search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kvm: external module: handle set_kset_name()'s removal
[qemu-kvm/fedora.git] / vnc.c
blob59933819ce405901f1c61777cb3288259ce99da4
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
33
34 #include "vnc_keysym.h"
35 #include "keymaps.c"
36 #include "d3des.h"
37
38 #if CONFIG_VNC_TLS
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
42
43 // #define _VNC_DEBUG 1
44
45 #if _VNC_DEBUG
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
47
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
52 }
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
54 #else
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
56 #endif
57
58
59 typedef struct Buffer
60 {
61 size_t capacity;
62 size_t offset;
63 uint8_t *buffer;
64 } Buffer;
65
66 typedef struct VncState VncState;
67
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
69
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
71
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
74 uint32_t *last_bg,
75 uint32_t *last_fg,
76 int *has_bg, int *has_fg);
77
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
81
82 #define VNC_AUTH_CHALLENGE_SIZE 16
83
84 enum {
85 VNC_AUTH_INVALID = 0,
86 VNC_AUTH_NONE = 1,
87 VNC_AUTH_VNC = 2,
88 VNC_AUTH_RA2 = 5,
89 VNC_AUTH_RA2NE = 6,
90 VNC_AUTH_TIGHT = 16,
91 VNC_AUTH_ULTRA = 17,
92 VNC_AUTH_TLS = 18,
93 VNC_AUTH_VENCRYPT = 19
94 };
95
96 #if CONFIG_VNC_TLS
97 enum {
98 VNC_WIREMODE_CLEAR,
99 VNC_WIREMODE_TLS,
100 };
101
102 enum {
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
110 };
111
112 #if CONFIG_VNC_TLS
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
117 #endif
118
119 #endif /* CONFIG_VNC_TLS */
120
121 struct VncState
122 {
123 QEMUTimer *timer;
124 int lsock;
125 int csock;
126 DisplayState *ds;
127 int need_update;
128 int width;
129 int height;
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
131 char *old_data;
132 int depth; /* internal VNC frame buffer byte per pixel */
133 int has_resize;
134 int has_hextile;
135 int has_pointer_type_change;
136 int absolute;
137 int last_x;
138 int last_y;
139
140 int major;
141 int minor;
142
143 char *display;
144 char *password;
145 int auth;
146 #if CONFIG_VNC_TLS
147 int subauth;
148 int x509verify;
149
150 char *x509cacert;
151 char *x509cacrl;
152 char *x509cert;
153 char *x509key;
154 #endif
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
156
157 #if CONFIG_VNC_TLS
158 int wiremode;
159 gnutls_session_t tls_session;
160 #endif
161
162 Buffer output;
163 Buffer input;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
172
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
175 /* input */
176 uint8_t modifiers_state[256];
177 };
178
179 static VncState *vnc_state; /* needed for info vnc */
180
181 void do_info_vnc(void)
182 {
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
185 else {
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
188 term_printf("\n");
189
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
192 else
193 term_printf("Client connected\n");
194 }
195 }
196
197 /* TODO
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
202 */
203
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
212
213 static inline void vnc_set_bit(uint32_t *d, int k)
214 {
215 d[k >> 5] |= 1 << (k & 0x1f);
216 }
217
218 static inline void vnc_clear_bit(uint32_t *d, int k)
219 {
220 d[k >> 5] &= ~(1 << (k & 0x1f));
221 }
222
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
224 {
225 int j;
226
227 j = 0;
228 while (n >= 32) {
229 d[j++] = -1;
230 n -= 32;
231 }
232 if (n > 0)
233 d[j++] = (1 << n) - 1;
234 while (j < nb_words)
235 d[j++] = 0;
236 }
237
238 static inline int vnc_get_bit(const uint32_t *d, int k)
239 {
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
241 }
242
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
244 int nb_words)
245 {
246 int i;
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
249 return 1;
250 }
251 return 0;
252 }
253
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
255 {
256 VncState *vs = ds->opaque;
257 int i;
258
259 h += y;
260
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
264 */
265 w += (x % 16);
266 x -= (x % 16);
267
268 for (; y < h; y++)
269 for (i = 0; i < w; i += 16)
270 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
271 }
272
273 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
274 int32_t encoding)
275 {
276 vnc_write_u16(vs, x);
277 vnc_write_u16(vs, y);
278 vnc_write_u16(vs, w);
279 vnc_write_u16(vs, h);
280
281 vnc_write_s32(vs, encoding);
282 }
283
284 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
285 {
286 int size_changed;
287 VncState *vs = ds->opaque;
288
289 ds->data = realloc(ds->data, w * h * vs->depth);
290 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
291
292 if (ds->data == NULL || vs->old_data == NULL) {
293 fprintf(stderr, "vnc: memory allocation failed\n");
294 exit(1);
295 }
296
297 if (ds->depth != vs->depth * 8) {
298 ds->depth = vs->depth * 8;
299 console_color_init(ds);
300 }
301 size_changed = ds->width != w || ds->height != h;
302 ds->width = w;
303 ds->height = h;
304 ds->linesize = w * vs->depth;
305 if (vs->csock != -1 && vs->has_resize && size_changed) {
306 vnc_write_u8(vs, 0); /* msg id */
307 vnc_write_u8(vs, 0);
308 vnc_write_u16(vs, 1); /* number of rects */
309 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
310 vnc_flush(vs);
311 vs->width = ds->width;
312 vs->height = ds->height;
313 }
314 }
315
316 /* fastest code */
317 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
318 {
319 vnc_write(vs, pixels, size);
320 }
321
322 /* slowest but generic code. */
323 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
324 {
325 unsigned int r, g, b;
326
327 r = (v >> vs->red_shift1) & vs->red_max;
328 g = (v >> vs->green_shift1) & vs->green_max;
329 b = (v >> vs->blue_shift1) & vs->blue_max;
330 v = (r << vs->red_shift) |
331 (g << vs->green_shift) |
332 (b << vs->blue_shift);
333 switch(vs->pix_bpp) {
334 case 1:
335 buf[0] = v;
336 break;
337 case 2:
338 if (vs->pix_big_endian) {
339 buf[0] = v >> 8;
340 buf[1] = v;
341 } else {
342 buf[1] = v >> 8;
343 buf[0] = v;
344 }
345 break;
346 default:
347 case 4:
348 if (vs->pix_big_endian) {
349 buf[0] = v >> 24;
350 buf[1] = v >> 16;
351 buf[2] = v >> 8;
352 buf[3] = v;
353 } else {
354 buf[3] = v >> 24;
355 buf[2] = v >> 16;
356 buf[1] = v >> 8;
357 buf[0] = v;
358 }
359 break;
360 }
361 }
362
363 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
364 {
365 uint32_t *pixels = pixels1;
366 uint8_t buf[4];
367 int n, i;
368
369 n = size >> 2;
370 for(i = 0; i < n; i++) {
371 vnc_convert_pixel(vs, buf, pixels[i]);
372 vnc_write(vs, buf, vs->pix_bpp);
373 }
374 }
375
376 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
377 {
378 int i;
379 uint8_t *row;
380
381 vnc_framebuffer_update(vs, x, y, w, h, 0);
