search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
linux-user: identify running binary in /proc/self/exe
[qemu/mini2440/sniper_sniper_test.git] / vnc.c
blob2b3a6eb7d3e4fee72c96b9fde1227f3afe1a2efb
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "audio/audio.h"
32
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
34
35 #include "vnc_keysym.h"
36 #include "keymaps.c"
37 #include "d3des.h"
38
39 #ifdef CONFIG_VNC_TLS
40 #include <gnutls/gnutls.h>
41 #include <gnutls/x509.h>
42 #endif /* CONFIG_VNC_TLS */
43
44 // #define _VNC_DEBUG 1
45
46 #ifdef _VNC_DEBUG
47 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48
49 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
50 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
51 static void vnc_debug_gnutls_log(int level, const char* str) {
52 VNC_DEBUG("%d %s", level, str);
53 }
54 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #else
56 #define VNC_DEBUG(fmt, ...) do { } while (0)
57 #endif
58
59 #define count_bits(c, v) { \
60 for (c = 0; v; v >>= 1) \
61 { \
62 c += v & 1; \
63 } \
64 }
65
66 typedef struct Buffer
67 {
68 size_t capacity;
69 size_t offset;
70 uint8_t *buffer;
71 } Buffer;
72
73 typedef struct VncState VncState;
74
75 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
76
77 typedef void VncWritePixels(VncState *vs, void *data, int size);
78
79 typedef void VncSendHextileTile(VncState *vs,
80 int x, int y, int w, int h,
81 void *last_bg,
82 void *last_fg,
83 int *has_bg, int *has_fg);
84
85 #define VNC_MAX_WIDTH 2048
86 #define VNC_MAX_HEIGHT 2048
87 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
88
89 #define VNC_AUTH_CHALLENGE_SIZE 16
90
91 enum {
92 VNC_AUTH_INVALID = 0,
93 VNC_AUTH_NONE = 1,
94 VNC_AUTH_VNC = 2,
95 VNC_AUTH_RA2 = 5,
96 VNC_AUTH_RA2NE = 6,
97 VNC_AUTH_TIGHT = 16,
98 VNC_AUTH_ULTRA = 17,
99 VNC_AUTH_TLS = 18,
100 VNC_AUTH_VENCRYPT = 19
101 };
102
103 #ifdef CONFIG_VNC_TLS
104 enum {
105 VNC_WIREMODE_CLEAR,
106 VNC_WIREMODE_TLS,
107 };
108
109 enum {
110 VNC_AUTH_VENCRYPT_PLAIN = 256,
111 VNC_AUTH_VENCRYPT_TLSNONE = 257,
112 VNC_AUTH_VENCRYPT_TLSVNC = 258,
113 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
114 VNC_AUTH_VENCRYPT_X509NONE = 260,
115 VNC_AUTH_VENCRYPT_X509VNC = 261,
116 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
117 };
118
119 #define X509_CA_CERT_FILE "ca-cert.pem"
120 #define X509_CA_CRL_FILE "ca-crl.pem"
121 #define X509_SERVER_KEY_FILE "server-key.pem"
122 #define X509_SERVER_CERT_FILE "server-cert.pem"
123
124 #endif /* CONFIG_VNC_TLS */
125
126 struct VncState
127 {
128 QEMUTimer *timer;
129 int lsock;
130 int csock;
131 DisplayState *ds;
132 int need_update;
133 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
134 char *old_data;
135 int has_resize;
136 int has_hextile;
137 int has_pointer_type_change;
138 int has_WMVi;
139 int absolute;
140 int last_x;
141 int last_y;
142
143 int major;
144 int minor;
145
146 char *display;
147 char *password;
148 int auth;
149 #ifdef CONFIG_VNC_TLS
150 int subauth;
151 int x509verify;
152
153 char *x509cacert;
154 char *x509cacrl;
155 char *x509cert;
156 char *x509key;
157 #endif
158 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159
160 #ifdef CONFIG_VNC_TLS
161 int wiremode;
162 gnutls_session_t tls_session;
163 #endif
164
165 Buffer output;
166 Buffer input;
167 kbd_layout_t *kbd_layout;
168 /* current output mode information */
169 VncWritePixels *write_pixels;
170 VncSendHextileTile *send_hextile_tile;
171 DisplaySurface clientds, serverds;
172
173 CaptureVoiceOut *audio_cap;
174 struct audsettings as;
175
176 VncReadEvent *read_handler;
177 size_t read_handler_expect;
178 /* input */
179 uint8_t modifiers_state[256];
180 };
181
182 static VncState *vnc_state; /* needed for info vnc */
183 static DisplayChangeListener *dcl;
184
185 void do_info_vnc(void)
186 {
187 if (vnc_state == NULL || vnc_state->display == NULL)
188 term_printf("VNC server disabled\n");
189 else {
190 term_printf("VNC server active on: ");
191 term_print_filename(vnc_state->display);
192 term_printf("\n");
193
194 if (vnc_state->csock == -1)
195 term_printf("No client connected\n");
196 else
197 term_printf("Client connected\n");
198 }
199 }
200
201 /* TODO
202 1) Get the queue working for IO.
203 2) there is some weirdness when using the -S option (the screen is grey
204 and not totally invalidated
205 3) resolutions > 1024
206 */
207
208 static void vnc_write(VncState *vs, const void *data, size_t len);
209 static void vnc_write_u32(VncState *vs, uint32_t value);
210 static void vnc_write_s32(VncState *vs, int32_t value);
211 static void vnc_write_u16(VncState *vs, uint16_t value);
212 static void vnc_write_u8(VncState *vs, uint8_t value);
213 static void vnc_flush(VncState *vs);
214 static void vnc_update_client(void *opaque);
215 static void vnc_client_read(void *opaque);
216
217 static void vnc_colordepth(DisplayState *ds);
218
219 static inline void vnc_set_bit(uint32_t *d, int k)
220 {
221 d[k >> 5] |= 1 << (k & 0x1f);
222 }
223
224 static inline void vnc_clear_bit(uint32_t *d, int k)
225 {
226 d[k >> 5] &= ~(1 << (k & 0x1f));
227 }
228
229 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
230 {
231 int j;
232
233 j = 0;
234 while (n >= 32) {
235 d[j++] = -1;
236 n -= 32;
237 }
238 if (n > 0)
239 d[j++] = (1 << n) - 1;
240 while (j < nb_words)
241 d[j++] = 0;
242 }
243
244 static inline int vnc_get_bit(const uint32_t *d, int k)
245 {
246 return (d[k >> 5] >> (k & 0x1f)) & 1;
247 }
248
249 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
250 int nb_words)
251 {
252 int i;
253 for(i = 0; i < nb_words; i++) {
254 if ((d1[i] & d2[i]) != 0)
255 return 1;
256 }
257 return 0;
258 }
259
260 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
261 {
262 VncState *vs = ds->opaque;
263 int i;
264
265 h += y;
266
267 /* round x down to ensure the loop only spans one 16-pixel block per,
268 iteration. otherwise, if (x % 16) != 0, the last iteration may span
269 two 16-pixel blocks but we only mark the first as dirty
270 */
271 w += (x % 16);
272 x -= (x % 16);
273
274 x = MIN(x, vs->serverds.width);
275 y = MIN(y, vs->serverds.height);
276 w = MIN(x + w, vs->serverds.width) - x;
277 h = MIN(h, vs->serverds.height);
278
279 for (; y < h; y++)
280 for (i = 0; i < w; i += 16)
281 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
282 }
283
284 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
285 int32_t encoding)
286 {
287 vnc_write_u16(vs, x);
288 vnc_write_u16(vs, y);
289 vnc_write_u16(vs, w);
290 vnc_write_u16(vs, h);
291
292 vnc_write_s32(vs, encoding);
293 }
294
295 static void vnc_dpy_resize(DisplayState *ds)
296 {
297 int size_changed;
298 VncState *vs = ds->opaque;
299
300 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
301
302 if (vs->old_data == NULL) {
303 fprintf(stderr, "vnc: memory allocation failed\n");
304 exit(1);
305 }
306
307 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
308 console_color_init(ds);
309 vnc_colordepth(ds);
310 size_changed = ds_get_width(ds) != vs->serverds.width ||
311 ds_get_height(ds) != vs->serverds.height;
312 vs->serverds = *(ds->surface);
313 if (size_changed) {
314 if (vs->csock != -1 && vs->has_resize) {
315 vnc_write_u8(vs, 0); /* msg id */
316 vnc_write_u8(vs, 0);
317 vnc_write_u16(vs, 1); /* number of rects */
318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), -223);
319 vnc_flush(vs);
320 }
321 }
322
323 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
324 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
325 }
326
327 /* fastest code */
328 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
329 {
330 vnc_write(vs, pixels, size);
331 }
332
333 /* slowest but generic code. */
334 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
335 {
336 uint8_t r, g, b;
337
338 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
339 vs->serverds.pf.rbits);
340 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
341 vs->serverds.pf.gbits);
342 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
343 vs->serverds.pf.bbits);
344 v = (r << vs->clientds.pf.rshift) |
345 (g << vs->clientds.pf.gshift) |
346 (b << vs->clientds.pf.bshift);
347 switch(vs->clientds.pf.bytes_per_pixel) {
348 case 1:
349 buf[0] = v;
350 break;
351 case 2:
352 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
353 buf[0] = v >> 8;
