2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level
, const char* str
) {
51 VNC_DEBUG("%d %s", level
, str
);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState
;
68 typedef int VncReadEvent(VncState
*vs
, uint8_t *data
, size_t len
);
70 typedef void VncWritePixels(VncState
*vs
, void *data
, int size
);
72 typedef void VncSendHextileTile(VncState
*vs
,
73 int x
, int y
, int w
, int h
,
76 int *has_bg
, int *has_fg
);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT
= 19
103 VNC_AUTH_VENCRYPT_PLAIN
= 256,
104 VNC_AUTH_VENCRYPT_TLSNONE
= 257,
105 VNC_AUTH_VENCRYPT_TLSVNC
= 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN
= 259,
107 VNC_AUTH_VENCRYPT_X509NONE
= 260,
108 VNC_AUTH_VENCRYPT_X509VNC
= 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN
= 262,
112 #define X509_CA_CERT_FILE "ca-cert.pem"
113 #define X509_CA_CRL_FILE "ca-crl.pem"
114 #define X509_SERVER_KEY_FILE "server-key.pem"
115 #define X509_SERVER_CERT_FILE "server-cert.pem"
117 #endif /* CONFIG_VNC_TLS */
128 uint32_t dirty_row
[VNC_MAX_HEIGHT
][VNC_DIRTY_WORDS
];
130 int depth
; /* internal VNC frame buffer byte per pixel */
133 int has_pointer_type_change
;
144 #ifdef CONFIG_VNC_TLS
153 char challenge
[VNC_AUTH_CHALLENGE_SIZE
];
155 #ifdef CONFIG_VNC_TLS
157 gnutls_session_t tls_session
;
162 kbd_layout_t
*kbd_layout
;
163 /* current output mode information */
164 VncWritePixels
*write_pixels
;
165 VncSendHextileTile
*send_hextile_tile
;
166 int pix_bpp
, pix_big_endian
;
167 int red_shift
, red_max
, red_shift1
;
168 int green_shift
, green_max
, green_shift1
;
169 int blue_shift
, blue_max
, blue_shift1
;
171 VncReadEvent
*read_handler
;
172 size_t read_handler_expect
;
174 uint8_t modifiers_state
[256];
177 static VncState
*vnc_state
; /* needed for info vnc */
179 void do_info_vnc(void)
181 if (vnc_state
== NULL
)
182 term_printf("VNC server disabled\n");
184 term_printf("VNC server active on: ");
185 term_print_filename(vnc_state
->display
);
188 if (vnc_state
->csock
== -1)
189 term_printf("No client connected\n");
191 term_printf("Client connected\n");
196 1) Get the queue working for IO.
197 2) there is some weirdness when using the -S option (the screen is grey
198 and not totally invalidated
199 3) resolutions > 1024
202 static void vnc_write(VncState
*vs
, const void *data
, size_t len
);
203 static void vnc_write_u32(VncState
*vs
, uint32_t value
);
204 static void vnc_write_s32(VncState
*vs
, int32_t value
);
205 static void vnc_write_u16(VncState
*vs
, uint16_t value
);
206 static void vnc_write_u8(VncState
*vs
, uint8_t value
);
207 static void vnc_flush(VncState
*vs
);
208 static void vnc_update_client(void *opaque
);
209 static void vnc_client_read(void *opaque
);
211 static inline void vnc_set_bit(uint32_t *d
, int k
)
213 d
[k
>> 5] |= 1 << (k
& 0x1f);
216 static inline void vnc_clear_bit(uint32_t *d
, int k
)
218 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
221 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
231 d
[j
++] = (1 << n
) - 1;
236 static inline int vnc_get_bit(const uint32_t *d
, int k
)
238 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
241 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
245 for(i
= 0; i
< nb_words
; i
++) {
246 if ((d1
[i
] & d2
[i
]) != 0)
252 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
254 VncState
*vs
= ds
->opaque
;
259 /* round x down to ensure the loop only spans one 16-pixel block per,
260 iteration. otherwise, if (x % 16) != 0, the last iteration may span
261 two 16-pixel blocks but we only mark the first as dirty
266 x
= MIN(x
, vs
->width
);
267 y
= MIN(y
, vs
->height
);
268 w
= MIN(x
+ w
, vs
->width
) - x
;
269 h
= MIN(h
, vs
->height
);
272 for (i
= 0; i
< w
; i
+= 16)
273 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
276 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
279 vnc_write_u16(vs
, x
);
280 vnc_write_u16(vs
, y
);
281 vnc_write_u16(vs
, w
);
282 vnc_write_u16(vs
, h
);
284 vnc_write_s32(vs
, encoding
);
287 static void vnc_dpy_resize(DisplayState
*ds
, int w
, int h
)
290 VncState
*vs
= ds
->opaque
;
292 ds
->data
= qemu_realloc(ds
->data
, w
* h
* vs
->depth
);
293 vs
->old_data
= qemu_realloc(vs
->old_data
, w
* h
* vs
->depth
);
295 if (ds
->data
== NULL
|| vs
->old_data
== NULL
) {
296 fprintf(stderr
, "vnc: memory allocation failed\n");
300 if (ds
->depth
!= vs
->depth
* 8) {
301 ds
->depth
= vs
->depth
* 8;
302 console_color_init(ds
);
304 size_changed
= ds
->width
!= w
|| ds
->height
!= h
;
307 ds
->linesize
= w
* vs
->depth
;
309 vs
->width
= ds
->width
;
310 vs
->height
= ds
->height
;
311 if (vs
->csock
!= -1 && vs
->has_resize
) {
312 vnc_write_u8(vs
, 0); /* msg id */
314 vnc_write_u16(vs
, 1); /* number of rects */
315 vnc_framebuffer_update(vs
, 0, 0, ds
->width
, ds
->height
, -223);
320 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
321 memset(vs
->old_data
, 42, vs
->ds
->linesize
* vs
->ds
->height
);
325 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
327 vnc_write(vs
, pixels
, size
);
330 /* slowest but generic code. */
331 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
333 unsigned int r
, g
, b
;
335 r
= (v
>> vs
->red_shift1
) & vs
->red_max
;
336 g
= (v
>> vs
->green_shift1
) & vs
->green_max
;
337 b
= (v
>> vs
->blue_shift1
) & vs
->blue_max
;
338 v
= (r
<< vs
->red_shift
) |
339 (g
<< vs
->green_shift
) |
340 (b
<< vs
->blue_shift
);
341 switch(vs
->pix_bpp
) {
346 if (vs
->pix_big_endian
) {
356 if (vs
->pix_big_endian
) {
371 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
373 uint32_t *pixels
= pixels1
;
378 for(i
= 0; i
< n
; i
++) {
379 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
380 vnc_write(vs
, buf
, vs
->pix_bpp
);
384 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
389 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 0);
391 row
= vs
->ds
->data
+ y
* vs
->ds
->linesize
