2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level
, const char* str
) {
51 VNC_DEBUG("%d %s", level
, str
);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState
;
68 typedef int VncReadEvent(VncState
*vs
, uint8_t *data
, size_t len
);
70 typedef void VncWritePixels(VncState
*vs
, void *data
, int size
);
72 typedef void VncSendHextileTile(VncState
*vs
,
73 int x
, int y
, int w
, int h
,
76 int *has_bg
, int *has_fg
);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT
= 19
103 VNC_AUTH_VENCRYPT_PLAIN
= 256,
104 VNC_AUTH_VENCRYPT_TLSNONE
= 257,
105 VNC_AUTH_VENCRYPT_TLSVNC
= 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN
= 259,
107 VNC_AUTH_VENCRYPT_X509NONE
= 260,
108 VNC_AUTH_VENCRYPT_X509VNC
= 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN
= 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row
[VNC_MAX_HEIGHT
][VNC_DIRTY_WORDS
];
132 int depth
; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change
;
155 char challenge
[VNC_AUTH_CHALLENGE_SIZE
];
159 gnutls_session_t tls_session
;
164 kbd_layout_t
*kbd_layout
;
165 /* current output mode information */
166 VncWritePixels
*write_pixels
;
167 VncSendHextileTile
*send_hextile_tile
;
168 int pix_bpp
, pix_big_endian
;
169 int red_shift
, red_max
, red_shift1
;
170 int green_shift
, green_max
, green_shift1
;
171 int blue_shift
, blue_max
, blue_shift1
;
173 VncReadEvent
*read_handler
;
174 size_t read_handler_expect
;
176 uint8_t modifiers_state
[256];
179 static VncState
*vnc_state
; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state
== NULL
)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state
->display
);
190 if (vnc_state
->csock
== -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState
*vs
, const void *data
, size_t len
);
205 static void vnc_write_u32(VncState
*vs
, uint32_t value
);
206 static void vnc_write_s32(VncState
*vs
, int32_t value
);
207 static void vnc_write_u16(VncState
*vs
, uint16_t value
);
208 static void vnc_write_u8(VncState
*vs
, uint8_t value
);
209 static void vnc_flush(VncState
*vs
);
210 static void vnc_update_client(void *opaque
);
211 static void vnc_client_read(void *opaque
);
213 static inline void vnc_set_bit(uint32_t *d
, int k
)
215 d
[k
>> 5] |= 1 << (k
& 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d
, int k
)
220 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
223 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
233 d
[j
++] = (1 << n
) - 1;
238 static inline int vnc_get_bit(const uint32_t *d
, int k
)
240 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
247 for(i
= 0; i
< nb_words
; i
++) {
248 if ((d1
[i
] & d2
[i
]) != 0)
254 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
256 VncState
*vs
= ds
->opaque
;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
269 for (i
= 0; i
< w
; i
+= 16)
270 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
273 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
276 vnc_write_u16(vs
, x
);
277 vnc_write_u16(vs
, y
);
278 vnc_write_u16(vs
, w
);
279 vnc_write_u16(vs
, h
);
281 vnc_write_s32(vs
, encoding
);
284 static void vnc_dpy_resize(DisplayState
*ds
, int w
, int h
)
287 VncState
*vs
= ds
->opaque
;
289 ds
->data
= realloc(ds
->data
, w
* h
* vs
->depth
);
290 vs
->old_data
= realloc(vs
->old_data
, w
* h
* vs
->depth
);
292 if (ds
->data
== NULL
|| vs
->old_data
== NULL
) {
293 fprintf(stderr
, "vnc: memory allocation failed\n");
297 if (ds
->depth
!= vs
->depth
* 8) {
298 ds
->depth
= vs
->depth
* 8;
299 console_color_init(ds
);
301 size_changed
= ds
->width
!= w
|| ds
->height
!= h
;
304 ds
->linesize
= w
* vs
->depth
;
305 if (vs
->csock
!= -1 && vs
->has_resize
&& size_changed
) {
306 vnc_write_u8(vs
, 0); /* msg id */
308 vnc_write_u16(vs
, 1); /* number of rects */
309 vnc_framebuffer_update(vs
, 0, 0, ds
->width
, ds
->height
, -223);
311 vs
->width
= ds
->width
;
312 vs
->height
= ds
->height
;
317 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
319 vnc_write(vs
, pixels
, size
);
322 /* slowest but generic code. */
323 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
325 unsigned int r
, g
, b
;
327 r
= (v
>> vs
->red_shift1
) & vs
->red_max
;
328 g
= (v
>> vs
->green_shift1
) & vs
->green_max
;
329 b
= (v
>> vs
->blue_shift1
) & vs
->blue_max
;
330 v
= (r
<< vs
->red_shift
) |
331 (g
<< vs
->green_shift
) |
332 (b
<< vs
->blue_shift
);
333 switch(vs
->pix_bpp
) {
338 if (vs
->pix_big_endian
) {
348 if (vs
->pix_big_endian
) {
363 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
365 uint32_t *pixels
= pixels1
;
370 for(i
= 0; i
< n
; i
++) {
371 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
372 vnc_write(vs
, buf
, vs
->pix_bpp
);
376 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
381 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 0);
383 row
= vs
->ds
->data
+ y
* vs
->ds
->linesize
+ x
* vs
->depth
;
384 for (i
= 0; i
< h
; i
++) {
385 vs
->write_pixels(vs
, row
, w
* vs
->depth
);
386 row
+= vs
->ds
->linesize
;
390 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
392 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
393 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
397 #include "vnchextile.h"
401 #include "vnchextile.h"
405 #include "vnchextile.h"
410 #include "vnchextile.h"
414 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
418 uint32_t last_fg32
, last_bg32
;
420 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 5);
423 for (j
= y
; j
< (y
+ h
); j
+= 16) {
424 for (i
= x
; i
< (x
+ w
); i
+= 16) {
425 vs
->send_hextile_tile(vs
, i
, j
,
426 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
427 &last_bg32