354 buf[1] = v;
355 } else {
356 buf[1] = v >> 8;
357 buf[0] = v;
358 }
359 break;
360 default:
361 case 4:
362 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
363 buf[0] = v >> 24;
364 buf[1] = v >> 16;
365 buf[2] = v >> 8;
366 buf[3] = v;
367 } else {
368 buf[3] = v >> 24;
369 buf[2] = v >> 16;
370 buf[1] = v >> 8;
371 buf[0] = v;
372 }
373 break;
374 }
375 }
376
377 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
378 {
379 uint8_t buf[4];
380
381 if (vs->serverds.pf.bytes_per_pixel == 4) {
382 uint32_t *pixels = pixels1;
383 int n, i;
384 n = size >> 2;
385 for(i = 0; i < n; i++) {
386 vnc_convert_pixel(vs, buf, pixels[i]);
387 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
388 }
389 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
390 uint16_t *pixels = pixels1;
391 int n, i;
392 n = size >> 1;
393 for(i = 0; i < n; i++) {
394 vnc_convert_pixel(vs, buf, pixels[i]);
395 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
396 }
397 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
398 uint8_t *pixels = pixels1;
399 int n, i;
400 n = size;
401 for(i = 0; i < n; i++) {
402 vnc_convert_pixel(vs, buf, pixels[i]);
403 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
404 }
405 } else {
406 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
407 }
408 }
409
410 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
411 {
412 int i;
413 uint8_t *row;
414
415 vnc_framebuffer_update(vs, x, y, w, h, 0);
416
417 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
418 for (i = 0; i < h; i++) {
419 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
420 row += ds_get_linesize(vs->ds);
421 }
422 }
423
424 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
425 {
426 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
427 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
428 }
429
430 #define BPP 8
431 #include "vnchextile.h"
432 #undef BPP
433
434 #define BPP 16
435 #include "vnchextile.h"
436 #undef BPP
437
438 #define BPP 32
439 #include "vnchextile.h"
440 #undef BPP
441
442 #define GENERIC
443 #define BPP 8
444 #include "vnchextile.h"
445 #undef BPP
446 #undef GENERIC
447
448 #define GENERIC
449 #define BPP 16
450 #include "vnchextile.h"
451 #undef BPP
452 #undef GENERIC
453
454 #define GENERIC
455 #define BPP 32
456 #include "vnchextile.h"
457 #undef BPP
458 #undef GENERIC
459
460 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
461 {
462 int i, j;
463 int has_fg, has_bg;
464 uint8_t *last_fg, *last_bg;
465
466 vnc_framebuffer_update(vs, x, y, w, h, 5);
467
468 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
469 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
470 has_fg = has_bg = 0;
471 for (j = y; j < (y + h); j += 16) {
472 for (i = x; i < (x + w); i += 16) {
473 vs->send_hextile_tile(vs, i, j,
474 MIN(16, x + w - i), MIN(16, y + h - j),
475 last_bg, last_fg, &has_bg, &has_fg);
476 }
477 }
478 free(last_fg);
479 free(last_bg);
480
481 }
482
483 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
484 {
485 if (vs->has_hextile)
486 send_framebuffer_update_hextile(vs, x, y, w, h);
487 else
488 send_framebuffer_update_raw(vs, x, y, w, h);
489 }
490
491 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
492 {
493 VncState *vs = ds->opaque;
494
495 vnc_update_client(vs);
496
497 vnc_write_u8(vs, 0); /* msg id */
498 vnc_write_u8(vs, 0);
499 vnc_write_u16(vs, 1); /* number of rects */
500 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
501 vnc_write_u16(vs, src_x);
502 vnc_write_u16(vs, src_y);
503 vnc_flush(vs);
504 }
505
506 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
507 {
508 int h;
509
510 for (h = 1; h < (vs->serverds.height - y); h++) {
511 int tmp_x;
512 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
513 break;
514 for (tmp_x = last_x; tmp_x < x; tmp_x++)
515 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
516 }
517
518 return h;
519 }
520
521 static void vnc_update_client(void *opaque)
522 {
523 VncState *vs = opaque;
524
525 if (vs->need_update && vs->csock != -1) {
526 int y;
527 uint8_t *row;
528 char *old_row;
529 uint32_t width_mask[VNC_DIRTY_WORDS];
530 int n_rectangles;
531 int saved_offset;
532 int has_dirty = 0;
533
534 vga_hw_update();
535
536 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
537
538 /* Walk through the dirty map and eliminate tiles that
539 really aren't dirty */
540 row = ds_get_data(vs->ds);
541 old_row = vs->old_data;
542
543 for (y = 0; y < ds_get_height(vs->ds); y++) {
544 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
545 int x;
546 uint8_t *ptr;
547 char *old_ptr;
548
549 ptr = row;
550 old_ptr = (char*)old_row;
551
552 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
553 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
554 vnc_clear_bit(vs->dirty_row[y], (x / 16));
555 } else {
556 has_dirty = 1;
557 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
558 }
559
560 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
561 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
562 }
563 }
564
565 row += ds_get_linesize(vs->ds);
566 old_row += ds_get_linesize(vs->ds);
567 }
568
569 if (!has_dirty && !vs->audio_cap) {
570 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
571 return;
572 }
573
574 /* Count rectangles */
575 n_rectangles = 0;
576 vnc_write_u8(vs, 0); /* msg id */
577 vnc_write_u8(vs, 0);
578 saved_offset = vs->output.offset;
579 vnc_write_u16(vs, 0);
580
581 for (y = 0; y < vs->serverds.height; y++) {
582 int x;
583 int last_x = -1;
584 for (x = 0; x < vs->serverds.width / 16; x++) {
585 if (vnc_get_bit(vs->dirty_row[y], x)) {
586 if (last_x == -1) {
587 last_x = x;
588 }
589 vnc_clear_bit(vs->dirty_row[y], x);
590 } else {
591 if (last_x != -1) {
592 int h = find_dirty_height(vs, y, last_x, x);
593 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
594 n_rectangles++;
595 }
596 last_x = -1;
597 }
598 }
599 if (last_x != -1) {
600 int h = find_dirty_height(vs, y, last_x, x);
601 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
602 n_rectangles++;
603 }
604 }
605 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
606 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
607 vnc_flush(vs);
608
609 }
610
611 if (vs->csock != -1) {
612 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
613 }
614
615 }
616
617 static int vnc_listen_poll(void *opaque)
618 {
619 VncState *vs = opaque;
620 if (vs->csock == -1)
621 return 1;
622 return 0;
623 }
624
625 static void buffer_reserve(Buffer *buffer, size_t len)
626 {
627 if ((buffer->capacity - buffer->offset) < len) {
628 buffer->capacity += (len + 1024);
629 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
630 if (buffer->buffer == NULL) {
631 fprintf(stderr, "vnc: out of memory\n");
632 exit(1);
633 }
634 }
635 }
636
637 static int buffer_empty(Buffer *buffer)
638 {
639 return buffer->offset == 0;
640 }
641
642 static uint8_t *buffer_end(Buffer *buffer)
643 {
644 return buffer->buffer + buffer->offset;
645 }
646
647 static void buffer_reset(Buffer *buffer)
648 {
649 buffer->offset = 0;
650 }
651
652 static void buffer_append(Buffer *buffer, const void *data, size_t len)
653 {
654 memcpy(buffer->buffer + buffer->offset, data, len);
655 buffer->offset += len;
656 }
657
658 /* audio */
659 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
660 {
661 VncState *vs = opaque;
662
663 switch (cmd) {
664 case AUD_CNOTIFY_DISABLE:
665 vnc_write_u8(vs, 255);
666 vnc_write_u8(vs, 1);
667 vnc_write_u16(vs, 0);
668 vnc_flush(vs);
669 break;
670
671 case AUD_CNOTIFY_ENABLE:
672 vnc_write_u8(vs, 255);
673 vnc_write_u8(vs, 1);
674 vnc_write_u16(vs, 1);
675 vnc_flush(vs);
676 break;
677 }
678 }
679
680 static void audio_capture_destroy(void *opaque)
681 {
682 }
683
684 static void audio_capture(void *opaque, void *buf, int size)
685 {
686 VncState *vs = opaque;
687
688 vnc_write_u8(vs, 255);
689 vnc_write_u8(vs, 1);
690 vnc_write_u16(vs, 2);
691 vnc_write_u32(vs, size);
692 vnc_write(vs, buf, size);
693 vnc_flush(vs);
694 }
695
696 static void audio_add(VncState *vs)
697 {
698 struct audio_capture_ops ops;
699
700 if (vs->audio_cap) {
701 term_printf ("audio already running\n");
702 return;
703 }
704
705 ops.notify = audio_capture_notify;
706 ops.destroy = audio_capture_destroy;
707 ops.capture = audio_capture;
708