+ x
* vs
->depth
;
392 for (i
= 0; i
< h
; i
++) {
393 vs
->write_pixels(vs
, row
, w
* vs
->depth
);
394 row
+= vs
->ds
->linesize
;
398 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
400 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
401 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
405 #include "vnchextile.h"
409 #include "vnchextile.h"
413 #include "vnchextile.h"
418 #include "vnchextile.h"
422 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
426 uint32_t last_fg32
, last_bg32
;
428 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 5);
431 for (j
= y
; j
< (y
+ h
); j
+= 16) {
432 for (i
= x
; i
< (x
+ w
); i
+= 16) {
433 vs
->send_hextile_tile(vs
, i
, j
,
434 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
435 &last_bg32
, &last_fg32
, &has_bg
, &has_fg
);
440 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
443 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
445 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
448 static void vnc_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
455 int pitch
= ds
->linesize
;
456 VncState
*vs
= ds
->opaque
;
458 vnc_update_client(vs
);
465 src
= (ds
->linesize
* (src_y
+ y
) + vs
->depth
* src_x
);
466 dst
= (ds
->linesize
* (dst_y
+ y
) + vs
->depth
* dst_x
);
468 src_row
= ds
->data
+ src
;
469 dst_row
= ds
->data
+ dst
;
470 old_row
= vs
->old_data
+ dst
;
472 for (y
= 0; y
< h
; y
++) {
473 memmove(old_row
, src_row
, w
* vs
->depth
);
474 memmove(dst_row
, src_row
, w
* vs
->depth
);
480 vnc_write_u8(vs
, 0); /* msg id */
482 vnc_write_u16(vs
, 1); /* number of rects */
483 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, 1);
484 vnc_write_u16(vs
, src_x
);
485 vnc_write_u16(vs
, src_y
);
489 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
493 for (h
= 1; h
< (vs
->height
- y
); h
++) {
495 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
497 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
498 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
504 static void vnc_update_client(void *opaque
)
506 VncState
*vs
= opaque
;
508 if (vs
->need_update
&& vs
->csock
!= -1) {
512 uint32_t width_mask
[VNC_DIRTY_WORDS
];
519 vnc_set_bits(width_mask
, (vs
->width
/ 16), VNC_DIRTY_WORDS
);
521 /* Walk through the dirty map and eliminate tiles that
522 really aren't dirty */
524 old_row
= vs
->old_data
;
526 for (y
= 0; y
< vs
->height
; y
++) {
527 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
533 old_ptr
= (char*)old_row
;
535 for (x
= 0; x
< vs
->ds
->width
; x
+= 16) {
536 if (memcmp(old_ptr
, ptr
, 16 * vs
->depth
) == 0) {
537 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
540 memcpy(old_ptr
, ptr
, 16 * vs
->depth
);
543 ptr
+= 16 * vs
->depth
;
544 old_ptr
+= 16 * vs
->depth
;
548 row
+= vs
->ds
->linesize
;
549 old_row
+= vs
->ds
->linesize
;
553 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
557 /* Count rectangles */
559 vnc_write_u8(vs
, 0); /* msg id */
561 saved_offset
= vs
->output
.offset
;
562 vnc_write_u16(vs
, 0);
564 for (y
= 0; y
< vs
->height
; y
++) {
567 for (x
= 0; x
< vs
->width
/ 16; x
++) {
568 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
572 vnc_clear_bit(vs
->dirty_row
[y
], x
);
575 int h
= find_dirty_height(vs
, y
, last_x
, x
);
576 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
583 int h
= find_dirty_height(vs
, y
, last_x
, x
);
584 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
588 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
589 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
594 if (vs
->csock
!= -1) {
595 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
600 static int vnc_listen_poll(void *opaque
)
602 VncState
*vs
= opaque
;
608 static void buffer_reserve(Buffer
*buffer
, size_t len
)
610 if ((buffer
->capacity
- buffer
->offset
) < len
) {
611 buffer
->capacity
+= (len
+ 1024);
612 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
613 if (buffer
->buffer
== NULL
) {
614 fprintf(stderr
, "vnc: out of memory\n");
620 static int buffer_empty(Buffer
*buffer
)
622 return buffer
->offset
== 0;
625 static uint8_t *buffer_end(Buffer
*buffer
)
627 return buffer
->buffer
+ buffer
->offset
;
630 static void buffer_reset(Buffer
*buffer
)
635 static void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
637 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
638 buffer
->offset
+= len
;
641 static int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
643 if (ret
== 0 || ret
== -1) {
645 switch (last_errno
) {
657 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
658 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
659 closesocket(vs
->csock
);
662 buffer_reset(&vs
->input
);
663 buffer_reset(&vs
->output
);
665 #ifdef CONFIG_VNC_TLS
666 if (vs
->tls_session
) {
667 gnutls_deinit(vs
->tls_session
);
668 vs
->tls_session
= NULL
;
670 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
671 #endif /* CONFIG_VNC_TLS */
677 static void vnc_client_error(VncState
*vs
)
679 vnc_client_io_error(vs
, -1, EINVAL
);
682 static void vnc_client_write(void *opaque
)
685 VncState
*vs
= opaque
;
687 #ifdef CONFIG_VNC_TLS
688 if (vs
->tls_session
) {
689 ret
= gnutls_write(vs
->tls_session
, vs
->output
.buffer
, vs
->output
.offset
);
691 if (ret
== GNUTLS_E_AGAIN
)
698 #endif /* CONFIG_VNC_TLS */
699 ret
= send(vs
->csock
, vs
->output
.buffer
, vs
->output
.offset
, 0);
700 ret
= vnc_client_io_error(vs
, ret
, socket_error());
704 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
705 vs
->output
.offset
-= ret
;
707 if (vs
->output
.offset
== 0) {
708 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
712 static void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
714 vs
->read_handler
= func
;
715 vs
->read_handler_expect
= expecting
;
718 static void vnc_client_read(void *opaque
)
720 VncState
*vs
= opaque
;
723 buffer_reserve(&vs
->input