382
383 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
384 for (i = 0; i < h; i++) {
385 vs->write_pixels(vs, row, w * vs->depth);
386 row += vs->ds->linesize;
387 }
388 }
389
390 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
391 {
392 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
393 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
394 }
395
396 #define BPP 8
397 #include "vnchextile.h"
398 #undef BPP
399
400 #define BPP 16
401 #include "vnchextile.h"
402 #undef BPP
403
404 #define BPP 32
405 #include "vnchextile.h"
406 #undef BPP
407
408 #define GENERIC
409 #define BPP 32
410 #include "vnchextile.h"
411 #undef BPP
412 #undef GENERIC
413
414 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
415 {
416 int i, j;
417 int has_fg, has_bg;
418 uint32_t last_fg32, last_bg32;
419
420 vnc_framebuffer_update(vs, x, y, w, h, 5);
421
422 has_fg = has_bg = 0;
423 for (j = y; j < (y + h); j += 16) {
424 for (i = x; i < (x + w); i += 16) {
425 vs->send_hextile_tile(vs, i, j,
426 MIN(16, x + w - i), MIN(16, y + h - j),
427 &last_bg32, &last_fg32, &has_bg, &has_fg);
428 }
429 }
430 }
431
432 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
433 {
434 if (vs->has_hextile)
435 send_framebuffer_update_hextile(vs, x, y, w, h);
436 else
437 send_framebuffer_update_raw(vs, x, y, w, h);
438 }
439
440 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
441 {
442 int src, dst;
443 uint8_t *src_row;
444 uint8_t *dst_row;
445 char *old_row;
446 int y = 0;
447 int pitch = ds->linesize;
448 VncState *vs = ds->opaque;
449
450 vnc_update_client(vs);
451
452 if (dst_y > src_y) {
453 y = h - 1;
454 pitch = -pitch;
455 }
456
457 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
458 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
459
460 src_row = ds->data + src;
461 dst_row = ds->data + dst;
462 old_row = vs->old_data + dst;
463
464 for (y = 0; y < h; y++) {
465 memmove(old_row, src_row, w * vs->depth);
466 memmove(dst_row, src_row, w * vs->depth);
467 src_row += pitch;
468 dst_row += pitch;
469 old_row += pitch;
470 }
471
472 vnc_write_u8(vs, 0); /* msg id */
473 vnc_write_u8(vs, 0);
474 vnc_write_u16(vs, 1); /* number of rects */
475 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
476 vnc_write_u16(vs, src_x);
477 vnc_write_u16(vs, src_y);
478 vnc_flush(vs);
479 }
480
481 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
482 {
483 int h;
484
485 for (h = 1; h < (vs->height - y); h++) {
486 int tmp_x;
487 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
488 break;
489 for (tmp_x = last_x; tmp_x < x; tmp_x++)
490 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
491 }
492
493 return h;
494 }
495
496 static void vnc_update_client(void *opaque)
497 {
498 VncState *vs = opaque;
499
500 if (vs->need_update && vs->csock != -1) {
501 int y;
502 uint8_t *row;
503 char *old_row;
504 uint32_t width_mask[VNC_DIRTY_WORDS];
505 int n_rectangles;
506 int saved_offset;
507 int has_dirty = 0;
508
509 vga_hw_update();
510
511 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
512
513 /* Walk through the dirty map and eliminate tiles that
514 really aren't dirty */
515 row = vs->ds->data;
516 old_row = vs->old_data;
517
518 for (y = 0; y < vs->height; y++) {
519 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
520 int x;
521 uint8_t *ptr;
522 char *old_ptr;
523
524 ptr = row;
525 old_ptr = (char*)old_row;
526
527 for (x = 0; x < vs->ds->width; x += 16) {
528 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
529 vnc_clear_bit(vs->dirty_row[y], (x / 16));
530 } else {
531 has_dirty = 1;
532 memcpy(old_ptr, ptr, 16 * vs->depth);
533 }
534
535 ptr += 16 * vs->depth;
536 old_ptr += 16 * vs->depth;
537 }
538 }
539
540 row += vs->ds->linesize;
541 old_row += vs->ds->linesize;
542 }
543
544 if (!has_dirty) {
545 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
546 return;
547 }
548
549 /* Count rectangles */
550 n_rectangles = 0;
551 vnc_write_u8(vs, 0); /* msg id */
552 vnc_write_u8(vs, 0);
553 saved_offset = vs->output.offset;
554 vnc_write_u16(vs, 0);
555
556 for (y = 0; y < vs->height; y++) {
557 int x;
558 int last_x = -1;
559 for (x = 0; x < vs->width / 16; x++) {
560 if (vnc_get_bit(vs->dirty_row[y], x)) {
561 if (last_x == -1) {
562 last_x = x;
563 }
564 vnc_clear_bit(vs->dirty_row[y], x);
565 } else {
566 if (last_x != -1) {
567 int h = find_dirty_height(vs, y, last_x, x);
568 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
569 n_rectangles++;
570 }
571 last_x = -1;
572 }
573 }
574 if (last_x != -1) {
575 int h = find_dirty_height(vs, y, last_x, x);
576 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
577 n_rectangles++;
578 }
579 }
580 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
581 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
582 vnc_flush(vs);
583
584 }
585
586 if (vs->csock != -1) {
587 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
588 }
589
590 }
591
592 static int vnc_listen_poll(void *opaque)
593 {
594 VncState *vs = opaque;
595 if (vs->csock == -1)
596 return 1;
597 return 0;
598 }
599
600 static void buffer_reserve(Buffer *buffer, size_t len)
601 {
602 if ((buffer->capacity - buffer->offset) < len) {
603 buffer->capacity += (len + 1024);
604 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
605 if (buffer->buffer == NULL) {
606 fprintf(stderr, "vnc: out of memory\n");
607 exit(1);
608 }
609 }
610 }
611
612 static int buffer_empty(Buffer *buffer)
613 {
614 return buffer->offset == 0;
615 }
616
617 static uint8_t *buffer_end(Buffer *buffer)
618 {
619 return buffer->buffer + buffer->offset;
620 }
621
622 static void buffer_reset(Buffer *buffer)
623 {
624 buffer->offset = 0;
625 }
626
627 static void buffer_append(Buffer *buffer, const void *data, size_t len)
628 {
629 memcpy(buffer->buffer + buffer->offset, data, len);
630 buffer->offset += len;
631 }
632
633 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
634 {
635 if (ret == 0 || ret == -1) {
636 if (ret == -1 && (last_errno == EINTR || last_errno == EAGAIN))
637 return 0;
638
639 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
640 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
641 closesocket(vs->csock);
642 vs->csock = -1;
643 buffer_reset(&vs->input);
644 buffer_reset(&vs->output);
645 vs->need_update = 0;
646 #if CONFIG_VNC_TLS
647 if (vs->tls_session) {
648 gnutls_deinit(vs->tls_session);
649 vs->tls_session = NULL;
650 }
651 vs->wiremode = VNC_WIREMODE_CLEAR;
652 #endif /* CONFIG_VNC_TLS */
653 return 0;
654 }
655 return ret;
656 }
657
658 static void vnc_client_error(VncState *vs)
659 {
660 vnc_client_io_error(vs, -1, EINVAL);
661 }
662
663 static void vnc_client_write(void *opaque)
664 {
665 long ret;
666 VncState *vs = opaque;
667
668 #if CONFIG_VNC_TLS
669 if (vs->tls_session) {
670 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