709 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
710 if (!vs->audio_cap) {
711 term_printf ("Failed to add audio capture\n");
712 }
713 }
714
715 static void audio_del(VncState *vs)
716 {
717 if (vs->audio_cap) {
718 AUD_del_capture(vs->audio_cap, vs);
719 vs->audio_cap = NULL;
720 }
721 }
722
723 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
724 {
725 if (ret == 0 || ret == -1) {
726 if (ret == -1) {
727 switch (last_errno) {
728 case EINTR:
729 case EAGAIN:
730 #ifdef _WIN32
731 case WSAEWOULDBLOCK:
732 #endif
733 return 0;
734 default:
735 break;
736 }
737 }
738
739 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
740 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
741 closesocket(vs->csock);
742 vs->csock = -1;
743 dcl->idle = 1;
744 buffer_reset(&vs->input);
745 buffer_reset(&vs->output);
746 vs->need_update = 0;
747 #ifdef CONFIG_VNC_TLS
748 if (vs->tls_session) {
749 gnutls_deinit(vs->tls_session);
750 vs->tls_session = NULL;
751 }
752 vs->wiremode = VNC_WIREMODE_CLEAR;
753 #endif /* CONFIG_VNC_TLS */
754 audio_del(vs);
755 return 0;
756 }
757 return ret;
758 }
759
760 static void vnc_client_error(VncState *vs)
761 {
762 vnc_client_io_error(vs, -1, EINVAL);
763 }
764
765 static void vnc_client_write(void *opaque)
766 {
767 long ret;
768 VncState *vs = opaque;
769
770 #ifdef CONFIG_VNC_TLS
771 if (vs->tls_session) {
772 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
773 if (ret < 0) {
774 if (ret == GNUTLS_E_AGAIN)
775 errno = EAGAIN;
776 else
777 errno = EIO;
778 ret = -1;
779 }
780 } else
781 #endif /* CONFIG_VNC_TLS */
782 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
783 ret = vnc_client_io_error(vs, ret, socket_error());
784 if (!ret)
785 return;
786
787 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
788 vs->output.offset -= ret;
789
790 if (vs->output.offset == 0) {
791 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
792 }
793 }
794
795 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
796 {
797 vs->read_handler = func;
798 vs->read_handler_expect = expecting;
799 }
800
801 static void vnc_client_read(void *opaque)
802 {
803 VncState *vs = opaque;
804 long ret;
805
806 buffer_reserve(&vs->input, 4096);
807
808 #ifdef CONFIG_VNC_TLS
809 if (vs->tls_session) {
810 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
811 if (ret < 0) {
812 if (ret == GNUTLS_E_AGAIN)
813 errno = EAGAIN;
814 else
815 errno = EIO;
816 ret = -1;
817 }
818 } else
819 #endif /* CONFIG_VNC_TLS */
820 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
821 ret = vnc_client_io_error(vs, ret, socket_error());
822 if (!ret)
823 return;
824
825 vs->input.offset += ret;
826
827 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
828 size_t len = vs->read_handler_expect;
829 int ret;
830
831 ret = vs->read_handler(vs, vs->input.buffer, len);
832 if (vs->csock == -1)
833 return;
834
835 if (!ret) {
836 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
837 vs->input.offset -= len;
838 } else {
839 vs->read_handler_expect = ret;
840 }
841 }
842 }
843
844 static void vnc_write(VncState *vs, const void *data, size_t len)
845 {
846 buffer_reserve(&vs->output, len);
847
848 if (buffer_empty(&vs->output)) {
849 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
850 }
851
852 buffer_append(&vs->output, data, len);
853 }
854
855 static void vnc_write_s32(VncState *vs, int32_t value)
856 {
857 vnc_write_u32(vs, *(uint32_t *)&value);
858 }
859
860 static void vnc_write_u32(VncState *vs, uint32_t value)
861 {
862 uint8_t buf[4];
863
864 buf[0] = (value >> 24) & 0xFF;
865 buf[1] = (value >> 16) & 0xFF;
866 buf[2] = (value >> 8) & 0xFF;
867 buf[3] = value & 0xFF;
868
869 vnc_write(vs, buf, 4);
870 }
871
872 static void vnc_write_u16(VncState *vs, uint16_t value)
873 {
874 uint8_t buf[2];
875
876 buf[0] = (value >> 8) & 0xFF;
877 buf[1] = value & 0xFF;
878
879 vnc_write(vs, buf, 2);
880 }
881
882 static void vnc_write_u8(VncState *vs, uint8_t value)
883 {
884 vnc_write(vs, (char *)&value, 1);
885 }
886
887 static void vnc_flush(VncState *vs)
888 {
889 if (vs->output.offset)
890 vnc_client_write(vs);
891 }
892
893 static uint8_t read_u8(uint8_t *data, size_t offset)
894 {
895 return data[offset];
896 }
897
898 static uint16_t read_u16(uint8_t *data, size_t offset)
899 {
900 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
901 }
902
903 static int32_t read_s32(uint8_t *data, size_t offset)
904 {
905 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
906 (data[offset + 2] << 8) | data[offset + 3]);
907 }
908
909 static uint32_t read_u32(uint8_t *data, size_t offset)
910 {
911 return ((data[offset] << 24) | (data[offset + 1] << 16) |
912 (data[offset + 2] << 8) | data[offset + 3]);
913 }
914
915 #ifdef CONFIG_VNC_TLS
916 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
917 const void *data,
918 size_t len) {
919 struct VncState *vs = (struct VncState *)transport;
920 int ret;
921
922 retry:
923 ret = send(vs->csock, data, len, 0);
924 if (ret < 0) {
925 if (errno == EINTR)
926 goto retry;
927 return -1;
928 }
929 return ret;
930 }
931
932
933 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
934 void *data,
935 size_t len) {
936 struct VncState *vs = (struct VncState *)transport;
937 int ret;
938
939 retry:
940 ret = recv(vs->csock, data, len, 0);
941 if (ret < 0) {
942 if (errno == EINTR)
943 goto retry;
944 return -1;
945 }
946 return ret;
947 }
948 #endif /* CONFIG_VNC_TLS */
949
950 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
951 {
952 }
953
954 static void check_pointer_type_change(VncState *vs, int absolute)
955 {
956 if (vs->has_pointer_type_change && vs->absolute != absolute) {
957 vnc_write_u8(vs, 0);
958 vnc_write_u8(vs, 0);
959 vnc_write_u16(vs, 1);
960 vnc_framebuffer_update(vs, absolute, 0,
961 ds_get_width(vs->ds), ds_get_height(vs->ds), -257);
962 vnc_flush(vs);
963 }
964 vs->absolute = absolute;
965 }
966
967 static void pointer_event(VncState *vs, int button_mask, int x, int y)
968 {
969 int buttons = 0;
970 int dz = 0;
971
972 if (button_mask & 0x01)
973 buttons |= MOUSE_EVENT_LBUTTON;
974 if (button_mask & 0x02)
975 buttons |= MOUSE_EVENT_MBUTTON;
976 if (button_mask & 0x04)
977 buttons |= MOUSE_EVENT_RBUTTON;
978 if (button_mask & 0x08)
979 dz = -1;
980 if (button_mask & 0x10)
981 dz = 1;
982
983 if (vs->absolute) {
984 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
985 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
986 dz, buttons);
987 } else if (vs->has_pointer_type_change) {
988 x -= 0x7FFF;
989 y -= 0x7FFF;
990
991 kbd_mouse_event(x, y, dz, buttons);
992 } else {
993 if (vs->last_x != -1)
994 kbd_mouse_event(x - vs->last_x,
995 y - vs->last_y,
996 dz, buttons);
997 vs->last_x = x;
998 vs->last_y = y;
999 }
1000
1001 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1002 }
1003
1004 static void reset_keys(VncState *vs)
1005 {
1006 int i;
1007 for(i = 0; i < 256; i++) {
1008 if (vs->modifiers_state[i]) {
1009 if (i & 0x80)
1010 kbd_put_keycode(0xe0);
1011 kbd_put_keycode(i | 0x80);
1012 vs->modifiers_state[i] = 0;
1013 }
1014 }
1015 }
1016
1017 static void press_key(VncState *vs, int keysym)
1018 {
1019 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
1020 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
1021 }
1022
1023 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1024 {
1025 /* QEMU console switch */
1026 switch(keycode) {
1027 case 0x2a: /* Left Shift */
1028 case 0x36: /* Right Shift */
1029 case 0x1d: /* Left CTRL */
1030 case 0x9d: /* Right CTRL */
1031 case 0x38: /* Left ALT */
1032 case 0xb8: /* Right ALT */
1033 if (down)
1034 vs->modifiers_state[keycode] = 1;
1035 else
1036 vs->modifiers_state[keycode] = 0;
1037 break;
1038 case 0x02 ... 0x0a: /* '1' to '9' keys */
1039 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1040 /* Reset the modifiers sent to the current console */
1041 reset_keys(vs);
1042 console_select(keycode - 0x02);
1043 return;
1044 }
1045 break;
1046 case 0x3a: /* CapsLock */
1047 case 0x45: /* NumLock */
1048 if (!down)
1049 vs->modifiers_state[keycode] ^= 1;
1050 break;
1051 }
1052
1053 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1054 /* If the numlock state needs to change then simulate an additional
1055 keypress before sending this one. This will happen if the user
1056 toggles numlock away from the VNC window.
