search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Remove env->ready_for_interrupt_injection
[qemu-kvm/fedora.git] / vnc.c
blob7f10af6d10a96572572175ce386663341b86503a
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
33
34 #include "vnc_keysym.h"
35 #include "keymaps.c"
36 #include "d3des.h"
37
38 #if CONFIG_VNC_TLS
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
42
43 // #define _VNC_DEBUG 1
44
45 #if _VNC_DEBUG
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
47
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
52 }
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
54 #else
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
56 #endif
57
58
59 typedef struct Buffer
60 {
61 size_t capacity;
62 size_t offset;
63 uint8_t *buffer;
64 } Buffer;
65
66 typedef struct VncState VncState;
67
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
69
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
71
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
74 uint32_t *last_bg,
75 uint32_t *last_fg,
76 int *has_bg, int *has_fg);
77
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
81
82 #define VNC_AUTH_CHALLENGE_SIZE 16
83
84 enum {
85 VNC_AUTH_INVALID = 0,
86 VNC_AUTH_NONE = 1,
87 VNC_AUTH_VNC = 2,
88 VNC_AUTH_RA2 = 5,
89 VNC_AUTH_RA2NE = 6,
90 VNC_AUTH_TIGHT = 16,
91 VNC_AUTH_ULTRA = 17,
92 VNC_AUTH_TLS = 18,
93 VNC_AUTH_VENCRYPT = 19
94 };
95
96 #if CONFIG_VNC_TLS
97 enum {
98 VNC_WIREMODE_CLEAR,
99 VNC_WIREMODE_TLS,
100 };
101
102 enum {
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
110 };
111
112 #if CONFIG_VNC_TLS
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
117 #endif
118
119 #endif /* CONFIG_VNC_TLS */
120
121 struct VncState
122 {
123 QEMUTimer *timer;
124 int lsock;
125 int csock;
126 DisplayState *ds;
127 int need_update;
128 int width;
129 int height;
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
131 char *old_data;
132 int depth; /* internal VNC frame buffer byte per pixel */
133 int has_resize;
134 int has_hextile;
135 int has_pointer_type_change;
136 int absolute;
137 int last_x;
138 int last_y;
139
140 int major;
141 int minor;
142
143 char *display;
144 char *password;
145 int auth;
146 #if CONFIG_VNC_TLS
147 int subauth;
148 int x509verify;
149
150 char *x509cacert;
151 char *x509cacrl;
152 char *x509cert;
153 char *x509key;
154 #endif
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
156
157 #if CONFIG_VNC_TLS
158 int wiremode;
159 gnutls_session_t tls_session;
160 #endif
161
162 Buffer output;
163 Buffer input;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
172
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
175 /* input */
176 uint8_t modifiers_state[256];
177 };
178
179 static VncState *vnc_state; /* needed for info vnc */
180
181 void do_info_vnc(void)
182 {
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
185 else {
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
188 term_printf("\n");
189
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
192 else
193 term_printf("Client connected\n");
194 }
195 }
196
197 /* TODO
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
202 */
203
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
212
213 static inline void vnc_set_bit(uint32_t *d, int k)
214 {
215 d[k >> 5] |= 1 << (k & 0x1f);
216 }
217
218 static inline void vnc_clear_bit(uint32_t *d, int k)
219 {
220 d[k >> 5] &= ~(1 << (k & 0x1f));
221 }
222
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
224 {
225 int j;
226
227 j = 0;
228 while (n >= 32) {
229 d[j++] = -1;
230 n -= 32;
231 }
232 if (n > 0)
233 d[j++] = (1 << n) - 1;
234 while (j < nb_words)
235 d[j++] = 0;
236 }
237
238 static inline int vnc_get_bit(const uint32_t *d, int k)
239 {
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
241 }
242
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
244 int nb_words)
245 {
246 int i;
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
249 return 1;
250 }
251 return 0;
252 }
253
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
255 {
256 VncState *vs = ds->opaque;
257 int i;
258
259 h += y;
260
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
264 */
265 w += (x % 16);
266 x -= (x % 16);
267
268 x = MIN(x, vs->width);
269 y = MIN(y, vs->height);
270 w = MIN(x + w, vs->width) - x;
271 h = MIN(h, vs->height);
272
273 for (; y < h; y++)
274 for (i = 0; i < w; i += 16)
275 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
276 }
277
278 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
279 int32_t encoding)
280 {
281 vnc_write_u16(vs, x);
282 vnc_write_u16(vs, y);
283 vnc_write_u16(vs, w);
284 vnc_write_u16(vs, h);
285
286 vnc_write_s32(vs, encoding);
287 }
288
289 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
290 {
291 int size_changed;
292 VncState *vs = ds->opaque;
293
294 ds->data = realloc(ds->data, w * h * vs->depth);
295 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
296
297 if (ds->data == NULL || vs->old_data == NULL) {
298 fprintf(stderr, "vnc: memory allocation failed\n");
299 exit(1);
300 }
301
302 if (ds->depth != vs->depth * 8) {
303 ds->depth = vs->depth * 8;
304 console_color_init(ds);
305 }
306 size_changed = ds->width != w || ds->height != h;
307 ds->width = w;
308 ds->height = h;
309 ds->linesize = w * vs->depth;
310 if (size_changed) {
311 vs->width = ds->width;
312 vs->height = ds->height;
313 if (vs->csock != -1 && vs->has_resize) {
314 vnc_write_u8(vs, 0); /* msg id */
315 vnc_write_u8(vs, 0);
316 vnc_write_u16(vs, 1); /* number of rects */
317 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
318 vnc_flush(vs);
319 }
320 }
321
322 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
323 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
324 }
325
326 /* fastest code */
327 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
328 {
329 vnc_write(vs, pixels, size);
330 }
331
332 /* slowest but generic code. */
333 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
334 {
335 unsigned int r, g, b;
336
337 r = (v >> vs->red_shift1) & vs->red_max;
338 g = (v >> vs->green_shift1) & vs->green_max;
339 b = (v >> vs->blue_shift1) & vs->blue_max;
340 v = (r << vs->red_shift) |
341 (g << vs->green_shift) |
342 (b << vs->blue_shift);
343 switch(vs->pix_bpp) {
344 case 1:
345 buf[0] = v;
346 break;
347 case 2:
348 if (vs->pix_big_endian) {
349 buf[0] = v >> 8;
350 buf[1] = v;
351 } else {
352 buf[1] = v >> 8;
353 buf[0] = v;
354 }
355 break;
356 default:
357 case 4:
358 if (vs->pix_big_endian) {
359 buf[0] = v >> 24;
360 buf[1] = v >> 16;
361 buf[2] = v >> 8;
362 buf[3] = v;
363 } else {
364 buf[3] = v >> 24;
365 buf[2] = v >> 16;
366 buf[1] = v >> 8;
367 buf[0] = v;
368 }
369 break;
370 }
371 }
372
373 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
374 {
375 uint32_t *pixels = pixels1;
376 uint8_t buf[4];
377 int n, i;
378
379 n = size >> 2;
380 for(i = 0; i < n; i++) {
381 vnc_convert_pixel(vs, buf, pixels[i]);
382 vnc_write(vs, buf, vs->pix_bpp);
383 }
384 }
385
