1682 vs->throttle_output_offset);
1683 vnc_disconnect_start(vs);
1684 return;
1685 }
1686 buffer_reserve(&vs->output, len);
1687
1688 if (vs->ioc != NULL && buffer_empty(&vs->output)) {
1689 if (vs->ioc_tag) {
1690 g_source_remove(vs->ioc_tag);
1691 }
1692 vs->ioc_tag = qio_channel_add_watch(
1693 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR | G_IO_OUT,
1694 vnc_client_io, vs, NULL);
1695 }
1696
1697 buffer_append(&vs->output, data, len);
1698 }
1699
vnc_write_s32(VncState * vs,int32_t value)1700 void vnc_write_s32(VncState *vs, int32_t value)
1701 {
1702 vnc_write_u32(vs, *(uint32_t *)&value);
1703 }
1704
vnc_write_u32(VncState * vs,uint32_t value)1705 void vnc_write_u32(VncState *vs, uint32_t value)
1706 {
1707 uint8_t buf[4];
1708
1709 buf[0] = (value >> 24) & 0xFF;
1710 buf[1] = (value >> 16) & 0xFF;
1711 buf[2] = (value >> 8) & 0xFF;
1712 buf[3] = value & 0xFF;
1713
1714 vnc_write(vs, buf, 4);
1715 }
1716
vnc_write_u16(VncState * vs,uint16_t value)1717 void vnc_write_u16(VncState *vs, uint16_t value)
1718 {
1719 uint8_t buf[2];
1720
1721 buf[0] = (value >> 8) & 0xFF;
1722 buf[1] = value & 0xFF;
1723
1724 vnc_write(vs, buf, 2);
1725 }
1726
vnc_write_u8(VncState * vs,uint8_t value)1727 void vnc_write_u8(VncState *vs, uint8_t value)
1728 {
1729 vnc_write(vs, (char *)&value, 1);
1730 }
1731
vnc_flush(VncState * vs)1732 void vnc_flush(VncState *vs)
1733 {
1734 vnc_lock_output(vs);
1735 if (vs->ioc != NULL && vs->output.offset) {
1736 vnc_client_write_locked(vs);
1737 }
1738 if (vs->disconnecting) {
1739 if (vs->ioc_tag != 0) {
1740 g_source_remove(vs->ioc_tag);
1741 }
1742 vs->ioc_tag = 0;
1743 }
1744 vnc_unlock_output(vs);
1745 }
1746
read_u8(uint8_t * data,size_t offset)1747 static uint8_t read_u8(uint8_t *data, size_t offset)
1748 {
1749 return data[offset];
1750 }
1751
read_u16(uint8_t * data,size_t offset)1752 static uint16_t read_u16(uint8_t *data, size_t offset)
1753 {
1754 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1755 }
1756
read_s32(uint8_t * data,size_t offset)1757 static int32_t read_s32(uint8_t *data, size_t offset)
1758 {
1759 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1760 (data[offset + 2] << 8) | data[offset + 3]);
1761 }
1762
read_u32(uint8_t * data,size_t offset)1763 uint32_t read_u32(uint8_t *data, size_t offset)
1764 {
1765 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1766 (data[offset + 2] << 8) | data[offset + 3]);
1767 }
1768
check_pointer_type_change(Notifier * notifier,void * data)1769 static void check_pointer_type_change(Notifier *notifier, void *data)
1770 {
1771 VncState *vs = container_of(notifier, VncState, mouse_mode_notifier);
1772 int absolute = qemu_input_is_absolute(vs->vd->dcl.con);
1773
1774 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1775 vnc_lock_output(vs);
1776 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1777 vnc_write_u8(vs, 0);
1778 vnc_write_u16(vs, 1);
1779 vnc_framebuffer_update(vs, absolute, 0,
1780 pixman_image_get_width(vs->vd->server),
1781 pixman_image_get_height(vs->vd->server),
1782 VNC_ENCODING_POINTER_TYPE_CHANGE);
1783 vnc_unlock_output(vs);
1784 vnc_flush(vs);
1785 }
1786 vs->absolute = absolute;
1787 }
1788
pointer_event(VncState * vs,int button_mask,int x,int y)1789 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1790 {
1791 static uint32_t bmap[INPUT_BUTTON__MAX] = {
1792 [INPUT_BUTTON_LEFT] = 0x01,
1793 [INPUT_BUTTON_MIDDLE] = 0x02,
1794 [INPUT_BUTTON_RIGHT] = 0x04,
1795 [INPUT_BUTTON_WHEEL_UP] = 0x08,
1796 [INPUT_BUTTON_WHEEL_DOWN] = 0x10,
1797 };
1798 QemuConsole *con = vs->vd->dcl.con;
1799 int width = pixman_image_get_width(vs->vd->server);
1800 int height = pixman_image_get_height(vs->vd->server);
1801
1802 if (vs->last_bmask != button_mask) {
1803 qemu_input_update_buttons(con, bmap, vs->last_bmask, button_mask);
1804 vs->last_bmask = button_mask;
1805 }
1806
1807 if (vs->absolute) {
1808 qemu_input_queue_abs(con, INPUT_AXIS_X, x, 0, width);
1809 qemu_input_queue_abs(con, INPUT_AXIS_Y, y, 0, height);
1810 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1811 qemu_input_queue_rel(con, INPUT_AXIS_X, x - 0x7FFF);
1812 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - 0x7FFF);
1813 } else {
1814 if (vs->last_x != -1) {
1815 qemu_input_queue_rel(con, INPUT_AXIS_X, x - vs->last_x);
1816 qemu_input_queue_rel(con, INPUT_AXIS_Y, y - vs->last_y);
1817 }
1818 vs->last_x = x;
1819 vs->last_y = y;
1820 }
1821 qemu_input_event_sync();
1822 }
1823
press_key(VncState * vs,QKeyCode qcode)1824 static void press_key(VncState *vs, QKeyCode qcode)
1825 {
1826 qkbd_state_key_event(vs->vd->kbd, qcode, true);
1827 qkbd_state_key_event(vs->vd->kbd, qcode, false);
1828 }
1829
vnc_led_state_change(VncState * vs)1830 static void vnc_led_state_change(VncState *vs)
1831 {
1832 if (!vnc_has_feature(vs, VNC_FEATURE_LED_STATE)) {
1833 return;
1834 }
1835
1836 vnc_lock_output(vs);
1837 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
1838 vnc_write_u8(vs, 0);
1839 vnc_write_u16(vs, 1);
1840 vnc_framebuffer_update(vs, 0, 0, 1, 1, VNC_ENCODING_LED_STATE);
1841 vnc_write_u8(vs, vs->vd->ledstate);
1842 vnc_unlock_output(vs);
1843 vnc_flush(vs);
1844 }
1845
kbd_leds(void * opaque,int ledstate)1846 static void kbd_leds(void *opaque, int ledstate)
1847 {
1848 VncDisplay *vd = opaque;
1849 VncState *client;
1850
1851 trace_vnc_key_guest_leds((ledstate & QEMU_CAPS_LOCK_LED),
1852 (ledstate & QEMU_NUM_LOCK_LED),
1853 (ledstate & QEMU_SCROLL_LOCK_LED));
1854
1855 if (ledstate == vd->ledstate) {
1856 return;
1857 }
1858
1859 vd->ledstate = ledstate;
1860
1861 QTAILQ_FOREACH(client, &vd->clients, next) {
1862 vnc_led_state_change(client);
1863 }
1864 }
1865
do_key_event(VncState * vs,int down,int keycode,int sym)1866 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1867 {
1868 QKeyCode qcode = qemu_input_key_number_to_qcode(keycode);
1869
1870 /* QEMU console switch */
1871 switch (qcode) {
1872 case Q_KEY_CODE_1 ... Q_KEY_CODE_9: /* '1' to '9' keys */
1873 if (down &&
1874 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL) &&
1875 qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_ALT)) {
1876 QemuConsole *con = qemu_console_lookup_by_index(qcode - Q_KEY_CODE_1);
1877 if (con) {
1878 unregister_displaychangelistener(&vs->vd->dcl);
1879 qkbd_state_switch_console(vs->vd->kbd, con);
1880 vs->vd->dcl.con = con;
1881 register_displaychangelistener(&vs->vd->dcl);
1882 }
1883 return;
1884 }
1885 default:
1886 break;
1887 }
1888
1889 /* Turn off the lock state sync logic if the client support the led
1890 state extension.
1891 */
1892 if (down && vs->vd->lock_key_sync &&
1893 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1894 keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1895 /* If the numlock state needs to change then simulate an additional
1896 keypress before sending this one. This will happen if the user
1897 toggles numlock away from the VNC window.
1898 */
1899 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1900 if (!qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1901 trace_vnc_key_sync_numlock(true);
1902 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1903 }
1904 } else {
1905 if (qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK)) {
1906 trace_vnc_key_sync_numlock(false);
1907 press_key(vs, Q_KEY_CODE_NUM_LOCK);
1908 }
1909 }
1910 }
1911
1912 if (down && vs->vd->lock_key_sync &&
1913 !vnc_has_feature(vs, VNC_FEATURE_LED_STATE) &&
1914 ((sym >= 'A' && sym <= 'Z') || (sym >= 'a' && sym <= 'z'))) {
1915 /* If the capslock state needs to change then simulate an additional
1916 keypress before sending this one. This will happen if the user
1917 toggles capslock away from the VNC window.