, &last_fg32
, &has_bg
, &has_fg
);
432 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
435 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
437 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
440 static void vnc_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
447 int pitch
= ds
->linesize
;
448 VncState
*vs
= ds
->opaque
;
450 vnc_update_client(vs
);
457 src
= (ds
->linesize
* (src_y
+ y
) + vs
->depth
* src_x
);
458 dst
= (ds
->linesize
* (dst_y
+ y
) + vs
->depth
* dst_x
);
460 src_row
= ds
->data
+ src
;
461 dst_row
= ds
->data
+ dst
;
462 old_row
= vs
->old_data
+ dst
;
464 for (y
= 0; y
< h
; y
++) {
465 memmove(old_row
, src_row
, w
* vs
->depth
);
466 memmove(dst_row
, src_row
, w
* vs
->depth
);
472 vnc_write_u8(vs
, 0); /* msg id */
474 vnc_write_u16(vs
, 1); /* number of rects */
475 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, 1);
476 vnc_write_u16(vs
, src_x
);
477 vnc_write_u16(vs
, src_y
);
481 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
485 for (h
= 1; h
< (vs
->height
- y
); h
++) {
487 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
489 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
490 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
496 static void vnc_update_client(void *opaque
)
498 VncState
*vs
= opaque
;
500 if (vs
->need_update
&& vs
->csock
!= -1) {
504 uint32_t width_mask
[VNC_DIRTY_WORDS
];
509 vnc_set_bits(width_mask
, (vs
->width
/ 16), VNC_DIRTY_WORDS
);
511 /* Walk through the dirty map and eliminate tiles that
512 really aren't dirty */
514 old_row
= vs
->old_data
;
516 for (y
= 0; y
< vs
->height
; y
++) {
517 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
523 old_ptr
= (char*)old_row
;
525 for (x
= 0; x
< vs
->ds
->width
; x
+= 16) {
526 if (memcmp(old_ptr
, ptr
, 16 * vs
->depth
) == 0) {
527 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
530 memcpy(old_ptr
, ptr
, 16 * vs
->depth
);
533 ptr
+= 16 * vs
->depth
;
534 old_ptr
+= 16 * vs
->depth
;
538 row
+= vs
->ds
->linesize
;
539 old_row
+= vs
->ds
->linesize
;
543 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
547 /* Count rectangles */
549 vnc_write_u8(vs
, 0); /* msg id */
551 saved_offset
= vs
->output
.offset
;
552 vnc_write_u16(vs
, 0);
554 for (y
= 0; y
< vs
->height
; y
++) {
557 for (x
= 0; x
< vs
->width
/ 16; x
++) {
558 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
562 vnc_clear_bit(vs
->dirty_row
[y
], x
);
565 int h
= find_dirty_height(vs
, y
, last_x
, x
);
566 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
573 int h
= find_dirty_height(vs
, y
, last_x
, x
);
574 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
578 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
579 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
583 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
586 static void vnc_timer_init(VncState
*vs
)
588 if (vs
->timer
== NULL
) {
589 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
590 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
));
594 static void vnc_dpy_refresh(DisplayState
*ds
)
596 VncState
*vs
= ds
->opaque
;
601 static int vnc_listen_poll(void *opaque
)
603 VncState
*vs
= opaque
;
609 static void buffer_reserve(Buffer
*buffer
, size_t len
)
611 if ((buffer
->capacity
- buffer
->offset
) < len
) {
612 buffer
->capacity
+= (len
+ 1024);
613 buffer
->buffer
= realloc(buffer
->buffer
, buffer
->capacity
);
614 if (buffer
->buffer
== NULL
) {
615 fprintf(stderr
, "vnc: out of memory\n");
621 static int buffer_empty(Buffer
*buffer
)
623 return buffer
->offset
== 0;
626 static uint8_t *buffer_end(Buffer
*buffer
)
628 return buffer
->buffer
+ buffer
->offset
;
631 static void buffer_reset(Buffer
*buffer
)
636 static void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
638 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
639 buffer
->offset
+= len
;
642 static int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
644 if (ret
== 0 || ret
== -1) {
645 if (ret
== -1 && (last_errno
== EINTR
|| last_errno
== EAGAIN
))
648 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
649 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
650 closesocket(vs
->csock
);
652 buffer_reset(&vs
->input
);
653 buffer_reset(&vs
->output
);
656 if (vs
->tls_session
) {
657 gnutls_deinit(vs
->tls_session
);
658 vs
->tls_session
= NULL
;
660 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
661 #endif /* CONFIG_VNC_TLS */
667 static void vnc_client_error(VncState
*vs
)
669 vnc_client_io_error(vs
, -1, EINVAL
);
672 static void vnc_client_write(void *opaque
)
675 VncState
*vs
= opaque
;
678 if (vs
->tls_session
) {
679 ret
= gnutls_write(vs
->tls_session
, vs
->output
.buffer
, vs
->output
.offset
);
681 if (ret
== GNUTLS_E_AGAIN
)
688 #endif /* CONFIG_VNC_TLS */
689 ret
= send(vs
->csock
, vs
->output
.buffer
, vs
->output
.offset
, 0);
690 ret
= vnc_client_io_error(vs
, ret
, socket_error());
694 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
695 vs
->output
.offset
-= ret
;
697 if (vs
->output
.offset
== 0) {
698 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
702 static void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
704 vs
->read_handler
= func
;
705 vs
->read_handler_expect
= expecting
;
708 static void vnc_client_read(void *opaque
)
710 VncState
*vs
= opaque
;
713 buffer_reserve(&vs
->input
, 4096);
716 if (vs
->tls_session
) {
717 ret
= gnutls_read(vs
->tls_session
, buffer_end(&vs
->input
), 4096);
719 if (ret
== GNUTLS_E_AGAIN
)
726 #endif /* CONFIG_VNC_TLS */
727 ret
= recv(vs
->csock
, buffer_end(&vs
->input
), 4096, 0);
728 ret
= vnc_client_io_error(vs