, 4096);
725 #ifdef CONFIG_VNC_TLS
726 if (vs
->tls_session
) {
727 ret
= gnutls_read(vs
->tls_session
, buffer_end(&vs
->input
), 4096);
729 if (ret
== GNUTLS_E_AGAIN
)
736 #endif /* CONFIG_VNC_TLS */
737 ret
= recv(vs
->csock
, buffer_end(&vs
->input
), 4096, 0);
738 ret
= vnc_client_io_error(vs
, ret
, socket_error());
742 vs
->input
.offset
+= ret
;
744 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
745 size_t len
= vs
->read_handler_expect
;
748 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
753 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
754 vs
->input
.offset
-= len
;
756 vs
->read_handler_expect
= ret
;
761 static void vnc_write(VncState
*vs
, const void *data
, size_t len
)
763 buffer_reserve(&vs
->output
, len
);
765 if (buffer_empty(&vs
->output
)) {
766 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
769 buffer_append(&vs
->output
, data
, len
);
772 static void vnc_write_s32(VncState
*vs
, int32_t value
)
774 vnc_write_u32(vs
, *(uint32_t *)&value
);
777 static void vnc_write_u32(VncState
*vs
, uint32_t value
)
781 buf
[0] = (value
>> 24) & 0xFF;
782 buf
[1] = (value
>> 16) & 0xFF;
783 buf
[2] = (value
>> 8) & 0xFF;
784 buf
[3] = value
& 0xFF;
786 vnc_write(vs
, buf
, 4);
789 static void vnc_write_u16(VncState
*vs
, uint16_t value
)
793 buf
[0] = (value
>> 8) & 0xFF;
794 buf
[1] = value
& 0xFF;
796 vnc_write(vs
, buf
, 2);
799 static void vnc_write_u8(VncState
*vs
, uint8_t value
)
801 vnc_write(vs
, (char *)&value
, 1);
804 static void vnc_flush(VncState
*vs
)
806 if (vs
->output
.offset
)
807 vnc_client_write(vs
);
810 static uint8_t read_u8(uint8_t *data
, size_t offset
)
815 static uint16_t read_u16(uint8_t *data
, size_t offset
)
817 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
820 static int32_t read_s32(uint8_t *data
, size_t offset
)
822 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
823 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
826 static uint32_t read_u32(uint8_t *data
, size_t offset
)
828 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
829 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
832 #ifdef CONFIG_VNC_TLS
833 static ssize_t
vnc_tls_push(gnutls_transport_ptr_t transport
,
836 struct VncState
*vs
= (struct VncState
*)transport
;
840 ret
= send(vs
->csock
, data
, len
, 0);
850 static ssize_t
vnc_tls_pull(gnutls_transport_ptr_t transport
,
853 struct VncState
*vs
= (struct VncState
*)transport
;
857 ret
= recv(vs
->csock
, data
, len
, 0);
865 #endif /* CONFIG_VNC_TLS */
867 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
871 static void check_pointer_type_change(VncState
*vs
, int absolute
)
873 if (vs
->has_pointer_type_change
&& vs
->absolute
!= absolute
) {
876 vnc_write_u16(vs
, 1);
877 vnc_framebuffer_update(vs
, absolute
, 0,
878 vs
->ds
->width
, vs
->ds
->height
, -257);
881 vs
->absolute
= absolute
;
884 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
889 if (button_mask
& 0x01)
890 buttons
|= MOUSE_EVENT_LBUTTON
;
891 if (button_mask
& 0x02)
892 buttons
|= MOUSE_EVENT_MBUTTON
;
893 if (button_mask
& 0x04)
894 buttons
|= MOUSE_EVENT_RBUTTON
;
895 if (button_mask
& 0x08)
897 if (button_mask
& 0x10)
901 kbd_mouse_event(x
* 0x7FFF / (vs
->ds
->width
- 1),
902 y
* 0x7FFF / (vs
->ds
->height
- 1),
904 } else if (vs
->has_pointer_type_change
) {
908 kbd_mouse_event(x
, y
, dz
, buttons
);
910 if (vs
->last_x
!= -1)
911 kbd_mouse_event(x
- vs
->last_x
,
918 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
921 static void reset_keys(VncState
*vs
)
924 for(i
= 0; i
< 256; i
++) {
925 if (vs
->modifiers_state
[i
]) {
927 kbd_put_keycode(0xe0);
928 kbd_put_keycode(i
| 0x80);
929 vs
->modifiers_state
[i
] = 0;
934 static void press_key(VncState
*vs
, int keysym
)
936 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) & 0x7f);
937 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) | 0x80);
940 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
942 /* QEMU console switch */
944 case 0x2a: /* Left Shift */
945 case 0x36: /* Right Shift */
946 case 0x1d: /* Left CTRL */
947 case 0x9d: /* Right CTRL */
948 case 0x38: /* Left ALT */
949 case 0xb8: /* Right ALT */
951 vs
->modifiers_state
[keycode
] = 1;
953 vs
->modifiers_state
[keycode
] = 0;
955 case 0x02 ... 0x0a: /* '1' to '9' keys */
956 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
957 /* Reset the modifiers sent to the current console */
959 console_select(keycode
- 0x02);
963 case 0x3a: /* CapsLock */
964 case 0x45: /* NumLock */
966 vs
->modifiers_state
[keycode
] ^= 1;
970 if (keycode_is_keypad(vs
->kbd_layout
, keycode
)) {
971 /* If the numlock state needs to change then simulate an additional
972 keypress before sending this one. This will happen if the user
973 toggles numlock away from the VNC window.
975 if (keysym_is_numlock(vs
->kbd_layout
, sym
& 0xFFFF)) {
976 if (!vs
->modifiers_state
[0x45]) {
977 vs
->modifiers_state
[0x45] = 1;
978 press_key(vs
, 0xff7f);
981 if (vs
->modifiers_state
[0x45]) {
982 vs
->modifiers_state
[0x45] = 0;
983 press_key(vs
, 0xff7f);
988 if (is_graphic_console()) {
990 kbd_put_keycode(0xe0);
992 kbd_put_keycode(keycode
& 0x7f);
994 kbd_put_keycode(keycode
| 0x80);
996 /* QEMU console emulation */
999 case 0x2a: /* Left Shift */
1000 case 0x36: /* Right Shift */
1001 case 0x1d: /* Left CTRL */
1002 case 0x9d: /* Right CTRL */
1003 case 0x38: /* Left ALT */
1004 case 0xb8: /* Right ALT */
1007 kbd_put_keysym(QEMU_KEY_UP
);
1010 kbd_put_keysym(QEMU_KEY_DOWN
);
1013 kbd_put_keysym(QEMU_KEY_LEFT
);
1016 kbd_put_keysym(QEMU_KEY_RIGHT
);
1019 kbd_put_keysym(QEMU_KEY_DELETE
);
1022 kbd_put_keysym(QEMU_KEY_HOME
);
1025 kbd_put_keysym(QEMU_KEY_END
);
1028 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1031 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1034 kbd_put_keysym(sym
);
1041 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1045 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1046 sym