1918 */
1919 int uppercase = !!(sym >= 'A' && sym <= 'Z');
1920 bool shift = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_SHIFT);
1921 bool capslock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CAPSLOCK);
1922 if (capslock) {
1923 if (uppercase == shift) {
1924 trace_vnc_key_sync_capslock(false);
1925 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1926 }
1927 } else {
1928 if (uppercase != shift) {
1929 trace_vnc_key_sync_capslock(true);
1930 press_key(vs, Q_KEY_CODE_CAPS_LOCK);
1931 }
1932 }
1933 }
1934
1935 qkbd_state_key_event(vs->vd->kbd, qcode, down);
1936 if (QEMU_IS_TEXT_CONSOLE(vs->vd->dcl.con)) {
1937 QemuTextConsole *con = QEMU_TEXT_CONSOLE(vs->vd->dcl.con);
1938 bool numlock = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_NUMLOCK);
1939 bool control = qkbd_state_modifier_get(vs->vd->kbd, QKBD_MOD_CTRL);
1940 /* QEMU console emulation */
1941 if (down) {
1942 switch (keycode) {
1943 case 0x2a: /* Left Shift */
1944 case 0x36: /* Right Shift */
1945 case 0x1d: /* Left CTRL */
1946 case 0x9d: /* Right CTRL */
1947 case 0x38: /* Left ALT */
1948 case 0xb8: /* Right ALT */
1949 break;
1950 case 0xc8:
1951 qemu_text_console_put_keysym(con, QEMU_KEY_UP);
1952 break;
1953 case 0xd0:
1954 qemu_text_console_put_keysym(con, QEMU_KEY_DOWN);
1955 break;
1956 case 0xcb:
1957 qemu_text_console_put_keysym(con, QEMU_KEY_LEFT);
1958 break;
1959 case 0xcd:
1960 qemu_text_console_put_keysym(con, QEMU_KEY_RIGHT);
1961 break;
1962 case 0xd3:
1963 qemu_text_console_put_keysym(con, QEMU_KEY_DELETE);
1964 break;
1965 case 0xc7:
1966 qemu_text_console_put_keysym(con, QEMU_KEY_HOME);
1967 break;
1968 case 0xcf:
1969 qemu_text_console_put_keysym(con, QEMU_KEY_END);
1970 break;
1971 case 0xc9:
1972 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEUP);
1973 break;
1974 case 0xd1:
1975 qemu_text_console_put_keysym(con, QEMU_KEY_PAGEDOWN);
1976 break;
1977
1978 case 0x47:
1979 qemu_text_console_put_keysym(con, numlock ? '7' : QEMU_KEY_HOME);
1980 break;
1981 case 0x48:
1982 qemu_text_console_put_keysym(con, numlock ? '8' : QEMU_KEY_UP);
1983 break;
1984 case 0x49:
1985 qemu_text_console_put_keysym(con, numlock ? '9' : QEMU_KEY_PAGEUP);
1986 break;
1987 case 0x4b:
1988 qemu_text_console_put_keysym(con, numlock ? '4' : QEMU_KEY_LEFT);
1989 break;
1990 case 0x4c:
1991 qemu_text_console_put_keysym(con, '5');
1992 break;
1993 case 0x4d:
1994 qemu_text_console_put_keysym(con, numlock ? '6' : QEMU_KEY_RIGHT);
1995 break;
1996 case 0x4f:
1997 qemu_text_console_put_keysym(con, numlock ? '1' : QEMU_KEY_END);
1998 break;
1999 case 0x50:
2000 qemu_text_console_put_keysym(con, numlock ? '2' : QEMU_KEY_DOWN);
2001 break;
2002 case 0x51:
2003 qemu_text_console_put_keysym(con, numlock ? '3' : QEMU_KEY_PAGEDOWN);
2004 break;
2005 case 0x52:
2006 qemu_text_console_put_keysym(con, '0');
2007 break;
2008 case 0x53:
2009 qemu_text_console_put_keysym(con, numlock ? '.' : QEMU_KEY_DELETE);
2010 break;
2011
2012 case 0xb5:
2013 qemu_text_console_put_keysym(con, '/');
2014 break;
2015 case 0x37:
2016 qemu_text_console_put_keysym(con, '*');
2017 break;
2018 case 0x4a:
2019 qemu_text_console_put_keysym(con, '-');
2020 break;
2021 case 0x4e:
2022 qemu_text_console_put_keysym(con, '+');
2023 break;
2024 case 0x9c:
2025 qemu_text_console_put_keysym(con, '\n');
2026 break;
2027
2028 default:
2029 if (control) {
2030 qemu_text_console_put_keysym(con, sym & 0x1f);
2031 } else {
2032 qemu_text_console_put_keysym(con, sym);
2033 }
2034 break;
2035 }
2036 }
2037 }
2038 }
2039
code2name(int keycode)2040 static const char *code2name(int keycode)
2041 {
2042 return QKeyCode_str(qemu_input_key_number_to_qcode(keycode));
2043 }
2044
key_event(VncState * vs,int down,uint32_t sym)2045 static void key_event(VncState *vs, int down, uint32_t sym)
2046 {
2047 int keycode;
2048 int lsym = sym;
2049
2050 if (lsym >= 'A' && lsym <= 'Z' && qemu_console_is_graphic(vs->vd->dcl.con)) {
2051 lsym = lsym - 'A' + 'a';
2052 }
2053
2054 keycode = keysym2scancode(vs->vd->kbd_layout, lsym & 0xFFFF,
2055 vs->vd->kbd, down) & SCANCODE_KEYMASK;
2056 trace_vnc_key_event_map(down, sym, keycode, code2name(keycode));
2057 do_key_event(vs, down, keycode, sym);
2058 }
2059
ext_key_event(VncState * vs,int down,uint32_t sym,uint16_t keycode)2060 static void ext_key_event(VncState *vs, int down,
2061 uint32_t sym, uint16_t keycode)
2062 {
2063 /* if the user specifies a keyboard layout, always use it */
2064 if (keyboard_layout) {
2065 key_event(vs, down, sym);
2066 } else {
2067 trace_vnc_key_event_ext(down, sym, keycode, code2name(keycode));
2068 do_key_event(vs, down, keycode, sym);
2069 }
2070 }
2071
framebuffer_update_request(VncState * vs,int incremental,int x,int y,int w,int h)2072 static void framebuffer_update_request(VncState *vs, int incremental,
2073 int x, int y, int w, int h)
2074 {
2075 if (incremental) {
2076 if (vs->update != VNC_STATE_UPDATE_FORCE) {
2077 vs->update = VNC_STATE_UPDATE_INCREMENTAL;
2078 }
2079 } else {
2080 vs->update = VNC_STATE_UPDATE_FORCE;
2081 vnc_set_area_dirty(vs->dirty, vs->vd, x, y, w, h);
2082 if (vnc_has_feature(vs, VNC_FEATURE_RESIZE_EXT)) {
2083 vnc_desktop_resize_ext(vs, 0);
2084 }
2085 }
2086 }
2087
send_ext_key_event_ack(VncState * vs)2088 static void send_ext_key_event_ack(VncState *vs)
2089 {
2090 vnc_lock_output(vs);
2091 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2092 vnc_write_u8(vs, 0);
2093 vnc_write_u16(vs, 1);
2094 vnc_framebuffer_update(vs, 0, 0,
2095 pixman_image_get_width(vs->vd->server),
2096 pixman_image_get_height(vs->vd->server),
2097 VNC_ENCODING_EXT_KEY_EVENT);
2098 vnc_unlock_output(vs);
2099 vnc_flush(vs);
2100 }
2101
send_ext_audio_ack(VncState * vs)2102 static void send_ext_audio_ack(VncState *vs)
2103 {
2104 vnc_lock_output(vs);
2105 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2106 vnc_write_u8(vs, 0);
2107 vnc_write_u16(vs, 1);
2108 vnc_framebuffer_update(vs, 0, 0,
2109 pixman_image_get_width(vs->vd->server),
2110 pixman_image_get_height(vs->vd->server),
2111 VNC_ENCODING_AUDIO);
2112 vnc_unlock_output(vs);
2113 vnc_flush(vs);
2114 }
2115
send_xvp_message(VncState * vs,int code)2116 static void send_xvp_message(VncState *vs, int code)
2117 {
2118 vnc_lock_output(vs);
2119 vnc_write_u8(vs, VNC_MSG_SERVER_XVP);
2120 vnc_write_u8(vs, 0); /* pad */
2121 vnc_write_u8(vs, 1); /* version */
2122 vnc_write_u8(vs, code);
2123 vnc_unlock_output(vs);
2124 vnc_flush(vs);
2125 }
2126
set_encodings(VncState * vs,int32_t * encodings,size_t n_encodings)2127 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
2128 {
2129 int i;
2130 unsigned int enc = 0;
2131
2132 vs->features = 0;
2133 vs->vnc_encoding = 0;
2134 vs->tight->compression = 9;
2135 vs->tight->quality = -1; /* Lossless by default */
2136 vs->absolute = -1;
2137
2138 /*
2139 * Start from the end because the encodings are sent in order of preference.
2140 * This way the preferred encoding (first encoding defined in the array)
2141 * will be set at the end of the loop.
2142 */
2143 for (i = n_encodings - 1; i >= 0; i--) {
2144 enc = encodings[i];
2145 switch (enc) {
2146 case VNC_ENCODING_RAW:
2147 vs->vnc_encoding = enc;
2148 break;
2149 case VNC_ENCODING_HEXTILE:
2150 vnc_set_feature(vs, VNC_FEATURE_HEXTILE);
2151 vs->vnc_encoding = enc;
2152 break;
2153 case VNC_ENCODING_TIGHT:
2154 vnc_set_feature(vs, VNC_FEATURE_TIGHT);
2155 vs->vnc_encoding = enc;
2156 break;
2157 #ifdef CONFIG_PNG
2158 case VNC_ENCODING_TIGHT_PNG:
2159 vnc_set_feature(vs, VNC_FEATURE_TIGHT_PNG);
2160 vs->vnc_encoding = enc;
2161 break;
2162 #endif
2163 case VNC_ENCODING_ZLIB:
2164 /*
2165 * VNC_ENCODING_ZRLE compresses better than VNC_ENCODING_ZLIB.
2166 * So prioritize ZRLE, even if the client hints that it prefers
2167 * ZLIB.
2168 */
2169 if (!vnc_has_feature(vs, VNC_FEATURE_ZRLE)) {
2170 vnc_set_feature(vs, VNC_FEATURE_ZLIB);
2171 vs->vnc_encoding = enc;
2172 }
2173 break;
2174 case VNC_ENCODING_ZRLE:
2175 vnc_set_feature(vs, VNC_FEATURE_ZRLE);
2176 vs->vnc_encoding = enc;
2177 break;
2178 case VNC_ENCODING_ZYWRLE:
2179 vnc_set_feature(vs, VNC_FEATURE_ZYWRLE);
2180 vs->vnc_encoding = enc;
2181 break;
2182 case VNC_ENCODING_DESKTOPRESIZE:
2183 vnc_set_feature(vs, VNC_FEATURE_RESIZE);
2184 break;
2185 case VNC_ENCODING_DESKTOP_RESIZE_EXT:
2186 vnc_set_feature(vs, VNC_FEATURE_RESIZE_EXT);
2187 break;
2188 case VNC_ENCODING_POINTER_TYPE_CHANGE:
2189 vnc_set_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE);
2190 break;
2191 case VNC_ENCODING_RICH_CURSOR:
2192 vnc_set_feature(vs, VNC_FEATURE_RICH_CURSOR);
2193 break;
2194 case VNC_ENCODING_ALPHA_CURSOR:
2195 vnc_set_feature(vs, VNC_FEATURE_ALPHA_CURSOR);
2196 break;
2197 case VNC_ENCODING_EXT_KEY_EVENT:
2198 send_ext_key_event_ack(vs);
2199 break;
2200 case VNC_ENCODING_AUDIO:
2201 if (vs->vd->audio_state) {
2202 vnc_set_feature(vs, VNC_FEATURE_AUDIO);
2203 send_ext_audio_ack(vs);
2204 }
2205 break;
2206 case VNC_ENCODING_WMVi:
2207 vnc_set_feature(vs, VNC_FEATURE_WMVI);
2208 break;
2209 case VNC_ENCODING_LED_STATE:
2210 vnc_set_feature(vs, VNC_FEATURE_LED_STATE);
2211 break;
2212 case VNC_ENCODING_XVP:
2213 if (vs->vd->power_control) {
2214 vnc_set_feature(vs, VNC_FEATURE_XVP);
2215 send_xvp_message(vs, VNC_XVP_CODE_INIT);
2216 }
2217 break;
2218 case VNC_ENCODING_CLIPBOARD_EXT:
2219 vnc_set_feature(vs, VNC_FEATURE_CLIPBOARD_EXT);
2220 vnc_server_cut_text_caps(vs);
2221 break;
2222 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
2223 vs->tight->compression = (enc & 0x0F);
2224 break;
2225 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
2226 if (vs->vd->lossy) {
2227 vs->tight->quality = (enc & 0x0F);
2228 }
2229 break;
2230 default:
2231 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
2232 break;
2233 }
2234 }
2235 vnc_desktop_resize(vs);
2236 check_pointer_type_change(&vs->mouse_mode_notifier, NULL);
2237 vnc_led_state_change(vs);
2238 vnc_cursor_define(vs);
2239 }
2240
set_pixel_conversion(VncState * vs)2241 static void set_pixel_conversion(VncState *vs)
2242 {
2243 pixman_format_code_t fmt = qemu_pixman_get_format(&vs->client_pf,
2244 vs->client_endian);
2245
2246 if (fmt == VNC_SERVER_FB_FORMAT) {
2247 vs->write_pixels = vnc_write_pixels_copy;
2248 vnc_hextile_set_pixel_conversion(vs, 0);
2249 } else {
2250 vs->write_pixels = vnc_write_pixels_generic;
2251 vnc_hextile_set_pixel_conversion(vs, 1);
2252 }
2253 }
2254
send_color_map(VncState * vs)2255 static void send_color_map(VncState *vs)
2256 {
2257 int i;
2258
2259 vnc_lock_output(vs);
2260 vnc_write_u8(vs, VNC_MSG_SERVER_SET_COLOUR_MAP_ENTRIES);
2261 vnc_write_u8(vs, 0); /* padding */
2262 vnc_write_u16(vs, 0); /* first color */
2263 vnc_write_u16(vs, 256); /* # of colors */
2264
2265 for (i = 0; i < 256; i++) {
2266 PixelFormat *pf = &vs->client_pf;
2267
2268 vnc_write_u16(vs, (((i >> pf->rshift) & pf->rmax) << (16 - pf->rbits)));