, ret
, socket_error());
732 vs
->input
.offset
+= ret
;
734 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
735 size_t len
= vs
->read_handler_expect
;
738 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
743 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
744 vs
->input
.offset
-= len
;
746 vs
->read_handler_expect
= ret
;
751 static void vnc_write(VncState
*vs
, const void *data
, size_t len
)
753 buffer_reserve(&vs
->output
, len
);
755 if (buffer_empty(&vs
->output
)) {
756 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
759 buffer_append(&vs
->output
, data
, len
);
762 static void vnc_write_s32(VncState
*vs
, int32_t value
)
764 vnc_write_u32(vs
, *(uint32_t *)&value
);
767 static void vnc_write_u32(VncState
*vs
, uint32_t value
)
771 buf
[0] = (value
>> 24) & 0xFF;
772 buf
[1] = (value
>> 16) & 0xFF;
773 buf
[2] = (value
>> 8) & 0xFF;
774 buf
[3] = value
& 0xFF;
776 vnc_write(vs
, buf
, 4);
779 static void vnc_write_u16(VncState
*vs
, uint16_t value
)
783 buf
[0] = (value
>> 8) & 0xFF;
784 buf
[1] = value
& 0xFF;
786 vnc_write(vs
, buf
, 2);
789 static void vnc_write_u8(VncState
*vs
, uint8_t value
)
791 vnc_write(vs
, (char *)&value
, 1);
794 static void vnc_flush(VncState
*vs
)
796 if (vs
->output
.offset
)
797 vnc_client_write(vs
);
800 static uint8_t read_u8(uint8_t *data
, size_t offset
)
805 static uint16_t read_u16(uint8_t *data
, size_t offset
)
807 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
810 static int32_t read_s32(uint8_t *data
, size_t offset
)
812 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
813 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
816 static uint32_t read_u32(uint8_t *data
, size_t offset
)
818 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
819 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
823 static ssize_t
vnc_tls_push(gnutls_transport_ptr_t transport
,
826 struct VncState
*vs
= (struct VncState
*)transport
;
830 ret
= send(vs
->csock
, data
, len
, 0);
840 static ssize_t
vnc_tls_pull(gnutls_transport_ptr_t transport
,
843 struct VncState
*vs
= (struct VncState
*)transport
;
847 ret
= recv(vs
->csock
, data
, len
, 0);
855 #endif /* CONFIG_VNC_TLS */
857 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
861 static void check_pointer_type_change(VncState
*vs
, int absolute
)
863 if (vs
->has_pointer_type_change
&& vs
->absolute
!= absolute
) {
866 vnc_write_u16(vs
, 1);
867 vnc_framebuffer_update(vs
, absolute
, 0,
868 vs
->ds
->width
, vs
->ds
->height
, -257);
871 vs
->absolute
= absolute
;
874 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
879 if (button_mask
& 0x01)
880 buttons
|= MOUSE_EVENT_LBUTTON
;
881 if (button_mask
& 0x02)
882 buttons
|= MOUSE_EVENT_MBUTTON
;
883 if (button_mask
& 0x04)
884 buttons
|= MOUSE_EVENT_RBUTTON
;
885 if (button_mask
& 0x08)
887 if (button_mask
& 0x10)
891 kbd_mouse_event(x
* 0x7FFF / vs
->ds
->width
,
892 y
* 0x7FFF / vs
->ds
->height
,
894 } else if (vs
->has_pointer_type_change
) {
898 kbd_mouse_event(x
, y
, dz
, buttons
);
900 if (vs
->last_x
!= -1)
901 kbd_mouse_event(x
- vs
->last_x
,
908 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
911 static void reset_keys(VncState
*vs
)
914 for(i
= 0; i
< 256; i
++) {
915 if (vs
->modifiers_state
[i
]) {
917 kbd_put_keycode(0xe0);
918 kbd_put_keycode(i
| 0x80);
919 vs
->modifiers_state
[i
] = 0;
924 static void press_key(VncState
*vs
, int keysym
)
926 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) & 0x7f);
927 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) | 0x80);
930 static void do_key_event(VncState
*vs
, int down
, uint32_t sym
)
934 keycode
= keysym2scancode(vs
->kbd_layout
, sym
& 0xFFFF);
936 /* QEMU console switch */
938 case 0x2a: /* Left Shift */
939 case 0x36: /* Right Shift */
940 case 0x1d: /* Left CTRL */
941 case 0x9d: /* Right CTRL */
942 case 0x38: /* Left ALT */
943 case 0xb8: /* Right ALT */
945 vs
->modifiers_state
[keycode
] = 1;
947 vs
->modifiers_state
[keycode
] = 0;
949 case 0x02 ... 0x0a: /* '1' to '9' keys */
950 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
951 /* Reset the modifiers sent to the current console */
953 console_select(keycode
- 0x02);
957 case 0x45: /* NumLock */
959 vs
->modifiers_state
[keycode
] ^= 1;
963 if (keycode_is_keypad(vs
->kbd_layout
, keycode
)) {
964 /* If the numlock state needs to change then simulate an additional
965 keypress before sending this one. This will happen if the user
966 toggles numlock away from the VNC window.
968 if (keysym_is_numlock(vs
->kbd_layout
, sym
& 0xFFFF)) {
969 if (!vs
->modifiers_state
[0x45]) {
970 vs
->modifiers_state
[0x45] = 1;
971 press_key(vs
, 0xff7f);
974 if (vs
->modifiers_state
[0x45]) {
975 vs
->modifiers_state
[0x45] = 0;
976 press_key(vs
, 0xff7f);
981 if (is_graphic_console()) {
983 kbd_put_keycode(0xe0);
985 kbd_put_keycode(keycode
& 0x7f);
987 kbd_put_keycode(keycode
| 0x80);
989 /* QEMU console emulation */
992 case 0x2a: /* Left Shift */
993 case 0x36: /* Right Shift */
994 case 0x1d: /* Left CTRL */
995 case 0x9d: /* Right CTRL */
996 case 0x38: /* Left ALT */
997 case 0xb8: /* Right ALT */
1000 kbd_put_keysym(QEMU_KEY_UP
);
1003 kbd_put_keysym(QEMU_KEY_DOWN
);
1006 kbd_put_keysym(QEMU_KEY_LEFT
);
1009 kbd_put_keysym(QEMU_KEY_RIGHT
);
1012 kbd_put_keysym(QEMU_KEY_DELETE
);
1015 kbd_put_keysym(QEMU_KEY_HOME
);
1018 kbd_put_keysym(QEMU_KEY_END
);
1021 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1024 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1027 kbd_put_keysym(sym
);
1034 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1036 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1037 sym