671 if (ret < 0) {
672 if (ret == GNUTLS_E_AGAIN)
673 errno = EAGAIN;
674 else
675 errno = EIO;
676 ret = -1;
677 }
678 } else
679 #endif /* CONFIG_VNC_TLS */
680 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
681 ret = vnc_client_io_error(vs, ret, socket_error());
682 if (!ret)
683 return;
684
685 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
686 vs->output.offset -= ret;
687
688 if (vs->output.offset == 0) {
689 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
690 }
691 }
692
693 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
694 {
695 vs->read_handler = func;
696 vs->read_handler_expect = expecting;
697 }
698
699 static void vnc_client_read(void *opaque)
700 {
701 VncState *vs = opaque;
702 long ret;
703
704 buffer_reserve(&vs->input, 4096);
705
706 #if CONFIG_VNC_TLS
707 if (vs->tls_session) {
708 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
709 if (ret < 0) {
710 if (ret == GNUTLS_E_AGAIN)
711 errno = EAGAIN;
712 else
713 errno = EIO;
714 ret = -1;
715 }
716 } else
717 #endif /* CONFIG_VNC_TLS */
718 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
719 ret = vnc_client_io_error(vs, ret, socket_error());
720 if (!ret)
721 return;
722
723 vs->input.offset += ret;
724
725 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
726 size_t len = vs->read_handler_expect;
727 int ret;
728
729 ret = vs->read_handler(vs, vs->input.buffer, len);
730 if (vs->csock == -1)
731 return;
732
733 if (!ret) {
734 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
735 vs->input.offset -= len;
736 } else {
737 vs->read_handler_expect = ret;
738 }
739 }
740 }
741
742 static void vnc_write(VncState *vs, const void *data, size_t len)
743 {
744 buffer_reserve(&vs->output, len);
745
746 if (buffer_empty(&vs->output)) {
747 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
748 }
749
750 buffer_append(&vs->output, data, len);
751 }
752
753 static void vnc_write_s32(VncState *vs, int32_t value)
754 {
755 vnc_write_u32(vs, *(uint32_t *)&value);
756 }
757
758 static void vnc_write_u32(VncState *vs, uint32_t value)
759 {
760 uint8_t buf[4];
761
762 buf[0] = (value >> 24) & 0xFF;
763 buf[1] = (value >> 16) & 0xFF;
764 buf[2] = (value >> 8) & 0xFF;
765 buf[3] = value & 0xFF;
766
767 vnc_write(vs, buf, 4);
768 }
769
770 static void vnc_write_u16(VncState *vs, uint16_t value)
771 {
772 uint8_t buf[2];
773
774 buf[0] = (value >> 8) & 0xFF;
775 buf[1] = value & 0xFF;
776
777 vnc_write(vs, buf, 2);
778 }
779
780 static void vnc_write_u8(VncState *vs, uint8_t value)
781 {
782 vnc_write(vs, (char *)&value, 1);
783 }
784
785 static void vnc_flush(VncState *vs)
786 {
787 if (vs->output.offset)
788 vnc_client_write(vs);
789 }
790
791 static uint8_t read_u8(uint8_t *data, size_t offset)
792 {
793 return data[offset];
794 }
795
796 static uint16_t read_u16(uint8_t *data, size_t offset)
797 {
798 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
799 }
800
801 static int32_t read_s32(uint8_t *data, size_t offset)
802 {
803 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
804 (data[offset + 2] << 8) | data[offset + 3]);
805 }
806
807 static uint32_t read_u32(uint8_t *data, size_t offset)
808 {
809 return ((data[offset] << 24) | (data[offset + 1] << 16) |
810 (data[offset + 2] << 8) | data[offset + 3]);
811 }
812
813 #if CONFIG_VNC_TLS
814 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
815 const void *data,
816 size_t len) {
817 struct VncState *vs = (struct VncState *)transport;
818 int ret;
819
820 retry:
821 ret = send(vs->csock, data, len, 0);
822 if (ret < 0) {
823 if (errno == EINTR)
824 goto retry;
825 return -1;
826 }
827 return ret;
828 }
829
830
831 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
832 void *data,
833 size_t len) {
834 struct VncState *vs = (struct VncState *)transport;
835 int ret;
836
837 retry:
838 ret = recv(vs->csock, data, len, 0);
839 if (ret < 0) {
840 if (errno == EINTR)
841 goto retry;
842 return -1;
843 }
844 return ret;
845 }
846 #endif /* CONFIG_VNC_TLS */
847
848 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
849 {
850 }
851
852 static void check_pointer_type_change(VncState *vs, int absolute)
853 {
854 if (vs->has_pointer_type_change && vs->absolute != absolute) {
855 vnc_write_u8(vs, 0);
856 vnc_write_u8(vs, 0);
857 vnc_write_u16(vs, 1);
858 vnc_framebuffer_update(vs, absolute, 0,
859 vs->ds->width, vs->ds->height, -257);
860 vnc_flush(vs);
861 }
862 vs->absolute = absolute;
863 }
864
865 static void pointer_event(VncState *vs, int button_mask, int x, int y)
866 {
867 int buttons = 0;
868 int dz = 0;
869
870 if (button_mask & 0x01)
871 buttons |= MOUSE_EVENT_LBUTTON;
872 if (button_mask & 0x02)
873 buttons |= MOUSE_EVENT_MBUTTON;
874 if (button_mask & 0x04)
875 buttons |= MOUSE_EVENT_RBUTTON;
876 if (button_mask & 0x08)
877 dz = -1;
878 if (button_mask & 0x10)
879 dz = 1;
880
881 if (vs->absolute) {
882 kbd_mouse_event(x * 0x7FFF / vs->ds->width,
883 y * 0x7FFF / vs->ds->height,
884 dz, buttons);
885 } else if (vs->has_pointer_type_change) {
886 x -= 0x7FFF;
887 y -= 0x7FFF;
888
889 kbd_mouse_event(x, y, dz, buttons);
890 } else {
891 if (vs->last_x != -1)
892 kbd_mouse_event(x - vs->last_x,
893 y - vs->last_y,
894 dz, buttons);
895 vs->last_x = x;
896 vs->last_y = y;
897 }
898
899 check_pointer_type_change(vs, kbd_mouse_is_absolute());
900 }
901
902 static void reset_keys(VncState *vs)
903 {
904 int i;
905 for(i = 0; i < 256; i++) {
906 if (vs->modifiers_state[i]) {
907 if (i & 0x80)
908 kbd_put_keycode(0xe0);
909 kbd_put_keycode(i | 0x80);
910 vs->modifiers_state[i] = 0;
911 }
912 }
913 }
914
915 static void press_key(VncState *vs, int keysym)
916 {
917 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
918 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
919 }
920
921 static void do_key_event(VncState *vs, int down, uint32_t sym)
922 {
923 int keycode;
924
925 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
926
927 /* QEMU console switch */
928 switch(keycode) {
929 case 0x2a: /* Left Shift */
930 case 0x36: /* Right Shift */
931 case 0x1d: /* Left CTRL */
932 case 0x9d: /* Right CTRL */
933 case 0x38: /* Left ALT */
934 case 0xb8: /* Right ALT */
935 if (down)
936 vs->modifiers_state[keycode] = 1;
937 else
938 vs->modifiers_state[keycode] = 0;
939 break;
940 case 0x02 ... 0x0a: /* '1' to '9' keys */
941 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
942 /* Reset the modifiers sent to the current console */
943 reset_keys(vs);
944 console_select(keycode - 0x02);
945 return;
946 }
947 break;
948 case 0x45: /* NumLock */
949 if (!down)
950 vs->modifiers_state[keycode] ^= 1;
951 break;
952 }
953
954 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
955 /* If the numlock state needs to change then simulate an additional
956 keypress before sending this one. This will happen if the user
957 toggles numlock away from the VNC window.