2269 vnc_write_u16(vs, (((i >> pf->gshift) & pf->gmax) << (16 - pf->gbits)));
2270 vnc_write_u16(vs, (((i >> pf->bshift) & pf->bmax) << (16 - pf->bbits)));
2271 }
2272 vnc_unlock_output(vs);
2273 }
2274
set_pixel_format(VncState * vs,int bits_per_pixel,int big_endian_flag,int true_color_flag,int red_max,int green_max,int blue_max,int red_shift,int green_shift,int blue_shift)2275 static void set_pixel_format(VncState *vs, int bits_per_pixel,
2276 int big_endian_flag, int true_color_flag,
2277 int red_max, int green_max, int blue_max,
2278 int red_shift, int green_shift, int blue_shift)
2279 {
2280 if (!true_color_flag) {
2281 /* Expose a reasonable default 256 color map */
2282 bits_per_pixel = 8;
2283 red_max = 7;
2284 green_max = 7;
2285 blue_max = 3;
2286 red_shift = 0;
2287 green_shift = 3;
2288 blue_shift = 6;
2289 }
2290
2291 switch (bits_per_pixel) {
2292 case 8:
2293 case 16:
2294 case 32:
2295 break;
2296 default:
2297 vnc_client_error(vs);
2298 return;
2299 }
2300
2301 vs->client_pf.rmax = red_max ? red_max : 0xFF;
2302 vs->client_pf.rbits = ctpopl(red_max);
2303 vs->client_pf.rshift = red_shift;
2304 vs->client_pf.rmask = red_max << red_shift;
2305 vs->client_pf.gmax = green_max ? green_max : 0xFF;
2306 vs->client_pf.gbits = ctpopl(green_max);
2307 vs->client_pf.gshift = green_shift;
2308 vs->client_pf.gmask = green_max << green_shift;
2309 vs->client_pf.bmax = blue_max ? blue_max : 0xFF;
2310 vs->client_pf.bbits = ctpopl(blue_max);
2311 vs->client_pf.bshift = blue_shift;
2312 vs->client_pf.bmask = blue_max << blue_shift;
2313 vs->client_pf.bits_per_pixel = bits_per_pixel;
2314 vs->client_pf.bytes_per_pixel = bits_per_pixel / 8;
2315 vs->client_pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
2316 vs->client_endian = big_endian_flag ? G_BIG_ENDIAN : G_LITTLE_ENDIAN;
2317
2318 if (!true_color_flag) {
2319 send_color_map(vs);
2320 }
2321
2322 set_pixel_conversion(vs);
2323
2324 graphic_hw_invalidate(vs->vd->dcl.con);
2325 graphic_hw_update(vs->vd->dcl.con);
2326 }
2327
pixel_format_message(VncState * vs)2328 static void pixel_format_message (VncState *vs) {
2329 char pad[3] = { 0, 0, 0 };
2330
2331 vs->client_pf = qemu_default_pixelformat(32);
2332
2333 vnc_write_u8(vs, vs->client_pf.bits_per_pixel); /* bits-per-pixel */
2334 vnc_write_u8(vs, vs->client_pf.depth); /* depth */
2335
2336 #if HOST_BIG_ENDIAN
2337 vnc_write_u8(vs, 1); /* big-endian-flag */
2338 #else
2339 vnc_write_u8(vs, 0); /* big-endian-flag */
2340 #endif
2341 vnc_write_u8(vs, 1); /* true-color-flag */
2342 vnc_write_u16(vs, vs->client_pf.rmax); /* red-max */
2343 vnc_write_u16(vs, vs->client_pf.gmax); /* green-max */
2344 vnc_write_u16(vs, vs->client_pf.bmax); /* blue-max */
2345 vnc_write_u8(vs, vs->client_pf.rshift); /* red-shift */
2346 vnc_write_u8(vs, vs->client_pf.gshift); /* green-shift */
2347 vnc_write_u8(vs, vs->client_pf.bshift); /* blue-shift */
2348 vnc_write(vs, pad, 3); /* padding */
2349
2350 vnc_hextile_set_pixel_conversion(vs, 0);
2351 vs->write_pixels = vnc_write_pixels_copy;
2352 }
2353
vnc_colordepth(VncState * vs)2354 static void vnc_colordepth(VncState *vs)
2355 {
2356 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
2357 /* Sending a WMVi message to notify the client*/
2358 vnc_lock_output(vs);
2359 vnc_write_u8(vs, VNC_MSG_SERVER_FRAMEBUFFER_UPDATE);
2360 vnc_write_u8(vs, 0);
2361 vnc_write_u16(vs, 1); /* number of rects */
2362 vnc_framebuffer_update(vs, 0, 0,
2363 vs->client_width,
2364 vs->client_height,
2365 VNC_ENCODING_WMVi);
2366 pixel_format_message(vs);
2367 vnc_unlock_output(vs);
2368 vnc_flush(vs);
2369 } else {
2370 set_pixel_conversion(vs);
2371 }
2372 }
2373
protocol_client_msg(VncState * vs,uint8_t * data,size_t len)2374 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
2375 {
2376 int i;
2377 uint16_t limit;
2378 uint32_t freq;
2379 VncDisplay *vd = vs->vd;
2380
2381 if (data[0] > 3) {
2382 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
2383 }
2384
2385 switch (data[0]) {
2386 case VNC_MSG_CLIENT_SET_PIXEL_FORMAT:
2387 if (len == 1)
2388 return 20;
2389
2390 set_pixel_format(vs, read_u8(data, 4),
2391 read_u8(data, 6), read_u8(data, 7),
2392 read_u16(data, 8), read_u16(data, 10),
2393 read_u16(data, 12), read_u8(data, 14),
2394 read_u8(data, 15), read_u8(data, 16));
2395 break;
2396 case VNC_MSG_CLIENT_SET_ENCODINGS:
2397 if (len == 1)
2398 return 4;
2399
2400 if (len == 4) {
2401 limit = read_u16(data, 2);
2402 if (limit > 0)
2403 return 4 + (limit * 4);
2404 } else
2405 limit = read_u16(data, 2);
2406
2407 for (i = 0; i < limit; i++) {
2408 int32_t val = read_s32(data, 4 + (i * 4));
2409 memcpy(data + 4 + (i * 4), &val, sizeof(val));
2410 }
2411
2412 set_encodings(vs, (int32_t *)(data + 4), limit);
2413 break;
2414 case VNC_MSG_CLIENT_FRAMEBUFFER_UPDATE_REQUEST:
2415 if (len == 1)
2416 return 10;
2417
2418 framebuffer_update_request(vs,
2419 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
2420 read_u16(data, 6), read_u16(data, 8));
2421 break;
2422 case VNC_MSG_CLIENT_KEY_EVENT:
2423 if (len == 1)
2424 return 8;
2425
2426 key_event(vs, read_u8(data, 1), read_u32(data, 4));
2427 break;
2428 case VNC_MSG_CLIENT_POINTER_EVENT:
2429 if (len == 1)
2430 return 6;
2431
2432 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
2433 break;
2434 case VNC_MSG_CLIENT_CUT_TEXT:
2435 if (len == 1) {
2436 return 8;
2437 }
2438 uint32_t dlen = abs(read_s32(data, 4));
2439 if (len == 8) {
2440 if (dlen > (1 << 20)) {
2441 error_report("vnc: client_cut_text msg payload has %u bytes"
2442 " which exceeds our limit of 1MB.", dlen);
2443 vnc_client_error(vs);
2444 break;
2445 }
2446 if (dlen > 0) {
2447 return 8 + dlen;
2448 }
2449 }
2450
2451 if (read_s32(data, 4) < 0) {
2452 if (!vnc_has_feature(vs, VNC_FEATURE_CLIPBOARD_EXT)) {
2453 error_report("vnc: extended clipboard message while disabled");
2454 vnc_client_error(vs);
2455 break;
2456 }
2457 if (dlen < 4) {
2458 error_report("vnc: malformed payload (header less than 4 bytes)"
2459 " in extended clipboard pseudo-encoding.");
2460 vnc_client_error(vs);
2461 break;
2462 }
2463 vnc_client_cut_text_ext(vs, dlen, read_u32(data, 8), data + 12);
2464 break;
2465 }
2466 vnc_client_cut_text(vs, read_u32(data, 4), data + 8);
2467 break;
2468 case VNC_MSG_CLIENT_XVP:
2469 if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) {
2470 error_report("vnc: xvp client message while disabled");
2471 vnc_client_error(vs);
2472 break;
2473 }
2474 if (len == 1) {
2475 return 4;
2476 }
2477 if (len == 4) {
2478 uint8_t version = read_u8(data, 2);
2479 uint8_t action = read_u8(data, 3);
2480
2481 if (version != 1) {
2482 error_report("vnc: xvp client message version %d != 1",
2483 version);
2484 vnc_client_error(vs);
2485 break;
2486 }
2487
2488 switch (action) {
2489 case VNC_XVP_ACTION_SHUTDOWN:
2490 qemu_system_powerdown_request();
2491 break;
2492 case VNC_XVP_ACTION_REBOOT:
2493 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2494 break;
2495 case VNC_XVP_ACTION_RESET:
2496 qemu_system_reset_request(SHUTDOWN_CAUSE_HOST_QMP_SYSTEM_RESET);
2497 break;
2498 default:
2499 send_xvp_message(vs, VNC_XVP_CODE_FAIL);
2500 break;
2501 }
2502 }
2503 break;
2504 case VNC_MSG_CLIENT_QEMU:
2505 if (len == 1)
2506 return 2;
2507
2508 switch (read_u8(data, 1)) {
2509 case VNC_MSG_CLIENT_QEMU_EXT_KEY_EVENT:
2510 if (len == 2)
2511 return 12;
2512
2513 ext_key_event(vs, read_u16(data, 2),
2514 read_u32(data, 4), read_u32(data, 8));
2515 break;
2516 case VNC_MSG_CLIENT_QEMU_AUDIO:
2517 if (!vnc_has_feature(vs, VNC_FEATURE_AUDIO)) {
2518 error_report("Audio message %d with audio disabled", read_u8(data, 2));
2519 vnc_client_error(vs);
2520 break;
2521 }
2522
2523 if (len == 2)
2524 return 4;
2525
2526 switch (read_u16 (data, 2)) {
2527 case VNC_MSG_CLIENT_QEMU_AUDIO_ENABLE:
2528 trace_vnc_msg_client_audio_enable(vs, vs->ioc);
2529 audio_add(vs);
2530 break;
2531 case VNC_MSG_CLIENT_QEMU_AUDIO_DISABLE:
2532 trace_vnc_msg_client_audio_disable(vs, vs->ioc);
2533 audio_del(vs);
2534 break;
2535 case VNC_MSG_CLIENT_QEMU_AUDIO_SET_FORMAT:
2536 if (len == 4)
2537 return 10;
2538 switch (read_u8(data, 4)) {
2539 case 0: vs->as.fmt = AUDIO_FORMAT_U8; break;
2540 case 1: vs->as.fmt = AUDIO_FORMAT_S8; break;
2541 case 2: vs->as.fmt = AUDIO_FORMAT_U16; break;
2542 case 3: vs->as.fmt = AUDIO_FORMAT_S16; break;
2543 case 4: vs->as.fmt = AUDIO_FORMAT_U32; break;
2544 case 5: vs->as.fmt = AUDIO_FORMAT_S32; break;
2545 default:
2546 VNC_DEBUG("Invalid audio format %d\n", read_u8(data, 4));
2547 vnc_client_error(vs);
2548 break;
2549 }
2550 vs->as.nchannels = read_u8(data, 5);
2551 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
2552 VNC_DEBUG("Invalid audio channel count %d\n",
2553 read_u8(data, 5));
2554 vnc_client_error(vs);
2555 break;
2556 }
2557 freq = read_u32(data, 6);
2558 /* No official limit for protocol, but 48khz is a sensible
2559 * upper bound for trustworthy clients, and this limit
2560 * protects calculations involving 'vs->as.freq' later.
2561 */
2562 if (freq > 48000) {
2563 VNC_DEBUG("Invalid audio frequency %u > 48000", freq);
2564 vnc_client_error(vs);
2565 break;
2566 }
2567 vs->as.freq = freq;
2568 trace_vnc_msg_client_audio_format(
2569 vs, vs->ioc, vs->as.fmt, vs->as.nchannels, vs->as.freq);
2570 break;
2571 default:
2572 VNC_DEBUG("Invalid audio message %d\n", read_u8(data, 2));
2573 vnc_client_error(vs);
2574 break;
2575 }
2576 break;
2577
2578 default:
2579 VNC_DEBUG("Msg: %d\n", read_u16(data, 0));
2580 vnc_client_error(vs);
2581 break;
2582 }
2583 break;
2584 case VNC_MSG_CLIENT_SET_DESKTOP_SIZE:
2585 {
2586 size_t size;
2587 uint8_t screens;
2588 int w, h;
2589
2590 if (len < 8) {
2591 return 8;
2592 }
2593
2594 screens = read_u8(data, 6);
2595 size = 8 + screens * 16;
2596 if (len < size) {
2597 return size;
2598 }
2599 w = read_u16(data, 2);
2600 h = read_u16(data, 4);
2601
2602 trace_vnc_msg_client_set_desktop_size(vs, vs->ioc, w, h, screens);
2603 if (dpy_ui_info_supported(vs->vd->dcl.con)) {
2604 QemuUIInfo info;
2605 memset(&info, 0, sizeof(info));
2606 info.width = w;
2607 info.height = h;
2608 dpy_set_ui_info(vs->vd->dcl.con, &info, false);
2609 vnc_desktop_resize_ext(vs, 4 /* Request forwarded */);
2610 } else {
2611 vnc_desktop_resize_ext(vs, 3 /* Invalid screen layout */);
2612 }
2613
2614 break;
2615 }
2616 default:
2617 VNC_DEBUG("Msg: %d\n", data[0]);
2618 vnc_client_error(vs);
2619 break;
2620 }
2621
2622 vnc_update_throttle_offset(vs);
2623 vnc_read_when(vs, protocol_client_msg, 1);
2624 return 0;
2625 }
2626
protocol_client_init(VncState * vs,uint8_t * data,size_t len)2627 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
2628 {
2629 char buf[1024];
2630 VncShareMode mode;
2631 int size;
2632
2633 mode = data[0] ? VNC_SHARE_MODE_SHARED : VNC_SHARE_MODE_EXCLUSIVE;
2634 switch (vs->vd->share_policy) {
2635 case VNC_SHARE_POLICY_IGNORE:
2636 /*
2637 * Ignore the shared flag. Nothing to do here.