= sym
- 'A' + 'a';
1048 keycode
= keysym2scancode(vs
->kbd_layout
, sym
& 0xFFFF);
1049 do_key_event(vs
, down
, keycode
, sym
);
1052 static void ext_key_event(VncState
*vs
, int down
,
1053 uint32_t sym
, uint16_t keycode
)
1055 /* if the user specifies a keyboard layout, always use it */
1056 if (keyboard_layout
)
1057 key_event(vs
, down
, sym
);
1059 do_key_event(vs
, down
, keycode
, sym
);
1062 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1063 int x_position
, int y_position
,
1066 if (x_position
> vs
->ds
->width
)
1067 x_position
= vs
->ds
->width
;
1068 if (y_position
> vs
->ds
->height
)
1069 y_position
= vs
->ds
->height
;
1070 if (x_position
+ w
>= vs
->ds
->width
)
1071 w
= vs
->ds
->width
- x_position
;
1072 if (y_position
+ h
>= vs
->ds
->height
)
1073 h
= vs
->ds
->height
- y_position
;
1076 vs
->need_update
= 1;
1078 char *old_row
= vs
->old_data
+ y_position
* vs
->ds
->linesize
;
1080 for (i
= 0; i
< h
; i
++) {
1081 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1082 (vs
->ds
->width
/ 16), VNC_DIRTY_WORDS
);
1083 memset(old_row
, 42, vs
->ds
->width
* vs
->depth
);
1084 old_row
+= vs
->ds
->linesize
;
1089 static void send_ext_key_event_ack(VncState
*vs
)
1091 vnc_write_u8(vs
, 0);
1092 vnc_write_u8(vs
, 0);
1093 vnc_write_u16(vs
, 1);
1094 vnc_framebuffer_update(vs
, 0, 0, vs
->ds
->width
, vs
->ds
->height
, -258);
1098 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1102 vs
->has_hextile
= 0;
1104 vs
->has_pointer_type_change
= 0;
1106 vs
->ds
->dpy_copy
= NULL
;
1108 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1109 switch (encodings
[i
]) {
1111 vs
->has_hextile
= 0;
1113 case 1: /* CopyRect */
1114 vs
->ds
->dpy_copy
= vnc_copy
;
1116 case 5: /* Hextile */
1117 vs
->has_hextile
= 1;
1119 case -223: /* DesktopResize */
1123 vs
->has_pointer_type_change
= 1;
1126 send_ext_key_event_ack(vs
);
1133 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1136 static int compute_nbits(unsigned int val
)
1147 static void set_pixel_format(VncState
*vs
,
1148 int bits_per_pixel
, int depth
,
1149 int big_endian_flag
, int true_color_flag
,
1150 int red_max
, int green_max
, int blue_max
,
1151 int red_shift
, int green_shift
, int blue_shift
)
1153 int host_big_endian_flag
;
1155 #ifdef WORDS_BIGENDIAN
1156 host_big_endian_flag
= 1;
1158 host_big_endian_flag
= 0;
1160 if (!true_color_flag
) {
1162 vnc_client_error(vs
);
1165 if (bits_per_pixel
== 32 &&
1166 host_big_endian_flag
== big_endian_flag
&&
1167 red_max
== 0xff && green_max
== 0xff && blue_max
== 0xff &&
1168 red_shift
== 16 && green_shift
== 8 && blue_shift
== 0) {
1170 vs
->write_pixels
= vnc_write_pixels_copy
;
1171 vs
->send_hextile_tile
= send_hextile_tile_32
;
1173 if (bits_per_pixel
== 16 &&
1174 host_big_endian_flag
== big_endian_flag
&&
1175 red_max
== 31 && green_max
== 63 && blue_max
== 31 &&
1176 red_shift
== 11 && green_shift
== 5 && blue_shift
== 0) {
1178 vs
->write_pixels
= vnc_write_pixels_copy
;
1179 vs
->send_hextile_tile
= send_hextile_tile_16
;
1181 if (bits_per_pixel
== 8 &&
1182 red_max
== 7 && green_max
== 7 && blue_max
== 3 &&
1183 red_shift
== 5 && green_shift
== 2 && blue_shift
== 0) {
1185 vs
->write_pixels
= vnc_write_pixels_copy
;
1186 vs
->send_hextile_tile
= send_hextile_tile_8
;
1189 /* generic and slower case */
1190 if (bits_per_pixel
!= 8 &&
1191 bits_per_pixel
!= 16 &&
1192 bits_per_pixel
!= 32)
1195 vs
->red_shift
= red_shift
;
1196 vs
->red_max
= red_max
;
1197 vs
->red_shift1
= 24 - compute_nbits(red_max
);
1198 vs
->green_shift
= green_shift
;
1199 vs
->green_max
= green_max
;
1200 vs
->green_shift1
= 16 - compute_nbits(green_max
);
1201 vs
->blue_shift
= blue_shift
;
1202 vs
->blue_max
= blue_max
;
1203 vs
->blue_shift1
= 8 - compute_nbits(blue_max
);
1204 vs
->pix_bpp
= bits_per_pixel
/ 8;
1205 vs
->pix_big_endian
= big_endian_flag
;
1206 vs
->write_pixels
= vnc_write_pixels_generic
;
1207 vs
->send_hextile_tile
= send_hextile_tile_generic
;
1210 vnc_dpy_resize(vs
->ds
, vs
->ds
->width
, vs
->ds
->height
);
1212 vga_hw_invalidate();
1216 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1226 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1227 read_u8(data
, 6), read_u8(data
, 7),
1228 read_u16(data
, 8), read_u16(data
, 10),
1229 read_u16(data
, 12), read_u8(data
, 14),
1230 read_u8(data
, 15), read_u8(data
, 16));
1237 return 4 + (read_u16(data
, 2) * 4);
1239 limit
= read_u16(data
, 2);
1240 for (i
= 0; i
< limit
; i
++) {
1241 int32_t val
= read_s32(data
, 4 + (i
* 4));
1242 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1245 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1251 framebuffer_update_request(vs
,
1252 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1253 read_u16(data
, 6), read_u16(data
, 8));
1259 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1265 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1272 uint32_t dlen
= read_u32(data
, 4);
1277 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1283 switch (read_u8(data
, 1)) {
1288 ext_key_event(vs
, read_u16(data
, 2),
1289 read_u32(data
, 4), read_u32(data
, 8));
1292 printf("Msg: %d\n", read_u16(data
, 0));
1293 vnc_client_error(vs
);
1298 printf("Msg: %d\n", data
[0]);
1299 vnc_client_error(vs
);
1303 vnc_read_when(vs
, protocol_client_msg
, 1);
1307 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1309 char pad
[3] = { 0, 0, 0 };
1313 vs
->width
= vs
->ds
->width
;
1314 vs
->height
= vs
->ds
->height
;
1315 vnc_write_u16(vs
, vs
->ds
->width
);
1316 vnc_write_u16(vs
, vs
->ds
->height
);
1318 vnc_write_u8(vs
, vs
->depth
* 8); /* bits-per-pixel */
1319 vnc_write_u8(vs
, vs
->depth
* 8); /* depth */
1320 #ifdef WORDS_BIGENDIAN
1321 vnc_write_u8(vs
, 1); /* big-endian-flag */
1323 vnc_write_u8(vs
, 0); /* big-endian-flag */
1325 vnc_write_u8(vs
, 1); /* true-color-flag */
