2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level
, const char* str
) {
51 VNC_DEBUG("%d %s", level
, str
);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState
;
68 typedef int VncReadEvent(VncState
*vs
, uint8_t *data
, size_t len
);
70 typedef void VncWritePixels(VncState
*vs
, void *data
, int size
);
72 typedef void VncSendHextileTile(VncState
*vs
,
73 int x
, int y
, int w
, int h
,
76 int *has_bg
, int *has_fg
);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT
= 19
103 VNC_AUTH_VENCRYPT_PLAIN
= 256,
104 VNC_AUTH_VENCRYPT_TLSNONE
= 257,
105 VNC_AUTH_VENCRYPT_TLSVNC
= 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN
= 259,
107 VNC_AUTH_VENCRYPT_X509NONE
= 260,
108 VNC_AUTH_VENCRYPT_X509VNC
= 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN
= 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row
[VNC_MAX_HEIGHT
][VNC_DIRTY_WORDS
];
132 int depth
; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change
;
155 char challenge
[VNC_AUTH_CHALLENGE_SIZE
];
159 gnutls_session_t tls_session
;
164 kbd_layout_t
*kbd_layout
;
165 /* current output mode information */
166 VncWritePixels
*write_pixels
;
167 VncSendHextileTile
*send_hextile_tile
;
168 int pix_bpp
, pix_big_endian
;
169 int red_shift
, red_max
, red_shift1
;
170 int green_shift
, green_max
, green_shift1
;
171 int blue_shift
, blue_max
, blue_shift1
;
173 VncReadEvent
*read_handler
;
174 size_t read_handler_expect
;
176 uint8_t modifiers_state
[256];
179 static VncState
*vnc_state
; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state
== NULL
)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state
->display
);
190 if (vnc_state
->csock
== -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState
*vs
, const void *data
, size_t len
);
205 static void vnc_write_u32(VncState
*vs
, uint32_t value
);
206 static void vnc_write_s32(VncState
*vs
, int32_t value
);
207 static void vnc_write_u16(VncState
*vs
, uint16_t value
);
208 static void vnc_write_u8(VncState
*vs
, uint8_t value
);
209 static void vnc_flush(VncState
*vs
);
210 static void vnc_update_client(void *opaque
);
211 static void vnc_client_read(void *opaque
);
213 static inline void vnc_set_bit(uint32_t *d
, int k
)
215 d
[k
>> 5] |= 1 << (k
& 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d
, int k
)
220 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
223 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
233 d
[j
++] = (1 << n
) - 1;
238 static inline int vnc_get_bit(const uint32_t *d
, int k
)
240 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
247 for(i
= 0; i
< nb_words
; i
++) {
248 if ((d1
[i
] & d2
[i
]) != 0)
254 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
256 VncState
*vs
= ds
->opaque
;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
268 x
= MIN(x
, vs
->width
);
269 y
= MIN(y
, vs
->height
);
270 w
= MIN(x
+ w
, vs
->width
) - x
;
271 h
= MIN(h
, vs
->height
);
274 for (i
= 0; i
< w
; i
+= 16)
275 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
278 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
281 vnc_write_u16(vs
, x
);
282 vnc_write_u16(vs
, y
);
283 vnc_write_u16(vs
, w
);
284 vnc_write_u16(vs
, h
);
286 vnc_write_s32(vs
, encoding
);
289 static void vnc_dpy_resize(DisplayState
*ds
, int w
, int h
)
292 VncState
*vs
= ds
->opaque
;
294 ds
->data
= qemu_realloc(ds
->data
, w
* h
* vs
->depth
);
295 vs
->old_data
= qemu_realloc(vs
->old_data
, w
* h
* vs
->depth
);
297 if (ds
->data
== NULL
|| vs
->old_data
== NULL
) {
298 fprintf(stderr
, "vnc: memory allocation failed\n");
302 if (ds
->depth
!= vs
->depth
* 8) {
303 ds
->depth
= vs
->depth
* 8;
304 console_color_init(ds
);
306 size_changed
= ds
->width
!= w
|| ds
->height
!= h
;
309 ds
->linesize
= w
* vs
->depth
;
311 vs
->width
= ds
->width
;
312 vs
->height
= ds
->height
;
313 if (vs
->csock
!= -1 && vs
->has_resize
) {
314 vnc_write_u8(vs
, 0); /* msg id */
316 vnc_write_u16(vs
, 1); /* number of rects */
317 vnc_framebuffer_update(vs
, 0, 0, ds
->width
, ds
->height
, -223);
322 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
323 memset(vs
->old_data
, 42, vs
->ds
->linesize
* vs
->ds
->height
);
327 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
329 vnc_write(vs
, pixels
, size
);
332 /* slowest but generic code. */
333 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
335 unsigned int r
, g
, b
;
337 r
= (v
>> vs
->red_shift1
) & vs
->red_max
;
338 g
= (v
>> vs
->green_shift1
) & vs
->green_max
;
339 b
= (v
>> vs
->blue_shift1
) & vs
->blue_max
;
340 v
= (r
<< vs
->red_shift
) |
341 (g
<< vs
->green_shift
) |
342 (b
<< vs
->blue_shift
);
343 switch(vs
->pix_bpp
) {
348 if (vs
->pix_big_endian
) {
358 if (vs
->pix_big_endian
) {
373 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
375 uint32_t *pixels
= pixels1
;
380 for(i
= 0; i
< n
; i
++) {
381 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
382 vnc_write(vs
, buf
, vs
->pix_bpp
);
386 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
391 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 0);
393 row
= vs
->ds
->data
+ y
* vs
->ds
->linesize
+ x
* vs
->depth
;
394 for (i
= 0; i
< h
; i
++) {
395 vs
->write_pixels(vs
, row
, w
* vs
->depth
);
396 row
+= vs
->ds
->linesize
;