2638 *
2639 * Doesn't conform to the rfb spec but is traditional qemu
2640 * behavior, thus left here as option for compatibility
2641 * reasons.
2642 */
2643 break;
2644 case VNC_SHARE_POLICY_ALLOW_EXCLUSIVE:
2645 /*
2646 * Policy: Allow clients ask for exclusive access.
2647 *
2648 * Implementation: When a client asks for exclusive access,
2649 * disconnect all others. Shared connects are allowed as long
2650 * as no exclusive connection exists.
2651 *
2652 * This is how the rfb spec suggests to handle the shared flag.
2653 */
2654 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2655 VncState *client;
2656 QTAILQ_FOREACH(client, &vs->vd->clients, next) {
2657 if (vs == client) {
2658 continue;
2659 }
2660 if (client->share_mode != VNC_SHARE_MODE_EXCLUSIVE &&
2661 client->share_mode != VNC_SHARE_MODE_SHARED) {
2662 continue;
2663 }
2664 vnc_disconnect_start(client);
2665 }
2666 }
2667 if (mode == VNC_SHARE_MODE_SHARED) {
2668 if (vs->vd->num_exclusive > 0) {
2669 vnc_disconnect_start(vs);
2670 return 0;
2671 }
2672 }
2673 break;
2674 case VNC_SHARE_POLICY_FORCE_SHARED:
2675 /*
2676 * Policy: Shared connects only.
2677 * Implementation: Disallow clients asking for exclusive access.
2678 *
2679 * Useful for shared desktop sessions where you don't want
2680 * someone forgetting to say -shared when running the vnc
2681 * client disconnect everybody else.
2682 */
2683 if (mode == VNC_SHARE_MODE_EXCLUSIVE) {
2684 vnc_disconnect_start(vs);
2685 return 0;
2686 }
2687 break;
2688 }
2689 vnc_set_share_mode(vs, mode);
2690
2691 if (vs->vd->num_shared > vs->vd->connections_limit) {
2692 vnc_disconnect_start(vs);
2693 return 0;
2694 }
2695
2696 assert(pixman_image_get_width(vs->vd->server) < 65536 &&
2697 pixman_image_get_width(vs->vd->server) >= 0);
2698 assert(pixman_image_get_height(vs->vd->server) < 65536 &&
2699 pixman_image_get_height(vs->vd->server) >= 0);
2700 vs->client_width = pixman_image_get_width(vs->vd->server);
2701 vs->client_height = pixman_image_get_height(vs->vd->server);
2702 vnc_write_u16(vs, vs->client_width);
2703 vnc_write_u16(vs, vs->client_height);
2704
2705 pixel_format_message(vs);
2706
2707 if (qemu_name) {
2708 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
2709 if (size > sizeof(buf)) {
2710 size = sizeof(buf);
2711 }
2712 } else {
2713 size = snprintf(buf, sizeof(buf), "QEMU");
2714 }
2715
2716 vnc_write_u32(vs, size);
2717 vnc_write(vs, buf, size);
2718 vnc_flush(vs);
2719
2720 vnc_client_cache_auth(vs);
2721 vnc_qmp_event(vs, QAPI_EVENT_VNC_INITIALIZED);
2722
2723 vnc_read_when(vs, protocol_client_msg, 1);
2724
2725 return 0;
2726 }
2727
start_client_init(VncState * vs)2728 void start_client_init(VncState *vs)
2729 {
2730 vnc_read_when(vs, protocol_client_init, 1);
2731 }
2732
authentication_failed(VncState * vs)2733 static void authentication_failed(VncState *vs)
2734 {
2735 vnc_write_u32(vs, 1); /* Reject auth */
2736 if (vs->minor >= 8) {
2737 static const char err[] = "Authentication failed";
2738 vnc_write_u32(vs, sizeof(err));
2739 vnc_write(vs, err, sizeof(err));
2740 }
2741 vnc_flush(vs);
2742 vnc_client_error(vs);
2743 }
2744
2745 static void
vnc_munge_des_rfb_key(unsigned char * key,size_t nkey)2746 vnc_munge_des_rfb_key(unsigned char *key, size_t nkey)
2747 {
2748 size_t i;
2749 for (i = 0; i < nkey; i++) {
2750 uint8_t r = key[i];
2751 r = (r & 0xf0) >> 4 | (r & 0x0f) << 4;
2752 r = (r & 0xcc) >> 2 | (r & 0x33) << 2;
2753 r = (r & 0xaa) >> 1 | (r & 0x55) << 1;
2754 key[i] = r;
2755 }
2756 }
2757
protocol_client_auth_vnc(VncState * vs,uint8_t * data,size_t len)2758 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
2759 {
2760 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
2761 size_t i, pwlen;
2762 unsigned char key[8];
2763 time_t now = time(NULL);
2764 QCryptoCipher *cipher = NULL;
2765 Error *err = NULL;
2766
2767 if (!vs->vd->password) {
2768 trace_vnc_auth_fail(vs, vs->auth, "password is not set", "");
2769 goto reject;
2770 }
2771 if (vs->vd->expires < now) {
2772 trace_vnc_auth_fail(vs, vs->auth, "password is expired", "");
2773 goto reject;
2774 }
2775
2776 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
2777
2778 /* Calculate the expected challenge response */
2779 pwlen = strlen(vs->vd->password);
2780 for (i=0; i<sizeof(key); i++)
2781 key[i] = i<pwlen ? vs->vd->password[i] : 0;
2782 vnc_munge_des_rfb_key(key, sizeof(key));
2783
2784 cipher = qcrypto_cipher_new(
2785 QCRYPTO_CIPHER_ALGO_DES,
2786 QCRYPTO_CIPHER_MODE_ECB,
2787 key, G_N_ELEMENTS(key),
2788 &err);
2789 if (!cipher) {
2790 trace_vnc_auth_fail(vs, vs->auth, "cannot create cipher",
2791 error_get_pretty(err));
2792 error_free(err);
2793 goto reject;
2794 }
2795
2796 if (qcrypto_cipher_encrypt(cipher,
2797 vs->challenge,
2798 response,
2799 VNC_AUTH_CHALLENGE_SIZE,
2800 &err) < 0) {
2801 trace_vnc_auth_fail(vs, vs->auth, "cannot encrypt challenge response",
2802 error_get_pretty(err));
2803 error_free(err);
2804 goto reject;
2805 }
2806
2807 /* Compare expected vs actual challenge response */
2808 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
2809 trace_vnc_auth_fail(vs, vs->auth, "mis-matched challenge response", "");
2810 goto reject;
2811 } else {
2812 trace_vnc_auth_pass(vs, vs->auth);
2813 vnc_write_u32(vs, 0); /* Accept auth */
2814 vnc_flush(vs);
2815
2816 start_client_init(vs);
2817 }
2818
2819 qcrypto_cipher_free(cipher);
2820 return 0;
2821
2822 reject:
2823 authentication_failed(vs);
2824 qcrypto_cipher_free(cipher);
2825 return 0;
2826 }
2827
start_auth_vnc(VncState * vs)2828 void start_auth_vnc(VncState *vs)
2829 {
2830 Error *err = NULL;
2831
2832 if (qcrypto_random_bytes(vs->challenge, sizeof(vs->challenge), &err)) {
2833 trace_vnc_auth_fail(vs, vs->auth, "cannot get random bytes",
2834 error_get_pretty(err));
2835 error_free(err);
2836 authentication_failed(vs);
2837 return;
2838 }
2839
2840 /* Send client a 'random' challenge */
2841 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
2842 vnc_flush(vs);
2843
2844 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
2845 }
2846
2847
protocol_client_auth(VncState * vs,uint8_t * data,size_t len)2848 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2849 {
2850 /* We only advertise 1 auth scheme at a time, so client
2851 * must pick the one we sent. Verify this */
2852 if (data[0] != vs->auth) { /* Reject auth */
2853 trace_vnc_auth_reject(vs, vs->auth, (int)data[0]);
2854 authentication_failed(vs);
2855 } else { /* Accept requested auth */
2856 trace_vnc_auth_start(vs, vs->auth);
2857 switch (vs->auth) {
2858 case VNC_AUTH_NONE:
2859 if (vs->minor >= 8) {
2860 vnc_write_u32(vs, 0); /* Accept auth completion */
2861 vnc_flush(vs);
2862 }
2863 trace_vnc_auth_pass(vs, vs->auth);
2864 start_client_init(vs);
2865 break;
2866
2867 case VNC_AUTH_VNC:
2868 start_auth_vnc(vs);
2869 break;
2870
2871 case VNC_AUTH_VENCRYPT:
2872 start_auth_vencrypt(vs);
2873 break;
2874
2875 #ifdef CONFIG_VNC_SASL
2876 case VNC_AUTH_SASL:
2877 start_auth_sasl(vs);
2878 break;
2879 #endif /* CONFIG_VNC_SASL */
2880
2881 default: /* Should not be possible, but just in case */
2882 trace_vnc_auth_fail(vs, vs->auth, "Unhandled auth method", "");
2883 authentication_failed(vs);
2884 }
2885 }
2886 return 0;
2887 }
2888
protocol_version(VncState * vs,uint8_t * version,size_t len)2889 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2890 {
2891 char local[13];
2892
2893 memcpy(local, version, 12);
2894 local[12] = 0;
2895
2896 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2897 VNC_DEBUG("Malformed protocol version %s\n", local);
2898 vnc_client_error(vs);
2899 return 0;
2900 }
2901 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2902 if (vs->major != 3 ||
2903 (vs->minor != 3 &&
2904 vs->minor != 4 &&
2905 vs->minor != 5 &&
2906 vs->minor != 7 &&
2907 vs->minor != 8)) {
2908 VNC_DEBUG("Unsupported client version\n");
2909 vnc_write_u32(vs, VNC_AUTH_INVALID);
2910 vnc_flush(vs);
2911 vnc_client_error(vs);
2912 return 0;
2913 }
2914 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2915 * as equivalent to v3.3 by servers
2916 */
2917 if (vs->minor == 4 || vs->minor == 5)
2918 vs->minor = 3;
2919
2920 if (vs->minor == 3) {
2921 trace_vnc_auth_start(vs, vs->auth);
2922 if (vs->auth == VNC_AUTH_NONE) {
2923 vnc_write_u32(vs, vs->auth);
2924 vnc_flush(vs);
2925 trace_vnc_auth_pass(vs, vs->auth);
2926 start_client_init(vs);
2927 } else if (vs->auth == VNC_AUTH_VNC) {
2928 VNC_DEBUG("Tell client VNC auth\n");
2929 vnc_write_u32(vs, vs->auth);
2930 vnc_flush(vs);
2931 start_auth_vnc(vs);
2932 } else {
2933 trace_vnc_auth_fail(vs, vs->auth,
2934 "Unsupported auth method for v3.3", "");
2935 vnc_write_u32(vs, VNC_AUTH_INVALID);
2936 vnc_flush(vs);
2937 vnc_client_error(vs);
2938 }
2939 } else {
2940 vnc_write_u8(vs, 1); /* num auth */
2941 vnc_write_u8(vs, vs->auth);
2942 vnc_read_when(vs, protocol_client_auth, 1);
2943 vnc_flush(vs);
2944 }
2945
2946 return 0;
2947 }
2948
vnc_stat_rect(VncDisplay * vd,int x,int y)2949 static VncRectStat *vnc_stat_rect(VncDisplay *vd, int x, int y)
2950 {
2951 struct VncSurface *vs = &vd->guest;
2952
2953 return &vs->stats[y / VNC_STAT_RECT][x / VNC_STAT_RECT];
2954 }
2955
vnc_sent_lossy_rect(VncState * vs,int x,int y,int w,int h)2956 void vnc_sent_lossy_rect(VncState *vs, int x, int y, int w, int h)
2957 {
2958 int i, j;
2959
2960 w = (x + w) / VNC_STAT_RECT;
2961 h = (y + h) / VNC_STAT_RECT;
2962 x /= VNC_STAT_RECT;
2963 y /= VNC_STAT_RECT;
2964
2965 for (j = y; j <= h; j++) {
2966 for (i = x; i <= w; i++) {
2967 vs->lossy_rect[j][i] = 1;
2968 }
2969 }
2970 }
2971