= sym
- 'A' + 'a';
1038 do_key_event(vs
, down
, sym
);
1041 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1042 int x_position
, int y_position
,
1045 if (x_position
> vs
->ds
->width
)
1046 x_position
= vs
->ds
->width
;
1047 if (y_position
> vs
->ds
->height
)
1048 y_position
= vs
->ds
->height
;
1049 if (x_position
+ w
>= vs
->ds
->width
)
1050 w
= vs
->ds
->width
- x_position
;
1051 if (y_position
+ h
>= vs
->ds
->height
)
1052 h
= vs
->ds
->height
- y_position
;
1055 vs
->need_update
= 1;
1057 char *old_row
= vs
->old_data
+ y_position
* vs
->ds
->linesize
;
1059 for (i
= 0; i
< h
; i
++) {
1060 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1061 (vs
->ds
->width
/ 16), VNC_DIRTY_WORDS
);
1062 memset(old_row
, 42, vs
->ds
->width
* vs
->depth
);
1063 old_row
+= vs
->ds
->linesize
;
1068 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1072 vs
->has_hextile
= 0;
1074 vs
->has_pointer_type_change
= 0;
1076 vs
->ds
->dpy_copy
= NULL
;
1078 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1079 switch (encodings
[i
]) {
1081 vs
->has_hextile
= 0;
1083 case 1: /* CopyRect */
1084 vs
->ds
->dpy_copy
= vnc_copy
;
1086 case 5: /* Hextile */
1087 vs
->has_hextile
= 1;
1089 case -223: /* DesktopResize */
1093 vs
->has_pointer_type_change
= 1;
1100 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1103 static int compute_nbits(unsigned int val
)
1114 static void set_pixel_format(VncState
*vs
,
1115 int bits_per_pixel
, int depth
,
1116 int big_endian_flag
, int true_color_flag
,
1117 int red_max
, int green_max
, int blue_max
,
1118 int red_shift
, int green_shift
, int blue_shift
)
1120 int host_big_endian_flag
;
1122 #ifdef WORDS_BIGENDIAN
1123 host_big_endian_flag
= 1;
1125 host_big_endian_flag
= 0;
1127 if (!true_color_flag
) {
1129 vnc_client_error(vs
);
1132 if (bits_per_pixel
== 32 &&
1133 host_big_endian_flag
== big_endian_flag
&&
1134 red_max
== 0xff && green_max
== 0xff && blue_max
== 0xff &&
1135 red_shift
== 16 && green_shift
== 8 && blue_shift
== 0) {
1137 vs
->write_pixels
= vnc_write_pixels_copy
;
1138 vs
->send_hextile_tile
= send_hextile_tile_32
;
1140 if (bits_per_pixel
== 16 &&
1141 host_big_endian_flag
== big_endian_flag
&&
1142 red_max
== 31 && green_max
== 63 && blue_max
== 31 &&
1143 red_shift
== 11 && green_shift
== 5 && blue_shift
== 0) {
1145 vs
->write_pixels
= vnc_write_pixels_copy
;
1146 vs
->send_hextile_tile
= send_hextile_tile_16
;
1148 if (bits_per_pixel
== 8 &&
1149 red_max
== 7 && green_max
== 7 && blue_max
== 3 &&
1150 red_shift
== 5 && green_shift
== 2 && blue_shift
== 0) {
1152 vs
->write_pixels
= vnc_write_pixels_copy
;
1153 vs
->send_hextile_tile
= send_hextile_tile_8
;
1156 /* generic and slower case */
1157 if (bits_per_pixel
!= 8 &&
1158 bits_per_pixel
!= 16 &&
1159 bits_per_pixel
!= 32)
1162 vs
->red_shift
= red_shift
;
1163 vs
->red_max
= red_max
;
1164 vs
->red_shift1
= 24 - compute_nbits(red_max
);
1165 vs
->green_shift
= green_shift
;
1166 vs
->green_max
= green_max
;
1167 vs
->green_shift1
= 16 - compute_nbits(green_max
);
1168 vs
->blue_shift
= blue_shift
;
1169 vs
->blue_max
= blue_max
;
1170 vs
->blue_shift1
= 8 - compute_nbits(blue_max
);
1171 vs
->pix_bpp
= bits_per_pixel
/ 8;
1172 vs
->pix_big_endian
= big_endian_flag
;
1173 vs
->write_pixels
= vnc_write_pixels_generic
;
1174 vs
->send_hextile_tile
= send_hextile_tile_generic
;
1177 vnc_dpy_resize(vs
->ds
, vs
->ds
->width
, vs
->ds
->height
);
1178 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1179 memset(vs
->old_data
, 42, vs
->ds
->linesize
* vs
->ds
->height
);
1181 vga_hw_invalidate();
1185 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1195 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1196 read_u8(data
, 6), read_u8(data
, 7),
1197 read_u16(data
, 8), read_u16(data
, 10),
1198 read_u16(data
, 12), read_u8(data
, 14),
1199 read_u8(data
, 15), read_u8(data
, 16));
1206 return 4 + (read_u16(data
, 2) * 4);
1208 limit
= read_u16(data
, 2);
1209 for (i
= 0; i
< limit
; i
++) {
1210 int32_t val
= read_s32(data
, 4 + (i
* 4));
1211 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1214 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1220 framebuffer_update_request(vs
,
1221 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1222 read_u16(data
, 6), read_u16(data
, 8));
1228 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1234 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1241 uint32_t dlen
= read_u32(data
, 4);
1246 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1249 printf("Msg: %d\n", data
[0]);
1250 vnc_client_error(vs
);
1254 vnc_read_when(vs
, protocol_client_msg
, 1);
1258 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1260 char pad
[3] = { 0, 0, 0 };
1264 vs
->width
= vs
->ds
->width
;
1265 vs
->height
= vs
->ds
->height
;
1266 vnc_write_u16(vs
, vs
->ds
->width
);
1267 vnc_write_u16(vs
, vs
->ds
->height
);
1269 vnc_write_u8(vs
, vs
->depth
* 8); /* bits-per-pixel */
1270 vnc_write_u8(vs
, vs
->depth
* 8); /* depth */
1271 #ifdef WORDS_BIGENDIAN
1272 vnc_write_u8(vs
, 1); /* big-endian-flag */
1274 vnc_write_u8(vs
, 0); /* big-endian-flag */
1276 vnc_write_u8(vs
, 1); /* true-color-flag */
1277 if (vs
->depth
== 4) {
1278 vnc_write_u16(vs
, 0xFF); /* red-max */
1279 vnc_write_u16(vs
, 0xFF); /* green-max */
1280 vnc_write_u16(vs
, 0xFF); /* blue-max */
1281 vnc_write_u8(vs
, 16); /* red-shift */
1282 vnc_write_u8(vs
, 8); /* green-shift */
1283 vnc_write_u8(vs
, 0); /* blue-shift */
1284 vs
->send_hextile_tile
= send_hextile_tile_32
;
1285 } else if (vs
->depth
== 2) {
1286 vnc_write_u16(vs
, 31); /* red-max */