400 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
402 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
403 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
407 #include "vnchextile.h"
411 #include "vnchextile.h"
415 #include "vnchextile.h"
420 #include "vnchextile.h"
424 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
428 uint32_t last_fg32
, last_bg32
;
430 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 5);
433 for (j
= y
; j
< (y
+ h
); j
+= 16) {
434 for (i
= x
; i
< (x
+ w
); i
+= 16) {
435 vs
->send_hextile_tile(vs
, i
, j
,
436 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
437 &last_bg32
, &last_fg32
, &has_bg
, &has_fg
);
442 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
445 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
447 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
450 static void vnc_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
457 int pitch
= ds
->linesize
;
458 VncState
*vs
= ds
->opaque
;
460 vnc_update_client(vs
);
467 src
= (ds
->linesize
* (src_y
+ y
) + vs
->depth
* src_x
);
468 dst
= (ds
->linesize
* (dst_y
+ y
) + vs
->depth
* dst_x
);
470 src_row
= ds
->data
+ src
;
471 dst_row
= ds
->data
+ dst
;
472 old_row
= vs
->old_data
+ dst
;
474 for (y
= 0; y
< h
; y
++) {
475 memmove(old_row
, src_row
, w
* vs
->depth
);
476 memmove(dst_row
, src_row
, w
* vs
->depth
);
482 vnc_write_u8(vs
, 0); /* msg id */
484 vnc_write_u16(vs
, 1); /* number of rects */
485 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, 1);
486 vnc_write_u16(vs
, src_x
);
487 vnc_write_u16(vs
, src_y
);
491 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
495 for (h
= 1; h
< (vs
->height
- y
); h
++) {
497 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
499 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
500 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
506 static void vnc_update_client(void *opaque
)
508 VncState
*vs
= opaque
;
510 if (vs
->need_update
&& vs
->csock
!= -1) {
514 uint32_t width_mask
[VNC_DIRTY_WORDS
];
521 vnc_set_bits(width_mask
, (vs
->width
/ 16), VNC_DIRTY_WORDS
);
523 /* Walk through the dirty map and eliminate tiles that
524 really aren't dirty */
526 old_row
= vs
->old_data
;
528 for (y
= 0; y
< vs
->height
; y
++) {
529 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
535 old_ptr
= (char*)old_row
;
537 for (x
= 0; x
< vs
->ds
->width
; x
+= 16) {
538 if (memcmp(old_ptr
, ptr
, 16 * vs
->depth
) == 0) {
539 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
542 memcpy(old_ptr
, ptr
, 16 * vs
->depth
);
545 ptr
+= 16 * vs
->depth
;
546 old_ptr
+= 16 * vs
->depth
;
550 row
+= vs
->ds
->linesize
;
551 old_row
+= vs
->ds
->linesize
;
555 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
559 /* Count rectangles */
561 vnc_write_u8(vs
, 0); /* msg id */
563 saved_offset
= vs
->output
.offset
;
564 vnc_write_u16(vs
, 0);
566 for (y
= 0; y
< vs
->height
; y
++) {
569 for (x
= 0; x
< vs
->width
/ 16; x
++) {
570 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
574 vnc_clear_bit(vs
->dirty_row
[y
], x
);
577 int h
= find_dirty_height(vs
, y
, last_x
, x
);
578 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
585 int h
= find_dirty_height(vs
, y
, last_x
, x
);
586 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
590 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
591 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
596 if (vs
->csock
!= -1) {
597 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
602 static int vnc_listen_poll(void *opaque
)
604 VncState
*vs
= opaque
;
610 static void buffer_reserve(Buffer
*buffer
, size_t len
)
612 if ((buffer
->capacity
- buffer
->offset
) < len
) {
613 buffer
->capacity
+= (len
+ 1024);
614 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
615 if (buffer
->buffer
== NULL
) {
616 fprintf(stderr
, "vnc: out of memory\n");
622 static int buffer_empty(Buffer
*buffer
)
624 return buffer
->offset
== 0;
627 static uint8_t *buffer_end(Buffer
*buffer
)
629 return buffer
->buffer
+ buffer
->offset
;
632 static void buffer_reset(Buffer
*buffer
)
637 static void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
639 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
640 buffer
->offset
+= len
;
643 static int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
645 if (ret
== 0 || ret
== -1) {
647 switch (last_errno
) {
659 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
660 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
661 closesocket(vs
->csock
);
663 buffer_reset(&vs
->input
);
664 buffer_reset(&vs
->output
);
667 if (vs
->tls_session
) {
668 gnutls_deinit(vs
->tls_session
);
669 vs
->tls_session
= NULL
;
671 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
672 #endif /* CONFIG_VNC_TLS */
678 static void vnc_client_error(VncState
*vs
)
680 vnc_client_io_error(vs
, -1, EINVAL
);
683 static void vnc_client_write(void *opaque
)
686 VncState
*vs
= opaque
;
689 if (vs
->tls_session
) {
690 ret
= gnutls_write(vs
->tls_session
, vs
->output
.buffer
, vs
->output
.offset
);
692 if (ret
== GNUTLS_E_AGAIN
)
699 #endif /* CONFIG_VNC_TLS */
700 ret
= send(vs
->csock
, vs
->output
.buffer
, vs
->output
.offset
, 0);
701 ret
= vnc_client_io_error(vs
, ret
, socket_error());