958 */
959 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
960 if (!vs->modifiers_state[0x45]) {
961 vs->modifiers_state[0x45] = 1;
962 press_key(vs, 0xff7f);
963 }
964 } else {
965 if (vs->modifiers_state[0x45]) {
966 vs->modifiers_state[0x45] = 0;
967 press_key(vs, 0xff7f);
968 }
969 }
970 }
971
972 if (is_graphic_console()) {
973 if (keycode & 0x80)
974 kbd_put_keycode(0xe0);
975 if (down)
976 kbd_put_keycode(keycode & 0x7f);
977 else
978 kbd_put_keycode(keycode | 0x80);
979 } else {
980 /* QEMU console emulation */
981 if (down) {
982 switch (keycode) {
983 case 0x2a: /* Left Shift */
984 case 0x36: /* Right Shift */
985 case 0x1d: /* Left CTRL */
986 case 0x9d: /* Right CTRL */
987 case 0x38: /* Left ALT */
988 case 0xb8: /* Right ALT */
989 break;
990 case 0xc8:
991 kbd_put_keysym(QEMU_KEY_UP);
992 break;
993 case 0xd0:
994 kbd_put_keysym(QEMU_KEY_DOWN);
995 break;
996 case 0xcb:
997 kbd_put_keysym(QEMU_KEY_LEFT);
998 break;
999 case 0xcd:
1000 kbd_put_keysym(QEMU_KEY_RIGHT);
1001 break;
1002 case 0xd3:
1003 kbd_put_keysym(QEMU_KEY_DELETE);
1004 break;
1005 case 0xc7:
1006 kbd_put_keysym(QEMU_KEY_HOME);
1007 break;
1008 case 0xcf:
1009 kbd_put_keysym(QEMU_KEY_END);
1010 break;
1011 case 0xc9:
1012 kbd_put_keysym(QEMU_KEY_PAGEUP);
1013 break;
1014 case 0xd1:
1015 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1016 break;
1017 default:
1018 kbd_put_keysym(sym);
1019 break;
1020 }
1021 }
1022 }
1023 }
1024
1025 static void key_event(VncState *vs, int down, uint32_t sym)
1026 {
1027 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1028 sym = sym - 'A' + 'a';
1029 do_key_event(vs, down, sym);
1030 }
1031
1032 static void framebuffer_update_request(VncState *vs, int incremental,
1033 int x_position, int y_position,
1034 int w, int h)
1035 {
1036 if (x_position > vs->ds->width)
1037 x_position = vs->ds->width;
1038 if (y_position > vs->ds->height)
1039 y_position = vs->ds->height;
1040 if (x_position + w >= vs->ds->width)
1041 w = vs->ds->width - x_position;
1042 if (y_position + h >= vs->ds->height)
1043 h = vs->ds->height - y_position;
1044
1045 int i;
1046 vs->need_update = 1;
1047 if (!incremental) {
1048 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1049
1050 for (i = 0; i < h; i++) {
1051 vnc_set_bits(vs->dirty_row[y_position + i],
1052 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1053 memset(old_row, 42, vs->ds->width * vs->depth);
1054 old_row += vs->ds->linesize;
1055 }
1056 }
1057 }
1058
1059 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1060 {
1061 int i;
1062
1063 vs->has_hextile = 0;
1064 vs->has_resize = 0;
1065 vs->has_pointer_type_change = 0;
1066 vs->absolute = -1;
1067 vs->ds->dpy_copy = NULL;
1068
1069 for (i = n_encodings - 1; i >= 0; i--) {
1070 switch (encodings[i]) {
1071 case 0: /* Raw */
1072 vs->has_hextile = 0;
1073 break;
1074 case 1: /* CopyRect */
1075 vs->ds->dpy_copy = vnc_copy;
1076 break;
1077 case 5: /* Hextile */
1078 vs->has_hextile = 1;
1079 break;
1080 case -223: /* DesktopResize */
1081 vs->has_resize = 1;
1082 break;
1083 case -257:
1084 vs->has_pointer_type_change = 1;
1085 break;
1086 default:
1087 break;
1088 }
1089 }
1090
1091 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1092 }
1093
1094 static int compute_nbits(unsigned int val)
1095 {
1096 int n;
1097 n = 0;
1098 while (val != 0) {
1099 n++;
1100 val >>= 1;
1101 }
1102 return n;
1103 }
1104
1105 static void set_pixel_format(VncState *vs,
1106 int bits_per_pixel, int depth,
1107 int big_endian_flag, int true_color_flag,
1108 int red_max, int green_max, int blue_max,
1109 int red_shift, int green_shift, int blue_shift)
1110 {
1111 int host_big_endian_flag;
1112
1113 #ifdef WORDS_BIGENDIAN
1114 host_big_endian_flag = 1;
1115 #else
1116 host_big_endian_flag = 0;
1117 #endif
1118 if (!true_color_flag) {
1119 fail:
1120 vnc_client_error(vs);
1121 return;
1122 }
1123 if (bits_per_pixel == 32 &&
1124 host_big_endian_flag == big_endian_flag &&
1125 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1126 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1127 vs->depth = 4;
1128 vs->write_pixels = vnc_write_pixels_copy;
1129 vs->send_hextile_tile = send_hextile_tile_32;
1130 } else
1131 if (bits_per_pixel == 16 &&
1132 host_big_endian_flag == big_endian_flag &&
1133 red_max == 31 && green_max == 63 && blue_max == 31 &&
1134 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1135 vs->depth = 2;
1136 vs->write_pixels = vnc_write_pixels_copy;
1137 vs->send_hextile_tile = send_hextile_tile_16;
1138 } else
1139 if (bits_per_pixel == 8 &&
1140 red_max == 7 && green_max == 7 && blue_max == 3 &&
1141 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1142 vs->depth = 1;
1143 vs->write_pixels = vnc_write_pixels_copy;
1144 vs->send_hextile_tile = send_hextile_tile_8;
1145 } else
1146 {
1147 /* generic and slower case */
1148 if (bits_per_pixel != 8 &&
1149 bits_per_pixel != 16 &&
1150 bits_per_pixel != 32)
1151 goto fail;
1152 vs->depth = 4;
1153 vs->red_shift = red_shift;
1154 vs->red_max = red_max;
1155 vs->red_shift1 = 24 - compute_nbits(red_max);
1156 vs->green_shift = green_shift;
1157 vs->green_max = green_max;
1158 vs->green_shift1 = 16 - compute_nbits(green_max);
1159 vs->blue_shift = blue_shift;
1160 vs->blue_max = blue_max;
1161 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1162 vs->pix_bpp = bits_per_pixel / 8;
1163 vs->pix_big_endian = big_endian_flag;
1164 vs->write_pixels = vnc_write_pixels_generic;
1165 vs->send_hextile_tile = send_hextile_tile_generic;
1166 }
1167
1168 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1169 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1170 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1171
1172 vga_hw_invalidate();
1173 vga_hw_update();
1174 }
1175
1176 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1177 {
1178 int i;
1179 uint16_t limit;
1180
1181 switch (data[0]) {
1182 case 0:
1183 if (len == 1)
1184 return 20;
1185
1186 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1187 read_u8(data, 6), read_u8(data, 7),
1188 read_u16(data, 8), read_u16(data, 10),
1189 read_u16(data, 12), read_u8(data, 14),
1190 read_u8(data, 15), read_u8(data, 16));
1191 break;
1192 case 2:
1193 if (len == 1)
1194 return 4;
1195
1196 if (len == 4)
1197 return 4 + (read_u16(data, 2) * 4);
1198
1199 limit = read_u16(data, 2);
1200 for (i = 0; i < limit; i++) {
1201 int32_t val = read_s32(data, 4 + (i * 4));
1202 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1203 }
1204
1205 set_encodings(vs, (int32_t *)(data + 4), limit);
1206 break;
1207 case 3:
1208 if (len == 1)
1209 return 10;
1210
1211 framebuffer_update_request(vs,
1212 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1213 read_u16(data, 6), read_u16(data, 8));
1214 break;
1215 case 4:
1216 if (len == 1)
1217 return 8;
1218
1219 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1220 break;
1221 case 5:
1222 if (len == 1)
1223 return 6;
1224
1225 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1226 break;
1227 case 6:
1228 if (len == 1)
1229 return 8;
1230
1231 if (len == 8) {
1232 uint32_t dlen = read_u32(data, 4);