vnc_refresh_lossy_rect(VncDisplay * vd,int x,int y)2972 static int vnc_refresh_lossy_rect(VncDisplay *vd, int x, int y)
2973 {
2974 VncState *vs;
2975 int sty = y / VNC_STAT_RECT;
2976 int stx = x / VNC_STAT_RECT;
2977 int has_dirty = 0;
2978
2979 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
2980 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
2981
2982 QTAILQ_FOREACH(vs, &vd->clients, next) {
2983 int j;
2984
2985 /* kernel send buffers are full -> refresh later */
2986 if (vs->output.offset) {
2987 continue;
2988 }
2989
2990 if (!vs->lossy_rect[sty][stx]) {
2991 continue;
2992 }
2993
2994 vs->lossy_rect[sty][stx] = 0;
2995 for (j = 0; j < VNC_STAT_RECT; ++j) {
2996 bitmap_set(vs->dirty[y + j],
2997 x / VNC_DIRTY_PIXELS_PER_BIT,
2998 VNC_STAT_RECT / VNC_DIRTY_PIXELS_PER_BIT);
2999 }
3000 has_dirty++;
3001 }
3002
3003 return has_dirty;
3004 }
3005
vnc_update_stats(VncDisplay * vd,struct timeval * tv)3006 static int vnc_update_stats(VncDisplay *vd, struct timeval * tv)
3007 {
3008 int width = MIN(pixman_image_get_width(vd->guest.fb),
3009 pixman_image_get_width(vd->server));
3010 int height = MIN(pixman_image_get_height(vd->guest.fb),
3011 pixman_image_get_height(vd->server));
3012 int x, y;
3013 struct timeval res;
3014 int has_dirty = 0;
3015
3016 for (y = 0; y < height; y += VNC_STAT_RECT) {
3017 for (x = 0; x < width; x += VNC_STAT_RECT) {
3018 VncRectStat *rect = vnc_stat_rect(vd, x, y);
3019
3020 rect->updated = false;
3021 }
3022 }
3023
3024 qemu_timersub(tv, &VNC_REFRESH_STATS, &res);
3025
3026 if (timercmp(&vd->guest.last_freq_check, &res, >)) {
3027 return has_dirty;
3028 }
3029 vd->guest.last_freq_check = *tv;
3030
3031 for (y = 0; y < height; y += VNC_STAT_RECT) {
3032 for (x = 0; x < width; x += VNC_STAT_RECT) {
3033 VncRectStat *rect= vnc_stat_rect(vd, x, y);
3034 int count = ARRAY_SIZE(rect->times);
3035 struct timeval min, max;
3036
3037 if (!timerisset(&rect->times[count - 1])) {
3038 continue ;
3039 }
3040
3041 max = rect->times[(rect->idx + count - 1) % count];
3042 qemu_timersub(tv, &max, &res);
3043
3044 if (timercmp(&res, &VNC_REFRESH_LOSSY, >)) {
3045 rect->freq = 0;
3046 has_dirty += vnc_refresh_lossy_rect(vd, x, y);
3047 memset(rect->times, 0, sizeof (rect->times));
3048 continue ;
3049 }
3050
3051 min = rect->times[rect->idx];
3052 max = rect->times[(rect->idx + count - 1) % count];
3053 qemu_timersub(&max, &min, &res);
3054
3055 rect->freq = res.tv_sec + res.tv_usec / 1000000.;
3056 rect->freq /= count;
3057 rect->freq = 1. / rect->freq;
3058 }
3059 }
3060 return has_dirty;
3061 }
3062
vnc_update_freq(VncState * vs,int x,int y,int w,int h)3063 double vnc_update_freq(VncState *vs, int x, int y, int w, int h)
3064 {
3065 int i, j;
3066 double total = 0;
3067 int num = 0;
3068
3069 x = QEMU_ALIGN_DOWN(x, VNC_STAT_RECT);
3070 y = QEMU_ALIGN_DOWN(y, VNC_STAT_RECT);
3071
3072 for (j = y; j <= y + h; j += VNC_STAT_RECT) {
3073 for (i = x; i <= x + w; i += VNC_STAT_RECT) {
3074 total += vnc_stat_rect(vs->vd, i, j)->freq;
3075 num++;
3076 }
3077 }
3078
3079 if (num) {
3080 return total / num;
3081 } else {
3082 return 0;
3083 }
3084 }
3085
vnc_rect_updated(VncDisplay * vd,int x,int y,struct timeval * tv)3086 static void vnc_rect_updated(VncDisplay *vd, int x, int y, struct timeval * tv)
3087 {
3088 VncRectStat *rect;
3089
3090 rect = vnc_stat_rect(vd, x, y);
3091 if (rect->updated) {
3092 return;
3093 }
3094 rect->times[rect->idx] = *tv;
3095 rect->idx = (rect->idx + 1) % ARRAY_SIZE(rect->times);
3096 rect->updated = true;
3097 }
3098
vnc_refresh_server_surface(VncDisplay * vd)3099 static int vnc_refresh_server_surface(VncDisplay *vd)
3100 {
3101 int width = MIN(pixman_image_get_width(vd->guest.fb),
3102 pixman_image_get_width(vd->server));
3103 int height = MIN(pixman_image_get_height(vd->guest.fb),
3104 pixman_image_get_height(vd->server));
3105 int cmp_bytes, server_stride, line_bytes, guest_ll, guest_stride, y = 0;
3106 uint8_t *guest_row0 = NULL, *server_row0;
3107 VncState *vs;
3108 int has_dirty = 0;
3109 pixman_image_t *tmpbuf = NULL;
3110 unsigned long offset;
3111 int x;
3112 uint8_t *guest_ptr, *server_ptr;
3113
3114 struct timeval tv = { 0, 0 };
3115
3116 if (!vd->non_adaptive) {
3117 gettimeofday(&tv, NULL);
3118 has_dirty = vnc_update_stats(vd, &tv);
3119 }
3120
3121 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3122 height * VNC_DIRTY_BPL(&vd->guest), 0);
3123 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3124 /* no dirty bits in guest surface */
3125 return has_dirty;
3126 }
3127
3128 /*
3129 * Walk through the guest dirty map.
3130 * Check and copy modified bits from guest to server surface.
3131 * Update server dirty map.
3132 */
3133 server_row0 = (uint8_t *)pixman_image_get_data(vd->server);
3134 server_stride = guest_stride = guest_ll =
3135 pixman_image_get_stride(vd->server);
3136 cmp_bytes = MIN(VNC_DIRTY_PIXELS_PER_BIT * VNC_SERVER_FB_BYTES,
3137 server_stride);
3138 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3139 int w = pixman_image_get_width(vd->server);
3140 tmpbuf = qemu_pixman_linebuf_create(VNC_SERVER_FB_FORMAT, w);
3141 } else {
3142 int guest_bpp =
3143 PIXMAN_FORMAT_BPP(pixman_image_get_format(vd->guest.fb));
3144 guest_row0 = (uint8_t *)pixman_image_get_data(vd->guest.fb);
3145 guest_stride = pixman_image_get_stride(vd->guest.fb);
3146 guest_ll = pixman_image_get_width(vd->guest.fb)
3147 * DIV_ROUND_UP(guest_bpp, 8);
3148 }
3149 line_bytes = MIN(server_stride, guest_ll);
3150
3151 for (;;) {
3152 y = offset / VNC_DIRTY_BPL(&vd->guest);
3153 x = offset % VNC_DIRTY_BPL(&vd->guest);
3154
3155 server_ptr = server_row0 + y * server_stride + x * cmp_bytes;
3156
3157 if (vd->guest.format != VNC_SERVER_FB_FORMAT) {
3158 qemu_pixman_linebuf_fill(tmpbuf, vd->guest.fb, width, 0, y);
3159 guest_ptr = (uint8_t *)pixman_image_get_data(tmpbuf);
3160 } else {
3161 guest_ptr = guest_row0 + y * guest_stride;
3162 }
3163 guest_ptr += x * cmp_bytes;
3164
3165 for (; x < DIV_ROUND_UP(width, VNC_DIRTY_PIXELS_PER_BIT);
3166 x++, guest_ptr += cmp_bytes, server_ptr += cmp_bytes) {
3167 int _cmp_bytes = cmp_bytes;
3168 if (!test_and_clear_bit(x, vd->guest.dirty[y])) {
3169 continue;
3170 }
3171 if ((x + 1) * cmp_bytes > line_bytes) {
3172 _cmp_bytes = line_bytes - x * cmp_bytes;
3173 }
3174 assert(_cmp_bytes >= 0);
3175 if (memcmp(server_ptr, guest_ptr, _cmp_bytes) == 0) {
3176 continue;
3177 }
3178 memcpy(server_ptr, guest_ptr, _cmp_bytes);
3179 if (!vd->non_adaptive) {
3180 vnc_rect_updated(vd, x * VNC_DIRTY_PIXELS_PER_BIT,
3181 y, &tv);
3182 }
3183 QTAILQ_FOREACH(vs, &vd->clients, next) {
3184 set_bit(x, vs->dirty[y]);
3185 }
3186 has_dirty++;
3187 }
3188
3189 y++;
3190 offset = find_next_bit((unsigned long *) &vd->guest.dirty,
3191 height * VNC_DIRTY_BPL(&vd->guest),
3192 y * VNC_DIRTY_BPL(&vd->guest));
3193 if (offset == height * VNC_DIRTY_BPL(&vd->guest)) {
3194 /* no more dirty bits */
3195 break;
3196 }
3197 }
3198 qemu_pixman_image_unref(tmpbuf);
3199 return has_dirty;
3200 }
3201
vnc_refresh(DisplayChangeListener * dcl)3202 static void vnc_refresh(DisplayChangeListener *dcl)
3203 {
3204 VncDisplay *vd = container_of(dcl, VncDisplay, dcl);
3205 VncState *vs, *vn;
3206 int has_dirty, rects = 0;
3207
3208 if (QTAILQ_EMPTY(&vd->clients)) {
3209 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_MAX);
3210 return;
3211 }
3212
3213 graphic_hw_update(vd->dcl.con);
3214
3215 if (vnc_trylock_display(vd)) {
3216 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3217 return;
3218 }
3219
3220 has_dirty = vnc_refresh_server_surface(vd);
3221 vnc_unlock_display(vd);
3222
3223 QTAILQ_FOREACH_SAFE(vs, &vd->clients, next, vn) {
3224 rects += vnc_update_client(vs, has_dirty);
3225 /* vs might be free()ed here */
3226 }
3227
3228 if (has_dirty && rects) {
3229 vd->dcl.update_interval /= 2;
3230 if (vd->dcl.update_interval < VNC_REFRESH_INTERVAL_BASE) {
3231 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_BASE;
3232 }
3233 } else {
3234 vd->dcl.update_interval += VNC_REFRESH_INTERVAL_INC;
3235 if (vd->dcl.update_interval > VNC_REFRESH_INTERVAL_MAX) {
3236 vd->dcl.update_interval = VNC_REFRESH_INTERVAL_MAX;
3237 }
3238 }
3239 }
3240
vnc_connect(VncDisplay * vd,QIOChannelSocket * sioc,bool skipauth,bool websocket)3241 static void vnc_connect(VncDisplay *vd, QIOChannelSocket *sioc,
3242 bool skipauth, bool websocket)
3243 {
3244 VncState *vs = g_new0(VncState, 1);
3245 bool first_client = QTAILQ_EMPTY(&vd->clients);
3246 int i;
3247
3248 trace_vnc_client_connect(vs, sioc);
3249 vs->zrle = g_new0(VncZrle, 1);
3250 vs->tight = g_new0(VncTight, 1);
3251 vs->magic = VNC_MAGIC;
3252 vs->sioc = sioc;
3253 object_ref(OBJECT(vs->sioc));
3254 vs->ioc = QIO_CHANNEL(sioc);
3255 object_ref(OBJECT(vs->ioc));
3256 vs->vd = vd;
3257
3258 buffer_init(&vs->input, "vnc-input/%p", sioc);
3259 buffer_init(&vs->output, "vnc-output/%p", sioc);
3260 buffer_init(&vs->jobs_buffer, "vnc-jobs_buffer/%p", sioc);
3261
3262 buffer_init(&vs->tight->tight, "vnc-tight/%p", sioc);
3263 buffer_init(&vs->tight->zlib, "vnc-tight-zlib/%p", sioc);
3264 buffer_init(&vs->tight->gradient, "vnc-tight-gradient/%p", sioc);
3265 #ifdef CONFIG_VNC_JPEG
3266 buffer_init(&vs->tight->jpeg, "vnc-tight-jpeg/%p", sioc);
3267 #endif
3268 #ifdef CONFIG_PNG
3269 buffer_init(&vs->tight->png, "vnc-tight-png/%p", sioc);
3270 #endif
3271 buffer_init(&vs->zlib.zlib, "vnc-zlib/%p", sioc);
3272 buffer_init(&vs->zrle->zrle, "vnc-zrle/%p", sioc);
3273 buffer_init(&vs->zrle->fb, "vnc-zrle-fb/%p", sioc);
3274 buffer_init(&vs->zrle->zlib, "vnc-zrle-zlib/%p", sioc);
3275
3276 if (skipauth) {