705 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
706 vs
->output
.offset
-= ret
;
708 if (vs
->output
.offset
== 0) {
709 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
713 static void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
715 vs
->read_handler
= func
;
716 vs
->read_handler_expect
= expecting
;
719 static void vnc_client_read(void *opaque
)
721 VncState
*vs
= opaque
;
724 buffer_reserve(&vs
->input
, 4096);
727 if (vs
->tls_session
) {
728 ret
= gnutls_read(vs
->tls_session
, buffer_end(&vs
->input
), 4096);
730 if (ret
== GNUTLS_E_AGAIN
)
737 #endif /* CONFIG_VNC_TLS */
738 ret
= recv(vs
->csock
, buffer_end(&vs
->input
), 4096, 0);
739 ret
= vnc_client_io_error(vs
, ret
, socket_error());
743 vs
->input
.offset
+= ret
;
745 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
746 size_t len
= vs
->read_handler_expect
;
749 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
754 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
755 vs
->input
.offset
-= len
;
757 vs
->read_handler_expect
= ret
;
762 static void vnc_write(VncState
*vs
, const void *data
, size_t len
)
764 buffer_reserve(&vs
->output
, len
);
766 if (buffer_empty(&vs
->output
)) {
767 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
770 buffer_append(&vs
->output
, data
, len
);
773 static void vnc_write_s32(VncState
*vs
, int32_t value
)
775 vnc_write_u32(vs
, *(uint32_t *)&value
);
778 static void vnc_write_u32(VncState
*vs
, uint32_t value
)
782 buf
[0] = (value
>> 24) & 0xFF;
783 buf
[1] = (value
>> 16) & 0xFF;
784 buf
[2] = (value
>> 8) & 0xFF;
785 buf
[3] = value
& 0xFF;
787 vnc_write(vs
, buf
, 4);
790 static void vnc_write_u16(VncState
*vs
, uint16_t value
)
794 buf
[0] = (value
>> 8) & 0xFF;
795 buf
[1] = value
& 0xFF;
797 vnc_write(vs
, buf
, 2);
800 static void vnc_write_u8(VncState
*vs
, uint8_t value
)
802 vnc_write(vs
, (char *)&value
, 1);
805 static void vnc_flush(VncState
*vs
)
807 if (vs
->output
.offset
)
808 vnc_client_write(vs
);
811 static uint8_t read_u8(uint8_t *data
, size_t offset
)
816 static uint16_t read_u16(uint8_t *data
, size_t offset
)
818 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
821 static int32_t read_s32(uint8_t *data
, size_t offset
)
823 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
824 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
827 static uint32_t read_u32(uint8_t *data
, size_t offset
)
829 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
830 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
834 static ssize_t
vnc_tls_push(gnutls_transport_ptr_t transport
,
837 struct VncState
*vs
= (struct VncState
*)transport
;
841 ret
= send(vs
->csock
, data
, len
, 0);
851 static ssize_t
vnc_tls_pull(gnutls_transport_ptr_t transport
,
854 struct VncState
*vs
= (struct VncState
*)transport
;
858 ret
= recv(vs
->csock
, data
, len
, 0);
866 #endif /* CONFIG_VNC_TLS */
868 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
872 static void check_pointer_type_change(VncState
*vs
, int absolute
)
874 if (vs
->has_pointer_type_change
&& vs
->absolute
!= absolute
) {
877 vnc_write_u16(vs
, 1);
878 vnc_framebuffer_update(vs
, absolute
, 0,
879 vs
->ds
->width
, vs
->ds
->height
, -257);
882 vs
->absolute
= absolute
;
885 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
890 if (button_mask
& 0x01)
891 buttons
|= MOUSE_EVENT_LBUTTON
;
892 if (button_mask
& 0x02)
893 buttons
|= MOUSE_EVENT_MBUTTON
;
894 if (button_mask
& 0x04)
895 buttons
|= MOUSE_EVENT_RBUTTON
;
896 if (button_mask
& 0x08)
898 if (button_mask
& 0x10)
902 kbd_mouse_event(x
* 0x7FFF / (vs
->ds
->width
- 1),
903 y
* 0x7FFF / (vs
->ds
->height
- 1),
905 } else if (vs
->has_pointer_type_change
) {
909 kbd_mouse_event(x
, y
, dz
, buttons
);
911 if (vs
->last_x
!= -1)
912 kbd_mouse_event(x
- vs
->last_x
,
919 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
922 static void reset_keys(VncState
*vs
)
925 for(i
= 0; i
< 256; i
++) {
926 if (vs
->modifiers_state
[i
]) {
928 kbd_put_keycode(0xe0);
929 kbd_put_keycode(i
| 0x80);
930 vs
->modifiers_state
[i
] = 0;
935 static void press_key(VncState
*vs
, int keysym
)
937 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) & 0x7f);
938 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) | 0x80);
941 static void do_key_event(VncState
*vs
, int down
, uint32_t sym
)
945 keycode
= keysym2scancode(vs
->kbd_layout
, sym
& 0xFFFF);
947 /* QEMU console switch */
949 case 0x2a: /* Left Shift */
950 case 0x36: /* Right Shift */
951 case 0x1d: /* Left CTRL */
952 case 0x9d: /* Right CTRL */
953 case 0x38: /* Left ALT */
954 case 0xb8: /* Right ALT */
956 vs
->modifiers_state
[keycode
] = 1;
958 vs
->modifiers_state
[keycode
] = 0;
960 case 0x02 ... 0x0a: /* '1' to '9' keys */
961 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
962 /* Reset the modifiers sent to the current console */
964 console_select(keycode
- 0x02);
968 case 0x3a: /* CapsLock */
969 case 0x45: /* NumLock */
971 vs
->modifiers_state
[keycode
] ^= 1;
975 if (keycode_is_keypad(vs
->kbd_layout
, keycode
)) {
976 /* If the numlock state needs to change then simulate an additional
977 keypress before sending this one. This will happen if the user
978 toggles numlock away from the VNC window.