386 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
387 {
388 int i;
389 uint8_t *row;
390
391 vnc_framebuffer_update(vs, x, y, w, h, 0);
392
393 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
394 for (i = 0; i < h; i++) {
395 vs->write_pixels(vs, row, w * vs->depth);
396 row += vs->ds->linesize;
397 }
398 }
399
400 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
401 {
402 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
403 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
404 }
405
406 #define BPP 8
407 #include "vnchextile.h"
408 #undef BPP
409
410 #define BPP 16
411 #include "vnchextile.h"
412 #undef BPP
413
414 #define BPP 32
415 #include "vnchextile.h"
416 #undef BPP
417
418 #define GENERIC
419 #define BPP 32
420 #include "vnchextile.h"
421 #undef BPP
422 #undef GENERIC
423
424 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
425 {
426 int i, j;
427 int has_fg, has_bg;
428 uint32_t last_fg32, last_bg32;
429
430 vnc_framebuffer_update(vs, x, y, w, h, 5);
431
432 has_fg = has_bg = 0;
433 for (j = y; j < (y + h); j += 16) {
434 for (i = x; i < (x + w); i += 16) {
435 vs->send_hextile_tile(vs, i, j,
436 MIN(16, x + w - i), MIN(16, y + h - j),
437 &last_bg32, &last_fg32, &has_bg, &has_fg);
438 }
439 }
440 }
441
442 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
443 {
444 if (vs->has_hextile)
445 send_framebuffer_update_hextile(vs, x, y, w, h);
446 else
447 send_framebuffer_update_raw(vs, x, y, w, h);
448 }
449
450 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
451 {
452 int src, dst;
453 uint8_t *src_row;
454 uint8_t *dst_row;
455 char *old_row;
456 int y = 0;
457 int pitch = ds->linesize;
458 VncState *vs = ds->opaque;
459
460 vnc_update_client(vs);
461
462 if (dst_y > src_y) {
463 y = h - 1;
464 pitch = -pitch;
465 }
466
467 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
468 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
469
470 src_row = ds->data + src;
471 dst_row = ds->data + dst;
472 old_row = vs->old_data + dst;
473
474 for (y = 0; y < h; y++) {
475 memmove(old_row, src_row, w * vs->depth);
476 memmove(dst_row, src_row, w * vs->depth);
477 src_row += pitch;
478 dst_row += pitch;
479 old_row += pitch;
480 }
481
482 vnc_write_u8(vs, 0); /* msg id */
483 vnc_write_u8(vs, 0);
484 vnc_write_u16(vs, 1); /* number of rects */
485 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
486 vnc_write_u16(vs, src_x);
487 vnc_write_u16(vs, src_y);
488 vnc_flush(vs);
489 }
490
491 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
492 {
493 int h;
494
495 for (h = 1; h < (vs->height - y); h++) {
496 int tmp_x;
497 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
498 break;
499 for (tmp_x = last_x; tmp_x < x; tmp_x++)
500 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
501 }
502
503 return h;
504 }
505
506 static void vnc_update_client(void *opaque)
507 {
508 VncState *vs = opaque;
509
510 if (vs->need_update && vs->csock != -1) {
511 int y;
512 uint8_t *row;
513 char *old_row;
514 uint32_t width_mask[VNC_DIRTY_WORDS];
515 int n_rectangles;
516 int saved_offset;
517 int has_dirty = 0;
518
519 vga_hw_update();
520
521 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
522
523 /* Walk through the dirty map and eliminate tiles that
524 really aren't dirty */
525 row = vs->ds->data;
526 old_row = vs->old_data;
527
528 for (y = 0; y < vs->height; y++) {
529 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
530 int x;
531 uint8_t *ptr;
532 char *old_ptr;
533
534 ptr = row;
535 old_ptr = (char*)old_row;
536
537 for (x = 0; x < vs->ds->width; x += 16) {
538 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
539 vnc_clear_bit(vs->dirty_row[y], (x / 16));
540 } else {
541 has_dirty = 1;
542 memcpy(old_ptr, ptr, 16 * vs->depth);
543 }
544
545 ptr += 16 * vs->depth;
546 old_ptr += 16 * vs->depth;
547 }
548 }
549
550 row += vs->ds->linesize;
551 old_row += vs->ds->linesize;
552 }
553
554 if (!has_dirty) {
555 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
556 return;
557 }
558
559 /* Count rectangles */
560 n_rectangles = 0;
561 vnc_write_u8(vs, 0); /* msg id */
562 vnc_write_u8(vs, 0);
563 saved_offset = vs->output.offset;
564 vnc_write_u16(vs, 0);
565
566 for (y = 0; y < vs->height; y++) {
567 int x;
568 int last_x = -1;
569 for (x = 0; x < vs->width / 16; x++) {
570 if (vnc_get_bit(vs->dirty_row[y], x)) {
571 if (last_x == -1) {
572 last_x = x;
573 }
574 vnc_clear_bit(vs->dirty_row[y], x);
575 } else {
576 if (last_x != -1) {
577 int h = find_dirty_height(vs, y, last_x, x);
578 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
579 n_rectangles++;
580 }
581 last_x = -1;
582 }
583 }
584 if (last_x != -1) {
585 int h = find_dirty_height(vs, y, last_x, x);
586 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
587 n_rectangles++;
588 }
589 }
590 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
591 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
592 vnc_flush(vs);
593
594 }
595
596 if (vs->csock != -1) {
597 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
598 }
599
600 }
601
602 static int vnc_listen_poll(void *opaque)
603 {
604 VncState *vs = opaque;
605 if (vs->csock == -1)
606 return 1;
607 return 0;
608 }
609
610 static void buffer_reserve(Buffer *buffer, size_t len)
611 {
612 if ((buffer->capacity - buffer->offset) < len) {
613 buffer->capacity += (len + 1024);
614 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
615 if (buffer->buffer == NULL) {
616 fprintf(stderr, "vnc: out of memory\n");
617 exit(1);
618 }
619 }
620 }
621
622 static int buffer_empty(Buffer *buffer)
623 {
624 return buffer->offset == 0;
625 }
626
627 static uint8_t *buffer_end(Buffer *buffer)
628 {
629 return buffer->buffer + buffer->offset;
630 }
631
632 static void buffer_reset(Buffer *buffer)
633 {
634 buffer->offset = 0;
635 }
636
637 static void buffer_append(Buffer *buffer, const void *data, size_t len)
638 {
639 memcpy(buffer->buffer + buffer->offset, data, len);
640 buffer->offset += len;
641 }
642
643 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
644 {
645 if (ret == 0 || ret == -1) {
646 if (ret == -1) {
647 switch (last_errno) {
648 case EINTR:
649 case EAGAIN:
650 #ifdef _WIN32
651 case WSAEWOULDBLOCK:
652 #endif
653 return 0;
654 default:
655 break;
656 }
657 }
658
659 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
660 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
661 closesocket(vs->csock);
662 vs->csock = -1;
663 buffer_reset(&vs->input);
664 buffer_reset(&vs->output);
665 vs->need_update = 0;
666 #if CONFIG_VNC_TLS
667 if (vs->tls_session) {
668 gnutls_deinit(vs->tls_session);
669 vs->tls_session = NULL;
670 }
671 vs->wiremode = VNC_WIREMODE_CLEAR;
672 #endif /* CONFIG_VNC_TLS */
673 return 0;
674 }
675 return ret;
676 }
677
678 static void vnc_client_error(VncState *vs)
679 {
680 vnc_client_io_error(vs, -1, EINVAL);
681 }
682
683 static void vnc_client_write(void *opaque)
684 {
685 long ret;
686 VncState *vs = opaque;
687
688 #if CONFIG_VNC_TLS