1233 if (dlen > 0)
1234 return 8 + dlen;
1235 }
1236
1237 client_cut_text(vs, read_u32(data, 4), data + 8);
1238 break;
1239 default:
1240 printf("Msg: %d\n", data[0]);
1241 vnc_client_error(vs);
1242 break;
1243 }
1244
1245 vnc_read_when(vs, protocol_client_msg, 1);
1246 return 0;
1247 }
1248
1249 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1250 {
1251 char pad[3] = { 0, 0, 0 };
1252 char buf[1024];
1253 int size;
1254 char prog[30] = "QEMU";
1255
1256 vs->width = vs->ds->width;
1257 vs->height = vs->ds->height;
1258 vnc_write_u16(vs, vs->ds->width);
1259 vnc_write_u16(vs, vs->ds->height);
1260
1261 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1262 vnc_write_u8(vs, vs->depth * 8); /* depth */
1263 #ifdef WORDS_BIGENDIAN
1264 vnc_write_u8(vs, 1); /* big-endian-flag */
1265 #else
1266 vnc_write_u8(vs, 0); /* big-endian-flag */
1267 #endif
1268 vnc_write_u8(vs, 1); /* true-color-flag */
1269 if (vs->depth == 4) {
1270 vnc_write_u16(vs, 0xFF); /* red-max */
1271 vnc_write_u16(vs, 0xFF); /* green-max */
1272 vnc_write_u16(vs, 0xFF); /* blue-max */
1273 vnc_write_u8(vs, 16); /* red-shift */
1274 vnc_write_u8(vs, 8); /* green-shift */
1275 vnc_write_u8(vs, 0); /* blue-shift */
1276 vs->send_hextile_tile = send_hextile_tile_32;
1277 } else if (vs->depth == 2) {
1278 vnc_write_u16(vs, 31); /* red-max */
1279 vnc_write_u16(vs, 63); /* green-max */
1280 vnc_write_u16(vs, 31); /* blue-max */
1281 vnc_write_u8(vs, 11); /* red-shift */
1282 vnc_write_u8(vs, 5); /* green-shift */
1283 vnc_write_u8(vs, 0); /* blue-shift */
1284 vs->send_hextile_tile = send_hextile_tile_16;
1285 } else if (vs->depth == 1) {
1286 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1287 vnc_write_u16(vs, 7); /* red-max */
1288 vnc_write_u16(vs, 7); /* green-max */
1289 vnc_write_u16(vs, 3); /* blue-max */
1290 vnc_write_u8(vs, 5); /* red-shift */
1291 vnc_write_u8(vs, 2); /* green-shift */
1292 vnc_write_u8(vs, 0); /* blue-shift */
1293 vs->send_hextile_tile = send_hextile_tile_8;
1294 }
1295 vs->write_pixels = vnc_write_pixels_copy;
1296
1297 vnc_write(vs, pad, 3); /* padding */
1298
1299 decorate_application_name((char *)prog, sizeof prog);
1300
1301 if (qemu_name)
1302 size = snprintf(buf, sizeof(buf), "%s (%s)", prog, qemu_name);
1303 else
1304 size = snprintf(buf, sizeof(buf), "%s", prog);
1305
1306 vnc_write_u32(vs, size);
1307 vnc_write(vs, buf, size);
1308 vnc_flush(vs);
1309
1310 vnc_read_when(vs, protocol_client_msg, 1);
1311
1312 return 0;
1313 }
1314
1315 static void make_challenge(VncState *vs)
1316 {
1317 int i;
1318
1319 srand(time(NULL)+getpid()+getpid()*987654+rand());
1320
1321 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1322 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1323 }
1324
1325 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1326 {
1327 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1328 int i, j, pwlen;
1329 unsigned char key[8];
1330
1331 if (!vs->password || !vs->password[0]) {
1332 VNC_DEBUG("No password configured on server");
1333 vnc_write_u32(vs, 1); /* Reject auth */
1334 if (vs->minor >= 8) {
1335 static const char err[] = "Authentication failed";
1336 vnc_write_u32(vs, sizeof(err));
1337 vnc_write(vs, err, sizeof(err));
1338 }
1339 vnc_flush(vs);
1340 vnc_client_error(vs);
1341 return 0;
1342 }
1343
1344 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1345
1346 /* Calculate the expected challenge response */
1347 pwlen = strlen(vs->password);
1348 for (i=0; i<sizeof(key); i++)
1349 key[i] = i<pwlen ? vs->password[i] : 0;
1350 deskey(key, EN0);
1351 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1352 des(response+j, response+j);
1353
1354 /* Compare expected vs actual challenge response */
1355 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1356 VNC_DEBUG("Client challenge reponse did not match\n");
1357 vnc_write_u32(vs, 1); /* Reject auth */
1358 if (vs->minor >= 8) {
1359 static const char err[] = "Authentication failed";
1360 vnc_write_u32(vs, sizeof(err));
1361 vnc_write(vs, err, sizeof(err));
1362 }
1363 vnc_flush(vs);
1364 vnc_client_error(vs);
1365 } else {
1366 VNC_DEBUG("Accepting VNC challenge response\n");
1367 vnc_write_u32(vs, 0); /* Accept auth */
1368 vnc_flush(vs);
1369
1370 vnc_read_when(vs, protocol_client_init, 1);
1371 }
1372 return 0;
1373 }
1374
1375 static int start_auth_vnc(VncState *vs)
1376 {
1377 make_challenge(vs);
1378 /* Send client a 'random' challenge */
1379 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1380 vnc_flush(vs);
1381
1382 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1383 return 0;
1384 }
1385
1386
1387 #if CONFIG_VNC_TLS
1388 #define DH_BITS 1024
1389 static gnutls_dh_params_t dh_params;
1390
1391 static int vnc_tls_initialize(void)
1392 {
1393 static int tlsinitialized = 0;
1394
1395 if (tlsinitialized)
1396 return 1;
1397
1398 if (gnutls_global_init () < 0)
1399 return 0;
1400
1401 /* XXX ought to re-generate diffie-hellmen params periodically */
1402 if (gnutls_dh_params_init (&dh_params) < 0)
1403 return 0;
1404 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1405 return 0;
1406
1407 #if _VNC_DEBUG == 2
1408 gnutls_global_set_log_level(10);
1409 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1410 #endif
1411
1412 tlsinitialized = 1;
1413
1414 return 1;
1415 }
1416
1417 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1418 {
1419 gnutls_anon_server_credentials anon_cred;
1420 int ret;
1421
1422 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1423 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1424 return NULL;
1425 }
1426
1427 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1428
1429 return anon_cred;
1430 }
1431
1432
1433 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1434 {
1435 gnutls_certificate_credentials_t x509_cred;
1436 int ret;
1437
1438 if (!vs->x509cacert) {
1439 VNC_DEBUG("No CA x509 certificate specified\n");
1440 return NULL;
1441 }
1442 if (!vs->x509cert) {
1443 VNC_DEBUG("No server x509 certificate specified\n");
1444 return NULL;
1445 }
1446 if (!vs->x509key) {
1447 VNC_DEBUG("No server private key specified\n");
1448 return NULL;
1449 }
1450
1451 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1452 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1453 return NULL;
1454 }
1455 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1456 vs->x509cacert,
1457 GNUTLS_X509_FMT_PEM)) < 0) {
1458 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1459 gnutls_certificate_free_credentials(x509_cred);
1460 return NULL;
1461 }
1462
1463 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1464 vs->x509cert,
1465 vs->x509key,
1466 GNUTLS_X509_FMT_PEM)) < 0) {
1467 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1468 gnutls_certificate_free_credentials(x509_cred);
1469 return NULL;
1470 }
1471
1472 if (vs->x509cacrl) {
1473 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1474 vs->x509cacrl,
1475 GNUTLS_X509_FMT_PEM)) < 0) {
1476 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1477 gnutls_certificate_free_credentials(x509_cred);
1478 return NULL;
1479 }
1480 }
1481