980 if (keysym_is_numlock(vs
->kbd_layout
, sym
& 0xFFFF)) {
981 if (!vs
->modifiers_state
[0x45]) {
982 vs
->modifiers_state
[0x45] = 1;
983 press_key(vs
, 0xff7f);
986 if (vs
->modifiers_state
[0x45]) {
987 vs
->modifiers_state
[0x45] = 0;
988 press_key(vs
, 0xff7f);
993 if (is_graphic_console()) {
995 kbd_put_keycode(0xe0);
997 kbd_put_keycode(keycode
& 0x7f);
999 kbd_put_keycode(keycode
| 0x80);
1001 /* QEMU console emulation */
1004 case 0x2a: /* Left Shift */
1005 case 0x36: /* Right Shift */
1006 case 0x1d: /* Left CTRL */
1007 case 0x9d: /* Right CTRL */
1008 case 0x38: /* Left ALT */
1009 case 0xb8: /* Right ALT */
1012 kbd_put_keysym(QEMU_KEY_UP
);
1015 kbd_put_keysym(QEMU_KEY_DOWN
);
1018 kbd_put_keysym(QEMU_KEY_LEFT
);
1021 kbd_put_keysym(QEMU_KEY_RIGHT
);
1024 kbd_put_keysym(QEMU_KEY_DELETE
);
1027 kbd_put_keysym(QEMU_KEY_HOME
);
1030 kbd_put_keysym(QEMU_KEY_END
);
1033 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1036 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1039 kbd_put_keysym(sym
);
1046 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1048 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1049 sym
= sym
- 'A' + 'a';
1050 do_key_event(vs
, down
, sym
);
1053 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1054 int x_position
, int y_position
,
1057 if (x_position
> vs
->ds
->width
)
1058 x_position
= vs
->ds
->width
;
1059 if (y_position
> vs
->ds
->height
)
1060 y_position
= vs
->ds
->height
;
1061 if (x_position
+ w
>= vs
->ds
->width
)
1062 w
= vs
->ds
->width
- x_position
;
1063 if (y_position
+ h
>= vs
->ds
->height
)
1064 h
= vs
->ds
->height
- y_position
;
1067 vs
->need_update
= 1;
1069 char *old_row
= vs
->old_data
+ y_position
* vs
->ds
->linesize
;
1071 for (i
= 0; i
< h
; i
++) {
1072 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1073 (vs
->ds
->width
/ 16), VNC_DIRTY_WORDS
);
1074 memset(old_row
, 42, vs
->ds
->width
* vs
->depth
);
1075 old_row
+= vs
->ds
->linesize
;
1080 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1084 vs
->has_hextile
= 0;
1086 vs
->has_pointer_type_change
= 0;
1088 vs
->ds
->dpy_copy
= NULL
;
1090 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1091 switch (encodings
[i
]) {
1093 vs
->has_hextile
= 0;
1095 case 1: /* CopyRect */
1096 vs
->ds
->dpy_copy
= vnc_copy
;
1098 case 5: /* Hextile */
1099 vs
->has_hextile
= 1;
1101 case -223: /* DesktopResize */
1105 vs
->has_pointer_type_change
= 1;
1112 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1115 static int compute_nbits(unsigned int val
)
1126 static void set_pixel_format(VncState
*vs
,
1127 int bits_per_pixel
, int depth
,
1128 int big_endian_flag
, int true_color_flag
,
1129 int red_max
, int green_max
, int blue_max
,
1130 int red_shift
, int green_shift
, int blue_shift
)
1132 int host_big_endian_flag
;
1134 #ifdef WORDS_BIGENDIAN
1135 host_big_endian_flag
= 1;
1137 host_big_endian_flag
= 0;
1139 if (!true_color_flag
) {
1141 vnc_client_error(vs
);
1144 if (bits_per_pixel
== 32 &&
1145 host_big_endian_flag
== big_endian_flag
&&
1146 red_max
== 0xff && green_max
== 0xff && blue_max
== 0xff &&
1147 red_shift
== 16 && green_shift
== 8 && blue_shift
== 0) {
1149 vs
->write_pixels
= vnc_write_pixels_copy
;
1150 vs
->send_hextile_tile
= send_hextile_tile_32
;
1152 if (bits_per_pixel
== 16 &&
1153 host_big_endian_flag
== big_endian_flag
&&
1154 red_max
== 31 && green_max
== 63 && blue_max
== 31 &&
1155 red_shift
== 11 && green_shift
== 5 && blue_shift
== 0) {
1157 vs
->write_pixels
= vnc_write_pixels_copy
;
1158 vs
->send_hextile_tile
= send_hextile_tile_16
;
1160 if (bits_per_pixel
== 8 &&
1161 red_max
== 7 && green_max
== 7 && blue_max
== 3 &&
1162 red_shift
== 5 && green_shift
== 2 && blue_shift
== 0) {
1164 vs
->write_pixels
= vnc_write_pixels_copy
;
1165 vs
->send_hextile_tile
= send_hextile_tile_8
;
1168 /* generic and slower case */
1169 if (bits_per_pixel
!= 8 &&
1170 bits_per_pixel
!= 16 &&
1171 bits_per_pixel
!= 32)
1174 vs
->red_shift
= red_shift
;
1175 vs
->red_max
= red_max
;
1176 vs
->red_shift1
= 24 - compute_nbits(red_max
);
1177 vs
->green_shift
= green_shift
;
1178 vs
->green_max
= green_max
;
1179 vs
->green_shift1
= 16 - compute_nbits(green_max
);
1180 vs
->blue_shift
= blue_shift
;
1181 vs
->blue_max
= blue_max
;
1182 vs
->blue_shift1
= 8 - compute_nbits(blue_max
);
1183 vs
->pix_bpp
= bits_per_pixel
/ 8;
1184 vs
->pix_big_endian
= big_endian_flag
;
1185 vs
->write_pixels
= vnc_write_pixels_generic
;
1186 vs
->send_hextile_tile
= send_hextile_tile_generic
;
1189 vnc_dpy_resize(vs
->ds
, vs
->ds
->width
, vs
->ds
->height
);
1191 vga_hw_invalidate();