689 if (vs->tls_session) {
690 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
691 if (ret < 0) {
692 if (ret == GNUTLS_E_AGAIN)
693 errno = EAGAIN;
694 else
695 errno = EIO;
696 ret = -1;
697 }
698 } else
699 #endif /* CONFIG_VNC_TLS */
700 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
701 ret = vnc_client_io_error(vs, ret, socket_error());
702 if (!ret)
703 return;
704
705 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
706 vs->output.offset -= ret;
707
708 if (vs->output.offset == 0) {
709 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
710 }
711 }
712
713 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
714 {
715 vs->read_handler = func;
716 vs->read_handler_expect = expecting;
717 }
718
719 static void vnc_client_read(void *opaque)
720 {
721 VncState *vs = opaque;
722 long ret;
723
724 buffer_reserve(&vs->input, 4096);
725
726 #if CONFIG_VNC_TLS
727 if (vs->tls_session) {
728 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
729 if (ret < 0) {
730 if (ret == GNUTLS_E_AGAIN)
731 errno = EAGAIN;
732 else
733 errno = EIO;
734 ret = -1;
735 }
736 } else
737 #endif /* CONFIG_VNC_TLS */
738 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
739 ret = vnc_client_io_error(vs, ret, socket_error());
740 if (!ret)
741 return;
742
743 vs->input.offset += ret;
744
745 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
746 size_t len = vs->read_handler_expect;
747 int ret;
748
749 ret = vs->read_handler(vs, vs->input.buffer, len);
750 if (vs->csock == -1)
751 return;
752
753 if (!ret) {
754 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
755 vs->input.offset -= len;
756 } else {
757 vs->read_handler_expect = ret;
758 }
759 }
760 }
761
762 static void vnc_write(VncState *vs, const void *data, size_t len)
763 {
764 buffer_reserve(&vs->output, len);
765
766 if (buffer_empty(&vs->output)) {
767 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
768 }
769
770 buffer_append(&vs->output, data, len);
771 }
772
773 static void vnc_write_s32(VncState *vs, int32_t value)
774 {
775 vnc_write_u32(vs, *(uint32_t *)&value);
776 }
777
778 static void vnc_write_u32(VncState *vs, uint32_t value)
779 {
780 uint8_t buf[4];
781
782 buf[0] = (value >> 24) & 0xFF;
783 buf[1] = (value >> 16) & 0xFF;
784 buf[2] = (value >> 8) & 0xFF;
785 buf[3] = value & 0xFF;
786
787 vnc_write(vs, buf, 4);
788 }
789
790 static void vnc_write_u16(VncState *vs, uint16_t value)
791 {
792 uint8_t buf[2];
793
794 buf[0] = (value >> 8) & 0xFF;
795 buf[1] = value & 0xFF;
796
797 vnc_write(vs, buf, 2);
798 }
799
800 static void vnc_write_u8(VncState *vs, uint8_t value)
801 {
802 vnc_write(vs, (char *)&value, 1);
803 }
804
805 static void vnc_flush(VncState *vs)
806 {
807 if (vs->output.offset)
808 vnc_client_write(vs);
809 }
810
811 static uint8_t read_u8(uint8_t *data, size_t offset)
812 {
813 return data[offset];
814 }
815
816 static uint16_t read_u16(uint8_t *data, size_t offset)
817 {
818 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
819 }
820
821 static int32_t read_s32(uint8_t *data, size_t offset)
822 {
823 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
824 (data[offset + 2] << 8) | data[offset + 3]);
825 }
826
827 static uint32_t read_u32(uint8_t *data, size_t offset)
828 {
829 return ((data[offset] << 24) | (data[offset + 1] << 16) |
830 (data[offset + 2] << 8) | data[offset + 3]);
831 }
832
833 #if CONFIG_VNC_TLS
834 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
835 const void *data,
836 size_t len) {
837 struct VncState *vs = (struct VncState *)transport;
838 int ret;
839
840 retry:
841 ret = send(vs->csock, data, len, 0);
842 if (ret < 0) {
843 if (errno == EINTR)
844 goto retry;
845 return -1;
846 }
847 return ret;
848 }
849
850
851 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
852 void *data,
853 size_t len) {
854 struct VncState *vs = (struct VncState *)transport;
855 int ret;
856
857 retry:
858 ret = recv(vs->csock, data, len, 0);
859 if (ret < 0) {
860 if (errno == EINTR)
861 goto retry;
862 return -1;
863 }
864 return ret;
865 }
866 #endif /* CONFIG_VNC_TLS */
867
868 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
869 {
870 }
871
872 static void check_pointer_type_change(VncState *vs, int absolute)
873 {
874 if (vs->has_pointer_type_change && vs->absolute != absolute) {
875 vnc_write_u8(vs, 0);
876 vnc_write_u8(vs, 0);
877 vnc_write_u16(vs, 1);
878 vnc_framebuffer_update(vs, absolute, 0,
879 vs->ds->width, vs->ds->height, -257);
880 vnc_flush(vs);
881 }
882 vs->absolute = absolute;
883 }
884
885 static void pointer_event(VncState *vs, int button_mask, int x, int y)
886 {
887 int buttons = 0;
888 int dz = 0;
889
890 if (button_mask & 0x01)
891 buttons |= MOUSE_EVENT_LBUTTON;
892 if (button_mask & 0x02)
893 buttons |= MOUSE_EVENT_MBUTTON;
894 if (button_mask & 0x04)
895 buttons |= MOUSE_EVENT_RBUTTON;
896 if (button_mask & 0x08)
897 dz = -1;
898 if (button_mask & 0x10)
899 dz = 1;
900
901 if (vs->absolute) {
902 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
903 y * 0x7FFF / (vs->ds->height - 1),
904 dz, buttons);
905 } else if (vs->has_pointer_type_change) {
906 x -= 0x7FFF;
907 y -= 0x7FFF;
908
909 kbd_mouse_event(x, y, dz, buttons);
910 } else {
911 if (vs->last_x != -1)
912 kbd_mouse_event(x - vs->last_x,
913 y - vs->last_y,
914 dz, buttons);
915 vs->last_x = x;
916 vs->last_y = y;
917 }
918
919 check_pointer_type_change(vs, kbd_mouse_is_absolute());
920 }
921
922 static void reset_keys(VncState *vs)
923 {
924 int i;
925 for(i = 0; i < 256; i++) {
926 if (vs->modifiers_state[i]) {
927 if (i & 0x80)
928 kbd_put_keycode(0xe0);
929 kbd_put_keycode(i | 0x80);
930 vs->modifiers_state[i] = 0;
931 }
932 }
933 }
934
935 static void press_key(VncState *vs, int keysym)
936 {
937 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
938 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
939 }
940
941 static void do_key_event(VncState *vs, int down, uint32_t sym)
942 {
943 int keycode;
944
945 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
946
947 /* QEMU console switch */
948 switch(keycode) {
949 case 0x2a: /* Left Shift */
950 case 0x36: /* Right Shift */
951 case 0x1d: /* Left CTRL */
952 case 0x9d: /* Right CTRL */
953 case 0x38: /* Left ALT */
954 case 0xb8: /* Right ALT */
955 if (down)
956 vs->modifiers_state[keycode] = 1;
957 else
958 vs->modifiers_state[keycode] = 0;
959 break;
960 case 0x02 ... 0x0a: /* '1' to '9' keys */
961 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
962 /* Reset the modifiers sent to the current console */
963 reset_keys(vs);
964 console_select(keycode - 0x02);
965 return;
966 }
967 break;
968 case 0x3a: /* CapsLock */
969 case 0x45: /* NumLock */
970 if (!down)
971 vs->modifiers_state[keycode] ^= 1;
972 break;
973 }
974
975 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
976 /* If the numlock state needs to change then simulate an additional
977 keypress before sending this one. This will happen if the user
978 toggles numlock away from the VNC window.