1287 vnc_write_u16(vs
, 63); /* green-max */
1288 vnc_write_u16(vs
, 31); /* blue-max */
1289 vnc_write_u8(vs
, 11); /* red-shift */
1290 vnc_write_u8(vs
, 5); /* green-shift */
1291 vnc_write_u8(vs
, 0); /* blue-shift */
1292 vs
->send_hextile_tile
= send_hextile_tile_16
;
1293 } else if (vs
->depth
== 1) {
1294 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1295 vnc_write_u16(vs
, 7); /* red-max */
1296 vnc_write_u16(vs
, 7); /* green-max */
1297 vnc_write_u16(vs
, 3); /* blue-max */
1298 vnc_write_u8(vs
, 5); /* red-shift */
1299 vnc_write_u8(vs
, 2); /* green-shift */
1300 vnc_write_u8(vs
, 0); /* blue-shift */
1301 vs
->send_hextile_tile
= send_hextile_tile_8
;
1303 vs
->write_pixels
= vnc_write_pixels_copy
;
1305 vnc_write(vs
, pad
, 3); /* padding */
1308 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1310 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1312 vnc_write_u32(vs
, size
);
1313 vnc_write(vs
, buf
, size
);
1316 vnc_read_when(vs
, protocol_client_msg
, 1);
1321 static void make_challenge(VncState
*vs
)
1325 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1327 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1328 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1331 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1333 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1335 unsigned char key
[8];
1337 if (!vs
->password
|| !vs
->password
[0]) {
1338 VNC_DEBUG("No password configured on server");
1339 vnc_write_u32(vs
, 1); /* Reject auth */
1340 if (vs
->minor
>= 8) {
1341 static const char err
[] = "Authentication failed";
1342 vnc_write_u32(vs
, sizeof(err
));
1343 vnc_write(vs
, err
, sizeof(err
));
1346 vnc_client_error(vs
);
1350 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1352 /* Calculate the expected challenge response */
1353 pwlen
= strlen(vs
->password
);
1354 for (i
=0; i
<sizeof(key
); i
++)
1355 key
[i
] = i
<pwlen
? vs
->password
[i
] : 0;
1357 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1358 des(response
+j
, response
+j
);
1360 /* Compare expected vs actual challenge response */
1361 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1362 VNC_DEBUG("Client challenge reponse did not match\n");
1363 vnc_write_u32(vs
, 1); /* Reject auth */
1364 if (vs
->minor
>= 8) {
1365 static const char err
[] = "Authentication failed";
1366 vnc_write_u32(vs
, sizeof(err
));
1367 vnc_write(vs
, err
, sizeof(err
));
1370 vnc_client_error(vs
);
1372 VNC_DEBUG("Accepting VNC challenge response\n");
1373 vnc_write_u32(vs
, 0); /* Accept auth */
1376 vnc_read_when(vs
, protocol_client_init
, 1);
1381 static int start_auth_vnc(VncState
*vs
)
1384 /* Send client a 'random' challenge */
1385 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1388 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1394 #define DH_BITS 1024
1395 static gnutls_dh_params_t dh_params
;
1397 static int vnc_tls_initialize(void)
1399 static int tlsinitialized
= 0;
1404 if (gnutls_global_init () < 0)
1407 /* XXX ought to re-generate diffie-hellmen params periodically */
1408 if (gnutls_dh_params_init (&dh_params
) < 0)
1410 if (gnutls_dh_params_generate2 (dh_params
, DH_BITS
) < 0)
1414 gnutls_global_set_log_level(10);
1415 gnutls_global_set_log_function(vnc_debug_gnutls_log
);
1423 static gnutls_anon_server_credentials
vnc_tls_initialize_anon_cred(void)
1425 gnutls_anon_server_credentials anon_cred
;
1428 if ((ret
= gnutls_anon_allocate_server_credentials(&anon_cred
)) < 0) {
1429 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1433 gnutls_anon_set_server_dh_params(anon_cred
, dh_params
);
1439 static gnutls_certificate_credentials_t
vnc_tls_initialize_x509_cred(VncState
*vs
)
1441 gnutls_certificate_credentials_t x509_cred
;
1444 if (!vs
->x509cacert
) {
1445 VNC_DEBUG("No CA x509 certificate specified\n");
1448 if (!vs
->x509cert
) {
1449 VNC_DEBUG("No server x509 certificate specified\n");
1453 VNC_DEBUG("No server private key specified\n");
1457 if ((ret
= gnutls_certificate_allocate_credentials(&x509_cred
)) < 0) {
1458 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1461 if ((ret
= gnutls_certificate_set_x509_trust_file(x509_cred
,
1463 GNUTLS_X509_FMT_PEM
)) < 0) {
1464 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret
));
1465 gnutls_certificate_free_credentials(x509_cred
);
1469 if ((ret
= gnutls_certificate_set_x509_key_file (x509_cred
,
1472 GNUTLS_X509_FMT_PEM
)) < 0) {
1473 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret
));
1474 gnutls_certificate_free_credentials(x509_cred
);
1478 if (vs
->x509cacrl
) {
1479 if ((ret
= gnutls_certificate_set_x509_crl_file(x509_cred
,
1481 GNUTLS_X509_FMT_PEM
)) < 0) {
1482 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret
));
1483 gnutls_certificate_free_credentials(x509_cred
);
1488 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
1493 static int vnc_validate_certificate(struct VncState
*vs
)
1496 unsigned int status
;
1497 const gnutls_datum_t
*certs
;
1498 unsigned int nCerts
, i
;
1501 VNC_DEBUG("Validating client certificate\n");
1502 if ((ret
= gnutls_certificate_verify_peers2 (vs
->tls_session
, &status
)) < 0) {
1503 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret
));
1507 if ((now
= time(NULL
)) == ((time_t)-1)) {
1512 if (status
& GNUTLS_CERT_INVALID
)
1513 VNC_DEBUG("The certificate is not trusted.\n");
1515 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
1516 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1518 if (status
& GNUTLS_CERT_REVOKED
)
1519 VNC_DEBUG("The certificate has been revoked.\n");
1521 if (status
& GNUTLS_CERT_INSECURE_ALGORITHM
)