1195 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1205 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1206 read_u8(data
, 6), read_u8(data
, 7),
1207 read_u16(data
, 8), read_u16(data
, 10),
1208 read_u16(data
, 12), read_u8(data
, 14),
1209 read_u8(data
, 15), read_u8(data
, 16));
1216 return 4 + (read_u16(data
, 2) * 4);
1218 limit
= read_u16(data
, 2);
1219 for (i
= 0; i
< limit
; i
++) {
1220 int32_t val
= read_s32(data
, 4 + (i
* 4));
1221 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1224 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1230 framebuffer_update_request(vs
,
1231 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1232 read_u16(data
, 6), read_u16(data
, 8));
1238 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1244 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1251 uint32_t dlen
= read_u32(data
, 4);
1256 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1259 printf("Msg: %d\n", data
[0]);
1260 vnc_client_error(vs
);
1264 vnc_read_when(vs
, protocol_client_msg
, 1);
1268 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1270 char pad
[3] = { 0, 0, 0 };
1274 vs
->width
= vs
->ds
->width
;
1275 vs
->height
= vs
->ds
->height
;
1276 vnc_write_u16(vs
, vs
->ds
->width
);
1277 vnc_write_u16(vs
, vs
->ds
->height
);
1279 vnc_write_u8(vs
, vs
->depth
* 8); /* bits-per-pixel */
1280 vnc_write_u8(vs
, vs
->depth
* 8); /* depth */
1281 #ifdef WORDS_BIGENDIAN
1282 vnc_write_u8(vs
, 1); /* big-endian-flag */
1284 vnc_write_u8(vs
, 0); /* big-endian-flag */
1286 vnc_write_u8(vs
, 1); /* true-color-flag */
1287 if (vs
->depth
== 4) {
1288 vnc_write_u16(vs
, 0xFF); /* red-max */
1289 vnc_write_u16(vs
, 0xFF); /* green-max */
1290 vnc_write_u16(vs
, 0xFF); /* blue-max */
1291 vnc_write_u8(vs
, 16); /* red-shift */
1292 vnc_write_u8(vs
, 8); /* green-shift */
1293 vnc_write_u8(vs
, 0); /* blue-shift */
1294 vs
->send_hextile_tile
= send_hextile_tile_32
;
1295 } else if (vs
->depth
== 2) {
1296 vnc_write_u16(vs
, 31); /* red-max */
1297 vnc_write_u16(vs
, 63); /* green-max */
1298 vnc_write_u16(vs
, 31); /* blue-max */
1299 vnc_write_u8(vs
, 11); /* red-shift */
1300 vnc_write_u8(vs
, 5); /* green-shift */
1301 vnc_write_u8(vs
, 0); /* blue-shift */
1302 vs
->send_hextile_tile
= send_hextile_tile_16
;
1303 } else if (vs
->depth
== 1) {
1304 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1305 vnc_write_u16(vs
, 7); /* red-max */
1306 vnc_write_u16(vs
, 7); /* green-max */
1307 vnc_write_u16(vs
, 3); /* blue-max */
1308 vnc_write_u8(vs
, 5); /* red-shift */
1309 vnc_write_u8(vs
, 2); /* green-shift */
1310 vnc_write_u8(vs
, 0); /* blue-shift */
1311 vs
->send_hextile_tile
= send_hextile_tile_8
;
1313 vs
->write_pixels
= vnc_write_pixels_copy
;
1315 vnc_write(vs
, pad
, 3); /* padding */
1318 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1320 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1322 vnc_write_u32(vs
, size
);
1323 vnc_write(vs
, buf
, size
);
1326 vnc_read_when(vs
, protocol_client_msg
, 1);
1331 static void make_challenge(VncState
*vs
)
1335 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1337 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1338 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1341 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1343 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1345 unsigned char key
[8];
1347 if (!vs
->password
|| !vs
->password
[0]) {
1348 VNC_DEBUG("No password configured on server");
1349 vnc_write_u32(vs
, 1); /* Reject auth */
1350 if (vs
->minor
>= 8) {
1351 static const char err
[] = "Authentication failed";
1352 vnc_write_u32(vs
, sizeof(err
));
1353 vnc_write(vs
, err
, sizeof(err
));
1356 vnc_client_error(vs
);
1360 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1362 /* Calculate the expected challenge response */
1363 pwlen
= strlen(vs
->password
);
1364 for (i
=0; i
<sizeof(key
); i
++)
1365 key
[i
] = i
<pwlen
? vs
->password
[i
] : 0;
1367 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1368 des(response
+j
, response
+j
);
1370 /* Compare expected vs actual challenge response */
1371 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1372 VNC_DEBUG("Client challenge reponse did not match\n");
1373 vnc_write_u32(vs
, 1); /* Reject auth */
1374 if (vs
->minor
>= 8) {
1375 static const char err
[] = "Authentication failed";
1376 vnc_write_u32(vs
, sizeof(err
));
1377 vnc_write(vs
, err
, sizeof(err
));
1380 vnc_client_error(vs
);
1382 VNC_DEBUG("Accepting VNC challenge response\n");
1383 vnc_write_u32(vs
, 0); /* Accept auth */
1386 vnc_read_when(vs
, protocol_client_init
, 1);
1391 static int start_auth_vnc(VncState
*vs
)