1326 if (vs
->depth
== 4) {
1327 vnc_write_u16(vs
, 0xFF); /* red-max */
1328 vnc_write_u16(vs
, 0xFF); /* green-max */
1329 vnc_write_u16(vs
, 0xFF); /* blue-max */
1330 vnc_write_u8(vs
, 16); /* red-shift */
1331 vnc_write_u8(vs
, 8); /* green-shift */
1332 vnc_write_u8(vs
, 0); /* blue-shift */
1333 vs
->send_hextile_tile
= send_hextile_tile_32
;
1334 } else if (vs
->depth
== 2) {
1335 vnc_write_u16(vs
, 31); /* red-max */
1336 vnc_write_u16(vs
, 63); /* green-max */
1337 vnc_write_u16(vs
, 31); /* blue-max */
1338 vnc_write_u8(vs
, 11); /* red-shift */
1339 vnc_write_u8(vs
, 5); /* green-shift */
1340 vnc_write_u8(vs
, 0); /* blue-shift */
1341 vs
->send_hextile_tile
= send_hextile_tile_16
;
1342 } else if (vs
->depth
== 1) {
1343 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1344 vnc_write_u16(vs
, 7); /* red-max */
1345 vnc_write_u16(vs
, 7); /* green-max */
1346 vnc_write_u16(vs
, 3); /* blue-max */
1347 vnc_write_u8(vs
, 5); /* red-shift */
1348 vnc_write_u8(vs
, 2); /* green-shift */
1349 vnc_write_u8(vs
, 0); /* blue-shift */
1350 vs
->send_hextile_tile
= send_hextile_tile_8
;
1352 vs
->write_pixels
= vnc_write_pixels_copy
;
1354 vnc_write(vs
, pad
, 3); /* padding */
1357 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1359 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1361 vnc_write_u32(vs
, size
);
1362 vnc_write(vs
, buf
, size
);
1365 vnc_read_when(vs
, protocol_client_msg
, 1);
1370 static void make_challenge(VncState
*vs
)
1374 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1376 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1377 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1380 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1382 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1384 unsigned char key
[8];
1386 if (!vs
->password
|| !vs
->password
[0]) {
1387 VNC_DEBUG("No password configured on server");
1388 vnc_write_u32(vs
, 1); /* Reject auth */
1389 if (vs
->minor
>= 8) {
1390 static const char err
[] = "Authentication failed";
1391 vnc_write_u32(vs
, sizeof(err
));
1392 vnc_write(vs
, err
, sizeof(err
));
1395 vnc_client_error(vs
);
1399 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1401 /* Calculate the expected challenge response */
1402 pwlen
= strlen(vs
->password
);
1403 for (i
=0; i
<sizeof(key
); i
++)
1404 key
[i
] = i
<pwlen
? vs
->password
[i
] : 0;
1406 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1407 des(response
+j
, response
+j
);
1409 /* Compare expected vs actual challenge response */
1410 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1411 VNC_DEBUG("Client challenge reponse did not match\n");
1412 vnc_write_u32(vs
, 1); /* Reject auth */
1413 if (vs
->minor
>= 8) {
1414 static const char err
[] = "Authentication failed";
1415 vnc_write_u32(vs
, sizeof(err
));
1416 vnc_write(vs
, err
, sizeof(err
));
1419 vnc_client_error(vs
);
1421 VNC_DEBUG("Accepting VNC challenge response\n");
1422 vnc_write_u32(vs
, 0); /* Accept auth */
1425 vnc_read_when(vs
, protocol_client_init
, 1);
1430 static int start_auth_vnc(VncState
*vs
)
1433 /* Send client a 'random' challenge */
1434 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1437 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1442 #ifdef CONFIG_VNC_TLS
1443 #define DH_BITS 1024
1444 static gnutls_dh_params_t dh_params
;
1446 static int vnc_tls_initialize(void)
1448 static int tlsinitialized
= 0;
1453 if (gnutls_global_init () < 0)
1456 /* XXX ought to re-generate diffie-hellmen params periodically */
1457 if (gnutls_dh_params_init (&dh_params
) < 0)
1459 if (gnutls_dh_params_generate2 (dh_params
, DH_BITS
) < 0)
1463 gnutls_global_set_log_level(10);
1464 gnutls_global_set_log_function(vnc_debug_gnutls_log
);
1472 static gnutls_anon_server_credentials
vnc_tls_initialize_anon_cred(void)
1474 gnutls_anon_server_credentials anon_cred
;
1477 if ((ret
= gnutls_anon_allocate_server_credentials(&anon_cred
)) < 0) {
1478 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1482 gnutls_anon_set_server_dh_params(anon_cred
, dh_params
);
1488 static gnutls_certificate_credentials_t
vnc_tls_initialize_x509_cred(VncState
*vs
)
1490 gnutls_certificate_credentials_t x509_cred
;
1493 if (!vs
->x509cacert
) {
1494 VNC_DEBUG("No CA x509 certificate specified\n");
1497 if (!vs
->x509cert
) {
1498 VNC_DEBUG("No server x509 certificate specified\n");
1502 VNC_DEBUG("No server private key specified\n");
1506 if ((ret
= gnutls_certificate_allocate_credentials(&x509_cred
)) < 0) {
1507 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1510 if ((ret
= gnutls_certificate_set_x509_trust_file(x509_cred
,
1512 GNUTLS_X509_FMT_PEM
)) < 0) {
1513 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret
));
1514 gnutls_certificate_free_credentials(x509_cred
);
1518 if ((ret
= gnutls_certificate_set_x509_key_file (x509_cred
,
1521 GNUTLS_X509_FMT_PEM
)) < 0) {
1522 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret
));
1523 gnutls_certificate_free_credentials(x509_cred
);
1527 if (vs
->x509cacrl
) {
1528 if ((ret
= gnutls_certificate_set_x509_crl_file(x509_cred
,
1530 GNUTLS_X509_FMT_PEM
)) < 0) {
1531 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret
));
1532 gnutls_certificate_free_credentials(x509_cred
);
1537 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
1542 static int vnc_validate_certificate(struct VncState
*vs
)
1545 unsigned int status
;
1546 const gnutls_datum_t
*certs
;
1547 unsigned int nCerts
, i
;
1550 VNC_DEBUG("Validating client certificate\n");
1551 if ((ret
= gnutls_certificate_verify_peers2 (vs
->tls_session
, &status
)) < 0) {
1552 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret
));
1556 if ((now
= time(NULL
)) == ((time_t)-1)) {
1561 if (status
& GNUTLS_CERT_INVALID
)
1562 VNC_DEBUG("The certificate is not trusted.\n");
1564 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