1482 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1483
1484 return x509_cred;
1485 }
1486
1487 static int vnc_validate_certificate(struct VncState *vs)
1488 {
1489 int ret;
1490 unsigned int status;
1491 const gnutls_datum_t *certs;
1492 unsigned int nCerts, i;
1493 time_t now;
1494
1495 VNC_DEBUG("Validating client certificate\n");
1496 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1497 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1498 return -1;
1499 }
1500
1501 if ((now = time(NULL)) == ((time_t)-1)) {
1502 return -1;
1503 }
1504
1505 if (status != 0) {
1506 if (status & GNUTLS_CERT_INVALID)
1507 VNC_DEBUG("The certificate is not trusted.\n");
1508
1509 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1510 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1511
1512 if (status & GNUTLS_CERT_REVOKED)
1513 VNC_DEBUG("The certificate has been revoked.\n");
1514
1515 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1516 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1517
1518 return -1;
1519 } else {
1520 VNC_DEBUG("Certificate is valid!\n");
1521 }
1522
1523 /* Only support x509 for now */
1524 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1525 return -1;
1526
1527 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1528 return -1;
1529
1530 for (i = 0 ; i < nCerts ; i++) {
1531 gnutls_x509_crt_t cert;
1532 VNC_DEBUG ("Checking certificate chain %d\n", i);
1533 if (gnutls_x509_crt_init (&cert) < 0)
1534 return -1;
1535
1536 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1537 gnutls_x509_crt_deinit (cert);
1538 return -1;
1539 }
1540
1541 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1542 VNC_DEBUG("The certificate has expired\n");
1543 gnutls_x509_crt_deinit (cert);
1544 return -1;
1545 }
1546
1547 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1548 VNC_DEBUG("The certificate is not yet activated\n");
1549 gnutls_x509_crt_deinit (cert);
1550 return -1;
1551 }
1552
1553 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1554 VNC_DEBUG("The certificate is not yet activated\n");
1555 gnutls_x509_crt_deinit (cert);
1556 return -1;
1557 }
1558
1559 gnutls_x509_crt_deinit (cert);
1560 }
1561
1562 return 0;
1563 }
1564
1565
1566 static int start_auth_vencrypt_subauth(VncState *vs)
1567 {
1568 switch (vs->subauth) {
1569 case VNC_AUTH_VENCRYPT_TLSNONE:
1570 case VNC_AUTH_VENCRYPT_X509NONE:
1571 VNC_DEBUG("Accept TLS auth none\n");
1572 vnc_write_u32(vs, 0); /* Accept auth completion */
1573 vnc_read_when(vs, protocol_client_init, 1);
1574 break;
1575
1576 case VNC_AUTH_VENCRYPT_TLSVNC:
1577 case VNC_AUTH_VENCRYPT_X509VNC:
1578 VNC_DEBUG("Start TLS auth VNC\n");
1579 return start_auth_vnc(vs);
1580
1581 default: /* Should not be possible, but just in case */
1582 VNC_DEBUG("Reject auth %d\n", vs->auth);
1583 vnc_write_u8(vs, 1);
1584 if (vs->minor >= 8) {
1585 static const char err[] = "Unsupported authentication type";
1586 vnc_write_u32(vs, sizeof(err));
1587 vnc_write(vs, err, sizeof(err));
1588 }
1589 vnc_client_error(vs);
1590 }
1591
1592 return 0;
1593 }
1594
1595 static void vnc_handshake_io(void *opaque);
1596
1597 static int vnc_continue_handshake(struct VncState *vs) {
1598 int ret;
1599
1600 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1601 if (!gnutls_error_is_fatal(ret)) {
1602 VNC_DEBUG("Handshake interrupted (blocking)\n");
1603 if (!gnutls_record_get_direction(vs->tls_session))
1604 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1605 else
1606 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1607 return 0;
1608 }
1609 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1610 vnc_client_error(vs);
1611 return -1;
1612 }
1613
1614 if (vs->x509verify) {
1615 if (vnc_validate_certificate(vs) < 0) {
1616 VNC_DEBUG("Client verification failed\n");
1617 vnc_client_error(vs);
1618 return -1;
1619 } else {
1620 VNC_DEBUG("Client verification passed\n");
1621 }
1622 }
1623
1624 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1625 vs->wiremode = VNC_WIREMODE_TLS;
1626 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1627
1628 return start_auth_vencrypt_subauth(vs);
1629 }
1630
1631 static void vnc_handshake_io(void *opaque) {
1632 struct VncState *vs = (struct VncState *)opaque;
1633
1634 VNC_DEBUG("Handshake IO continue\n");
1635 vnc_continue_handshake(vs);
1636 }
1637
1638 #define NEED_X509_AUTH(vs) \
1639 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1640 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1641 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1642
1643
1644 static int vnc_start_tls(struct VncState *vs) {
1645 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1646 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1647 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1648 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1649
1650 VNC_DEBUG("Do TLS setup\n");
1651 if (vnc_tls_initialize() < 0) {
1652 VNC_DEBUG("Failed to init TLS\n");
1653 vnc_client_error(vs);
1654 return -1;
1655 }
1656 if (vs->tls_session == NULL) {
1657 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1658 vnc_client_error(vs);
1659 return -1;
1660 }
1661
1662 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1663 gnutls_deinit(vs->tls_session);
1664 vs->tls_session = NULL;
1665 vnc_client_error(vs);
1666 return -1;
1667 }
1668
1669 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1670 gnutls_deinit(vs->tls_session);
1671 vs->tls_session = NULL;
1672 vnc_client_error(vs);
1673 return -1;
1674 }
1675
1676 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1677 gnutls_deinit(vs->tls_session);
1678 vs->tls_session = NULL;
1679 vnc_client_error(vs);
1680 return -1;
1681 }
1682
1683 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1684 gnutls_deinit(vs->tls_session);
1685 vs->tls_session = NULL;
1686 vnc_client_error(vs);
1687 return -1;
1688 }
1689
1690 if (NEED_X509_AUTH(vs)) {
1691 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1692 if (!x509_cred) {
1693 gnutls_deinit(vs->tls_session);
1694 vs->tls_session = NULL;
1695 vnc_client_error(vs);
1696 return -1;
1697 }
1698 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1699 gnutls_deinit(vs->tls_session);
1700 vs->tls_session = NULL;
1701 gnutls_certificate_free_credentials(x509_cred);
1702 vnc_client_error(vs);
1703 return -1;
1704 }
1705 if (vs->x509verify) {
1706 VNC_DEBUG("Requesting a client certificate\n");
1707 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1708 }
1709
1710 } else {
1711 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1712 if (!anon_cred) {
1713 gnutls_deinit(vs->tls_session);
1714 vs->tls_session = NULL;
1715 vnc_client_error(vs);
1716 return -1;
1717 }
1718 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1719 gnutls_deinit(vs->tls_session);
1720 vs->tls_session = NULL;
1721 gnutls_anon_free_server_credentials(anon_cred);
1722 vnc_client_error(vs);
1723 return -1;
1724 }
1725 }
1726
1727 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1728 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1729 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1730 }
1731
1732 VNC_DEBUG("Start TLS handshake process\n");