1394 /* Send client a 'random' challenge */
1395 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1398 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1404 #define DH_BITS 1024
1405 static gnutls_dh_params_t dh_params
;
1407 static int vnc_tls_initialize(void)
1409 static int tlsinitialized
= 0;
1414 if (gnutls_global_init () < 0)
1417 /* XXX ought to re-generate diffie-hellmen params periodically */
1418 if (gnutls_dh_params_init (&dh_params
) < 0)
1420 if (gnutls_dh_params_generate2 (dh_params
, DH_BITS
) < 0)
1424 gnutls_global_set_log_level(10);
1425 gnutls_global_set_log_function(vnc_debug_gnutls_log
);
1433 static gnutls_anon_server_credentials
vnc_tls_initialize_anon_cred(void)
1435 gnutls_anon_server_credentials anon_cred
;
1438 if ((ret
= gnutls_anon_allocate_server_credentials(&anon_cred
)) < 0) {
1439 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1443 gnutls_anon_set_server_dh_params(anon_cred
, dh_params
);
1449 static gnutls_certificate_credentials_t
vnc_tls_initialize_x509_cred(VncState
*vs
)
1451 gnutls_certificate_credentials_t x509_cred
;
1454 if (!vs
->x509cacert
) {
1455 VNC_DEBUG("No CA x509 certificate specified\n");
1458 if (!vs
->x509cert
) {
1459 VNC_DEBUG("No server x509 certificate specified\n");
1463 VNC_DEBUG("No server private key specified\n");
1467 if ((ret
= gnutls_certificate_allocate_credentials(&x509_cred
)) < 0) {
1468 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1471 if ((ret
= gnutls_certificate_set_x509_trust_file(x509_cred
,
1473 GNUTLS_X509_FMT_PEM
)) < 0) {
1474 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret
));
1475 gnutls_certificate_free_credentials(x509_cred
);
1479 if ((ret
= gnutls_certificate_set_x509_key_file (x509_cred
,
1482 GNUTLS_X509_FMT_PEM
)) < 0) {
1483 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret
));
1484 gnutls_certificate_free_credentials(x509_cred
);
1488 if (vs
->x509cacrl
) {
1489 if ((ret
= gnutls_certificate_set_x509_crl_file(x509_cred
,
1491 GNUTLS_X509_FMT_PEM
)) < 0) {
1492 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret
));
1493 gnutls_certificate_free_credentials(x509_cred
);
1498 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
1503 static int vnc_validate_certificate(struct VncState
*vs
)
1506 unsigned int status
;
1507 const gnutls_datum_t
*certs
;
1508 unsigned int nCerts
, i
;
1511 VNC_DEBUG("Validating client certificate\n");
1512 if ((ret
= gnutls_certificate_verify_peers2 (vs
->tls_session
, &status
)) < 0) {
1513 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret
));
1517 if ((now
= time(NULL
)) == ((time_t)-1)) {
1522 if (status
& GNUTLS_CERT_INVALID
)
1523 VNC_DEBUG("The certificate is not trusted.\n");
1525 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
1526 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1528 if (status
& GNUTLS_CERT_REVOKED
)
1529 VNC_DEBUG("The certificate has been revoked.\n");
1531 if (status
& GNUTLS_CERT_INSECURE_ALGORITHM
)
1532 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1536 VNC_DEBUG("Certificate is valid!\n");
1539 /* Only support x509 for now */
1540 if (gnutls_certificate_type_get(vs
->tls_session
) != GNUTLS_CRT_X509
)
1543 if (!(certs
= gnutls_certificate_get_peers(vs
->tls_session
, &nCerts
)))
1546 for (i
= 0 ; i
< nCerts
; i
++) {
1547 gnutls_x509_crt_t cert
;
1548 VNC_DEBUG ("Checking certificate chain %d\n", i
);
1549 if (gnutls_x509_crt_init (&cert
) < 0)
1552 if (gnutls_x509_crt_import(cert
, &certs
[i
], GNUTLS_X509_FMT_DER
) < 0) {
1553 gnutls_x509_crt_deinit (cert
);
1557 if (gnutls_x509_crt_get_expiration_time (cert
) < now
) {
1558 VNC_DEBUG("The certificate has expired\n");
1559 gnutls_x509_crt_deinit (cert
);
1563 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1564 VNC_DEBUG("The certificate is not yet activated\n");
1565 gnutls_x509_crt_deinit (cert
);
1569 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1570 VNC_DEBUG("The certificate is not yet activated\n");
1571 gnutls_x509_crt_deinit (cert
);
1575 gnutls_x509_crt_deinit (cert
);
1582 static int start_auth_vencrypt_subauth(VncState
*vs
)
1584 switch (vs
->subauth
) {
1585 case VNC_AUTH_VENCRYPT_TLSNONE
:
1586 case VNC_AUTH_VENCRYPT_X509NONE
:
1587 VNC_DEBUG("Accept TLS auth none\n");
1588 vnc_write_u32(vs
, 0); /* Accept auth completion */
1589 vnc_read_when(vs
, protocol_client_init
, 1);
1592 case VNC_AUTH_VENCRYPT_TLSVNC
:
1593 case VNC_AUTH_VENCRYPT_X509VNC
:
1594 VNC_DEBUG("Start TLS auth VNC\n");
1595 return start_auth_vnc(vs
);
1597 default: /* Should not be possible, but just in case */
1598 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1599 vnc_write_u8(vs
, 1);
1600 if (vs