1565 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1567 if (status
& GNUTLS_CERT_REVOKED
)
1568 VNC_DEBUG("The certificate has been revoked.\n");
1570 if (status
& GNUTLS_CERT_INSECURE_ALGORITHM
)
1571 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1575 VNC_DEBUG("Certificate is valid!\n");
1578 /* Only support x509 for now */
1579 if (gnutls_certificate_type_get(vs
->tls_session
) != GNUTLS_CRT_X509
)
1582 if (!(certs
= gnutls_certificate_get_peers(vs
->tls_session
, &nCerts
)))
1585 for (i
= 0 ; i
< nCerts
; i
++) {
1586 gnutls_x509_crt_t cert
;
1587 VNC_DEBUG ("Checking certificate chain %d\n", i
);
1588 if (gnutls_x509_crt_init (&cert
) < 0)
1591 if (gnutls_x509_crt_import(cert
, &certs
[i
], GNUTLS_X509_FMT_DER
) < 0) {
1592 gnutls_x509_crt_deinit (cert
);
1596 if (gnutls_x509_crt_get_expiration_time (cert
) < now
) {
1597 VNC_DEBUG("The certificate has expired\n");
1598 gnutls_x509_crt_deinit (cert
);
1602 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1603 VNC_DEBUG("The certificate is not yet activated\n");
1604 gnutls_x509_crt_deinit (cert
);
1608 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1609 VNC_DEBUG("The certificate is not yet activated\n");
1610 gnutls_x509_crt_deinit (cert
);
1614 gnutls_x509_crt_deinit (cert
);
1621 static int start_auth_vencrypt_subauth(VncState
*vs
)
1623 switch (vs
->subauth
) {
1624 case VNC_AUTH_VENCRYPT_TLSNONE
:
1625 case VNC_AUTH_VENCRYPT_X509NONE
:
1626 VNC_DEBUG("Accept TLS auth none\n");
1627 vnc_write_u32(vs
, 0); /* Accept auth completion */
1628 vnc_read_when(vs
, protocol_client_init
, 1);
1631 case VNC_AUTH_VENCRYPT_TLSVNC
:
1632 case VNC_AUTH_VENCRYPT_X509VNC
:
1633 VNC_DEBUG("Start TLS auth VNC\n");
1634 return start_auth_vnc(vs
);
1636 default: /* Should not be possible, but just in case */
1637 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1638 vnc_write_u8(vs
, 1);
1639 if (vs
->minor
>= 8) {
1640 static const char err
[] = "Unsupported authentication type";
1641 vnc_write_u32(vs
, sizeof(err
));
1642 vnc_write(vs
, err
, sizeof(err
));
1644 vnc_client_error(vs
);
1650 static void vnc_handshake_io(void *opaque
);
1652 static int vnc_continue_handshake(struct VncState
*vs
) {
1655 if ((ret
= gnutls_handshake(vs
->tls_session
)) < 0) {
1656 if (!gnutls_error_is_fatal(ret
)) {
1657 VNC_DEBUG("Handshake interrupted (blocking)\n");
1658 if (!gnutls_record_get_direction(vs
->tls_session
))
1659 qemu_set_fd_handler(vs
->csock
, vnc_handshake_io
, NULL
, vs
);
1661 qemu_set_fd_handler(vs
->csock
, NULL
, vnc_handshake_io
, vs
);
1664 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
1665 vnc_client_error(vs
);
1669 if (vs
->x509verify
) {
1670 if (vnc_validate_certificate(vs
) < 0) {
1671 VNC_DEBUG("Client verification failed\n");
1672 vnc_client_error(vs
);
1675 VNC_DEBUG("Client verification passed\n");
1679 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1680 vs
->wiremode
= VNC_WIREMODE_TLS
;
1681 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1683 return start_auth_vencrypt_subauth(vs
);
1686 static void vnc_handshake_io(void *opaque
) {
1687 struct VncState
*vs
= (struct VncState
*)opaque
;
1689 VNC_DEBUG("Handshake IO continue\n");
1690 vnc_continue_handshake(vs
);
1693 #define NEED_X509_AUTH(vs) \
1694 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1695 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1696 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1699 static int vnc_start_tls(struct VncState
*vs
) {
1700 static const int cert_type_priority
[] = { GNUTLS_CRT_X509
, 0 };
1701 static const int protocol_priority
[]= { GNUTLS_TLS1_1
, GNUTLS_TLS1_0
, GNUTLS_SSL3
, 0 };
1702 static const int kx_anon
[] = {GNUTLS_KX_ANON_DH
, 0};
1703 static const int kx_x509
[] = {GNUTLS_KX_DHE_DSS
, GNUTLS_KX_RSA
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_SRP
, 0};
1705 VNC_DEBUG("Do TLS setup\n");
1706 if (vnc_tls_initialize() < 0) {
1707 VNC_DEBUG("Failed to init TLS\n");
1708 vnc_client_error(vs
);
1711 if (vs
->tls_session
== NULL
) {
1712 if (gnutls_init(&vs
->tls_session
, GNUTLS_SERVER
) < 0) {
1713 vnc_client_error(vs
);
1717 if (gnutls_set_default_priority(vs
->tls_session
) < 0) {
1718 gnutls_deinit(vs
->tls_session
);
1719 vs
->tls_session
= NULL
;
1720 vnc_client_error(vs
);
1724 if (gnutls_kx_set_priority(vs
->tls_session
, NEED_X509_AUTH(vs
) ? kx_x509
: kx_anon
) < 0) {
1725 gnutls_deinit(vs
->tls_session
);
1726 vs
->tls_session
= NULL
;
1727 vnc_client_error(vs
);
1731 if (gnutls_certificate_type_set_priority(vs
->tls_session
, cert_type_priority
) < 0) {
1732 gnutls_deinit(vs
->tls_session
);
1733 vs
->tls_session
= NULL
;
1734 vnc_client_error(vs
);
1738 if (gnutls_protocol_set_priority(vs
->tls_session
, protocol_priority
) < 0) {
1739 gnutls_deinit(vs
->tls_session
);
1740 vs
->tls_session
= NULL
;
1741 vnc_client_error(vs
);
1745 if (NEED_X509_AUTH(vs
)) {
1746 gnutls_certificate_server_credentials x509_cred
= vnc_tls_initialize_x509_cred(vs
);
1748 gnutls_deinit(vs
->tls_session
);
1749 vs
->tls_session
= NULL
;
1750 vnc_client_error(vs
);
1753 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
) < 0) {
1754 gnutls_deinit(vs
->tls_session
);
1755 vs
->tls_session
= NULL
;
1756 gnutls_certificate_free_credentials(x509_cred
);
1757 vnc_client_error(vs
);
1760 if (vs
->x509verify
) {
1761 VNC_DEBUG("Requesting a client certificate\n");
1762 gnutls_certificate_server_set_request (vs
->tls_session
, GNUTLS_CERT_REQUEST
);
1766 gnutls_anon_server_credentials anon_cred
= vnc_tls_initialize_anon_cred();
1768 gnutls_deinit(vs
->tls_session
);
1769 vs
->tls_session
= NULL
;
1770 vnc_client_error(vs
);
1773 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_ANON
, anon_cred
) < 0) {
1774 gnutls_deinit(vs
->tls_session
);
1775 vs
->tls_session
= NULL
;
1776 gnutls_anon_free_server_credentials(anon_cred
);
1777 vnc_client_error(vs
);