979 */
980 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
981 if (!vs->modifiers_state[0x45]) {
982 vs->modifiers_state[0x45] = 1;
983 press_key(vs, 0xff7f);
984 }
985 } else {
986 if (vs->modifiers_state[0x45]) {
987 vs->modifiers_state[0x45] = 0;
988 press_key(vs, 0xff7f);
989 }
990 }
991 }
992
993 if (is_graphic_console()) {
994 if (keycode & 0x80)
995 kbd_put_keycode(0xe0);
996 if (down)
997 kbd_put_keycode(keycode & 0x7f);
998 else
999 kbd_put_keycode(keycode | 0x80);
1000 } else {
1001 /* QEMU console emulation */
1002 if (down) {
1003 switch (keycode) {
1004 case 0x2a: /* Left Shift */
1005 case 0x36: /* Right Shift */
1006 case 0x1d: /* Left CTRL */
1007 case 0x9d: /* Right CTRL */
1008 case 0x38: /* Left ALT */
1009 case 0xb8: /* Right ALT */
1010 break;
1011 case 0xc8:
1012 kbd_put_keysym(QEMU_KEY_UP);
1013 break;
1014 case 0xd0:
1015 kbd_put_keysym(QEMU_KEY_DOWN);
1016 break;
1017 case 0xcb:
1018 kbd_put_keysym(QEMU_KEY_LEFT);
1019 break;
1020 case 0xcd:
1021 kbd_put_keysym(QEMU_KEY_RIGHT);
1022 break;
1023 case 0xd3:
1024 kbd_put_keysym(QEMU_KEY_DELETE);
1025 break;
1026 case 0xc7:
1027 kbd_put_keysym(QEMU_KEY_HOME);
1028 break;
1029 case 0xcf:
1030 kbd_put_keysym(QEMU_KEY_END);
1031 break;
1032 case 0xc9:
1033 kbd_put_keysym(QEMU_KEY_PAGEUP);
1034 break;
1035 case 0xd1:
1036 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1037 break;
1038 default:
1039 kbd_put_keysym(sym);
1040 break;
1041 }
1042 }
1043 }
1044 }
1045
1046 static void key_event(VncState *vs, int down, uint32_t sym)
1047 {
1048 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1049 sym = sym - 'A' + 'a';
1050 do_key_event(vs, down, sym);
1051 }
1052
1053 static void framebuffer_update_request(VncState *vs, int incremental,
1054 int x_position, int y_position,
1055 int w, int h)
1056 {
1057 if (x_position > vs->ds->width)
1058 x_position = vs->ds->width;
1059 if (y_position > vs->ds->height)
1060 y_position = vs->ds->height;
1061 if (x_position + w >= vs->ds->width)
1062 w = vs->ds->width - x_position;
1063 if (y_position + h >= vs->ds->height)
1064 h = vs->ds->height - y_position;
1065
1066 int i;
1067 vs->need_update = 1;
1068 if (!incremental) {
1069 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1070
1071 for (i = 0; i < h; i++) {
1072 vnc_set_bits(vs->dirty_row[y_position + i],
1073 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1074 memset(old_row, 42, vs->ds->width * vs->depth);
1075 old_row += vs->ds->linesize;
1076 }
1077 }
1078 }
1079
1080 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1081 {
1082 int i;
1083
1084 vs->has_hextile = 0;
1085 vs->has_resize = 0;
1086 vs->has_pointer_type_change = 0;
1087 vs->absolute = -1;
1088 vs->ds->dpy_copy = NULL;
1089
1090 for (i = n_encodings - 1; i >= 0; i--) {
1091 switch (encodings[i]) {
1092 case 0: /* Raw */
1093 vs->has_hextile = 0;
1094 break;
1095 case 1: /* CopyRect */
1096 vs->ds->dpy_copy = vnc_copy;
1097 break;
1098 case 5: /* Hextile */
1099 vs->has_hextile = 1;
1100 break;
1101 case -223: /* DesktopResize */
1102 vs->has_resize = 1;
1103 break;
1104 case -257:
1105 vs->has_pointer_type_change = 1;
1106 break;
1107 default:
1108 break;
1109 }
1110 }
1111
1112 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1113 }
1114
1115 static int compute_nbits(unsigned int val)
1116 {
1117 int n;
1118 n = 0;
1119 while (val != 0) {
1120 n++;
1121 val >>= 1;
1122 }
1123 return n;
1124 }
1125
1126 static void set_pixel_format(VncState *vs,
1127 int bits_per_pixel, int depth,
1128 int big_endian_flag, int true_color_flag,
1129 int red_max, int green_max, int blue_max,
1130 int red_shift, int green_shift, int blue_shift)
1131 {
1132 int host_big_endian_flag;
1133
1134 #ifdef WORDS_BIGENDIAN
1135 host_big_endian_flag = 1;
1136 #else
1137 host_big_endian_flag = 0;
1138 #endif
1139 if (!true_color_flag) {
1140 fail:
1141 vnc_client_error(vs);
1142 return;
1143 }
1144 if (bits_per_pixel == 32 &&
1145 host_big_endian_flag == big_endian_flag &&
1146 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1147 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1148 vs->depth = 4;
1149 vs->write_pixels = vnc_write_pixels_copy;
1150 vs->send_hextile_tile = send_hextile_tile_32;
1151 } else
1152 if (bits_per_pixel == 16 &&
1153 host_big_endian_flag == big_endian_flag &&
1154 red_max == 31 && green_max == 63 && blue_max == 31 &&
1155 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1156 vs->depth = 2;
1157 vs->write_pixels = vnc_write_pixels_copy;
1158 vs->send_hextile_tile = send_hextile_tile_16;
1159 } else
1160 if (bits_per_pixel == 8 &&
1161 red_max == 7 && green_max == 7 && blue_max == 3 &&
1162 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1163 vs->depth = 1;
1164 vs->write_pixels = vnc_write_pixels_copy;
1165 vs->send_hextile_tile = send_hextile_tile_8;
1166 } else
1167 {
1168 /* generic and slower case */
1169 if (bits_per_pixel != 8 &&
1170 bits_per_pixel != 16 &&
1171 bits_per_pixel != 32)
1172 goto fail;
1173 vs->depth = 4;
1174 vs->red_shift = red_shift;
1175 vs->red_max = red_max;
1176 vs->red_shift1 = 24 - compute_nbits(red_max);
1177 vs->green_shift = green_shift;
1178 vs->green_max = green_max;
1179 vs->green_shift1 = 16 - compute_nbits(green_max);
1180 vs->blue_shift = blue_shift;
1181 vs->blue_max = blue_max;
1182 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1183 vs->pix_bpp = bits_per_pixel / 8;
1184 vs->pix_big_endian = big_endian_flag;
1185 vs->write_pixels = vnc_write_pixels_generic;
1186 vs->send_hextile_tile = send_hextile_tile_generic;
1187 }
1188
1189 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1190
1191 vga_hw_invalidate();
1192 vga_hw_update();
1193 }
1194
1195 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1196 {
1197 int i;
1198 uint16_t limit;
1199
1200 switch (data[0]) {
1201 case 0:
1202 if (len == 1)
1203 return 20;
1204
1205 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1206 read_u8(data, 6), read_u8(data, 7),
1207 read_u16(data, 8), read_u16(data, 10),
1208 read_u16(data, 12), read_u8(data, 14),
1209 read_u8(data, 15), read_u8(data, 16));
1210 break;
1211 case 2:
1212 if (len == 1)
1213 return 4;
1214
1215 if (len == 4)
1216 return 4 + (read_u16(data, 2) * 4);
1217
1218 limit = read_u16(data, 2);
1219 for (i = 0; i < limit; i++) {
1220 int32_t val = read_s32(data, 4 + (i * 4));
1221 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1222 }
1223
1224 set_encodings(vs, (int32_t *)(data + 4), limit);
1225 break;
1226 case 3:
1227 if (len == 1)
1228 return 10;
1229
1230 framebuffer_update_request(vs,
1231 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1232 read_u16(data, 6), read_u16(data, 8));
1233 break;
1234 case 4:
1235 if (len == 1)
1236 return 8;
1237
1238 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1239 break;
1240 case 5:
1241 if (len == 1)
1242 return 6;
1243
1244 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1245 break;
1246 case 6:
1247 if (len == 1)
1248 return 8;
1249
1250 if (len == 8) {
1251 uint32_t dlen = read_u32(data, 4);
1252 if (dlen > 0)
1253 return 8 + dlen;
1254 }
1255
1256 client_cut_text(vs, read_u32(data, 4), data + 8);
1257 break;
1258 default:
1259 printf("Msg: %d\n", data[0]);