->minor
>= 8) {
1601 static const char err
[] = "Unsupported authentication type";
1602 vnc_write_u32(vs
, sizeof(err
));
1603 vnc_write(vs
, err
, sizeof(err
));
1605 vnc_client_error(vs
);
1611 static void vnc_handshake_io(void *opaque
);
1613 static int vnc_continue_handshake(struct VncState
*vs
) {
1616 if ((ret
= gnutls_handshake(vs
->tls_session
)) < 0) {
1617 if (!gnutls_error_is_fatal(ret
)) {
1618 VNC_DEBUG("Handshake interrupted (blocking)\n");
1619 if (!gnutls_record_get_direction(vs
->tls_session
))
1620 qemu_set_fd_handler(vs
->csock
, vnc_handshake_io
, NULL
, vs
);
1622 qemu_set_fd_handler(vs
->csock
, NULL
, vnc_handshake_io
, vs
);
1625 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
1626 vnc_client_error(vs
);
1630 if (vs
->x509verify
) {
1631 if (vnc_validate_certificate(vs
) < 0) {
1632 VNC_DEBUG("Client verification failed\n");
1633 vnc_client_error(vs
);
1636 VNC_DEBUG("Client verification passed\n");
1640 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1641 vs
->wiremode
= VNC_WIREMODE_TLS
;
1642 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1644 return start_auth_vencrypt_subauth(vs
);
1647 static void vnc_handshake_io(void *opaque
) {
1648 struct VncState
*vs
= (struct VncState
*)opaque
;
1650 VNC_DEBUG("Handshake IO continue\n");
1651 vnc_continue_handshake(vs
);
1654 #define NEED_X509_AUTH(vs) \
1655 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1656 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1657 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1660 static int vnc_start_tls(struct VncState
*vs
) {
1661 static const int cert_type_priority
[] = { GNUTLS_CRT_X509
, 0 };
1662 static const int protocol_priority
[]= { GNUTLS_TLS1_1
, GNUTLS_TLS1_0
, GNUTLS_SSL3
, 0 };
1663 static const int kx_anon
[] = {GNUTLS_KX_ANON_DH
, 0};
1664 static const int kx_x509
[] = {GNUTLS_KX_DHE_DSS
, GNUTLS_KX_RSA
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_SRP
, 0};
1666 VNC_DEBUG("Do TLS setup\n");
1667 if (vnc_tls_initialize() < 0) {
1668 VNC_DEBUG("Failed to init TLS\n");
1669 vnc_client_error(vs
);
1672 if (vs
->tls_session
== NULL
) {
1673 if (gnutls_init(&vs
->tls_session
, GNUTLS_SERVER
) < 0) {
1674 vnc_client_error(vs
);
1678 if (gnutls_set_default_priority(vs
->tls_session
) < 0) {
1679 gnutls_deinit(vs
->tls_session
);
1680 vs
->tls_session
= NULL
;
1681 vnc_client_error(vs
);
1685 if (gnutls_kx_set_priority(vs
->tls_session
, NEED_X509_AUTH(vs
) ? kx_x509
: kx_anon
) < 0) {
1686 gnutls_deinit(vs
->tls_session
);
1687 vs
->tls_session
= NULL
;
1688 vnc_client_error(vs
);
1692 if (gnutls_certificate_type_set_priority(vs
->tls_session
, cert_type_priority
) < 0) {
1693 gnutls_deinit(vs
->tls_session
);
1694 vs
->tls_session
= NULL
;
1695 vnc_client_error(vs
);
1699 if (gnutls_protocol_set_priority(vs
->tls_session
, protocol_priority
) < 0) {
1700 gnutls_deinit(vs
->tls_session
);
1701 vs
->tls_session
= NULL
;
1702 vnc_client_error(vs
);
1706 if (NEED_X509_AUTH(vs
)) {
1707 gnutls_certificate_server_credentials x509_cred
= vnc_tls_initialize_x509_cred(vs
);
1709 gnutls_deinit(vs
->tls_session
);
1710 vs
->tls_session
= NULL
;
1711 vnc_client_error(vs
);
1714 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
) < 0) {
1715 gnutls_deinit(vs
->tls_session
);
1716 vs
->tls_session
= NULL
;
1717 gnutls_certificate_free_credentials(x509_cred
);
1718 vnc_client_error(vs
);
1721 if (vs
->x509verify
) {
1722 VNC_DEBUG("Requesting a client certificate\n");
1723 gnutls_certificate_server_set_request (vs
->tls_session
, GNUTLS_CERT_REQUEST
);
1727 gnutls_anon_server_credentials anon_cred
= vnc_tls_initialize_anon_cred();
1729 gnutls_deinit(vs
->tls_session
);
1730 vs
->tls_session
= NULL
;
1731 vnc_client_error(vs
);
1734 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_ANON
, anon_cred
) < 0) {
1735 gnutls_deinit(vs
->tls_session
);
1736 vs
->tls_session
= NULL
;
1737 gnutls_anon_free_server_credentials(anon_cred
);
1738 vnc_client_error(vs
);
1743 gnutls_transport_set_ptr(vs
->tls_session
, (gnutls_transport_ptr_t
)vs
);
1744 gnutls_transport_set_push_function(vs
->tls_session
, vnc_tls_push
);
1745 gnutls_transport_set_pull_function(vs
->tls_session
, vnc_tls_pull
);
1748 VNC_DEBUG("Start TLS handshake process\n");
1749 return vnc_continue_handshake(vs
);
1752 static int protocol_client_vencrypt_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1754 int auth
= read_u32(data
, 0);
1756 if (auth
!= vs
->subauth
) {
1757 VNC_DEBUG("Rejecting auth %d\n", auth
);
1758 vnc_write_u8(vs
, 0); /* Reject auth */
1760 vnc_client_error(vs
);
1762 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth
);