3277 vs->auth = VNC_AUTH_NONE;
3278 vs->subauth = VNC_AUTH_INVALID;
3279 } else {
3280 if (websocket) {
3281 vs->auth = vd->ws_auth;
3282 vs->subauth = VNC_AUTH_INVALID;
3283 } else {
3284 vs->auth = vd->auth;
3285 vs->subauth = vd->subauth;
3286 }
3287 }
3288 VNC_DEBUG("Client sioc=%p ws=%d auth=%d subauth=%d\n",
3289 sioc, websocket, vs->auth, vs->subauth);
3290
3291 vs->lossy_rect = g_malloc0(VNC_STAT_ROWS * sizeof (*vs->lossy_rect));
3292 for (i = 0; i < VNC_STAT_ROWS; ++i) {
3293 vs->lossy_rect[i] = g_new0(uint8_t, VNC_STAT_COLS);
3294 }
3295
3296 VNC_DEBUG("New client on socket %p\n", vs->sioc);
3297 update_displaychangelistener(&vd->dcl, VNC_REFRESH_INTERVAL_BASE);
3298 qio_channel_set_blocking(vs->ioc, false, NULL);
3299 if (vs->ioc_tag) {
3300 g_source_remove(vs->ioc_tag);
3301 }
3302 if (websocket) {
3303 vs->websocket = 1;
3304 if (vd->tlscreds) {
3305 vs->ioc_tag = qio_channel_add_watch(
3306 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3307 vncws_tls_handshake_io, vs, NULL);
3308 } else {
3309 vs->ioc_tag = qio_channel_add_watch(
3310 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3311 vncws_handshake_io, vs, NULL);
3312 }
3313 } else {
3314 vs->ioc_tag = qio_channel_add_watch(
3315 vs->ioc, G_IO_IN | G_IO_HUP | G_IO_ERR,
3316 vnc_client_io, vs, NULL);
3317 }
3318
3319 vnc_client_cache_addr(vs);
3320 vnc_qmp_event(vs, QAPI_EVENT_VNC_CONNECTED);
3321 vnc_set_share_mode(vs, VNC_SHARE_MODE_CONNECTING);
3322
3323 vs->last_x = -1;
3324 vs->last_y = -1;
3325
3326 vs->as.freq = 44100;
3327 vs->as.nchannels = 2;
3328 vs->as.fmt = AUDIO_FORMAT_S16;
3329 vs->as.endianness = 0;
3330
3331 qemu_mutex_init(&vs->output_mutex);
3332 vs->bh = qemu_bh_new(vnc_jobs_bh, vs);
3333
3334 QTAILQ_INSERT_TAIL(&vd->clients, vs, next);
3335 if (first_client) {
3336 vnc_update_server_surface(vd);
3337 }
3338
3339 graphic_hw_update(vd->dcl.con);
3340
3341 if (!vs->websocket) {
3342 vnc_start_protocol(vs);
3343 }
3344
3345 if (vd->num_connecting > vd->connections_limit) {
3346 QTAILQ_FOREACH(vs, &vd->clients, next) {
3347 if (vs->share_mode == VNC_SHARE_MODE_CONNECTING) {
3348 vnc_disconnect_start(vs);
3349 return;
3350 }
3351 }
3352 }
3353 }
3354
vnc_start_protocol(VncState * vs)3355 void vnc_start_protocol(VncState *vs)
3356 {
3357 vnc_write(vs, "RFB 003.008\n", 12);
3358 vnc_flush(vs);
3359 vnc_read_when(vs, protocol_version, 12);
3360
3361 vs->mouse_mode_notifier.notify = check_pointer_type_change;
3362 qemu_add_mouse_mode_change_notifier(&vs->mouse_mode_notifier);
3363 }
3364
vnc_listen_io(QIONetListener * listener,QIOChannelSocket * cioc,void * opaque)3365 static void vnc_listen_io(QIONetListener *listener,
3366 QIOChannelSocket *cioc,
3367 void *opaque)
3368 {
3369 VncDisplay *vd = opaque;
3370 bool isWebsock = listener == vd->wslistener;
3371
3372 qio_channel_set_name(QIO_CHANNEL(cioc),
3373 isWebsock ? "vnc-ws-server" : "vnc-server");
3374 qio_channel_set_delay(QIO_CHANNEL(cioc), false);
3375 vnc_connect(vd, cioc, false, isWebsock);
3376 }
3377
3378 static const DisplayChangeListenerOps dcl_ops = {
3379 .dpy_name = "vnc",
3380 .dpy_refresh = vnc_refresh,
3381 .dpy_gfx_update = vnc_dpy_update,
3382 .dpy_gfx_switch = vnc_dpy_switch,
3383 .dpy_gfx_check_format = qemu_pixman_check_format,
3384 .dpy_mouse_set = vnc_mouse_set,
3385 .dpy_cursor_define = vnc_dpy_cursor_define,
3386 };
3387
vnc_display_init(const char * id,Error ** errp)3388 void vnc_display_init(const char *id, Error **errp)
3389 {
3390 VncDisplay *vd;
3391
3392 if (vnc_display_find(id) != NULL) {
3393 return;
3394 }
3395 vd = g_malloc0(sizeof(*vd));
3396
3397 vd->id = strdup(id);
3398 QTAILQ_INSERT_TAIL(&vnc_displays, vd, next);
3399
3400 QTAILQ_INIT(&vd->clients);
3401 vd->expires = TIME_MAX;
3402
3403 if (keyboard_layout) {
3404 trace_vnc_key_map_init(keyboard_layout);
3405 vd->kbd_layout = init_keyboard_layout(name2keysym,
3406 keyboard_layout, errp);
3407 } else {
3408 vd->kbd_layout = init_keyboard_layout(name2keysym, "en-us", errp);
3409 }
3410
3411 if (!vd->kbd_layout) {
3412 return;
3413 }
3414
3415 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
3416 vd->connections_limit = 32;
3417
3418 qemu_mutex_init(&vd->mutex);
3419 vnc_start_worker_thread();
3420
3421 vd->dcl.ops = &dcl_ops;
3422 register_displaychangelistener(&vd->dcl);
3423 vd->kbd = qkbd_state_init(vd->dcl.con);
3424 }
3425
3426
vnc_display_close(VncDisplay * vd)3427 static void vnc_display_close(VncDisplay *vd)
3428 {
3429 if (!vd) {
3430 return;
3431 }
3432
3433 if (vd->listener) {
3434 qio_net_listener_disconnect(vd->listener);
3435 object_unref(OBJECT(vd->listener));
3436 }
3437 vd->listener = NULL;
3438
3439 if (vd->wslistener) {
3440 qio_net_listener_disconnect(vd->wslistener);
3441 object_unref(OBJECT(vd->wslistener));
3442 }
3443 vd->wslistener = NULL;
3444
3445 vd->auth = VNC_AUTH_INVALID;
3446 vd->subauth = VNC_AUTH_INVALID;
3447 if (vd->tlscreds) {
3448 object_unref(OBJECT(vd->tlscreds));
3449 vd->tlscreds = NULL;
3450 }
3451 if (vd->tlsauthz) {
3452 object_unparent(OBJECT(vd->tlsauthz));
3453 vd->tlsauthz = NULL;
3454 }
3455 g_free(vd->tlsauthzid);
3456 vd->tlsauthzid = NULL;
3457 if (vd->lock_key_sync) {
3458 qemu_remove_led_event_handler(vd->led);
3459 vd->led = NULL;
3460 }
3461 #ifdef CONFIG_VNC_SASL
3462 if (vd->sasl.authz) {
3463 object_unparent(OBJECT(vd->sasl.authz));
3464 vd->sasl.authz = NULL;
3465 }
3466 g_free(vd->sasl.authzid);
3467 vd->sasl.authzid = NULL;
3468 #endif
3469 }
3470
vnc_display_password(const char * id,const char * password)3471 int vnc_display_password(const char *id, const char *password)
3472 {
3473 VncDisplay *vd = vnc_display_find(id);
3474
3475 if (!vd) {
3476 return -EINVAL;
3477 }
3478 if (vd->auth == VNC_AUTH_NONE) {
3479 error_printf_unless_qmp("If you want use passwords please enable "
3480 "password auth using '-vnc ${dpy},password'.\n");
3481 return -EINVAL;
3482 }
3483
3484 g_free(vd->password);
3485 vd->password = g_strdup(password);
3486
3487 return 0;
3488 }
3489
vnc_display_pw_expire(const char * id,time_t expires)3490 int vnc_display_pw_expire(const char *id, time_t expires)
3491 {
3492 VncDisplay *vd = vnc_display_find(id);
3493
3494 if (!vd) {
3495 return -EINVAL;
3496 }
3497
3498 vd->expires = expires;
3499 return 0;
3500 }
3501
vnc_display_print_local_addr(VncDisplay * vd)3502 static void vnc_display_print_local_addr(VncDisplay *vd)
3503 {
3504 SocketAddress *addr;
3505
3506 if (!vd->listener || !vd->listener->nsioc) {
3507 return;
3508 }
3509
3510 addr = qio_channel_socket_get_local_address(vd->listener->sioc[0], NULL);
3511 if (!addr) {
3512 return;
3513 }
3514
3515 if (addr->type != SOCKET_ADDRESS_TYPE_INET) {
3516 qapi_free_SocketAddress(addr);
3517 return;
3518 }
3519 error_printf_unless_qmp("VNC server running on %s:%s\n",
3520 addr->u.inet.host,
3521 addr->u.inet.port);
3522 qapi_free_SocketAddress(addr);
3523 }
3524
3525 static QemuOptsList qemu_vnc_opts = {
3526 .name = "vnc",
3527 .head = QTAILQ_HEAD_INITIALIZER(qemu_vnc_opts.head),
3528 .implied_opt_name = "vnc",
3529 .desc = {
3530 {
3531 .name = "vnc",
3532 .type = QEMU_OPT_STRING,
3533 },{
3534 .name = "websocket",
3535 .type = QEMU_OPT_STRING,
3536 },{
3537 .name = "tls-creds",
3538 .type = QEMU_OPT_STRING,
3539 },{
3540 .name = "share",
3541 .type = QEMU_OPT_STRING,
3542 },{
3543 .name = "display",
3544 .type = QEMU_OPT_STRING,
3545 },{
3546 .name = "head",
3547 .type = QEMU_OPT_NUMBER,
3548 },{
3549 .name = "connections",
3550 .type = QEMU_OPT_NUMBER,
3551 },{
3552 .name = "to",
3553 .type = QEMU_OPT_NUMBER,
3554 },{
3555 .name = "ipv4",
3556 .type = QEMU_OPT_BOOL,
3557 },{
3558 .name = "ipv6",
3559 .type = QEMU_OPT_BOOL,
3560 },{
3561 .name = "password",
3562 .type = QEMU_OPT_BOOL,
3563 },{
3564 .name = "password-secret",
3565 .type = QEMU_OPT_STRING,
3566 },{
3567 .name = "reverse",
3568 .type = QEMU_OPT_BOOL,
3569 },{
3570 .name = "lock-key-sync",
3571 .type = QEMU_OPT_BOOL,
3572 },{
3573 .name = "key-delay-ms",
3574 .type = QEMU_OPT_NUMBER,
3575 },{
3576 .name = "sasl",
3577 .type = QEMU_OPT_BOOL,
3578 },{
3579 .name = "tls-authz",
3580 .type = QEMU_OPT_STRING,
3581 },{
3582 .name = "sasl-authz",
3583 .type = QEMU_OPT_STRING,
3584 },{
3585 .name = "lossy",
3586 .type = QEMU_OPT_BOOL,
3587 },{
3588 .name = "non-adaptive",
3589 .type = QEMU_OPT_BOOL,
3590 },{
3591 .name = "audiodev",
3592 .type = QEMU_OPT_STRING,
3593 },{
3594 .name = "power-control",
3595 .type = QEMU_OPT_BOOL,
3596 },
3597 { /* end of list */ }
3598 },
3599 };
3600
3601
3602 static int
vnc_display_setup_auth(int * auth,int * subauth,QCryptoTLSCreds * tlscreds,bool password,bool sasl,bool websocket,Error ** errp)3603 vnc_display_setup_auth(int *auth,
3604 int *subauth,
3605 QCryptoTLSCreds *tlscreds,
3606 bool password,
3607 bool sasl,
3608 bool websocket,
3609 Error **errp)
3610 {
3611 /*
3612 * We have a choice of 3 authentication options
3613 *
3614 * 1. none
3615 * 2. vnc
3616 * 3. sasl
3617 *
3618 * The channel can be run in 2 modes
3619 *
3620 * 1. clear
3621 * 2. tls
3622 *
3623 * And TLS can use 2 types of credentials
3624 *
3625 * 1. anon
3626 * 2. x509
3627 *
3628 * We thus have 9 possible logical combinations
3629 *
3630 * 1. clear + none
3631 * 2. clear + vnc
3632 * 3. clear + sasl
3633 * 4. tls + anon + none
3634 * 5. tls + anon + vnc
3635 * 6. tls + anon + sasl
3636 * 7. tls + x509 + none
3637 * 8. tls + x509 + vnc
3638 * 9. tls + x509 + sasl
3639 *
3640 * These need to be mapped into the VNC auth schemes
3641 * in an appropriate manner. In regular VNC, all the
3642 * TLS options get mapped into VNC_AUTH_VENCRYPT
3643 * sub-auth types.