1260 vnc_client_error(vs);
1261 break;
1262 }
1263
1264 vnc_read_when(vs, protocol_client_msg, 1);
1265 return 0;
1266 }
1267
1268 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1269 {
1270 char pad[3] = { 0, 0, 0 };
1271 char buf[1024];
1272 int size;
1273 char prog[30] = "QEMU";
1274
1275 vs->width = vs->ds->width;
1276 vs->height = vs->ds->height;
1277 vnc_write_u16(vs, vs->ds->width);
1278 vnc_write_u16(vs, vs->ds->height);
1279
1280 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1281 vnc_write_u8(vs, vs->depth * 8); /* depth */
1282 #ifdef WORDS_BIGENDIAN
1283 vnc_write_u8(vs, 1); /* big-endian-flag */
1284 #else
1285 vnc_write_u8(vs, 0); /* big-endian-flag */
1286 #endif
1287 vnc_write_u8(vs, 1); /* true-color-flag */
1288 if (vs->depth == 4) {
1289 vnc_write_u16(vs, 0xFF); /* red-max */
1290 vnc_write_u16(vs, 0xFF); /* green-max */
1291 vnc_write_u16(vs, 0xFF); /* blue-max */
1292 vnc_write_u8(vs, 16); /* red-shift */
1293 vnc_write_u8(vs, 8); /* green-shift */
1294 vnc_write_u8(vs, 0); /* blue-shift */
1295 vs->send_hextile_tile = send_hextile_tile_32;
1296 } else if (vs->depth == 2) {
1297 vnc_write_u16(vs, 31); /* red-max */
1298 vnc_write_u16(vs, 63); /* green-max */
1299 vnc_write_u16(vs, 31); /* blue-max */
1300 vnc_write_u8(vs, 11); /* red-shift */
1301 vnc_write_u8(vs, 5); /* green-shift */
1302 vnc_write_u8(vs, 0); /* blue-shift */
1303 vs->send_hextile_tile = send_hextile_tile_16;
1304 } else if (vs->depth == 1) {
1305 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1306 vnc_write_u16(vs, 7); /* red-max */
1307 vnc_write_u16(vs, 7); /* green-max */
1308 vnc_write_u16(vs, 3); /* blue-max */
1309 vnc_write_u8(vs, 5); /* red-shift */
1310 vnc_write_u8(vs, 2); /* green-shift */
1311 vnc_write_u8(vs, 0); /* blue-shift */
1312 vs->send_hextile_tile = send_hextile_tile_8;
1313 }
1314 vs->write_pixels = vnc_write_pixels_copy;
1315
1316 vnc_write(vs, pad, 3); /* padding */
1317
1318 decorate_application_name((char *)prog, sizeof prog);
1319
1320 if (qemu_name)
1321 size = snprintf(buf, sizeof(buf), "%s (%s)", prog, qemu_name);
1322 else
1323 size = snprintf(buf, sizeof(buf), "%s", prog);
1324
1325 vnc_write_u32(vs, size);
1326 vnc_write(vs, buf, size);
1327 vnc_flush(vs);
1328
1329 vnc_read_when(vs, protocol_client_msg, 1);
1330
1331 return 0;
1332 }
1333
1334 static void make_challenge(VncState *vs)
1335 {
1336 int i;
1337
1338 srand(time(NULL)+getpid()+getpid()*987654+rand());
1339
1340 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1341 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1342 }
1343
1344 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1345 {
1346 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1347 int i, j, pwlen;
1348 unsigned char key[8];
1349
1350 if (!vs->password || !vs->password[0]) {
1351 VNC_DEBUG("No password configured on server");
1352 vnc_write_u32(vs, 1); /* Reject auth */
1353 if (vs->minor >= 8) {
1354 static const char err[] = "Authentication failed";
1355 vnc_write_u32(vs, sizeof(err));
1356 vnc_write(vs, err, sizeof(err));
1357 }
1358 vnc_flush(vs);
1359 vnc_client_error(vs);
1360 return 0;
1361 }
1362
1363 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1364
1365 /* Calculate the expected challenge response */
1366 pwlen = strlen(vs->password);
1367 for (i=0; i<sizeof(key); i++)
1368 key[i] = i<pwlen ? vs->password[i] : 0;
1369 deskey(key, EN0);
1370 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1371 des(response+j, response+j);
1372
1373 /* Compare expected vs actual challenge response */
1374 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1375 VNC_DEBUG("Client challenge reponse did not match\n");
1376 vnc_write_u32(vs, 1); /* Reject auth */
1377 if (vs->minor >= 8) {
1378 static const char err[] = "Authentication failed";
1379 vnc_write_u32(vs, sizeof(err));
1380 vnc_write(vs, err, sizeof(err));
1381 }
1382 vnc_flush(vs);
1383 vnc_client_error(vs);
1384 } else {
1385 VNC_DEBUG("Accepting VNC challenge response\n");
1386 vnc_write_u32(vs, 0); /* Accept auth */
1387 vnc_flush(vs);
1388
1389 vnc_read_when(vs, protocol_client_init, 1);
1390 }
1391 return 0;
1392 }
1393
1394 static int start_auth_vnc(VncState *vs)
1395 {
1396 make_challenge(vs);
1397 /* Send client a 'random' challenge */
1398 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1399 vnc_flush(vs);
1400
1401 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1402 return 0;
1403 }
1404
1405
1406 #if CONFIG_VNC_TLS
1407 #define DH_BITS 1024
1408 static gnutls_dh_params_t dh_params;
1409
1410 static int vnc_tls_initialize(void)
1411 {
1412 static int tlsinitialized = 0;
1413
1414 if (tlsinitialized)
1415 return 1;
1416
1417 if (gnutls_global_init () < 0)
1418 return 0;
1419
1420 /* XXX ought to re-generate diffie-hellmen params periodically */
1421 if (gnutls_dh_params_init (&dh_params) < 0)
1422 return 0;
1423 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1424 return 0;
1425
1426 #if _VNC_DEBUG == 2
1427 gnutls_global_set_log_level(10);
1428 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1429 #endif
1430
1431 tlsinitialized = 1;
1432
1433 return 1;
1434 }
1435
1436 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1437 {
1438 gnutls_anon_server_credentials anon_cred;
1439 int ret;
1440
1441 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1442 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1443 return NULL;
1444 }
1445
1446 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1447
1448 return anon_cred;
1449 }
1450
1451
1452 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1453 {
1454 gnutls_certificate_credentials_t x509_cred;
1455 int ret;
1456
1457 if (!vs->x509cacert) {
1458 VNC_DEBUG("No CA x509 certificate specified\n");
1459 return NULL;
1460 }
1461 if (!vs->x509cert) {
1462 VNC_DEBUG("No server x509 certificate specified\n");
1463 return NULL;
1464 }
1465 if (!vs->x509key) {
1466 VNC_DEBUG("No server private key specified\n");
1467 return NULL;
1468 }
1469
1470 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1471 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1472 return NULL;
1473 }
1474 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1475 vs->x509cacert,
1476 GNUTLS_X509_FMT_PEM)) < 0) {
1477 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1478 gnutls_certificate_free_credentials(x509_cred);
1479 return NULL;
1480 }
1481
1482 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1483 vs->x509cert,
1484 vs->x509key,
1485 GNUTLS_X509_FMT_PEM)) < 0) {
1486 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1487 gnutls_certificate_free_credentials(x509_cred);
1488 return NULL;
1489 }
1490
1491 if (vs->x509cacrl) {
1492 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1493 vs->x509cacrl,
1494 GNUTLS_X509_FMT_PEM)) < 0) {
1495 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1496 gnutls_certificate_free_credentials(x509_cred);
1497 return NULL;
1498 }
1499 }
1500
1501 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1502
1503 return x509_cred;
1504 }
1505
1506 static int vnc_validate_certificate(struct VncState *vs)
1507 {
1508 int ret;
1509 unsigned int status;
1510 const gnutls_datum_t *certs;
1511 unsigned int nCerts, i;