1057 */
1058 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1059 if (!vs->modifiers_state[0x45]) {
1060 vs->modifiers_state[0x45] = 1;
1061 press_key(vs, 0xff7f);
1062 }
1063 } else {
1064 if (vs->modifiers_state[0x45]) {
1065 vs->modifiers_state[0x45] = 0;
1066 press_key(vs, 0xff7f);
1067 }
1068 }
1069 }
1070
1071 if (is_graphic_console()) {
1072 if (keycode & 0x80)
1073 kbd_put_keycode(0xe0);
1074 if (down)
1075 kbd_put_keycode(keycode & 0x7f);
1076 else
1077 kbd_put_keycode(keycode | 0x80);
1078 } else {
1079 /* QEMU console emulation */
1080 if (down) {
1081 switch (keycode) {
1082 case 0x2a: /* Left Shift */
1083 case 0x36: /* Right Shift */
1084 case 0x1d: /* Left CTRL */
1085 case 0x9d: /* Right CTRL */
1086 case 0x38: /* Left ALT */
1087 case 0xb8: /* Right ALT */
1088 break;
1089 case 0xc8:
1090 kbd_put_keysym(QEMU_KEY_UP);
1091 break;
1092 case 0xd0:
1093 kbd_put_keysym(QEMU_KEY_DOWN);
1094 break;
1095 case 0xcb:
1096 kbd_put_keysym(QEMU_KEY_LEFT);
1097 break;
1098 case 0xcd:
1099 kbd_put_keysym(QEMU_KEY_RIGHT);
1100 break;
1101 case 0xd3:
1102 kbd_put_keysym(QEMU_KEY_DELETE);
1103 break;
1104 case 0xc7:
1105 kbd_put_keysym(QEMU_KEY_HOME);
1106 break;
1107 case 0xcf:
1108 kbd_put_keysym(QEMU_KEY_END);
1109 break;
1110 case 0xc9:
1111 kbd_put_keysym(QEMU_KEY_PAGEUP);
1112 break;
1113 case 0xd1:
1114 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1115 break;
1116 default:
1117 kbd_put_keysym(sym);
1118 break;
1119 }
1120 }
1121 }
1122 }
1123
1124 static void key_event(VncState *vs, int down, uint32_t sym)
1125 {
1126 int keycode;
1127
1128 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1129 sym = sym - 'A' + 'a';
1130
1131 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1132 do_key_event(vs, down, keycode, sym);
1133 }
1134
1135 static void ext_key_event(VncState *vs, int down,
1136 uint32_t sym, uint16_t keycode)
1137 {
1138 /* if the user specifies a keyboard layout, always use it */
1139 if (keyboard_layout)
1140 key_event(vs, down, sym);
1141 else
1142 do_key_event(vs, down, keycode, sym);
1143 }
1144
1145 static void framebuffer_update_request(VncState *vs, int incremental,
1146 int x_position, int y_position,
1147 int w, int h)
1148 {
1149 if (x_position > ds_get_width(vs->ds))
1150 x_position = ds_get_width(vs->ds);
1151 if (y_position > ds_get_height(vs->ds))
1152 y_position = ds_get_height(vs->ds);
1153 if (x_position + w >= ds_get_width(vs->ds))
1154 w = ds_get_width(vs->ds) - x_position;
1155 if (y_position + h >= ds_get_height(vs->ds))
1156 h = ds_get_height(vs->ds) - y_position;
1157
1158 int i;
1159 vs->need_update = 1;
1160 if (!incremental) {
1161 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1162
1163 for (i = 0; i < h; i++) {
1164 vnc_set_bits(vs->dirty_row[y_position + i],
1165 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1166 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1167 old_row += ds_get_linesize(vs->ds);
1168 }
1169 }
1170 }
1171
1172 static void send_ext_key_event_ack(VncState *vs)
1173 {
1174 vnc_write_u8(vs, 0);
1175 vnc_write_u8(vs, 0);
1176 vnc_write_u16(vs, 1);
1177 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -258);
1178 vnc_flush(vs);
1179 }
1180
1181 static void send_ext_audio_ack(VncState *vs)
1182 {
1183 vnc_write_u8(vs, 0);
1184 vnc_write_u8(vs, 0);
1185 vnc_write_u16(vs, 1);
1186 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -259);
1187 vnc_flush(vs);
1188 }
1189
1190 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1191 {
1192 int i;
1193
1194 vs->has_hextile = 0;
1195 vs->has_resize = 0;
1196 vs->has_pointer_type_change = 0;
1197 vs->has_WMVi = 0;
1198 vs->absolute = -1;
1199 dcl->dpy_copy = NULL;
1200
1201 for (i = n_encodings - 1; i >= 0; i--) {
1202 switch (encodings[i]) {
1203 case 0: /* Raw */
1204 vs->has_hextile = 0;
1205 break;
1206 case 1: /* CopyRect */
1207 dcl->dpy_copy = vnc_copy;
1208 break;
1209 case 5: /* Hextile */
1210 vs->has_hextile = 1;
1211 break;
1212 case -223: /* DesktopResize */
1213 vs->has_resize = 1;
1214 break;
1215 case -257:
1216 vs->has_pointer_type_change = 1;
1217 break;
1218 case -258:
1219 send_ext_key_event_ack(vs);
1220 break;
1221 case -259:
1222 send_ext_audio_ack(vs);
1223 break;
1224 case 0x574D5669:
1225 vs->has_WMVi = 1;
1226 break;
1227 default:
1228 break;
1229 }
1230 }
1231
1232 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1233 }
1234
1235 static void set_pixel_conversion(VncState *vs)
1236 {
1237 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1238 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1239 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1240 vs->write_pixels = vnc_write_pixels_copy;
1241 switch (vs->ds->surface->pf.bits_per_pixel) {
1242 case 8:
1243 vs->send_hextile_tile = send_hextile_tile_8;
1244 break;
1245 case 16:
1246 vs->send_hextile_tile = send_hextile_tile_16;
1247 break;
1248 case 32:
1249 vs->send_hextile_tile = send_hextile_tile_32;
1250 break;
1251 }
1252 } else {
1253 vs->write_pixels = vnc_write_pixels_generic;
1254 switch (vs->ds->surface->pf.bits_per_pixel) {
1255 case 8:
1256 vs->send_hextile_tile = send_hextile_tile_generic_8;
1257 break;
1258 case 16:
1259 vs->send_hextile_tile = send_hextile_tile_generic_16;
1260 break;
1261 case 32:
1262 vs->send_hextile_tile = send_hextile_tile_generic_32;
1263 break;
1264 }
1265 }
1266 }
1267
1268 static void set_pixel_format(VncState *vs,
1269 int bits_per_pixel, int depth,
1270 int big_endian_flag, int true_color_flag,
1271 int red_max, int green_max, int blue_max,
1272 int red_shift, int green_shift, int blue_shift)
1273 {
1274 if (!true_color_flag) {
1275 vnc_client_error(vs);
1276 return;
1277 }
1278
1279 vs->clientds = vs->serverds;
1280 vs->clientds.pf.rmax = red_max;
1281 count_bits(vs->clientds.pf.rbits, red_max);
1282 vs->clientds.pf.rshift = red_shift;
1283 vs->clientds.pf.rmask = red_max << red_shift;
1284 vs->clientds.pf.gmax = green_max;
1285 count_bits(vs->clientds.pf.gbits, green_max);
1286 vs->clientds.pf.gshift = green_shift;
1287 vs->clientds.pf.gmask = green_max << green_shift;
1288 vs->clientds.pf.bmax = blue_max;
1289 count_bits(vs->clientds.pf.bbits, blue_max);
1290 vs->clientds.pf.bshift = blue_shift;
1291 vs->clientds.pf.bmask = blue_max << blue_shift;
1292 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1293 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1294 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1295 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1296
1297 set_pixel_conversion(vs);
1298
1299 vga_hw_invalidate();
1300 vga_hw_update();
1301 }
1302
1303 static void pixel_format_message (VncState *vs) {
1304 char pad[3] = { 0, 0, 0 };
1305
1306 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1307 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1308
1309 #ifdef WORDS_BIGENDIAN
1310 vnc_write_u8(vs, 1); /* big-endian-flag */
1311 #else
1312 vnc_write_u8(vs, 0); /* big-endian-flag */
1313 #endif
1314 vnc_write_u8(vs, 1); /* true-color-flag */
1315 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1316 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1317 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1318 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1319 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1320 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1321 if (vs->ds->surface->pf.bits_per_pixel == 32)
1322 vs->send_hextile_tile = send_hextile_tile_32;