3644 *
3645 * In websockets, the https:// protocol already provides
3646 * TLS support, so there is no need to make use of the
3647 * VeNCrypt extension. Furthermore, websockets browser
3648 * clients could not use VeNCrypt even if they wanted to,
3649 * as they cannot control when the TLS handshake takes
3650 * place. Thus there is no option but to rely on https://,
3651 * meaning combinations 4->6 and 7->9 will be mapped to
3652 * VNC auth schemes in the same way as combos 1->3.
3653 *
3654 * Regardless of fact that we have a different mapping to
3655 * VNC auth mechs for plain VNC vs websockets VNC, the end
3656 * result has the same security characteristics.
3657 */
3658 if (websocket || !tlscreds) {
3659 if (password) {
3660 VNC_DEBUG("Initializing VNC server with password auth\n");
3661 *auth = VNC_AUTH_VNC;
3662 } else if (sasl) {
3663 VNC_DEBUG("Initializing VNC server with SASL auth\n");
3664 *auth = VNC_AUTH_SASL;
3665 } else {
3666 VNC_DEBUG("Initializing VNC server with no auth\n");
3667 *auth = VNC_AUTH_NONE;
3668 }
3669 *subauth = VNC_AUTH_INVALID;
3670 } else {
3671 bool is_x509 = object_dynamic_cast(OBJECT(tlscreds),
3672 TYPE_QCRYPTO_TLS_CREDS_X509) != NULL;
3673 bool is_anon = object_dynamic_cast(OBJECT(tlscreds),
3674 TYPE_QCRYPTO_TLS_CREDS_ANON) != NULL;
3675
3676 if (!is_x509 && !is_anon) {
3677 error_setg(errp,
3678 "Unsupported TLS cred type %s",
3679 object_get_typename(OBJECT(tlscreds)));
3680 return -1;
3681 }
3682 *auth = VNC_AUTH_VENCRYPT;
3683 if (password) {
3684 if (is_x509) {
3685 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
3686 *subauth = VNC_AUTH_VENCRYPT_X509VNC;
3687 } else {
3688 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
3689 *subauth = VNC_AUTH_VENCRYPT_TLSVNC;
3690 }
3691
3692 } else if (sasl) {
3693 if (is_x509) {
3694 VNC_DEBUG("Initializing VNC server with x509 SASL auth\n");
3695 *subauth = VNC_AUTH_VENCRYPT_X509SASL;
3696 } else {
3697 VNC_DEBUG("Initializing VNC server with TLS SASL auth\n");
3698 *subauth = VNC_AUTH_VENCRYPT_TLSSASL;
3699 }
3700 } else {
3701 if (is_x509) {
3702 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
3703 *subauth = VNC_AUTH_VENCRYPT_X509NONE;
3704 } else {
3705 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
3706 *subauth = VNC_AUTH_VENCRYPT_TLSNONE;
3707 }
3708 }
3709 }
3710 return 0;
3711 }
3712
3713
vnc_display_get_address(const char * addrstr,bool websocket,bool reverse,int displaynum,int to,bool has_ipv4,bool has_ipv6,bool ipv4,bool ipv6,SocketAddress ** retaddr,Error ** errp)3714 static int vnc_display_get_address(const char *addrstr,
3715 bool websocket,
3716 bool reverse,
3717 int displaynum,
3718 int to,
3719 bool has_ipv4,
3720 bool has_ipv6,
3721 bool ipv4,
3722 bool ipv6,
3723 SocketAddress **retaddr,
3724 Error **errp)
3725 {
3726 int ret = -1;
3727 SocketAddress *addr = NULL;
3728
3729 addr = g_new0(SocketAddress, 1);
3730
3731 if (strncmp(addrstr, "unix:", 5) == 0) {
3732 addr->type = SOCKET_ADDRESS_TYPE_UNIX;
3733 addr->u.q_unix.path = g_strdup(addrstr + 5);
3734
3735 if (to) {
3736 error_setg(errp, "Port range not support with UNIX socket");
3737 goto cleanup;
3738 }
3739 ret = 0;
3740 } else {
3741 const char *port;
3742 size_t hostlen;
3743 uint64_t baseport = 0;
3744 InetSocketAddress *inet;
3745
3746 port = strrchr(addrstr, ':');
3747 if (!port) {
3748 if (websocket) {
3749 hostlen = 0;
3750 port = addrstr;
3751 } else {
3752 error_setg(errp, "no vnc port specified");
3753 goto cleanup;
3754 }
3755 } else {
3756 hostlen = port - addrstr;
3757 port++;
3758 if (*port == '\0') {
3759 error_setg(errp, "vnc port cannot be empty");
3760 goto cleanup;
3761 }
3762 }
3763
3764 addr->type = SOCKET_ADDRESS_TYPE_INET;
3765 inet = &addr->u.inet;
3766 if (hostlen && addrstr[0] == '[' && addrstr[hostlen - 1] == ']') {
3767 inet->host = g_strndup(addrstr + 1, hostlen - 2);
3768 } else {
3769 inet->host = g_strndup(addrstr, hostlen);
3770 }
3771 /* plain VNC port is just an offset, for websocket
3772 * port is absolute */
3773 if (websocket) {
3774 if (g_str_equal(addrstr, "") ||
3775 g_str_equal(addrstr, "on")) {
3776 if (displaynum == -1) {
3777 error_setg(errp, "explicit websocket port is required");
3778 goto cleanup;
3779 }
3780 inet->port = g_strdup_printf(
3781 "%d", displaynum + 5700);
3782 if (to) {
3783 inet->has_to = true;
3784 inet->to = to + 5700;
3785 }
3786 } else {
3787 inet->port = g_strdup(port);
3788 }
3789 } else {
3790 int offset = reverse ? 0 : 5900;
3791 if (parse_uint_full(port, 10, &baseport) < 0) {
3792 error_setg(errp, "can't convert to a number: %s", port);
3793 goto cleanup;
3794 }
3795 if (baseport > 65535 ||
3796 baseport + offset > 65535) {
3797 error_setg(errp, "port %s out of range", port);
3798 goto cleanup;
3799 }
3800 inet->port = g_strdup_printf(
3801 "%d", (int)baseport + offset);
3802
3803 if (to) {
3804 inet->has_to = true;
3805 inet->to = to + offset;
3806 }
3807 }
3808
3809 inet->ipv4 = ipv4;
3810 inet->has_ipv4 = has_ipv4;
3811 inet->ipv6 = ipv6;
3812 inet->has_ipv6 = has_ipv6;
3813
3814 ret = baseport;
3815 }
3816
3817 *retaddr = addr;
3818
3819 cleanup:
3820 if (ret < 0) {
3821 qapi_free_SocketAddress(addr);
3822 }
3823 return ret;
3824 }
3825
vnc_display_get_addresses(QemuOpts * opts,bool reverse,SocketAddressList ** saddr_list_ret,SocketAddressList ** wsaddr_list_ret,Error ** errp)3826 static int vnc_display_get_addresses(QemuOpts *opts,
3827 bool reverse,
3828 SocketAddressList **saddr_list_ret,
3829 SocketAddressList **wsaddr_list_ret,
3830 Error **errp)
3831 {
3832 SocketAddress *saddr = NULL;
3833 SocketAddress *wsaddr = NULL;
3834 g_autoptr(SocketAddressList) saddr_list = NULL;
3835 SocketAddressList **saddr_tail = &saddr_list;
3836 SocketAddress *single_saddr = NULL;
3837 g_autoptr(SocketAddressList) wsaddr_list = NULL;
3838 SocketAddressList **wsaddr_tail = &wsaddr_list;
3839 QemuOptsIter addriter;
3840 const char *addr;
3841 int to = qemu_opt_get_number(opts, "to", 0);
3842 bool has_ipv4 = qemu_opt_get(opts, "ipv4");
3843 bool has_ipv6 = qemu_opt_get(opts, "ipv6");
3844 bool ipv4 = qemu_opt_get_bool(opts, "ipv4", false);
3845 bool ipv6 = qemu_opt_get_bool(opts, "ipv6", false);
3846 int displaynum = -1;
3847
3848 addr = qemu_opt_get(opts, "vnc");
3849 if (addr == NULL || g_str_equal(addr, "none")) {
3850 return 0;
3851 }
3852 if (qemu_opt_get(opts, "websocket") &&
3853 !qcrypto_hash_supports(QCRYPTO_HASH_ALGO_SHA1)) {
3854 error_setg(errp,
3855 "SHA1 hash support is required for websockets");
3856 return -1;
3857 }
3858
3859 qemu_opt_iter_init(&addriter, opts, "vnc");
3860 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3861 int rv;
3862 rv = vnc_display_get_address(addr, false, reverse, 0, to,
3863 has_ipv4, has_ipv6,
3864 ipv4, ipv6,
3865 &saddr, errp);
3866 if (rv < 0) {
3867 return -1;
3868 }
3869 /* Historical compat - first listen address can be used
3870 * to set the default websocket port
3871 */
3872 if (displaynum == -1) {
3873 displaynum = rv;
3874 }
3875 QAPI_LIST_APPEND(saddr_tail, saddr);
3876 }
3877
3878 if (saddr_list && !saddr_list->next) {
3879 single_saddr = saddr_list->value;
3880 } else {
3881 /*
3882 * If we had multiple primary displays, we don't do defaults
3883 * for websocket, and require explicit config instead.