1512 time_t now;
1513
1514 VNC_DEBUG("Validating client certificate\n");
1515 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1516 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1517 return -1;
1518 }
1519
1520 if ((now = time(NULL)) == ((time_t)-1)) {
1521 return -1;
1522 }
1523
1524 if (status != 0) {
1525 if (status & GNUTLS_CERT_INVALID)
1526 VNC_DEBUG("The certificate is not trusted.\n");
1527
1528 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1529 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1530
1531 if (status & GNUTLS_CERT_REVOKED)
1532 VNC_DEBUG("The certificate has been revoked.\n");
1533
1534 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1535 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1536
1537 return -1;
1538 } else {
1539 VNC_DEBUG("Certificate is valid!\n");
1540 }
1541
1542 /* Only support x509 for now */
1543 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1544 return -1;
1545
1546 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1547 return -1;
1548
1549 for (i = 0 ; i < nCerts ; i++) {
1550 gnutls_x509_crt_t cert;
1551 VNC_DEBUG ("Checking certificate chain %d\n", i);
1552 if (gnutls_x509_crt_init (&cert) < 0)
1553 return -1;
1554
1555 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1556 gnutls_x509_crt_deinit (cert);
1557 return -1;
1558 }
1559
1560 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1561 VNC_DEBUG("The certificate has expired\n");
1562 gnutls_x509_crt_deinit (cert);
1563 return -1;
1564 }
1565
1566 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1567 VNC_DEBUG("The certificate is not yet activated\n");
1568 gnutls_x509_crt_deinit (cert);
1569 return -1;
1570 }
1571
1572 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1573 VNC_DEBUG("The certificate is not yet activated\n");
1574 gnutls_x509_crt_deinit (cert);
1575 return -1;
1576 }
1577
1578 gnutls_x509_crt_deinit (cert);
1579 }
1580
1581 return 0;
1582 }
1583
1584
1585 static int start_auth_vencrypt_subauth(VncState *vs)
1586 {
1587 switch (vs->subauth) {
1588 case VNC_AUTH_VENCRYPT_TLSNONE:
1589 case VNC_AUTH_VENCRYPT_X509NONE:
1590 VNC_DEBUG("Accept TLS auth none\n");
1591 vnc_write_u32(vs, 0); /* Accept auth completion */
1592 vnc_read_when(vs, protocol_client_init, 1);
1593 break;
1594
1595 case VNC_AUTH_VENCRYPT_TLSVNC:
1596 case VNC_AUTH_VENCRYPT_X509VNC:
1597 VNC_DEBUG("Start TLS auth VNC\n");
1598 return start_auth_vnc(vs);
1599
1600 default: /* Should not be possible, but just in case */
1601 VNC_DEBUG("Reject auth %d\n", vs->auth);
1602 vnc_write_u8(vs, 1);
1603 if (vs->minor >= 8) {
1604 static const char err[] = "Unsupported authentication type";
1605 vnc_write_u32(vs, sizeof(err));
1606 vnc_write(vs, err, sizeof(err));
1607 }
1608 vnc_client_error(vs);
1609 }
1610
1611 return 0;
1612 }
1613
1614 static void vnc_handshake_io(void *opaque);
1615
1616 static int vnc_continue_handshake(struct VncState *vs) {
1617 int ret;
1618
1619 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1620 if (!gnutls_error_is_fatal(ret)) {
1621 VNC_DEBUG("Handshake interrupted (blocking)\n");
1622 if (!gnutls_record_get_direction(vs->tls_session))
1623 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1624 else
1625 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1626 return 0;
1627 }
1628 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1629 vnc_client_error(vs);
1630 return -1;
1631 }
1632
1633 if (vs->x509verify) {
1634 if (vnc_validate_certificate(vs) < 0) {
1635 VNC_DEBUG("Client verification failed\n");
1636 vnc_client_error(vs);
1637 return -1;
1638 } else {
1639 VNC_DEBUG("Client verification passed\n");
1640 }
1641 }
1642
1643 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1644 vs->wiremode = VNC_WIREMODE_TLS;
1645 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1646
1647 return start_auth_vencrypt_subauth(vs);
1648 }
1649
1650 static void vnc_handshake_io(void *opaque) {
1651 struct VncState *vs = (struct VncState *)opaque;
1652
1653 VNC_DEBUG("Handshake IO continue\n");
1654 vnc_continue_handshake(vs);
1655 }
1656
1657 #define NEED_X509_AUTH(vs) \
1658 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1659 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1660 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1661
1662
1663 static int vnc_start_tls(struct VncState *vs) {
1664 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1665 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1666 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1667 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1668
1669 VNC_DEBUG("Do TLS setup\n");
1670 if (vnc_tls_initialize() < 0) {
1671 VNC_DEBUG("Failed to init TLS\n");
1672 vnc_client_error(vs);
1673 return -1;
1674 }
1675 if (vs->tls_session == NULL) {
1676 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1677 vnc_client_error(vs);
1678 return -1;
1679 }
1680
1681 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1682 gnutls_deinit(vs->tls_session);
1683 vs->tls_session = NULL;
1684 vnc_client_error(vs);
1685 return -1;
1686 }
1687
1688 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1689 gnutls_deinit(vs->tls_session);
1690 vs->tls_session = NULL;
1691 vnc_client_error(vs);
1692 return -1;
1693 }
1694
1695 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1696 gnutls_deinit(vs->tls_session);
1697 vs->tls_session = NULL;
1698 vnc_client_error(vs);
1699 return -1;
1700 }
1701
1702 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1703 gnutls_deinit(vs->tls_session);
1704 vs->tls_session = NULL;
1705 vnc_client_error(vs);
1706 return -1;
1707 }
1708
1709 if (NEED_X509_AUTH(vs)) {
1710 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1711 if (!x509_cred) {
1712 gnutls_deinit(vs->tls_session);
1713 vs->tls_session = NULL;
1714 vnc_client_error(vs);
1715 return -1;
1716 }
1717 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1718 gnutls_deinit(vs->tls_session);
1719 vs->tls_session = NULL;
1720 gnutls_certificate_free_credentials(x509_cred);
1721 vnc_client_error(vs);
1722 return -1;
1723 }
1724 if (vs->x509verify) {
1725 VNC_DEBUG("Requesting a client certificate\n");
1726 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1727 }
1728
1729 } else {
1730 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1731 if (!anon_cred) {
1732 gnutls_deinit(vs->tls_session);
1733 vs->tls_session = NULL;
1734 vnc_client_error(vs);
1735 return -1;
1736 }
1737 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1738 gnutls_deinit(vs->tls_session);
1739 vs->tls_session = NULL;
1740 gnutls_anon_free_server_credentials(anon_cred);
1741 vnc_client_error(vs);
1742 return -1;
1743 }
1744 }
1745
1746 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1747 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1748 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1749 }
1750
1751 VNC_DEBUG("Start TLS handshake process\n");
1752 return vnc_continue_handshake(vs);
1753 }
1754
1755 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1756 {
1757 int auth = read_u32(data, 0);
1758
1759 if (auth != vs->subauth) {
1760 VNC_DEBUG("Rejecting auth %d\n", auth);
1761 vnc_write_u8(vs, 0); /* Reject auth */
1762 vnc_flush(vs);