1733 return vnc_continue_handshake(vs);
1734 }
1735
1736 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1737 {
1738 int auth = read_u32(data, 0);
1739
1740 if (auth != vs->subauth) {
1741 VNC_DEBUG("Rejecting auth %d\n", auth);
1742 vnc_write_u8(vs, 0); /* Reject auth */
1743 vnc_flush(vs);
1744 vnc_client_error(vs);
1745 } else {
1746 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1747 vnc_write_u8(vs, 1); /* Accept auth */
1748 vnc_flush(vs);
1749
1750 if (vnc_start_tls(vs) < 0) {
1751 VNC_DEBUG("Failed to complete TLS\n");
1752 return 0;
1753 }
1754
1755 if (vs->wiremode == VNC_WIREMODE_TLS) {
1756 VNC_DEBUG("Starting VeNCrypt subauth\n");
1757 return start_auth_vencrypt_subauth(vs);
1758 } else {
1759 VNC_DEBUG("TLS handshake blocked\n");
1760 return 0;
1761 }
1762 }
1763 return 0;
1764 }
1765
1766 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1767 {
1768 if (data[0] != 0 ||
1769 data[1] != 2) {
1770 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1771 vnc_write_u8(vs, 1); /* Reject version */
1772 vnc_flush(vs);
1773 vnc_client_error(vs);
1774 } else {
1775 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1776 vnc_write_u8(vs, 0); /* Accept version */
1777 vnc_write_u8(vs, 1); /* Number of sub-auths */
1778 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1779 vnc_flush(vs);
1780 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1781 }
1782 return 0;
1783 }
1784
1785 static int start_auth_vencrypt(VncState *vs)
1786 {
1787 /* Send VeNCrypt version 0.2 */
1788 vnc_write_u8(vs, 0);
1789 vnc_write_u8(vs, 2);
1790
1791 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1792 return 0;
1793 }
1794 #endif /* CONFIG_VNC_TLS */
1795
1796 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1797 {
1798 /* We only advertise 1 auth scheme at a time, so client
1799 * must pick the one we sent. Verify this */
1800 if (data[0] != vs->auth) { /* Reject auth */
1801 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1802 vnc_write_u32(vs, 1);
1803 if (vs->minor >= 8) {
1804 static const char err[] = "Authentication failed";
1805 vnc_write_u32(vs, sizeof(err));
1806 vnc_write(vs, err, sizeof(err));
1807 }
1808 vnc_client_error(vs);
1809 } else { /* Accept requested auth */
1810 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1811 switch (vs->auth) {
1812 case VNC_AUTH_NONE:
1813 VNC_DEBUG("Accept auth none\n");
1814 if (vs->minor >= 8) {
1815 vnc_write_u32(vs, 0); /* Accept auth completion */
1816 vnc_flush(vs);
1817 }
1818 vnc_read_when(vs, protocol_client_init, 1);
1819 break;
1820
1821 case VNC_AUTH_VNC:
1822 VNC_DEBUG("Start VNC auth\n");
1823 return start_auth_vnc(vs);
1824
1825 #if CONFIG_VNC_TLS
1826 case VNC_AUTH_VENCRYPT:
1827 VNC_DEBUG("Accept VeNCrypt auth\n");;
1828 return start_auth_vencrypt(vs);
1829 #endif /* CONFIG_VNC_TLS */
1830
1831 default: /* Should not be possible, but just in case */
1832 VNC_DEBUG("Reject auth %d\n", vs->auth);
1833 vnc_write_u8(vs, 1);
1834 if (vs->minor >= 8) {
1835 static const char err[] = "Authentication failed";
1836 vnc_write_u32(vs, sizeof(err));
1837 vnc_write(vs, err, sizeof(err));
1838 }
1839 vnc_client_error(vs);
1840 }
1841 }
1842 return 0;
1843 }
1844
1845 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1846 {
1847 char local[13];
1848
1849 memcpy(local, version, 12);
1850 local[12] = 0;
1851
1852 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1853 VNC_DEBUG("Malformed protocol version %s\n", local);
1854 vnc_client_error(vs);
1855 return 0;
1856 }
1857 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1858 if (vs->major != 3 ||
1859 (vs->minor != 3 &&
1860 vs->minor != 4 &&
1861 vs->minor != 5 &&
1862 vs->minor != 7 &&
1863 vs->minor != 8)) {
1864 VNC_DEBUG("Unsupported client version\n");
1865 vnc_write_u32(vs, VNC_AUTH_INVALID);
1866 vnc_flush(vs);
1867 vnc_client_error(vs);
1868 return 0;
1869 }
1870 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1871 * as equivalent to v3.3 by servers
1872 */
1873 if (vs->minor == 4 || vs->minor == 5)
1874 vs->minor = 3;
1875
1876 if (vs->minor == 3) {
1877 if (vs->auth == VNC_AUTH_NONE) {
1878 VNC_DEBUG("Tell client auth none\n");
1879 vnc_write_u32(vs, vs->auth);
1880 vnc_flush(vs);
1881 vnc_read_when(vs, protocol_client_init, 1);
1882 } else if (vs->auth == VNC_AUTH_VNC) {
1883 VNC_DEBUG("Tell client VNC auth\n");
1884 vnc_write_u32(vs, vs->auth);
1885 vnc_flush(vs);
1886 start_auth_vnc(vs);
1887 } else {
1888 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1889 vnc_write_u32(vs, VNC_AUTH_INVALID);
1890 vnc_flush(vs);
1891 vnc_client_error(vs);
1892 }
1893 } else {
1894 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1895 vnc_write_u8(vs, 1); /* num auth */
1896 vnc_write_u8(vs, vs->auth);
1897 vnc_read_when(vs, protocol_client_auth, 1);
1898 vnc_flush(vs);
1899 }
1900
1901 return 0;
1902 }
1903
1904 static void vnc_listen_read(void *opaque)
1905 {
1906 VncState *vs = opaque;
1907 struct sockaddr_in addr;
1908 socklen_t addrlen = sizeof(addr);
1909
1910 /* Catch-up */
1911 vga_hw_update();
1912
1913 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1914 if (vs->csock != -1) {
1915 VNC_DEBUG("New client on socket %d\n", vs->csock);
1916 socket_set_nonblock(vs->csock);
1917 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, opaque);
1918 vnc_write(vs, "RFB 003.008\n", 12);
1919 vnc_flush(vs);
1920 vnc_read_when(vs, protocol_version, 12);
1921 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1922 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1923 vs->has_resize = 0;
1924 vs->has_hextile = 0;
1925 vs->ds->dpy_copy = NULL;
1926 vnc_update_client(vs);
1927 }
1928 }
1929
1930 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1931
1932 void vnc_display_init(DisplayState *ds)
1933 {
1934 VncState *vs;
1935
1936 vs = qemu_mallocz(sizeof(VncState));
1937 if (!vs)
1938 exit(1);
1939
1940 ds->opaque = vs;
1941 vnc_state = vs;
1942 vs->display = NULL;
1943 vs->password = NULL;
1944
1945 vs->lsock = -1;
1946 vs->csock = -1;
1947 vs->depth = 4;
1948 vs->last_x = -1;
1949 vs->last_y = -1;
1950
1951 vs->ds = ds;
1952
1953 if (!keyboard_layout)
1954 keyboard_layout = "en-us";
1955
1956 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1957 if (!vs->kbd_layout)
1958 exit(1);
1959
1960 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1961
1962 vs->ds->data = NULL;
1963 vs->ds->dpy_update = vnc_dpy_update;
1964 vs->ds->dpy_resize = vnc_dpy_resize;
1965 vs->ds->dpy_refresh = NULL;
1966
1967 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1968
1969 vnc_dpy_resize(vs->ds, 640, 400);
1970 }
1971
1972 #if CONFIG_VNC_TLS
1973 static int vnc_set_x509_credential(VncState *vs,
1974 const char *certdir,
1975 const char *filename,
1976 char **cred,
1977 int ignoreMissing)
1978 {
1979 struct stat sb;
1980
1981 if (*cred) {
1982 qemu_free(*cred);
1983 *cred = NULL;
1984 }
1985
1986 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
1987 return -1;
1988
1989 strcpy(*cred, certdir);
1990 strcat(*cred, "/");
1991 strcat(*cred, filename);
1992
1993 VNC_DEBUG("Check %s\n", *cred);
1994 if (stat(*cred, &sb) < 0) {