3884 */
3885 displaynum = -1;
3886 }
3887
3888 qemu_opt_iter_init(&addriter, opts, "websocket");
3889 while ((addr = qemu_opt_iter_next(&addriter)) != NULL) {
3890 if (vnc_display_get_address(addr, true, reverse, displaynum, to,
3891 has_ipv4, has_ipv6,
3892 ipv4, ipv6,
3893 &wsaddr, errp) < 0) {
3894 return -1;
3895 }
3896
3897 /* Historical compat - if only a single listen address was
3898 * provided, then this is used to set the default listen
3899 * address for websocket too
3900 */
3901 if (single_saddr &&
3902 single_saddr->type == SOCKET_ADDRESS_TYPE_INET &&
3903 wsaddr->type == SOCKET_ADDRESS_TYPE_INET &&
3904 g_str_equal(wsaddr->u.inet.host, "") &&
3905 !g_str_equal(single_saddr->u.inet.host, "")) {
3906 g_free(wsaddr->u.inet.host);
3907 wsaddr->u.inet.host = g_strdup(single_saddr->u.inet.host);
3908 }
3909
3910 QAPI_LIST_APPEND(wsaddr_tail, wsaddr);
3911 }
3912
3913 *saddr_list_ret = g_steal_pointer(&saddr_list);
3914 *wsaddr_list_ret = g_steal_pointer(&wsaddr_list);
3915 return 0;
3916 }
3917
vnc_display_connect(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3918 static int vnc_display_connect(VncDisplay *vd,
3919 SocketAddressList *saddr_list,
3920 SocketAddressList *wsaddr_list,
3921 Error **errp)
3922 {
3923 /* connect to viewer */
3924 QIOChannelSocket *sioc = NULL;
3925 if (wsaddr_list) {
3926 error_setg(errp, "Cannot use websockets in reverse mode");
3927 return -1;
3928 }
3929 if (!saddr_list || saddr_list->next) {
3930 error_setg(errp, "Expected a single address in reverse mode");
3931 return -1;
3932 }
3933 sioc = qio_channel_socket_new();
3934 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-reverse");
3935 if (qio_channel_socket_connect_sync(sioc, saddr_list->value, errp) < 0) {
3936 object_unref(OBJECT(sioc));
3937 return -1;
3938 }
3939 vnc_connect(vd, sioc, false, false);
3940 object_unref(OBJECT(sioc));
3941 return 0;
3942 }
3943
3944
vnc_display_listen(VncDisplay * vd,SocketAddressList * saddr_list,SocketAddressList * wsaddr_list,Error ** errp)3945 static int vnc_display_listen(VncDisplay *vd,
3946 SocketAddressList *saddr_list,
3947 SocketAddressList *wsaddr_list,
3948 Error **errp)
3949 {
3950 SocketAddressList *el;
3951
3952 if (saddr_list) {
3953 vd->listener = qio_net_listener_new();
3954 qio_net_listener_set_name(vd->listener, "vnc-listen");
3955 for (el = saddr_list; el; el = el->next) {
3956 if (qio_net_listener_open_sync(vd->listener,
3957 el->value, 1,
3958 errp) < 0) {
3959 return -1;
3960 }
3961 }
3962
3963 qio_net_listener_set_client_func(vd->listener,
3964 vnc_listen_io, vd, NULL);
3965 }
3966
3967 if (wsaddr_list) {
3968 vd->wslistener = qio_net_listener_new();
3969 qio_net_listener_set_name(vd->wslistener, "vnc-ws-listen");
3970 for (el = wsaddr_list; el; el = el->next) {
3971 if (qio_net_listener_open_sync(vd->wslistener,
3972 el->value, 1,
3973 errp) < 0) {
3974 return -1;
3975 }
3976 }
3977
3978 qio_net_listener_set_client_func(vd->wslistener,
3979 vnc_listen_io, vd, NULL);
3980 }
3981
3982 return 0;
3983 }
3984
vnc_display_update(DisplayUpdateOptionsVNC * arg,Error ** errp)3985 bool vnc_display_update(DisplayUpdateOptionsVNC *arg, Error **errp)
3986 {
3987 VncDisplay *vd = vnc_display_find(NULL);
3988
3989 if (!vd) {
3990 error_setg(errp, "Can not find vnc display");
3991 return false;
3992 }
3993
3994 if (arg->has_addresses) {
3995 if (vd->listener) {
3996 qio_net_listener_disconnect(vd->listener);
3997 object_unref(OBJECT(vd->listener));
3998 vd->listener = NULL;
3999 }
4000
4001 if (vnc_display_listen(vd, arg->addresses, NULL, errp) < 0) {
4002 return false;
4003 }
4004 }
4005
4006 return true;
4007 }
4008
vnc_display_open(const char * id,Error ** errp)4009 void vnc_display_open(const char *id, Error **errp)
4010 {
4011 VncDisplay *vd = vnc_display_find(id);
4012 QemuOpts *opts = qemu_opts_find(&qemu_vnc_opts, id);
4013 g_autoptr(SocketAddressList) saddr_list = NULL;
4014 g_autoptr(SocketAddressList) wsaddr_list = NULL;
4015 const char *share, *device_id;
4016 QemuConsole *con;
4017 bool password = false;
4018 bool reverse = false;
4019 const char *credid;
4020 bool sasl = false;
4021 const char *tlsauthz;
4022 const char *saslauthz;
4023 int lock_key_sync = 1;
4024 int key_delay_ms;
4025 const char *audiodev;
4026 const char *passwordSecret;
4027
4028 if (!vd) {
4029 error_setg(errp, "VNC display not active");
4030 return;
4031 }
4032 vnc_display_close(vd);
4033
4034 if (!opts) {
4035 return;
4036 }
4037
4038 reverse = qemu_opt_get_bool(opts, "reverse", false);
4039 if (vnc_display_get_addresses(opts, reverse, &saddr_list, &wsaddr_list,
4040 errp) < 0) {
4041 goto fail;
4042 }
4043
4044
4045 passwordSecret = qemu_opt_get(opts, "password-secret");
4046 if (passwordSecret) {
4047 if (qemu_opt_get(opts, "password")) {
4048 error_setg(errp,
4049 "'password' flag is redundant with 'password-secret'");
4050 goto fail;
4051 }
4052 vd->password = qcrypto_secret_lookup_as_utf8(passwordSecret,
4053 errp);
4054 if (!vd->password) {
4055 goto fail;
4056 }
4057 password = true;
4058 } else {
4059 password = qemu_opt_get_bool(opts, "password", false);
4060 }
4061 if (password) {
4062 if (!qcrypto_cipher_supports(
4063 QCRYPTO_CIPHER_ALGO_DES, QCRYPTO_CIPHER_MODE_ECB)) {
4064 error_setg(errp,
4065 "Cipher backend does not support DES algorithm");
4066 goto fail;
4067 }
4068 }
4069
4070 lock_key_sync = qemu_opt_get_bool(opts, "lock-key-sync", true);
4071 key_delay_ms = qemu_opt_get_number(opts, "key-delay-ms", 10);
4072 sasl = qemu_opt_get_bool(opts, "sasl", false);
4073 #ifndef CONFIG_VNC_SASL
4074 if (sasl) {
4075 error_setg(errp, "VNC SASL auth requires cyrus-sasl support");
4076 goto fail;
4077 }
4078 #endif /* CONFIG_VNC_SASL */
4079 credid = qemu_opt_get(opts, "tls-creds");
4080 if (credid) {
4081 Object *creds;
4082 creds = object_resolve_path_component(
4083 object_get_objects_root(), credid);
4084 if (!creds) {
4085 error_setg(errp, "No TLS credentials with id '%s'",
4086 credid);
4087 goto fail;
4088 }
4089 vd->tlscreds = (QCryptoTLSCreds *)
4090 object_dynamic_cast(creds,
4091 TYPE_QCRYPTO_TLS_CREDS);
4092 if (!vd->tlscreds) {
4093 error_setg(errp, "Object with id '%s' is not TLS credentials",
4094 credid);
4095 goto fail;
4096 }
4097 object_ref(OBJECT(vd->tlscreds));
4098
4099 if (!qcrypto_tls_creds_check_endpoint(vd->tlscreds,
4100 QCRYPTO_TLS_CREDS_ENDPOINT_SERVER,
4101 errp)) {
4102 goto fail;
4103 }
4104 }
4105 tlsauthz = qemu_opt_get(opts, "tls-authz");
4106 if (tlsauthz && !vd->tlscreds) {
4107 error_setg(errp, "'tls-authz' provided but TLS is not enabled");
4108 goto fail;
4109 }
4110
4111 saslauthz = qemu_opt_get(opts, "sasl-authz");
4112 if (saslauthz && !sasl) {
4113 error_setg(errp, "'sasl-authz' provided but SASL auth is not enabled");
4114 goto fail;
4115 }
4116
4117 share = qemu_opt_get(opts, "share");
4118 if (share) {
4119 if (strcmp(share, "ignore") == 0) {
4120 vd->share_policy = VNC_SHARE_POLICY_IGNORE;
4121 } else if (strcmp(share, "allow-exclusive") == 0) {
4122 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4123 } else if (strcmp(share, "force-shared") == 0) {
4124 vd->share_policy = VNC_SHARE_POLICY_FORCE_SHARED;
4125 } else {
4126 error_setg(errp, "unknown vnc share= option");
4127 goto fail;
4128 }
4129 } else {
4130 vd->share_policy = VNC_SHARE_POLICY_ALLOW_EXCLUSIVE;
4131 }
4132 vd->connections_limit = qemu_opt_get_number(opts, "connections", 32);
4133
4134 #ifdef CONFIG_VNC_JPEG
4135 vd->lossy = qemu_opt_get_bool(opts, "lossy", false);
4136 #endif
4137 vd->non_adaptive = qemu_opt_get_bool(opts, "non-adaptive", false);
4138 /* adaptive updates are only used with tight encoding and
4139 * if lossy updates are enabled so we can disable all the
4140 * calculations otherwise */
4141 if (!vd->lossy) {
4142 vd->non_adaptive = true;
4143 }
4144
4145 vd->power_control = qemu_opt_get_bool(opts, "power-control", false);
4146
4147 if (tlsauthz) {
4148 vd->tlsauthzid = g_strdup(tlsauthz);
4149 }
4150 #ifdef CONFIG_VNC_SASL
4151 if (sasl) {
4152 if (saslauthz) {
4153 vd->sasl.authzid = g_strdup(saslauthz);
4154 }
4155 }
4156 #endif
4157
4158 if (vnc_display_setup_auth(&vd->auth, &vd->subauth,
4159 vd->tlscreds, password,
4160 sasl, false, errp) < 0) {
4161 goto fail;
4162 }
4163 trace_vnc_auth_init(vd, 0, vd->auth, vd->subauth);
4164
4165 if (vnc_display_setup_auth(&vd->ws_auth, &vd->ws_subauth,
4166 vd->tlscreds, password,
4167 sasl, true, errp) < 0) {
4168 goto fail;
4169 }
4170 trace_vnc_auth_init(vd, 1, vd->ws_auth, vd->ws_subauth);
4171
4172 #ifdef CONFIG_VNC_SASL
4173 if (sasl && !vnc_sasl_server_init(errp)) {
4174 goto fail;
4175 }
4176 #endif
4177 vd->lock_key_sync = lock_key_sync;
4178 if (lock_key_sync) {
4179 vd->led = qemu_add_led_event_handler(kbd_leds, vd);
4180 }
4181 vd->ledstate = 0;
4182
4183 audiodev = qemu_opt_get(opts, "audiodev");
4184 if (audiodev) {
4185 vd->audio_state = audio_state_by_name(audiodev, errp);
4186 if (!vd->audio_state) {
4187 goto fail;
4188 }
4189 } else {
4190 vd->audio_state = audio_get_default_audio_state(NULL);
4191 }
4192
4193 device_id = qemu_opt_get(opts, "display");
4194 if (device_id) {
4195 int head = qemu_opt_get_number(opts, "head", 0);
4196 Error *err = NULL;
4197
4198 con = qemu_console_lookup_by_device_name(device_id, head, &err);
4199 if (err) {
4200 error_propagate(errp, err);
4201 goto fail;
4202 }
4203 } else {
4204 con = qemu_console_lookup_default();
4205 }
4206
4207 if (con != vd->dcl.con) {
4208 qkbd_state_free(vd->kbd);
4209 unregister_displaychangelistener(&vd->dcl);
4210 vd->dcl.con = con;
4211 register_displaychangelistener(&vd->dcl);
4212 vd->kbd = qkbd_state_init(vd->dcl.con);
4213 }
4214 qkbd_state_set_delay(vd->kbd, key_delay_ms);
4215
4216 if (saddr_list == NULL) {
4217 return;
4218 }
4219
4220 if (reverse) {
4221 if (vnc_display_connect(vd, saddr_list, wsaddr_list, errp) < 0) {
4222 goto fail;
4223 }
4224 } else {
4225 if (vnc_display_listen(vd, saddr_list, wsaddr_list, errp) < 0) {
4226 goto fail;
4227 }
4228 }
4229
4230 if (qemu_opt_get(opts, "to")) {
4231 vnc_display_print_local_addr(vd);
4232 }
4233
4234 /* Success */
4235 return;
4236
4237 fail:
4238 vnc_display_close(vd);
4239 }
4240
vnc_display_add_client(const char * id,int csock,bool skipauth)4241 void vnc_display_add_client(const char *id, int csock, bool skipauth)
4242 {
4243 VncDisplay *vd = vnc_display_find(id);
4244 QIOChannelSocket *sioc;
4245
4246 if (!vd) {
4247 return;
4248 }
4249
4250 sioc = qio_channel_socket_new_fd(csock, NULL);
4251 if (sioc) {
4252 qio_channel_set_name(QIO_CHANNEL(sioc), "vnc-server");
4253 vnc_connect(vd, sioc, skipauth, false);
4254 object_unref(OBJECT(sioc));
4255 }
4256 }
4257
vnc_auto_assign_id(QemuOptsList * olist,QemuOpts * opts)4258 static void vnc_auto_assign_id(QemuOptsList *olist, QemuOpts *opts)
4259 {
4260 int i = 2;
4261 char *id;
4262
4263 id = g_strdup("default");
4264 while (qemu_opts_find(olist, id)) {
4265 g_free(id);
4266 id = g_strdup_printf("vnc%d", i++);
4267 }
4268 qemu_opts_set_id(opts, id);
4269 }
4270
vnc_parse(const char * str)4271 void vnc_parse(const char *str)
4272 {
4273 QemuOptsList *olist = qemu_find_opts("vnc");
4274 QemuOpts *opts = qemu_opts_parse_noisily(olist, str, !is_help_option(str));
4275 const char *id;
4276
4277 if (!opts) {
4278 exit(1);
4279 }
4280
4281 id = qemu_opts_id(opts);
4282 if (!id) {
4283 /* auto-assign id if not present */
4284 vnc_auto_assign_id(olist, opts);
4285 }
4286 }
4287
vnc_init_func(void * opaque,QemuOpts * opts,Error ** errp)4288 int vnc_init_func(void *opaque, QemuOpts *opts, Error **errp)
4289 {
4290 Error *local_err = NULL;
4291 char *id = (char *)qemu_opts_id(opts);
4292
4293 assert(id);
4294 vnc_display_init(id, &local_err);
4295 if (local_err) {
4296 error_propagate(errp, local_err);
4297 return -1;
4298 }
4299 vnc_display_open(id, &local_err);
4300 if (local_err != NULL) {
4301 error_propagate(errp, local_err);
4302 return -1;
4303 }
4304 return 0;
4305 }
4306
vnc_register_config(void)4307 static void vnc_register_config(void)
4308 {
4309 qemu_add_opts(&qemu_vnc_opts);
4310 }
4311 opts_init(vnc_register_config);
4312