1763 vnc_client_error(vs);
1764 } else {
1765 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1766 vnc_write_u8(vs, 1); /* Accept auth */
1767 vnc_flush(vs);
1768
1769 if (vnc_start_tls(vs) < 0) {
1770 VNC_DEBUG("Failed to complete TLS\n");
1771 return 0;
1772 }
1773
1774 if (vs->wiremode == VNC_WIREMODE_TLS) {
1775 VNC_DEBUG("Starting VeNCrypt subauth\n");
1776 return start_auth_vencrypt_subauth(vs);
1777 } else {
1778 VNC_DEBUG("TLS handshake blocked\n");
1779 return 0;
1780 }
1781 }
1782 return 0;
1783 }
1784
1785 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1786 {
1787 if (data[0] != 0 ||
1788 data[1] != 2) {
1789 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1790 vnc_write_u8(vs, 1); /* Reject version */
1791 vnc_flush(vs);
1792 vnc_client_error(vs);
1793 } else {
1794 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1795 vnc_write_u8(vs, 0); /* Accept version */
1796 vnc_write_u8(vs, 1); /* Number of sub-auths */
1797 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1798 vnc_flush(vs);
1799 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1800 }
1801 return 0;
1802 }
1803
1804 static int start_auth_vencrypt(VncState *vs)
1805 {
1806 /* Send VeNCrypt version 0.2 */
1807 vnc_write_u8(vs, 0);
1808 vnc_write_u8(vs, 2);
1809
1810 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1811 return 0;
1812 }
1813 #endif /* CONFIG_VNC_TLS */
1814
1815 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1816 {
1817 /* We only advertise 1 auth scheme at a time, so client
1818 * must pick the one we sent. Verify this */
1819 if (data[0] != vs->auth) { /* Reject auth */
1820 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1821 vnc_write_u32(vs, 1);
1822 if (vs->minor >= 8) {
1823 static const char err[] = "Authentication failed";
1824 vnc_write_u32(vs, sizeof(err));
1825 vnc_write(vs, err, sizeof(err));
1826 }
1827 vnc_client_error(vs);
1828 } else { /* Accept requested auth */
1829 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1830 switch (vs->auth) {
1831 case VNC_AUTH_NONE:
1832 VNC_DEBUG("Accept auth none\n");
1833 if (vs->minor >= 8) {
1834 vnc_write_u32(vs, 0); /* Accept auth completion */
1835 vnc_flush(vs);
1836 }
1837 vnc_read_when(vs, protocol_client_init, 1);
1838 break;
1839
1840 case VNC_AUTH_VNC:
1841 VNC_DEBUG("Start VNC auth\n");
1842 return start_auth_vnc(vs);
1843
1844 #if CONFIG_VNC_TLS
1845 case VNC_AUTH_VENCRYPT:
1846 VNC_DEBUG("Accept VeNCrypt auth\n");;
1847 return start_auth_vencrypt(vs);
1848 #endif /* CONFIG_VNC_TLS */
1849
1850 default: /* Should not be possible, but just in case */
1851 VNC_DEBUG("Reject auth %d\n", vs->auth);
1852 vnc_write_u8(vs, 1);
1853 if (vs->minor >= 8) {
1854 static const char err[] = "Authentication failed";
1855 vnc_write_u32(vs, sizeof(err));
1856 vnc_write(vs, err, sizeof(err));
1857 }
1858 vnc_client_error(vs);
1859 }
1860 }
1861 return 0;
1862 }
1863
1864 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1865 {
1866 char local[13];
1867
1868 memcpy(local, version, 12);
1869 local[12] = 0;
1870
1871 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1872 VNC_DEBUG("Malformed protocol version %s\n", local);
1873 vnc_client_error(vs);
1874 return 0;
1875 }
1876 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1877 if (vs->major != 3 ||
1878 (vs->minor != 3 &&
1879 vs->minor != 4 &&
1880 vs->minor != 5 &&
1881 vs->minor != 7 &&
1882 vs->minor != 8)) {
1883 VNC_DEBUG("Unsupported client version\n");
1884 vnc_write_u32(vs, VNC_AUTH_INVALID);
1885 vnc_flush(vs);
1886 vnc_client_error(vs);
1887 return 0;
1888 }
1889 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1890 * as equivalent to v3.3 by servers
1891 */
1892 if (vs->minor == 4 || vs->minor == 5)
1893 vs->minor = 3;
1894
1895 if (vs->minor == 3) {
1896 if (vs->auth == VNC_AUTH_NONE) {
1897 VNC_DEBUG("Tell client auth none\n");
1898 vnc_write_u32(vs, vs->auth);
1899 vnc_flush(vs);
1900 vnc_read_when(vs, protocol_client_init, 1);
1901 } else if (vs->auth == VNC_AUTH_VNC) {
1902 VNC_DEBUG("Tell client VNC auth\n");
1903 vnc_write_u32(vs, vs->auth);
1904 vnc_flush(vs);
1905 start_auth_vnc(vs);
1906 } else {
1907 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1908 vnc_write_u32(vs, VNC_AUTH_INVALID);
1909 vnc_flush(vs);
1910 vnc_client_error(vs);
1911 }
1912 } else {
1913 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1914 vnc_write_u8(vs, 1); /* num auth */
1915 vnc_write_u8(vs, vs->auth);
1916 vnc_read_when(vs, protocol_client_auth, 1);
1917 vnc_flush(vs);
1918 }
1919
1920 return 0;
1921 }
1922
1923 static void vnc_connect(VncState *vs)
1924 {
1925 VNC_DEBUG("New client on socket %d\n", vs->csock);
1926 socket_set_nonblock(vs->csock);
1927 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1928 vnc_write(vs, "RFB 003.008\n", 12);
1929 vnc_flush(vs);
1930 vnc_read_when(vs, protocol_version, 12);
1931 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1932 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1933 vs->has_resize = 0;
1934 vs->has_hextile = 0;
1935 vs->ds->dpy_copy = NULL;
1936 vnc_update_client(vs);
1937 }
1938
1939 static void vnc_listen_read(void *opaque)
1940 {
1941 VncState *vs = opaque;
1942 struct sockaddr_in addr;
1943 socklen_t addrlen = sizeof(addr);
1944
1945 /* Catch-up */
1946 vga_hw_update();
1947
1948 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1949 if (vs->csock != -1) {
1950 vnc_connect(vs);
1951 }
1952 }
1953
1954 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1955
1956 void vnc_display_init(DisplayState *ds)
1957 {
1958 VncState *vs;
1959
1960 vs = qemu_mallocz(sizeof(VncState));
1961 if (!vs)
1962 exit(1);
1963
1964 ds->opaque = vs;
1965 vnc_state = vs;
1966 vs->display = NULL;
1967 vs->password = NULL;
1968
1969 vs->lsock = -1;
1970 vs->csock = -1;
1971 vs->depth = 4;
1972 vs->last_x = -1;
1973 vs->last_y = -1;
1974
1975 vs->ds = ds;
1976
1977 if (!keyboard_layout)
1978 keyboard_layout = "en-us";
1979
1980 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1981 if (!vs->kbd_layout)
1982 exit(1);
1983
1984 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1985
1986 vs->ds->data = NULL;
1987 vs->ds->dpy_update = vnc_dpy_update;
1988 vs->ds->dpy_resize = vnc_dpy_resize;
1989 vs->ds->dpy_refresh = NULL;
1990
1991 vnc_dpy_resize(vs->ds, 640, 400);
1992 }
1993
1994 #if CONFIG_VNC_TLS
1995 static int vnc_set_x509_credential(VncState *vs,
1996 const char *certdir,
1997 const char *filename,
1998 char **cred,
1999 int ignoreMissing)
2000 {
2001 struct stat sb;
2002
2003 if (*cred) {
2004 qemu_free(*cred);
2005 *cred = NULL;
2006 }
2007
2008 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2009 return -1;
2010
2011 strcpy(*cred, certdir);
2012 strcat(*cred, "/");
2013 strcat(*cred, filename);
2014
2015 VNC_DEBUG("Check %s\n", *cred);
2016 if (stat(*cred, &sb) < 0) {
2017 qemu_free(*cred);
2018 *cred = NULL;
2019 if (ignoreMissing && errno == ENOENT)
2020 return 0;
2021 return -1;
2022 }
2023
2024 return 0;
2025 }
2026
2027 static int vnc_set_x509_credential_dir(VncState *vs,
2028 const char *certdir)
2029 {
2030 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2031 goto cleanup;
2032 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2033 goto cleanup;