1522 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1526 VNC_DEBUG("Certificate is valid!\n");
1529 /* Only support x509 for now */
1530 if (gnutls_certificate_type_get(vs
->tls_session
) != GNUTLS_CRT_X509
)
1533 if (!(certs
= gnutls_certificate_get_peers(vs
->tls_session
, &nCerts
)))
1536 for (i
= 0 ; i
< nCerts
; i
++) {
1537 gnutls_x509_crt_t cert
;
1538 VNC_DEBUG ("Checking certificate chain %d\n", i
);
1539 if (gnutls_x509_crt_init (&cert
) < 0)
1542 if (gnutls_x509_crt_import(cert
, &certs
[i
], GNUTLS_X509_FMT_DER
) < 0) {
1543 gnutls_x509_crt_deinit (cert
);
1547 if (gnutls_x509_crt_get_expiration_time (cert
) < now
) {
1548 VNC_DEBUG("The certificate has expired\n");
1549 gnutls_x509_crt_deinit (cert
);
1553 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1554 VNC_DEBUG("The certificate is not yet activated\n");
1555 gnutls_x509_crt_deinit (cert
);
1559 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1560 VNC_DEBUG("The certificate is not yet activated\n");
1561 gnutls_x509_crt_deinit (cert
);
1565 gnutls_x509_crt_deinit (cert
);
1572 static int start_auth_vencrypt_subauth(VncState
*vs
)
1574 switch (vs
->subauth
) {
1575 case VNC_AUTH_VENCRYPT_TLSNONE
:
1576 case VNC_AUTH_VENCRYPT_X509NONE
:
1577 VNC_DEBUG("Accept TLS auth none\n");
1578 vnc_write_u32(vs
, 0); /* Accept auth completion */
1579 vnc_read_when(vs
, protocol_client_init
, 1);
1582 case VNC_AUTH_VENCRYPT_TLSVNC
:
1583 case VNC_AUTH_VENCRYPT_X509VNC
:
1584 VNC_DEBUG("Start TLS auth VNC\n");
1585 return start_auth_vnc(vs
);
1587 default: /* Should not be possible, but just in case */
1588 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1589 vnc_write_u8(vs
, 1);
1590 if (vs
->minor
>= 8) {
1591 static const char err
[] = "Unsupported authentication type";
1592 vnc_write_u32(vs
, sizeof(err
));
1593 vnc_write(vs
, err
, sizeof(err
));
1595 vnc_client_error(vs
);
1601 static void vnc_handshake_io(void *opaque
);
1603 static int vnc_continue_handshake(struct VncState
*vs
) {
1606 if ((ret
= gnutls_handshake(vs
->tls_session
)) < 0) {
1607 if (!gnutls_error_is_fatal(ret
)) {
1608 VNC_DEBUG("Handshake interrupted (blocking)\n");
1609 if (!gnutls_record_get_direction(vs
->tls_session
))
1610 qemu_set_fd_handler(vs
->csock
, vnc_handshake_io
, NULL
, vs
);
1612 qemu_set_fd_handler(vs
->csock
, NULL
, vnc_handshake_io
, vs
);
1615 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
1616 vnc_client_error(vs
);
1620 if (vs
->x509verify
) {
1621 if (vnc_validate_certificate(vs
) < 0) {
1622 VNC_DEBUG("Client verification failed\n");
1623 vnc_client_error(vs
);
1626 VNC_DEBUG("Client verification passed\n");
1630 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1631 vs
->wiremode
= VNC_WIREMODE_TLS
;
1632 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1634 return start_auth_vencrypt_subauth(vs
);
1637 static void vnc_handshake_io(void *opaque
) {
1638 struct VncState
*vs
= (struct VncState
*)opaque
;
1640 VNC_DEBUG("Handshake IO continue\n");
1641 vnc_continue_handshake(vs
);
1644 #define NEED_X509_AUTH(vs) \
1645 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1646 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1647 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1650 static int vnc_start_tls(struct VncState
*vs
) {
1651 static const int cert_type_priority
[] = { GNUTLS_CRT_X509
, 0 };
1652 static const int protocol_priority
[]= { GNUTLS_TLS1_1
, GNUTLS_TLS1_0
, GNUTLS_SSL3
, 0 };
1653 static const int kx_anon
[] = {GNUTLS_KX_ANON_DH
, 0};
1654 static const int kx_x509
[] = {GNUTLS_KX_DHE_DSS
, GNUTLS_KX_RSA
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_SRP
, 0};
1656 VNC_DEBUG("Do TLS setup\n");
1657 if (vnc_tls_initialize() < 0) {
1658 VNC_DEBUG("Failed to init TLS\n");
1659 vnc_client_error(vs
);
1662 if (vs
->tls_session
== NULL
) {
1663 if (gnutls_init(&vs
->tls_session
, GNUTLS_SERVER
) < 0) {
1664 vnc_client_error(vs
);
1668 if (gnutls_set_default_priority(vs
->tls_session
) < 0) {
1669 gnutls_deinit(vs
->tls_session
);
1670 vs
->tls_session
= NULL
;
1671 vnc_client_error(vs
);
1675 if (gnutls_kx_set_priority(vs
->tls_session
, NEED_X509_AUTH(vs
) ? kx_x509
: kx_anon
) < 0) {
1676 gnutls_deinit(vs
->tls_session
);
1677 vs
->tls_session
= NULL
;
1678 vnc_client_error(vs
);
1682 if (gnutls_certificate_type_set_priority(vs
->tls_session
, cert_type_priority
) < 0) {
1683 gnutls_deinit(vs
->tls_session
);
1684 vs
->tls_session
= NULL
;
1685 vnc_client_error(vs
);
1689 if (gnutls_protocol_set_priority(vs
->tls_session
, protocol_priority
) < 0) {
1690 gnutls_deinit(vs
->tls_session
);
1691 vs
->tls_session
= NULL
;
1692 vnc_client_error(vs
);
1696 if (NEED_X509_AUTH(vs
)) {
1697 gnutls_certificate_server_credentials x509_cred
= vnc_tls_initialize_x509_cred(vs
);
1699 gnutls_deinit(vs
->tls_session
);
1700 vs
->tls_session
= NULL
;
1701 vnc_client_error(vs
);
1704 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
) < 0) {
1705 gnutls_deinit(vs
->tls_session
);
1706 vs
->tls_session
= NULL
;
1707 gnutls_certificate_free_credentials(x509_cred
);
1708 vnc_client_error(vs
);
1711 if (vs
->x509verify
) {
1712 VNC_DEBUG("Requesting a client certificate\n");
1713 gnutls_certificate_server_set_request (vs
->tls_session
, GNUTLS_CERT_REQUEST
);
1717 gnutls_anon_server_credentials anon_cred
= vnc_tls_initialize_anon_cred();
1719 gnutls_deinit(vs
->tls_session
);
1720 vs
->tls_session
= NULL
;
1721 vnc_client_error(vs
);
1724 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_ANON
, anon_cred
) < 0) {
1725 gnutls_deinit(vs
->tls_session
);
1726 vs
->tls_session
= NULL
;
1727 gnutls_anon_free_server_credentials(anon_cred