1782 gnutls_transport_set_ptr(vs
->tls_session
, (gnutls_transport_ptr_t
)vs
);
1783 gnutls_transport_set_push_function(vs
->tls_session
, vnc_tls_push
);
1784 gnutls_transport_set_pull_function(vs
->tls_session
, vnc_tls_pull
);
1787 VNC_DEBUG("Start TLS handshake process\n");
1788 return vnc_continue_handshake(vs
);
1791 static int protocol_client_vencrypt_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1793 int auth
= read_u32(data
, 0);
1795 if (auth
!= vs
->subauth
) {
1796 VNC_DEBUG("Rejecting auth %d\n", auth
);
1797 vnc_write_u8(vs
, 0); /* Reject auth */
1799 vnc_client_error(vs
);
1801 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth
);
1802 vnc_write_u8(vs
, 1); /* Accept auth */
1805 if (vnc_start_tls(vs
) < 0) {
1806 VNC_DEBUG("Failed to complete TLS\n");
1810 if (vs
->wiremode
== VNC_WIREMODE_TLS
) {
1811 VNC_DEBUG("Starting VeNCrypt subauth\n");
1812 return start_auth_vencrypt_subauth(vs
);
1814 VNC_DEBUG("TLS handshake blocked\n");
1821 static int protocol_client_vencrypt_init(VncState
*vs
, uint8_t *data
, size_t len
)
1825 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data
[0], (int)data
[1]);
1826 vnc_write_u8(vs
, 1); /* Reject version */
1828 vnc_client_error(vs
);
1830 VNC_DEBUG("Sending allowed auth %d\n", vs
->subauth
);
1831 vnc_write_u8(vs
, 0); /* Accept version */
1832 vnc_write_u8(vs
, 1); /* Number of sub-auths */
1833 vnc_write_u32(vs
, vs
->subauth
); /* The supported auth */
1835 vnc_read_when(vs
, protocol_client_vencrypt_auth
, 4);
1840 static int start_auth_vencrypt(VncState
*vs
)
1842 /* Send VeNCrypt version 0.2 */
1843 vnc_write_u8(vs
, 0);
1844 vnc_write_u8(vs
, 2);
1846 vnc_read_when(vs
, protocol_client_vencrypt_init
, 2);
1849 #endif /* CONFIG_VNC_TLS */
1851 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1853 /* We only advertise 1 auth scheme at a time, so client
1854 * must pick the one we sent. Verify this */
1855 if (data
[0] != vs
->auth
) { /* Reject auth */
1856 VNC_DEBUG("Reject auth %d\n", (int)data
[0]);
1857 vnc_write_u32(vs
, 1);
1858 if (vs
->minor
>= 8) {
1859 static const char err
[] = "Authentication failed";
1860 vnc_write_u32(vs
, sizeof(err
));
1861 vnc_write(vs
, err
, sizeof(err
));
1863 vnc_client_error(vs
);
1864 } else { /* Accept requested auth */
1865 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1868 VNC_DEBUG("Accept auth none\n");
1869 if (vs
->minor
>= 8) {
1870 vnc_write_u32(vs
, 0); /* Accept auth completion */
1873 vnc_read_when(vs
, protocol_client_init
, 1);
1877 VNC_DEBUG("Start VNC auth\n");
1878 return start_auth_vnc(vs
);
1880 #ifdef CONFIG_VNC_TLS
1881 case VNC_AUTH_VENCRYPT
:
1882 VNC_DEBUG("Accept VeNCrypt auth\n");;
1883 return start_auth_vencrypt(vs
);
1884 #endif /* CONFIG_VNC_TLS */
1886 default: /* Should not be possible, but just in case */
1887 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1888 vnc_write_u8(vs
, 1);
1889 if (vs
->minor
>= 8) {
1890 static const char err
[] = "Authentication failed";
1891 vnc_write_u32(vs
, sizeof(err
));
1892 vnc_write(vs
, err
, sizeof(err
));
1894 vnc_client_error(vs
);
1900 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1904 memcpy(local
, version
, 12);
1907 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1908 VNC_DEBUG("Malformed protocol version %s\n", local
);
1909 vnc_client_error(vs
);
1912 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1913 if (vs
->major
!= 3 ||
1919 VNC_DEBUG("Unsupported client version\n");
1920 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1922 vnc_client_error(vs
);
1925 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1926 * as equivalent to v3.3 by servers
1928 if (vs
->minor
== 4 || vs
->minor
== 5)
1931 if (vs
->minor
== 3) {
1932 if (vs
->auth
== VNC_AUTH_NONE
) {
1933 VNC_DEBUG("Tell client auth none\n");
1934 vnc_write_u32(vs
, vs
->auth
);
1936 vnc_read_when(vs
, protocol_client_init
, 1);
1937 } else if (vs
->auth
== VNC_AUTH_VNC
) {
1938 VNC_DEBUG("Tell client VNC auth\n");
1939 vnc_write_u32(vs
, vs
->auth
);
1943 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
1944 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1946 vnc_client_error(vs
);
1949 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
1950 vnc_write_u8(vs
, 1); /* num auth */
1951 vnc_write_u8(vs
, vs
->auth
);
1952 vnc_read_when(vs
, protocol_client_auth
, 1);
1959 static void vnc_connect(VncState
*vs
)
1961 VNC_DEBUG("New client on socket %d\n", vs
->csock
);
1963 socket_set_nonblock(vs
->csock
);
1964 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1965 vnc_write(vs
, "RFB 003.008\n", 12);
1967 vnc_read_when(vs
, protocol_version
, 12);
1968 memset(vs
->old_data
, 0, vs
->ds
->linesize
* vs
->ds
->height
);
1969 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1971 vs
->has_hextile
= 0;
1972 vs
->ds
->dpy_copy
= NULL
;
1973 vnc_update_client(vs
);
1976 static void vnc_listen_read(void *opaque
)
1978 VncState
*vs
= opaque
;
1979 struct sockaddr_in addr
;
1980 socklen_t addrlen
= sizeof(addr
);
1985 vs
->csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
1986 if (vs
->csock
!= -1) {
1991 extern int parse_host_port(struct sockaddr_in
*saddr
, const char *str
);
1993 void vnc_display_init(DisplayState
*ds
)
1997 vs
= qemu_mallocz(sizeof(VncState
));
2005 vs
->password
= NULL
;
2015 if (keyboard_layout
)
2016 vs
->kbd_layout
= init_keyboard_layout(keyboard_layout
);
2018 vs
->kbd_layout
= init_keyboard_layout("en-us");
2020 if (!vs
->kbd_layout
)
2023 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
2025 vs
->ds
->data
= NULL
;
2026 vs
->ds
->dpy_update
= vnc_dpy_update
;
2027 vs
->ds
->dpy_resize
= vnc_dpy_resize
;
2028 vs
->ds
->dpy_refresh
= NULL
;
2030 vnc_dpy_resize(vs
->ds
, 640, 400);
2033 #ifdef CONFIG_VNC_TLS
2034 static int vnc_set_x509_credential(VncState
*vs
,
2035 const char *certdir
,
2036 const char *filename
,
2047 if (!(*cred