1323 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1324 vs->send_hextile_tile = send_hextile_tile_16;
1325 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1326 vs->send_hextile_tile = send_hextile_tile_8;
1327 vs->clientds = *(vs->ds->surface);
1328 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1329 vs->write_pixels = vnc_write_pixels_copy;
1330
1331 vnc_write(vs, pad, 3); /* padding */
1332 }
1333
1334 static void vnc_dpy_setdata(DisplayState *ds)
1335 {
1336 /* We don't have to do anything */
1337 }
1338
1339 static void vnc_colordepth(DisplayState *ds)
1340 {
1341 struct VncState *vs = ds->opaque;
1342
1343 if (vs->csock != -1 && vs->has_WMVi) {
1344 /* Sending a WMVi message to notify the client*/
1345 vnc_write_u8(vs, 0); /* msg id */
1346 vnc_write_u8(vs, 0);
1347 vnc_write_u16(vs, 1); /* number of rects */
1348 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), 0x574D5669);
1349 pixel_format_message(vs);
1350 vnc_flush(vs);
1351 } else {
1352 set_pixel_conversion(vs);
1353 }
1354 }
1355
1356 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1357 {
1358 int i;
1359 uint16_t limit;
1360
1361 switch (data[0]) {
1362 case 0:
1363 if (len == 1)
1364 return 20;
1365
1366 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1367 read_u8(data, 6), read_u8(data, 7),
1368 read_u16(data, 8), read_u16(data, 10),
1369 read_u16(data, 12), read_u8(data, 14),
1370 read_u8(data, 15), read_u8(data, 16));
1371 break;
1372 case 2:
1373 if (len == 1)
1374 return 4;
1375
1376 if (len == 4) {
1377 limit = read_u16(data, 2);
1378 if (limit > 0)
1379 return 4 + (limit * 4);
1380 } else
1381 limit = read_u16(data, 2);
1382
1383 for (i = 0; i < limit; i++) {
1384 int32_t val = read_s32(data, 4 + (i * 4));
1385 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1386 }
1387
1388 set_encodings(vs, (int32_t *)(data + 4), limit);
1389 break;
1390 case 3:
1391 if (len == 1)
1392 return 10;
1393
1394 framebuffer_update_request(vs,
1395 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1396 read_u16(data, 6), read_u16(data, 8));
1397 break;
1398 case 4:
1399 if (len == 1)
1400 return 8;
1401
1402 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1403 break;
1404 case 5:
1405 if (len == 1)
1406 return 6;
1407
1408 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1409 break;
1410 case 6:
1411 if (len == 1)
1412 return 8;
1413
1414 if (len == 8) {
1415 uint32_t dlen = read_u32(data, 4);
1416 if (dlen > 0)
1417 return 8 + dlen;
1418 }
1419
1420 client_cut_text(vs, read_u32(data, 4), data + 8);
1421 break;
1422 case 255:
1423 if (len == 1)
1424 return 2;
1425
1426 switch (read_u8(data, 1)) {
1427 case 0:
1428 if (len == 2)
1429 return 12;
1430
1431 ext_key_event(vs, read_u16(data, 2),
1432 read_u32(data, 4), read_u32(data, 8));
1433 break;
1434 case 1:
1435 if (len == 2)
1436 return 4;
1437
1438 switch (read_u16 (data, 2)) {
1439 case 0:
1440 audio_add(vs);
1441 break;
1442 case 1:
1443 audio_del(vs);
1444 break;
1445 case 2:
1446 if (len == 4)
1447 return 10;
1448 switch (read_u8(data, 4)) {
1449 case 0: vs->as.fmt = AUD_FMT_U8; break;
1450 case 1: vs->as.fmt = AUD_FMT_S8; break;
1451 case 2: vs->as.fmt = AUD_FMT_U16; break;
1452 case 3: vs->as.fmt = AUD_FMT_S16; break;
1453 case 4: vs->as.fmt = AUD_FMT_U32; break;
1454 case 5: vs->as.fmt = AUD_FMT_S32; break;
1455 default:
1456 printf("Invalid audio format %d\n", read_u8(data, 4));
1457 vnc_client_error(vs);
1458 break;
1459 }
1460 vs->as.nchannels = read_u8(data, 5);
1461 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1462 printf("Invalid audio channel coount %d\n",
1463 read_u8(data, 5));
1464 vnc_client_error(vs);
1465 break;
1466 }
1467 vs->as.freq = read_u32(data, 6);
1468 break;
1469 default:
1470 printf ("Invalid audio message %d\n", read_u8(data, 4));
1471 vnc_client_error(vs);
1472 break;
1473 }
1474 break;
1475
1476 default:
1477 printf("Msg: %d\n", read_u16(data, 0));
1478 vnc_client_error(vs);
1479 break;
1480 }
1481 break;
1482 default:
1483 printf("Msg: %d\n", data[0]);
1484 vnc_client_error(vs);
1485 break;
1486 }
1487
1488 vnc_read_when(vs, protocol_client_msg, 1);
1489 return 0;
1490 }
1491
1492 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1493 {
1494 char buf[1024];
1495 int size;
1496
1497 vnc_write_u16(vs, ds_get_width(vs->ds));
1498 vnc_write_u16(vs, ds_get_height(vs->ds));
1499
1500 pixel_format_message(vs);
1501
1502 if (qemu_name)
1503 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1504 else
1505 size = snprintf(buf, sizeof(buf), "QEMU");
1506
1507 vnc_write_u32(vs, size);
1508 vnc_write(vs, buf, size);
1509 vnc_flush(vs);
1510
1511 vnc_read_when(vs, protocol_client_msg, 1);
1512
1513 return 0;
1514 }
1515
1516 static void make_challenge(VncState *vs)
1517 {
1518 int i;
1519
1520 srand(time(NULL)+getpid()+getpid()*987654+rand());
1521
1522 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1523 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1524 }
1525
1526 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1527 {
1528 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1529 int i, j, pwlen;
1530 unsigned char key[8];
1531
1532 if (!vs->password || !vs->password[0]) {
1533 VNC_DEBUG("No password configured on server");
1534 vnc_write_u32(vs, 1); /* Reject auth */
1535 if (vs->minor >= 8) {
1536 static const char err[] = "Authentication failed";
1537 vnc_write_u32(vs, sizeof(err));
1538 vnc_write(vs, err, sizeof(err));
1539 }
1540 vnc_flush(vs);
1541 vnc_client_error(vs);
1542 return 0;
1543 }
1544
1545 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1546
1547 /* Calculate the expected challenge response */
1548 pwlen = strlen(vs->password);
1549 for (i=0; i<sizeof(key); i++)
1550 key[i] = i<pwlen ? vs->password[i] : 0;
1551 deskey(key, EN0);
1552 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1553 des(response+j, response+j);
1554
1555 /* Compare expected vs actual challenge response */
1556 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1557 VNC_DEBUG("Client challenge reponse did not match\n");
1558 vnc_write_u32(vs, 1); /* Reject auth */
1559 if (vs->minor >= 8) {
1560 static const char err[] = "Authentication failed";
1561 vnc_write_u32(vs, sizeof(err));
1562 vnc_write(vs, err, sizeof(err));
1563 }
1564 vnc_flush(vs);
1565 vnc_client_error(vs);
1566 } else {
1567 VNC_DEBUG("Accepting VNC challenge response\n");
1568 vnc_write_u32(vs, 0); /* Accept auth */
1569 vnc_flush(vs);
1570
1571 vnc_read_when(vs, protocol_client_init, 1);
1572 }
1573 return 0;
1574 }
1575
1576 static int start_auth_vnc(VncState *vs)
1577 {
1578 make_challenge(vs);
1579 /* Send client a 'random' challenge */
1580 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1581 vnc_flush(vs);
1582
1583 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1584 return 0;
1585 }
1586
1587
1588 #ifdef CONFIG_VNC_TLS
1589 #define DH_BITS 1024
1590 static gnutls_dh_params_t dh_params;
1591
1592 static int vnc_tls_initialize(void)
1593 {
1594 static int tlsinitialized = 0;
1595
1596 if (tlsinitialized)
1597 return 1;
1598
1599 if (gnutls_global_init () < 0)
1600 return 0;
1601
1602 /* XXX ought to re-generate diffie-hellmen params periodically */
1603 if (gnutls_dh_params_init (&dh_params) < 0)
1604 return 0;
1605 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1606 return 0;
1607
1608 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1609 gnutls_global_set_log_level(10);
1610 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1611 #endif
1612
1613 tlsinitialized = 1;
1614
1615 return 1;