);
1728 vnc_client_error(vs
);
1733 gnutls_transport_set_ptr(vs
->tls_session
, (gnutls_transport_ptr_t
)vs
);
1734 gnutls_transport_set_push_function(vs
->tls_session
, vnc_tls_push
);
1735 gnutls_transport_set_pull_function(vs
->tls_session
, vnc_tls_pull
);
1738 VNC_DEBUG("Start TLS handshake process\n");
1739 return vnc_continue_handshake(vs
);
1742 static int protocol_client_vencrypt_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1744 int auth
= read_u32(data
, 0);
1746 if (auth
!= vs
->subauth
) {
1747 VNC_DEBUG("Rejecting auth %d\n", auth
);
1748 vnc_write_u8(vs
, 0); /* Reject auth */
1750 vnc_client_error(vs
);
1752 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth
);
1753 vnc_write_u8(vs
, 1); /* Accept auth */
1756 if (vnc_start_tls(vs
) < 0) {
1757 VNC_DEBUG("Failed to complete TLS\n");
1761 if (vs
->wiremode
== VNC_WIREMODE_TLS
) {
1762 VNC_DEBUG("Starting VeNCrypt subauth\n");
1763 return start_auth_vencrypt_subauth(vs
);
1765 VNC_DEBUG("TLS handshake blocked\n");
1772 static int protocol_client_vencrypt_init(VncState
*vs
, uint8_t *data
, size_t len
)
1776 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data
[0], (int)data
[1]);
1777 vnc_write_u8(vs
, 1); /* Reject version */
1779 vnc_client_error(vs
);
1781 VNC_DEBUG("Sending allowed auth %d\n", vs
->subauth
);
1782 vnc_write_u8(vs
, 0); /* Accept version */
1783 vnc_write_u8(vs
, 1); /* Number of sub-auths */
1784 vnc_write_u32(vs
, vs
->subauth
); /* The supported auth */
1786 vnc_read_when(vs
, protocol_client_vencrypt_auth
, 4);
1791 static int start_auth_vencrypt(VncState
*vs
)
1793 /* Send VeNCrypt version 0.2 */
1794 vnc_write_u8(vs
, 0);
1795 vnc_write_u8(vs
, 2);
1797 vnc_read_when(vs
, protocol_client_vencrypt_init
, 2);
1800 #endif /* CONFIG_VNC_TLS */
1802 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1804 /* We only advertise 1 auth scheme at a time, so client
1805 * must pick the one we sent. Verify this */
1806 if (data
[0] != vs
->auth
) { /* Reject auth */
1807 VNC_DEBUG("Reject auth %d\n", (int)data
[0]);
1808 vnc_write_u32(vs
, 1);
1809 if (vs
->minor
>= 8) {
1810 static const char err
[] = "Authentication failed";
1811 vnc_write_u32(vs
, sizeof(err
));
1812 vnc_write(vs
, err
, sizeof(err
));
1814 vnc_client_error(vs
);
1815 } else { /* Accept requested auth */
1816 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1819 VNC_DEBUG("Accept auth none\n");
1820 if (vs
->minor
>= 8) {
1821 vnc_write_u32(vs
, 0); /* Accept auth completion */
1824 vnc_read_when(vs
, protocol_client_init
, 1);
1828 VNC_DEBUG("Start VNC auth\n");
1829 return start_auth_vnc(vs
);
1832 case VNC_AUTH_VENCRYPT
:
1833 VNC_DEBUG("Accept VeNCrypt auth\n");;
1834 return start_auth_vencrypt(vs
);
1835 #endif /* CONFIG_VNC_TLS */
1837 default: /* Should not be possible, but just in case */
1838 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1839 vnc_write_u8(vs
, 1);
1840 if (vs
->minor
>= 8) {
1841 static const char err
[] = "Authentication failed";
1842 vnc_write_u32(vs
, sizeof(err
));
1843 vnc_write(vs
, err
, sizeof(err
));
1845 vnc_client_error(vs
);
1851 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1855 memcpy(local
, version
, 12);
1858 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1859 VNC_DEBUG("Malformed protocol version %s\n", local
);
1860 vnc_client_error(vs
);
1863 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1864 if (vs
->major
!= 3 ||
1870 VNC_DEBUG("Unsupported client version\n");
1871 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1873 vnc_client_error(vs
);
1876 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1877 * as equivalent to v3.3 by servers
1879 if (vs
->minor
== 4 || vs
->minor
== 5)
1882 if (vs
->minor
== 3) {
1883 if (vs
->auth
== VNC_AUTH_NONE
) {
1884 VNC_DEBUG("Tell client auth none\n");
1885 vnc_write_u32(vs
, vs
->auth
);
1887 vnc_read_when(vs
, protocol_client_init
, 1);
1888 } else if (vs
->auth
== VNC_AUTH_VNC
) {
1889 VNC_DEBUG("Tell client VNC auth\n");
1890 vnc_write_u32(vs
, vs
->auth
);
1894 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
1895 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1897 vnc_client_error(vs
);
1900 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
1901 vnc_write_u8(vs
, 1); /* num auth */
1902 vnc_write_u8(vs
, vs
->auth
);
1903 vnc_read_when(vs
, protocol_client_auth
, 1);
1910 static void vnc_listen_read(void *opaque
)
1912 VncState
*vs
= opaque
;
1913 struct sockaddr_in addr
;
1914 socklen_t addrlen
= sizeof(addr
);
1916 vs
->csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
1917 if (vs
->csock
!= -1) {
1918 VNC_DEBUG("New client on socket %d\n", vs
->csock
);
1919 socket_set_nonblock(vs
->csock
);
1920 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, opaque
);
1921 vnc_write(vs
, "RFB 003.008\n", 12);
1923 vnc_read_when(vs
, protocol_version
, 12);
1924 memset(vs
->old_data
, 0, vs
->ds
->linesize
* vs
->ds
->height
);
1925 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1927 vs
->has_hextile
= 0;
1928 vs
->ds
->dpy_copy
= NULL
;
1932 extern int parse_host_port(struct sockaddr_in
*saddr
, const char *str
);
1934 void vnc_display_init(DisplayState
*ds
)
1938 vs
= qemu_mallocz(sizeof(VncState
));
1945 vs
->password
= NULL
;
1955 if (!keyboard_layout
)
1956 keyboard_layout
= "en-us";
1958 vs
->kbd_layout
= init_keyboard_layout(keyboard_layout
);
1959 if (!vs
->kbd_layout
)
1962 vs
->ds
->data
= NULL
;
1963 vs
->ds
->dpy_update
= vnc_dpy_update
;
1964 vs
->ds
->dpy_resize
= vnc_dpy_resize
;
1965 vs
->ds
->dpy_refresh
= vnc_dpy_refresh
;
1967 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1969 vnc_dpy_resize(vs