= qemu_malloc(strlen(certdir
) + strlen(filename
) + 2)))
2050 strcpy(*cred
, certdir
);
2052 strcat(*cred
, filename
);
2054 VNC_DEBUG("Check %s\n", *cred
);
2055 if (stat(*cred
, &sb
) < 0) {
2058 if (ignoreMissing
&& errno
== ENOENT
)
2066 static int vnc_set_x509_credential_dir(VncState
*vs
,
2067 const char *certdir
)
2069 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CERT_FILE
, &vs
->x509cacert
, 0) < 0)
2071 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CRL_FILE
, &vs
->x509cacrl
, 1) < 0)
2073 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_CERT_FILE
, &vs
->x509cert
, 0) < 0)
2075 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_KEY_FILE
, &vs
->x509key
, 0) < 0)
2081 qemu_free(vs
->x509cacert
);
2082 qemu_free(vs
->x509cacrl
);
2083 qemu_free(vs
->x509cert
);
2084 qemu_free(vs
->x509key
);
2085 vs
->x509cacert
= vs
->x509cacrl
= vs
->x509cert
= vs
->x509key
= NULL
;
2088 #endif /* CONFIG_VNC_TLS */
2090 void vnc_display_close(DisplayState
*ds
)
2092 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2095 qemu_free(vs
->display
);
2098 if (vs
->lsock
!= -1) {
2099 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2103 if (vs
->csock
!= -1) {
2104 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
2105 closesocket(vs
->csock
);
2107 buffer_reset(&vs
->input
);
2108 buffer_reset(&vs
->output
);
2109 vs
->need_update
= 0;
2110 #ifdef CONFIG_VNC_TLS
2111 if (vs
->tls_session
) {
2112 gnutls_deinit(vs
->tls_session
);
2113 vs
->tls_session
= NULL
;
2115 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
2116 #endif /* CONFIG_VNC_TLS */
2118 vs
->auth
= VNC_AUTH_INVALID
;
2119 #ifdef CONFIG_VNC_TLS
2120 vs
->subauth
= VNC_AUTH_INVALID
;
2125 int vnc_display_password(DisplayState
*ds
, const char *password
)
2127 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2130 qemu_free(vs
->password
);
2131 vs
->password
= NULL
;
2133 if (password
&& password
[0]) {
2134 if (!(vs
->password
= qemu_strdup(password
)))
2141 int vnc_display_open(DisplayState
*ds
, const char *display
)
2143 struct sockaddr
*addr
;
2144 struct sockaddr_in iaddr
;
2146 struct sockaddr_un uaddr
;
2149 int reuse_addr
, ret
;
2151 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2152 const char *options
;
2155 #ifdef CONFIG_VNC_TLS
2156 int tls
= 0, x509
= 0;
2159 vnc_display_close(ds
);
2160 if (strcmp(display
, "none") == 0)
2163 if (!(vs
->display
= strdup(display
)))
2167 while ((options
= strchr(options
, ','))) {
2169 if (strncmp(options
, "password", 8) == 0) {
2170 password
= 1; /* Require password auth */
2171 } else if (strncmp(options
, "reverse", 7) == 0) {
2173 #ifdef CONFIG_VNC_TLS
2174 } else if (strncmp(options
, "tls", 3) == 0) {
2175 tls
= 1; /* Require TLS */
2176 } else if (strncmp(options
, "x509", 4) == 0) {
2178 x509
= 1; /* Require x509 certificates */
2179 if (strncmp(options
, "x509verify", 10) == 0)
2180 vs
->x509verify
= 1; /* ...and verify client certs */
2182 /* Now check for 'x509=/some/path' postfix
2183 * and use that to setup x509 certificate/key paths */
2184 start
= strchr(options
, '=');
2185 end
= strchr(options
, ',');
2186 if (start
&& (!end
|| (start
< end
))) {
2187 int len
= end
? end
-(start
+1) : strlen(start
+1);
2188 char *path
= qemu_malloc(len
+1);
2189 strncpy(path
, start
+1, len
);
2191 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2192 if (vnc_set_x509_credential_dir(vs
, path
) < 0) {
2193 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2195 qemu_free(vs
->display
);
2201 fprintf(stderr
, "No certificate path provided\n");
2202 qemu_free(vs
->display
);
2211 #ifdef CONFIG_VNC_TLS
2213 vs
->auth
= VNC_AUTH_VENCRYPT
;
2215 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2216 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2218 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2219 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2223 VNC_DEBUG("Initializing VNC server with password auth\n");
2224 vs
->auth
= VNC_AUTH_VNC
;
2225 #ifdef CONFIG_VNC_TLS
2226 vs
->subauth
= VNC_AUTH_INVALID
;
2230 #ifdef CONFIG_VNC_TLS
2232 vs
->auth
= VNC_AUTH_VENCRYPT
;
2234 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2235 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2237 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2238 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2242 VNC_DEBUG("Initializing VNC server with no auth\n");
2243 vs
->auth
= VNC_AUTH_NONE
;
2244 #ifdef CONFIG_VNC_TLS
2245 vs
->subauth
= VNC_AUTH_INVALID
;
2250 if (strstart(display
, "unix:", &p
)) {
2251 addr
= (struct sockaddr
*)&uaddr
;
2252 addrlen
= sizeof(uaddr
);
2254 vs
->lsock
= socket(PF_UNIX
, SOCK_STREAM
, 0);
2255 if (vs
->lsock
== -1) {
2256 fprintf(stderr
, "Could not create socket\n");
2262 uaddr
.sun_family
= AF_UNIX
;
2263 memset(uaddr
.sun_path
, 0, 108);
2264 snprintf(uaddr
.sun_path
, 108, "%s", p
);
2267 unlink(uaddr
.sun_path
);
2272 addr
= (struct sockaddr
*)&iaddr
;
2273 addrlen
= sizeof(iaddr
);
2275 if (parse_host_port(&iaddr
, display
) < 0) {
2276 fprintf(stderr
, "Could not parse VNC address\n");
2282 iaddr
.sin_port
= htons(ntohs(iaddr
.sin_port
) + (reverse
? 0 : 5900));
2284 vs
->lsock
= socket(PF_INET
, SOCK_STREAM
, 0);
2285 if (vs
->lsock
== -1) {
2286 fprintf(stderr
, "Could not create socket\n");
2293 ret
= setsockopt(vs
->lsock
, SOL_SOCKET
, SO_REUSEADDR
,
2294 (const char *)&reuse_addr
, sizeof(reuse_addr
));
2296 fprintf(stderr
, "setsockopt() failed\n");
2306 if (connect(vs
->lsock
, addr
, addrlen
) == -1) {
2307 fprintf(stderr
, "Connection to VNC client failed\n");
2314 vs
->csock
= vs
->lsock
;
2321 if (bind(vs
->lsock
, addr
, addrlen
) == -1) {
2322 fprintf(stderr
, "bind() failed\n");
2330 if (listen(vs
->lsock
, 1) == -1) {
2331 fprintf(stderr
, "listen() failed\n");
2339 return qemu_set_fd_handler2(vs
->lsock
, vnc_listen_poll
, vnc_listen_read
, NULL
, vs
);