1616 }
1617
1618 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1619 {
1620 gnutls_anon_server_credentials anon_cred;
1621 int ret;
1622
1623 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1624 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1625 return NULL;
1626 }
1627
1628 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1629
1630 return anon_cred;
1631 }
1632
1633
1634 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1635 {
1636 gnutls_certificate_credentials_t x509_cred;
1637 int ret;
1638
1639 if (!vs->x509cacert) {
1640 VNC_DEBUG("No CA x509 certificate specified\n");
1641 return NULL;
1642 }
1643 if (!vs->x509cert) {
1644 VNC_DEBUG("No server x509 certificate specified\n");
1645 return NULL;
1646 }
1647 if (!vs->x509key) {
1648 VNC_DEBUG("No server private key specified\n");
1649 return NULL;
1650 }
1651
1652 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1653 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1654 return NULL;
1655 }
1656 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1657 vs->x509cacert,
1658 GNUTLS_X509_FMT_PEM)) < 0) {
1659 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1660 gnutls_certificate_free_credentials(x509_cred);
1661 return NULL;
1662 }
1663
1664 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1665 vs->x509cert,
1666 vs->x509key,
1667 GNUTLS_X509_FMT_PEM)) < 0) {
1668 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1669 gnutls_certificate_free_credentials(x509_cred);
1670 return NULL;
1671 }
1672
1673 if (vs->x509cacrl) {
1674 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1675 vs->x509cacrl,
1676 GNUTLS_X509_FMT_PEM)) < 0) {
1677 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1678 gnutls_certificate_free_credentials(x509_cred);
1679 return NULL;
1680 }
1681 }
1682
1683 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1684
1685 return x509_cred;
1686 }
1687
1688 static int vnc_validate_certificate(struct VncState *vs)
1689 {
1690 int ret;
1691 unsigned int status;
1692 const gnutls_datum_t *certs;
1693 unsigned int nCerts, i;
1694 time_t now;
1695
1696 VNC_DEBUG("Validating client certificate\n");
1697 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1698 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1699 return -1;
1700 }
1701
1702 if ((now = time(NULL)) == ((time_t)-1)) {
1703 return -1;
1704 }
1705
1706 if (status != 0) {
1707 if (status & GNUTLS_CERT_INVALID)
1708 VNC_DEBUG("The certificate is not trusted.\n");
1709
1710 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1711 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1712
1713 if (status & GNUTLS_CERT_REVOKED)
1714 VNC_DEBUG("The certificate has been revoked.\n");
1715
1716 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1717 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1718
1719 return -1;
1720 } else {
1721 VNC_DEBUG("Certificate is valid!\n");
1722 }
1723
1724 /* Only support x509 for now */
1725 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1726 return -1;
1727
1728 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1729 return -1;
1730
1731 for (i = 0 ; i < nCerts ; i++) {
1732 gnutls_x509_crt_t cert;
1733 VNC_DEBUG ("Checking certificate chain %d\n", i);
1734 if (gnutls_x509_crt_init (&cert) < 0)
1735 return -1;
1736
1737 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1738 gnutls_x509_crt_deinit (cert);
1739 return -1;
1740 }
1741
1742 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1743 VNC_DEBUG("The certificate has expired\n");
1744 gnutls_x509_crt_deinit (cert);
1745 return -1;
1746 }
1747
1748 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1749 VNC_DEBUG("The certificate is not yet activated\n");
1750 gnutls_x509_crt_deinit (cert);
1751 return -1;
1752 }
1753
1754 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1755 VNC_DEBUG("The certificate is not yet activated\n");
1756 gnutls_x509_crt_deinit (cert);
1757 return -1;
1758 }
1759
1760 gnutls_x509_crt_deinit (cert);
1761 }
1762
1763 return 0;
1764 }
1765
1766
1767 static int start_auth_vencrypt_subauth(VncState *vs)
1768 {
1769 switch (vs->subauth) {
1770 case VNC_AUTH_VENCRYPT_TLSNONE:
1771 case VNC_AUTH_VENCRYPT_X509NONE:
1772 VNC_DEBUG("Accept TLS auth none\n");
1773 vnc_write_u32(vs, 0); /* Accept auth completion */
1774 vnc_read_when(vs, protocol_client_init, 1);
1775 break;
1776
1777 case VNC_AUTH_VENCRYPT_TLSVNC:
1778 case VNC_AUTH_VENCRYPT_X509VNC:
1779 VNC_DEBUG("Start TLS auth VNC\n");
1780 return start_auth_vnc(vs);
1781
1782 default: /* Should not be possible, but just in case */
1783 VNC_DEBUG("Reject auth %d\n", vs->auth);
1784 vnc_write_u8(vs, 1);
1785 if (vs->minor >= 8) {
1786 static const char err[] = "Unsupported authentication type";
1787 vnc_write_u32(vs, sizeof(err));
1788 vnc_write(vs, err, sizeof(err));
1789 }
1790 vnc_client_error(vs);
1791 }
1792
1793 return 0;
1794 }
1795
1796 static void vnc_handshake_io(void *opaque);
1797
1798 static int vnc_continue_handshake(struct VncState *vs) {
1799 int ret;
1800
1801 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1802 if (!gnutls_error_is_fatal(ret)) {
1803 VNC_DEBUG("Handshake interrupted (blocking)\n");
1804 if (!gnutls_record_get_direction(vs->tls_session))
1805 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1806 else
1807 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1808 return 0;
1809 }
1810 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1811 vnc_client_error(vs);
1812 return -1;
1813 }
1814
1815 if (vs->x509verify) {
1816 if (vnc_validate_certificate(vs) < 0) {
1817 VNC_DEBUG("Client verification failed\n");
1818 vnc_client_error(vs);
1819 return -1;
1820 } else {
1821 VNC_DEBUG("Client verification passed\n");
1822 }
1823 }
1824
1825 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1826 vs->wiremode = VNC_WIREMODE_TLS;
1827 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1828
1829 return start_auth_vencrypt_subauth(vs);
1830 }
1831
1832 static void vnc_handshake_io(void *opaque) {
1833 struct VncState *vs = (struct VncState *)opaque;
1834
1835 VNC_DEBUG("Handshake IO continue\n");
1836 vnc_continue_handshake(vs);
1837 }
1838
1839 #define NEED_X509_AUTH(vs) \
1840 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1841 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1842 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1843
1844
1845 static int vnc_start_tls(struct VncState *vs) {
1846 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1847 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1848 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1849 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1850
1851 VNC_DEBUG("Do TLS setup\n");
1852 if (vnc_tls_initialize() < 0) {
1853 VNC_DEBUG("Failed to init TLS\n");
1854 vnc_client_error(vs);
1855 return -1;
1856 }
1857 if (vs->tls_session == NULL) {
1858 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1859 vnc_client_error(vs);
1860 return -1;
1861 }
1862
1863 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1864 gnutls_deinit(vs->tls_session);
1865 vs->tls_session = NULL;
1866 vnc_client_error(vs);
1867 return -1;
1868 }
1869
1870 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1871 gnutls_deinit(vs->tls_session);
1872 vs->tls_session = NULL;
1873 vnc_client_error(vs);
1874 return -1;
1875 }
1876
1877 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1878 gnutls_deinit(vs->tls_session);
1879 vs->tls_session = NULL;
1880 vnc_client_error(vs);