->ds
, 640, 400);
1973 static int vnc_set_x509_credential(VncState
*vs
,
1974 const char *certdir
,
1975 const char *filename
,
1986 if (!(*cred
= qemu_malloc(strlen(certdir
) + strlen(filename
) + 2)))
1989 strcpy(*cred
, certdir
);
1991 strcat(*cred
, filename
);
1993 VNC_DEBUG("Check %s\n", *cred
);
1994 if (stat(*cred
, &sb
) < 0) {
1997 if (ignoreMissing
&& errno
== ENOENT
)
2005 static int vnc_set_x509_credential_dir(VncState
*vs
,
2006 const char *certdir
)
2008 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CERT_FILE
, &vs
->x509cacert
, 0) < 0)
2010 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CRL_FILE
, &vs
->x509cacrl
, 1) < 0)
2012 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_CERT_FILE
, &vs
->x509cert
, 0) < 0)
2014 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_KEY_FILE
, &vs
->x509key
, 0) < 0)
2020 qemu_free(vs
->x509cacert
);
2021 qemu_free(vs
->x509cacrl
);
2022 qemu_free(vs
->x509cert
);
2023 qemu_free(vs
->x509key
);
2024 vs
->x509cacert
= vs
->x509cacrl
= vs
->x509cert
= vs
->x509key
= NULL
;
2027 #endif /* CONFIG_VNC_TLS */
2029 void vnc_display_close(DisplayState
*ds
)
2031 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2034 qemu_free(vs
->display
);
2037 if (vs
->lsock
!= -1) {
2038 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2042 if (vs
->csock
!= -1) {
2043 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
2044 closesocket(vs
->csock
);
2046 buffer_reset(&vs
->input
);
2047 buffer_reset(&vs
->output
);
2048 vs
->need_update
= 0;
2050 if (vs
->tls_session
) {
2051 gnutls_deinit(vs
->tls_session
);
2052 vs
->tls_session
= NULL
;
2054 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
2055 #endif /* CONFIG_VNC_TLS */
2057 vs
->auth
= VNC_AUTH_INVALID
;
2059 vs
->subauth
= VNC_AUTH_INVALID
;
2064 int vnc_display_password(DisplayState
*ds
, const char *password
)
2066 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2069 qemu_free(vs
->password
);
2070 vs
->password
= NULL
;
2072 if (password
&& password
[0]) {
2073 if (!(vs
->password
= qemu_strdup(password
)))
2080 int vnc_display_open(DisplayState
*ds
, const char *display
)
2082 struct sockaddr
*addr
;
2083 struct sockaddr_in iaddr
;
2085 struct sockaddr_un uaddr
;
2087 int reuse_addr
, ret
;
2090 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2091 const char *options
;
2094 int tls
= 0, x509
= 0;
2097 vnc_display_close(ds
);
2098 if (strcmp(display
, "none") == 0)
2101 if (!(vs
->display
= strdup(display
)))
2105 while ((options
= strchr(options
, ','))) {
2107 if (strncmp(options
, "password", 8) == 0) {
2108 password
= 1; /* Require password auth */
2110 } else if (strncmp(options
, "tls", 3) == 0) {
2111 tls
= 1; /* Require TLS */
2112 } else if (strncmp(options
, "x509", 4) == 0) {
2114 x509
= 1; /* Require x509 certificates */
2115 if (strncmp(options
, "x509verify", 10) == 0)
2116 vs
->x509verify
= 1; /* ...and verify client certs */
2118 /* Now check for 'x509=/some/path' postfix
2119 * and use that to setup x509 certificate/key paths */
2120 start
= strchr(options
, '=');
2121 end
= strchr(options
, ',');
2122 if (start
&& (!end
|| (start
< end
))) {
2123 int len
= end
? end
-(start
+1) : strlen(start
+1);
2124 char *path
= qemu_malloc(len
+1);
2125 strncpy(path
, start
+1, len
);
2127 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2128 if (vnc_set_x509_credential_dir(vs
, path
) < 0) {
2129 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2131 qemu_free(vs
->display
);
2137 fprintf(stderr
, "No certificate path provided\n");
2138 qemu_free(vs
->display
);
2149 vs
->auth
= VNC_AUTH_VENCRYPT
;
2151 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2152 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2154 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2155 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2159 VNC_DEBUG("Initializing VNC server with password auth\n");
2160 vs
->auth
= VNC_AUTH_VNC
;
2162 vs
->subauth
= VNC_AUTH_INVALID
;
2168 vs
->auth
= VNC_AUTH_VENCRYPT
;
2170 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2171 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2173 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2174 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2178 VNC_DEBUG("Initializing VNC server with no auth\n");
2179 vs
->auth
= VNC_AUTH_NONE
;
2181 vs
->subauth
= VNC_AUTH_INVALID
;
2186 if (strstart(display
, "unix:", &p
)) {
2187 addr
= (struct sockaddr
*)&uaddr
;
2188 addrlen
= sizeof(uaddr
);
2190 vs
->lsock
= socket(PF_UNIX
, SOCK_STREAM
, 0);
2191 if (vs
->lsock
== -1) {
2192 fprintf(stderr
, "Could not create socket\n");
2198 uaddr
.sun_family
= AF_UNIX
;
2199 memset(uaddr
.sun_path
, 0, 108);
2200 snprintf(uaddr
.sun_path
, 108, "%s", p
);
2202 unlink(uaddr
.sun_path
);
2206 addr
= (struct sockaddr
*)&iaddr
;
2207 addrlen
= sizeof(iaddr
);
2209 if (parse_host_port(&iaddr
, display
) < 0) {
2210 fprintf(stderr
, "Could not parse VNC address\n");
2216 iaddr
.sin_port
= htons(ntohs(iaddr
.sin_port
) + 5900);
2218 vs
->lsock
= socket(PF_INET
, SOCK_STREAM
, 0);
2219 if (vs
->lsock
== -1) {
2220 fprintf(stderr
, "Could not create socket\n");
2227 ret
= setsockopt(vs
->lsock
, SOL_SOCKET
, SO_REUSEADDR
,
2228 (const char *)&reuse_addr
, sizeof(reuse_addr
));
2230 fprintf(stderr
, "setsockopt() failed\n");
2239 if (bind(vs
->lsock
, addr
, addrlen
) == -1) {
2240 fprintf(stderr
, "bind() failed\n");
2248 if (listen(vs
->lsock
, 1) == -1) {
2249 fprintf(stderr
, "listen() failed\n");
2257 return qemu_set_fd_handler2(vs
->lsock
, vnc_listen_poll
, vnc_listen_read
, NULL
, vs
);