1995 qemu_free(*cred);
1996 *cred = NULL;
1997 if (ignoreMissing && errno == ENOENT)
1998 return 0;
1999 return -1;
2000 }
2001
2002 return 0;
2003 }
2004
2005 static int vnc_set_x509_credential_dir(VncState *vs,
2006 const char *certdir)
2007 {
2008 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2009 goto cleanup;
2010 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2011 goto cleanup;
2012 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2013 goto cleanup;
2014 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2015 goto cleanup;
2016
2017 return 0;
2018
2019 cleanup:
2020 qemu_free(vs->x509cacert);
2021 qemu_free(vs->x509cacrl);
2022 qemu_free(vs->x509cert);
2023 qemu_free(vs->x509key);
2024 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2025 return -1;
2026 }
2027 #endif /* CONFIG_VNC_TLS */
2028
2029 void vnc_display_close(DisplayState *ds)
2030 {
2031 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2032
2033 if (vs->display) {
2034 qemu_free(vs->display);
2035 vs->display = NULL;
2036 }
2037 if (vs->lsock != -1) {
2038 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2039 close(vs->lsock);
2040 vs->lsock = -1;
2041 }
2042 if (vs->csock != -1) {
2043 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2044 closesocket(vs->csock);
2045 vs->csock = -1;
2046 buffer_reset(&vs->input);
2047 buffer_reset(&vs->output);
2048 vs->need_update = 0;
2049 #if CONFIG_VNC_TLS
2050 if (vs->tls_session) {
2051 gnutls_deinit(vs->tls_session);
2052 vs->tls_session = NULL;
2053 }
2054 vs->wiremode = VNC_WIREMODE_CLEAR;
2055 #endif /* CONFIG_VNC_TLS */
2056 }
2057 vs->auth = VNC_AUTH_INVALID;
2058 #if CONFIG_VNC_TLS
2059 vs->subauth = VNC_AUTH_INVALID;
2060 vs->x509verify = 0;
2061 #endif
2062 }
2063
2064 int vnc_display_password(DisplayState *ds, const char *password)
2065 {
2066 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2067
2068 if (vs->password) {
2069 qemu_free(vs->password);
2070 vs->password = NULL;
2071 }
2072 if (password && password[0]) {
2073 if (!(vs->password = qemu_strdup(password)))
2074 return -1;
2075 }
2076
2077 return 0;
2078 }
2079
2080 int vnc_display_open(DisplayState *ds, const char *display)
2081 {
2082 struct sockaddr *addr;
2083 struct sockaddr_in iaddr;
2084 #ifndef _WIN32
2085 struct sockaddr_un uaddr;
2086 #endif
2087 int reuse_addr, ret;
2088 socklen_t addrlen;
2089 const char *p;
2090 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2091 const char *options;
2092 int password = 0;
2093 #if CONFIG_VNC_TLS
2094 int tls = 0, x509 = 0;
2095 #endif
2096
2097 vnc_display_close(ds);
2098 if (strcmp(display, "none") == 0)
2099 return 0;
2100
2101 if (!(vs->display = strdup(display)))
2102 return -1;
2103
2104 options = display;
2105 while ((options = strchr(options, ','))) {
2106 options++;
2107 if (strncmp(options, "password", 8) == 0) {
2108 password = 1; /* Require password auth */
2109 #if CONFIG_VNC_TLS
2110 } else if (strncmp(options, "tls", 3) == 0) {
2111 tls = 1; /* Require TLS */
2112 } else if (strncmp(options, "x509", 4) == 0) {
2113 char *start, *end;
2114 x509 = 1; /* Require x509 certificates */
2115 if (strncmp(options, "x509verify", 10) == 0)
2116 vs->x509verify = 1; /* ...and verify client certs */
2117
2118 /* Now check for 'x509=/some/path' postfix
2119 * and use that to setup x509 certificate/key paths */
2120 start = strchr(options, '=');
2121 end = strchr(options, ',');
2122 if (start && (!end || (start < end))) {
2123 int len = end ? end-(start+1) : strlen(start+1);
2124 char *path = qemu_malloc(len+1);
2125 strncpy(path, start+1, len);
2126 path[len] = '\0';
2127 VNC_DEBUG("Trying certificate path '%s'\n", path);
2128 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2129 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2130 qemu_free(path);
2131 qemu_free(vs->display);
2132 vs->display = NULL;
2133 return -1;
2134 }
2135 qemu_free(path);
2136 } else {
2137 fprintf(stderr, "No certificate path provided\n");
2138 qemu_free(vs->display);
2139 vs->display = NULL;
2140 return -1;
2141 }
2142 #endif
2143 }
2144 }
2145
2146 if (password) {
2147 #if CONFIG_VNC_TLS
2148 if (tls) {
2149 vs->auth = VNC_AUTH_VENCRYPT;
2150 if (x509) {
2151 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2152 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2153 } else {
2154 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2155 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2156 }
2157 } else {
2158 #endif
2159 VNC_DEBUG("Initializing VNC server with password auth\n");
2160 vs->auth = VNC_AUTH_VNC;
2161 #if CONFIG_VNC_TLS
2162 vs->subauth = VNC_AUTH_INVALID;
2163 }
2164 #endif
2165 } else {
2166 #if CONFIG_VNC_TLS
2167 if (tls) {
2168 vs->auth = VNC_AUTH_VENCRYPT;
2169 if (x509) {
2170 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2171 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2172 } else {
2173 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2174 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2175 }
2176 } else {
2177 #endif
2178 VNC_DEBUG("Initializing VNC server with no auth\n");
2179 vs->auth = VNC_AUTH_NONE;
2180 #if CONFIG_VNC_TLS
2181 vs->subauth = VNC_AUTH_INVALID;
2182 }
2183 #endif
2184 }
2185 #ifndef _WIN32
2186 if (strstart(display, "unix:", &p)) {
2187 addr = (struct sockaddr *)&uaddr;
2188 addrlen = sizeof(uaddr);
2189
2190 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2191 if (vs->lsock == -1) {
2192 fprintf(stderr, "Could not create socket\n");
2193 free(vs->display);
2194 vs->display = NULL;
2195 return -1;
2196 }
2197
2198 uaddr.sun_family = AF_UNIX;
2199 memset(uaddr.sun_path, 0, 108);
2200 snprintf(uaddr.sun_path, 108, "%s", p);
2201
2202 unlink(uaddr.sun_path);
2203 } else
2204 #endif
2205 {
2206 addr = (struct sockaddr *)&iaddr;
2207 addrlen = sizeof(iaddr);
2208
2209 if (parse_host_port(&iaddr, display) < 0) {
2210 fprintf(stderr, "Could not parse VNC address\n");
2211 free(vs->display);
2212 vs->display = NULL;
2213 return -1;
2214 }
2215
2216 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + 5900);
2217
2218 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2219 if (vs->lsock == -1) {
2220 fprintf(stderr, "Could not create socket\n");
2221 free(vs->display);
2222 vs->display = NULL;
2223 return -1;
2224 }
2225
2226 reuse_addr = 1;
2227 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2228 (const char *)&reuse_addr, sizeof(reuse_addr));
2229 if (ret == -1) {
2230 fprintf(stderr, "setsockopt() failed\n");
2231 close(vs->lsock);
2232 vs->lsock = -1;
2233 free(vs->display);
2234 vs->display = NULL;
2235 return -1;
2236 }
2237 }
2238
2239 if (bind(vs->lsock, addr, addrlen) == -1) {
2240 fprintf(stderr, "bind() failed\n");
2241 close(vs->lsock);
2242 vs->lsock = -1;
2243 free(vs->display);
2244 vs->display = NULL;
2245 return -1;
2246 }
2247
2248 if (listen(vs->lsock, 1) == -1) {
2249 fprintf(stderr, "listen() failed\n");
2250 close(vs->lsock);
2251 vs->lsock = -1;
2252 free(vs->display);
2253 vs->display = NULL;
2254 return -1;
2255 }
2256
2257 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2258 }
Patches shipped by Fedora