2034 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2035 goto cleanup;
2036 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2037 goto cleanup;
2038
2039 return 0;
2040
2041 cleanup:
2042 qemu_free(vs->x509cacert);
2043 qemu_free(vs->x509cacrl);
2044 qemu_free(vs->x509cert);
2045 qemu_free(vs->x509key);
2046 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2047 return -1;
2048 }
2049 #endif /* CONFIG_VNC_TLS */
2050
2051 void vnc_display_close(DisplayState *ds)
2052 {
2053 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2054
2055 if (vs->display) {
2056 qemu_free(vs->display);
2057 vs->display = NULL;
2058 }
2059 if (vs->lsock != -1) {
2060 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2061 close(vs->lsock);
2062 vs->lsock = -1;
2063 }
2064 if (vs->csock != -1) {
2065 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2066 closesocket(vs->csock);
2067 vs->csock = -1;
2068 buffer_reset(&vs->input);
2069 buffer_reset(&vs->output);
2070 vs->need_update = 0;
2071 #if CONFIG_VNC_TLS
2072 if (vs->tls_session) {
2073 gnutls_deinit(vs->tls_session);
2074 vs->tls_session = NULL;
2075 }
2076 vs->wiremode = VNC_WIREMODE_CLEAR;
2077 #endif /* CONFIG_VNC_TLS */
2078 }
2079 vs->auth = VNC_AUTH_INVALID;
2080 #if CONFIG_VNC_TLS
2081 vs->subauth = VNC_AUTH_INVALID;
2082 vs->x509verify = 0;
2083 #endif
2084 }
2085
2086 int vnc_display_password(DisplayState *ds, const char *password)
2087 {
2088 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2089
2090 if (vs->password) {
2091 qemu_free(vs->password);
2092 vs->password = NULL;
2093 }
2094 if (password && password[0]) {
2095 if (!(vs->password = qemu_strdup(password)))
2096 return -1;
2097 }
2098
2099 return 0;
2100 }
2101
2102 int vnc_display_open(DisplayState *ds, const char *display)
2103 {
2104 struct sockaddr *addr;
2105 struct sockaddr_in iaddr;
2106 #ifndef _WIN32
2107 struct sockaddr_un uaddr;
2108 const char *p;
2109 #endif
2110 int reuse_addr, ret;
2111 socklen_t addrlen;
2112 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2113 const char *options;
2114 int password = 0;
2115 int reverse = 0;
2116 #if CONFIG_VNC_TLS
2117 int tls = 0, x509 = 0;
2118 #endif
2119
2120 vnc_display_close(ds);
2121 if (strcmp(display, "none") == 0)
2122 return 0;
2123
2124 if (!(vs->display = strdup(display)))
2125 return -1;
2126
2127 options = display;
2128 while ((options = strchr(options, ','))) {
2129 options++;
2130 if (strncmp(options, "password", 8) == 0) {
2131 password = 1; /* Require password auth */
2132 } else if (strncmp(options, "reverse", 7) == 0) {
2133 reverse = 1;
2134 #if CONFIG_VNC_TLS
2135 } else if (strncmp(options, "tls", 3) == 0) {
2136 tls = 1; /* Require TLS */
2137 } else if (strncmp(options, "x509", 4) == 0) {
2138 char *start, *end;
2139 x509 = 1; /* Require x509 certificates */
2140 if (strncmp(options, "x509verify", 10) == 0)
2141 vs->x509verify = 1; /* ...and verify client certs */
2142
2143 /* Now check for 'x509=/some/path' postfix
2144 * and use that to setup x509 certificate/key paths */
2145 start = strchr(options, '=');
2146 end = strchr(options, ',');
2147 if (start && (!end || (start < end))) {
2148 int len = end ? end-(start+1) : strlen(start+1);
2149 char *path = qemu_malloc(len+1);
2150 strncpy(path, start+1, len);
2151 path[len] = '\0';
2152 VNC_DEBUG("Trying certificate path '%s'\n", path);
2153 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2154 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2155 qemu_free(path);
2156 qemu_free(vs->display);
2157 vs->display = NULL;
2158 return -1;
2159 }
2160 qemu_free(path);
2161 } else {
2162 fprintf(stderr, "No certificate path provided\n");
2163 qemu_free(vs->display);
2164 vs->display = NULL;
2165 return -1;
2166 }
2167 #endif
2168 }
2169 }
2170
2171 if (password) {
2172 #if CONFIG_VNC_TLS
2173 if (tls) {
2174 vs->auth = VNC_AUTH_VENCRYPT;
2175 if (x509) {
2176 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2177 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2178 } else {
2179 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2180 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2181 }
2182 } else {
2183 #endif
2184 VNC_DEBUG("Initializing VNC server with password auth\n");
2185 vs->auth = VNC_AUTH_VNC;
2186 #if CONFIG_VNC_TLS
2187 vs->subauth = VNC_AUTH_INVALID;
2188 }
2189 #endif
2190 } else {
2191 #if CONFIG_VNC_TLS
2192 if (tls) {
2193 vs->auth = VNC_AUTH_VENCRYPT;
2194 if (x509) {
2195 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2196 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2197 } else {
2198 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2199 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2200 }
2201 } else {
2202 #endif
2203 VNC_DEBUG("Initializing VNC server with no auth\n");
2204 vs->auth = VNC_AUTH_NONE;
2205 #if CONFIG_VNC_TLS
2206 vs->subauth = VNC_AUTH_INVALID;
2207 }
2208 #endif
2209 }
2210 #ifndef _WIN32
2211 if (strstart(display, "unix:", &p)) {
2212 addr = (struct sockaddr *)&uaddr;
2213 addrlen = sizeof(uaddr);
2214
2215 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2216 if (vs->lsock == -1) {
2217 fprintf(stderr, "Could not create socket\n");
2218 free(vs->display);
2219 vs->display = NULL;
2220 return -1;
2221 }
2222
2223 uaddr.sun_family = AF_UNIX;
2224 memset(uaddr.sun_path, 0, 108);
2225 snprintf(uaddr.sun_path, 108, "%s", p);
2226
2227 if (!reverse) {
2228 unlink(uaddr.sun_path);
2229 }
2230 } else
2231 #endif
2232 {
2233 addr = (struct sockaddr *)&iaddr;
2234 addrlen = sizeof(iaddr);
2235
2236 if (parse_host_port(&iaddr, display) < 0) {
2237 fprintf(stderr, "Could not parse VNC address\n");
2238 free(vs->display);
2239 vs->display = NULL;
2240 return -1;
2241 }
2242
2243 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2244
2245 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2246 if (vs->lsock == -1) {
2247 fprintf(stderr, "Could not create socket\n");
2248 free(vs->display);
2249 vs->display = NULL;
2250 return -1;
2251 }
2252
2253 reuse_addr = 1;
2254 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2255 (const char *)&reuse_addr, sizeof(reuse_addr));
2256 if (ret == -1) {
2257 fprintf(stderr, "setsockopt() failed\n");
2258 close(vs->lsock);
2259 vs->lsock = -1;
2260 free(vs->display);
2261 vs->display = NULL;
2262 return -1;
2263 }
2264 }
2265
2266 if (reverse) {
2267 if (connect(vs->lsock, addr, addrlen) == -1) {
2268 fprintf(stderr, "Connection to VNC client failed\n");
2269 close(vs->lsock);
2270 vs->lsock = -1;
2271 free(vs->display);
2272 vs->display = NULL;
2273 return -1;
2274 } else {
2275 vs->csock = vs->lsock;
2276 vs->lsock = -1;
2277 vnc_connect(vs);
2278 return 0;
2279 }
2280 }
2281
2282 if (bind(vs->lsock, addr, addrlen) == -1) {
2283 fprintf(stderr, "bind() failed\n");
2284 close(vs->lsock);
2285 vs->lsock = -1;
2286 free(vs->display);
2287 vs->display = NULL;
2288 return -1;
2289 }
2290
2291 if (listen(vs->lsock, 1) == -1) {
2292 fprintf(stderr, "listen() failed\n");
2293 close(vs->lsock);
2294 vs->lsock = -1;
2295 free(vs->display);
2296 vs->display = NULL;
2297 return -1;
2298 }
2299
2300 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2301 }
Patches shipped by Fedora