1881 return -1;
1882 }
1883
1884 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1885 gnutls_deinit(vs->tls_session);
1886 vs->tls_session = NULL;
1887 vnc_client_error(vs);
1888 return -1;
1889 }
1890
1891 if (NEED_X509_AUTH(vs)) {
1892 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1893 if (!x509_cred) {
1894 gnutls_deinit(vs->tls_session);
1895 vs->tls_session = NULL;
1896 vnc_client_error(vs);
1897 return -1;
1898 }
1899 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1900 gnutls_deinit(vs->tls_session);
1901 vs->tls_session = NULL;
1902 gnutls_certificate_free_credentials(x509_cred);
1903 vnc_client_error(vs);
1904 return -1;
1905 }
1906 if (vs->x509verify) {
1907 VNC_DEBUG("Requesting a client certificate\n");
1908 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1909 }
1910
1911 } else {
1912 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1913 if (!anon_cred) {
1914 gnutls_deinit(vs->tls_session);
1915 vs->tls_session = NULL;
1916 vnc_client_error(vs);
1917 return -1;
1918 }
1919 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1920 gnutls_deinit(vs->tls_session);
1921 vs->tls_session = NULL;
1922 gnutls_anon_free_server_credentials(anon_cred);
1923 vnc_client_error(vs);
1924 return -1;
1925 }
1926 }
1927
1928 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1929 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1930 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1931 }
1932
1933 VNC_DEBUG("Start TLS handshake process\n");
1934 return vnc_continue_handshake(vs);
1935 }
1936
1937 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1938 {
1939 int auth = read_u32(data, 0);
1940
1941 if (auth != vs->subauth) {
1942 VNC_DEBUG("Rejecting auth %d\n", auth);
1943 vnc_write_u8(vs, 0); /* Reject auth */
1944 vnc_flush(vs);
1945 vnc_client_error(vs);
1946 } else {
1947 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1948 vnc_write_u8(vs, 1); /* Accept auth */
1949 vnc_flush(vs);
1950
1951 if (vnc_start_tls(vs) < 0) {
1952 VNC_DEBUG("Failed to complete TLS\n");
1953 return 0;
1954 }
1955
1956 if (vs->wiremode == VNC_WIREMODE_TLS) {
1957 VNC_DEBUG("Starting VeNCrypt subauth\n");
1958 return start_auth_vencrypt_subauth(vs);
1959 } else {
1960 VNC_DEBUG("TLS handshake blocked\n");
1961 return 0;
1962 }
1963 }
1964 return 0;
1965 }
1966
1967 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1968 {
1969 if (data[0] != 0 ||
1970 data[1] != 2) {
1971 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1972 vnc_write_u8(vs, 1); /* Reject version */
1973 vnc_flush(vs);
1974 vnc_client_error(vs);
1975 } else {
1976 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1977 vnc_write_u8(vs, 0); /* Accept version */
1978 vnc_write_u8(vs, 1); /* Number of sub-auths */
1979 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1980 vnc_flush(vs);
1981 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1982 }
1983 return 0;
1984 }
1985
1986 static int start_auth_vencrypt(VncState *vs)
1987 {
1988 /* Send VeNCrypt version 0.2 */
1989 vnc_write_u8(vs, 0);
1990 vnc_write_u8(vs, 2);
1991
1992 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1993 return 0;
1994 }
1995 #endif /* CONFIG_VNC_TLS */
1996
1997 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1998 {
1999 /* We only advertise 1 auth scheme at a time, so client
2000 * must pick the one we sent. Verify this */
2001 if (data[0] != vs->auth) { /* Reject auth */
2002 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
2003 vnc_write_u32(vs, 1);
2004 if (vs->minor >= 8) {
2005 static const char err[] = "Authentication failed";
2006 vnc_write_u32(vs, sizeof(err));
2007 vnc_write(vs, err, sizeof(err));
2008 }
2009 vnc_client_error(vs);
2010 } else { /* Accept requested auth */
2011 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2012 switch (vs->auth) {
2013 case VNC_AUTH_NONE:
2014 VNC_DEBUG("Accept auth none\n");
2015 if (vs->minor >= 8) {
2016 vnc_write_u32(vs, 0); /* Accept auth completion */
2017 vnc_flush(vs);
2018 }
2019 vnc_read_when(vs, protocol_client_init, 1);
2020 break;
2021
2022 case VNC_AUTH_VNC:
2023 VNC_DEBUG("Start VNC auth\n");
2024 return start_auth_vnc(vs);
2025
2026 #ifdef CONFIG_VNC_TLS
2027 case VNC_AUTH_VENCRYPT:
2028 VNC_DEBUG("Accept VeNCrypt auth\n");;
2029 return start_auth_vencrypt(vs);
2030 #endif /* CONFIG_VNC_TLS */
2031
2032 default: /* Should not be possible, but just in case */
2033 VNC_DEBUG("Reject auth %d\n", vs->auth);
2034 vnc_write_u8(vs, 1);
2035 if (vs->minor >= 8) {
2036 static const char err[] = "Authentication failed";
2037 vnc_write_u32(vs, sizeof(err));
2038 vnc_write(vs, err, sizeof(err));
2039 }
2040 vnc_client_error(vs);
2041 }
2042 }
2043 return 0;
2044 }
2045
2046 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2047 {
2048 char local[13];
2049
2050 memcpy(local, version, 12);
2051 local[12] = 0;
2052
2053 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2054 VNC_DEBUG("Malformed protocol version %s\n", local);
2055 vnc_client_error(vs);
2056 return 0;
2057 }
2058 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2059 if (vs->major != 3 ||
2060 (vs->minor != 3 &&
2061 vs->minor != 4 &&
2062 vs->minor != 5 &&
2063 vs->minor != 7 &&
2064 vs->minor != 8)) {
2065 VNC_DEBUG("Unsupported client version\n");
2066 vnc_write_u32(vs, VNC_AUTH_INVALID);
2067 vnc_flush(vs);
2068 vnc_client_error(vs);
2069 return 0;
2070 }
2071 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2072 * as equivalent to v3.3 by servers
2073 */
2074 if (vs->minor == 4 || vs->minor == 5)
2075 vs->minor = 3;
2076
2077 if (vs->minor == 3) {
2078 if (vs->auth == VNC_AUTH_NONE) {
2079 VNC_DEBUG("Tell client auth none\n");
2080 vnc_write_u32(vs, vs->auth);
2081 vnc_flush(vs);
2082 vnc_read_when(vs, protocol_client_init, 1);
2083 } else if (vs->auth == VNC_AUTH_VNC) {
2084 VNC_DEBUG("Tell client VNC auth\n");
2085 vnc_write_u32(vs, vs->auth);
2086 vnc_flush(vs);
2087 start_auth_vnc(vs);
2088 } else {
2089 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2090 vnc_write_u32(vs, VNC_AUTH_INVALID);
2091 vnc_flush(vs);
2092 vnc_client_error(vs);
2093 }
2094 } else {
2095 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2096 vnc_write_u8(vs, 1); /* num auth */
2097 vnc_write_u8(vs, vs->auth);
2098 vnc_read_when(vs, protocol_client_auth, 1);
2099 vnc_flush(vs);
2100 }
2101
2102 return 0;
2103 }
2104
2105 static void vnc_connect(VncState *vs)
2106 {
2107 VNC_DEBUG("New client on socket %d\n", vs->csock);
2108 dcl->idle = 0;
2109 socket_set_nonblock(vs->csock);
2110 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2111 vnc_write(vs, "RFB 003.008\n", 12);
2112 vnc_flush(vs);
2113 vnc_read_when(vs, protocol_version, 12);
2114 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2115 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2116 vs->has_resize = 0;
2117 vs->has_hextile = 0;
2118 vs->has_WMVi = 0;
2119 dcl->dpy_copy = NULL;
2120 vnc_update_client(vs);
2121 reset_keys(vs);
2122 }
2123
2124 static void vnc_listen_read(void *opaque)
2125 {
2126 VncState *vs = opaque;
2127 struct sockaddr_in addr;
2128 socklen_t addrlen = sizeof(addr);
2129
2130 /* Catch-up */
2131 vga_hw_update();
2132
2133 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2134 if (vs->csock != -1) {
2135 vnc_connect(vs);
2136 }
2137 }
2138
2139 void vnc_display_init(DisplayState *ds)
2140 {
2141 VncState *vs;
2142
2143 vs = qemu_mallocz(sizeof(VncState));
2144 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2145 if (!vs || !dcl)
2146 exit(1);
2147
2148 ds->opaque = vs;
2149 dcl->idle = 1;
2150 vnc_state = vs;
2151 vs->display = NULL;
2152 vs->password = NULL;
2153
2154 vs->lsock = -1;
2155 vs->csock = -1;
2156 vs->last_x = -1;
2157 vs->last_y = -1;
2158
2159 vs->ds = ds;
2160
2161 if (keyboard_layout)
2162 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2163 else
2164 vs->kbd_layout = init_keyboard_layout("en-us");
2165
2166 if (!vs->kbd_layout)
2167 exit(1);
2168
2169 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2170
2171 dcl->dpy_update = vnc_dpy_update;
2172 dcl->dpy_resize = vnc_dpy_resize;
2173 dcl->dpy_setdata = vnc_dpy_setdata;
2174 dcl->dpy_refresh = NULL;
2175 register_displaychangelistener(ds, dcl);
2176
2177 vs->as.freq = 44100;
2178 vs->as.nchannels = 2;
2179 vs->as.fmt = AUD_FMT_S16;
2180 vs->as.endianness = 0;
2181 }
2182
2183 #ifdef CONFIG_VNC_TLS
2184 static int vnc_set_x509_credential(VncState *vs,
2185 const char *certdir,
2186 const char *filename,
2187 char **cred,
2188 int ignoreMissing)
2189 {
2190 struct stat sb;
2191
2192 if (*cred) {
2193 qemu_free(*cred);
2194 *cred = NULL;
2195 }
2196
2197 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2198 return -1;
2199
2200 strcpy(*cred, certdir);
2201 strcat(*cred, "/");
2202 strcat(*cred, filename);
2203
2204 VNC_DEBUG("Check %s\n", *cred);
2205 if (stat(*cred, &sb) < 0) {
2206 qemu_free(*cred);
2207 *cred = NULL;
2208 if (ignoreMissing && errno == ENOENT)
2209 return 0;
2210 return -1;
2211 }
2212
2213 return 0;
2214 }
2215
2216 static int vnc_set_x509_credential_dir(VncState *vs,
2217 const char *certdir)
2218 {
2219 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2220 goto cleanup;
2221 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2222 goto cleanup;
2223 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2224 goto cleanup;
2225 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2226 goto cleanup;
2227
2228 return 0;
2229
2230 cleanup:
2231 qemu_free(vs->x509cacert);
2232 qemu_free(vs->x509cacrl);
2233 qemu_free(vs->x509cert);
2234 qemu_free(vs->x509key);
2235 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2236 return -1;
2237 }
2238 #endif /* CONFIG_VNC_TLS */
2239
2240 void vnc_display_close(DisplayState *ds)
2241 {
2242 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2243
2244 if (vs->display) {
2245 qemu_free(vs->display);
2246 vs->display = NULL;
2247 }
2248 if (vs->lsock != -1) {
2249 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2250 close(vs->lsock);
2251 vs->lsock = -1;
2252 }
2253 if (vs->csock != -1) {
2254 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2255 closesocket(vs->csock);
2256 vs->csock = -1;
2257 buffer_reset(&vs->input);
2258 buffer_reset(&vs->output);
2259 vs->need_update = 0;
2260 #ifdef CONFIG_VNC_TLS
2261 if (vs->tls_session) {
2262 gnutls_deinit(vs->tls_session);
2263 vs->tls_session = NULL;
2264 }
2265 vs->wiremode = VNC_WIREMODE_CLEAR;
2266 #endif /* CONFIG_VNC_TLS */
2267 }
2268 vs->auth = VNC_AUTH_INVALID;
2269 #ifdef CONFIG_VNC_TLS
2270 vs->subauth = VNC_AUTH_INVALID;
2271 vs->x509verify = 0;
2272 #endif
2273 audio_del(vs);
2274 }
2275
2276 int vnc_display_password(DisplayState *ds, const char *password)
2277 {
2278 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2279
2280 if (vs->password) {
2281 qemu_free(vs->password);
2282 vs->password = NULL;
2283 }
2284 if (password && password[0]) {
2285 if (!(vs->password = qemu_strdup(password)))
2286 return -1;
2287 }
2288
2289 return 0;
2290 }
2291
2292 int vnc_display_open(DisplayState *ds, const char *display)
2293 {
2294 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2295 const char *options;
2296 int password = 0;
2297 int reverse = 0;
2298 int to_port = 0;
2299 #ifdef CONFIG_VNC_TLS
2300 int tls = 0, x509 = 0;
2301 #endif
2302
2303 vnc_display_close(ds);
2304 if (strcmp(display, "none") == 0)
2305 return 0;
2306
2307 if (!(vs->display = strdup(display)))
2308 return -1;
2309
2310 options = display;
2311 while ((options = strchr(options, ','))) {
2312 options++;
2313 if (strncmp(options, "password", 8) == 0) {
2314 password = 1; /* Require password auth */
2315 } else if (strncmp(options, "reverse", 7) == 0) {
2316 reverse = 1;
2317 } else if (strncmp(options, "to=", 3) == 0) {
2318 to_port = atoi(options+3) + 5900;
2319 #ifdef CONFIG_VNC_TLS
2320 } else if (strncmp(options, "tls", 3) == 0) {
2321 tls = 1; /* Require TLS */
2322 } else if (strncmp(options, "x509", 4) == 0) {
2323 char *start, *end;
2324 x509 = 1; /* Require x509 certificates */
2325 if (strncmp(options, "x509verify", 10) == 0)
2326 vs->x509verify = 1; /* ...and verify client certs */
2327
2328 /* Now check for 'x509=/some/path' postfix
2329 * and use that to setup x509 certificate/key paths */
2330 start = strchr(options, '=');
2331 end = strchr(options, ',');
2332 if (start && (!end || (start < end))) {
2333 int len = end ? end-(start+1) : strlen(start+1);
2334 char *path = qemu_strndup(start + 1, len);
2335
2336 VNC_DEBUG("Trying certificate path '%s'\n", path);
2337 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2338 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2339 qemu_free(path);
2340 qemu_free(vs->display);
2341 vs->display = NULL;
2342 return -1;
2343 }
2344 qemu_free(path);
2345 } else {
2346 fprintf(stderr, "No certificate path provided\n");
2347 qemu_free(vs->display);
2348 vs->display = NULL;
2349 return -1;
2350 }
2351 #endif
2352 }
2353 }
2354
2355 if (password) {
2356 #ifdef CONFIG_VNC_TLS
2357 if (tls) {
2358 vs->auth = VNC_AUTH_VENCRYPT;
2359 if (x509) {
2360 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2361 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2362 } else {
2363 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2364 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2365 }
2366 } else {
2367 #endif
2368 VNC_DEBUG("Initializing VNC server with password auth\n");
2369 vs->auth = VNC_AUTH_VNC;
2370 #ifdef CONFIG_VNC_TLS
2371 vs->subauth = VNC_AUTH_INVALID;
2372 }
2373 #endif
2374 } else {
2375 #ifdef CONFIG_VNC_TLS
2376 if (tls) {
2377 vs->auth = VNC_AUTH_VENCRYPT;
2378 if (x509) {
2379 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2380 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2381 } else {
2382 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2383 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2384 }
2385 } else {
2386 #endif
2387 VNC_DEBUG("Initializing VNC server with no auth\n");
2388 vs->auth = VNC_AUTH_NONE;
2389 #ifdef CONFIG_VNC_TLS
2390 vs->subauth = VNC_AUTH_INVALID;
2391 }
2392 #endif
2393 }
2394
2395 if (reverse) {
2396 /* connect to viewer */
2397 if (strncmp(display, "unix:", 5) == 0)
2398 vs->lsock = unix_connect(display+5);
2399 else
2400 vs->lsock = inet_connect(display, SOCK_STREAM);
2401 if (-1 == vs->lsock) {
2402 free(vs->display);
2403 vs->display = NULL;
2404 return -1;
2405 } else {
2406 vs->csock = vs->lsock;
2407 vs->lsock = -1;
2408 vnc_connect(vs);
2409 }
2410 return 0;
2411
2412 } else {
2413 /* listen for connects */
2414 char *dpy;
2415 dpy = qemu_malloc(256);
2416 if (strncmp(display, "unix:", 5) == 0) {
2417 pstrcpy(dpy, 256, "unix:");
2418 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2419 } else {
2420 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2421 }
2422 if (-1 == vs->lsock) {
2423 free(dpy);
2424 return -1;
2425 } else {
2426 free(vs->display);
2427 vs->display = dpy;
2428 }
2429 }
2430
2431 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2432 }