1763 vnc_write_u8(vs
, 1); /* Accept auth */
1766 if (vnc_start_tls(vs
) < 0) {
1767 VNC_DEBUG("Failed to complete TLS\n");
1771 if (vs
->wiremode
== VNC_WIREMODE_TLS
) {
1772 VNC_DEBUG("Starting VeNCrypt subauth\n");
1773 return start_auth_vencrypt_subauth(vs
);
1775 VNC_DEBUG("TLS handshake blocked\n");
1782 static int protocol_client_vencrypt_init(VncState
*vs
, uint8_t *data
, size_t len
)
1786 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data
[0], (int)data
[1]);
1787 vnc_write_u8(vs
, 1); /* Reject version */
1789 vnc_client_error(vs
);
1791 VNC_DEBUG("Sending allowed auth %d\n", vs
->subauth
);
1792 vnc_write_u8(vs
, 0); /* Accept version */
1793 vnc_write_u8(vs
, 1); /* Number of sub-auths */
1794 vnc_write_u32(vs
, vs
->subauth
); /* The supported auth */
1796 vnc_read_when(vs
, protocol_client_vencrypt_auth
, 4);
1801 static int start_auth_vencrypt(VncState
*vs
)
1803 /* Send VeNCrypt version 0.2 */
1804 vnc_write_u8(vs
, 0);
1805 vnc_write_u8(vs
, 2);
1807 vnc_read_when(vs
, protocol_client_vencrypt_init
, 2);
1810 #endif /* CONFIG_VNC_TLS */
1812 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1814 /* We only advertise 1 auth scheme at a time, so client
1815 * must pick the one we sent. Verify this */
1816 if (data
[0] != vs
->auth
) { /* Reject auth */
1817 VNC_DEBUG("Reject auth %d\n", (int)data
[0]);
1818 vnc_write_u32(vs
, 1);
1819 if (vs
->minor
>= 8) {
1820 static const char err
[] = "Authentication failed";
1821 vnc_write_u32(vs
, sizeof(err
));
1822 vnc_write(vs
, err
, sizeof(err
));
1824 vnc_client_error(vs
);
1825 } else { /* Accept requested auth */
1826 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1829 VNC_DEBUG("Accept auth none\n");
1830 if (vs
->minor
>= 8) {
1831 vnc_write_u32(vs
, 0); /* Accept auth completion */
1834 vnc_read_when(vs
, protocol_client_init
, 1);
1838 VNC_DEBUG("Start VNC auth\n");
1839 return start_auth_vnc(vs
);
1842 case VNC_AUTH_VENCRYPT
:
1843 VNC_DEBUG("Accept VeNCrypt auth\n");;
1844 return start_auth_vencrypt(vs
);
1845 #endif /* CONFIG_VNC_TLS */
1847 default: /* Should not be possible, but just in case */
1848 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1849 vnc_write_u8(vs
, 1);
1850 if (vs
->minor
>= 8) {
1851 static const char err
[] = "Authentication failed";
1852 vnc_write_u32(vs
, sizeof(err
));
1853 vnc_write(vs
, err
, sizeof(err
));
1855 vnc_client_error(vs
);
1861 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
1865 memcpy(local
, version
, 12);
1868 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
1869 VNC_DEBUG("Malformed protocol version %s\n", local
);
1870 vnc_client_error(vs
);
1873 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
1874 if (vs
->major
!= 3 ||
1880 VNC_DEBUG("Unsupported client version\n");
1881 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1883 vnc_client_error(vs
);
1886 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1887 * as equivalent to v3.3 by servers
1889 if (vs
->minor
== 4 || vs
->minor
== 5)
1892 if (vs
->minor
== 3) {
1893 if (vs
->auth
== VNC_AUTH_NONE
) {
1894 VNC_DEBUG("Tell client auth none\n");
1895 vnc_write_u32(vs
, vs
->auth
);
1897 vnc_read_when(vs
, protocol_client_init
, 1);
1898 } else if (vs
->auth
== VNC_AUTH_VNC
) {
1899 VNC_DEBUG("Tell client VNC auth\n");
1900 vnc_write_u32(vs
, vs
->auth
);
1904 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
1905 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
1907 vnc_client_error(vs
);
1910 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
1911 vnc_write_u8(vs
, 1); /* num auth */
1912 vnc_write_u8(vs
, vs
->auth
);
1913 vnc_read_when(vs
, protocol_client_auth
, 1);
1920 static void vnc_connect(VncState
*vs
)
1922 VNC_DEBUG("New client on socket %d\n", vs
->csock
);
1923 socket_set_nonblock(vs
->csock
);
1924 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
1925 vnc_write(vs
, "RFB 003.008\n", 12);
1927 vnc_read_when(vs
, protocol_version
, 12);
1928 memset(vs
->old_data
, 0, vs
->ds
->linesize
* vs
->ds
->height
);
1929 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
1931 vs
->has_hextile
= 0;
1932 vs
->ds
->dpy_copy
= NULL
;
1933 vnc_update_client(vs
);
1936 static void vnc_listen_read(void *opaque
)
1938 VncState
*vs
= opaque
;
1939 struct sockaddr_in addr
;
1940 socklen_t addrlen
= sizeof(addr
);
1945 vs
->csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
1946 if (vs
->csock
!= -1) {
1951 extern int parse_host_port(struct sockaddr_in
*saddr
, const char *str
);
1953 void vnc_display_init(DisplayState
*ds
)
1957 vs
= qemu_mallocz(sizeof(VncState
));
1964 vs
->password
= NULL
;
1974 if (!keyboard_layout
)
1975 keyboard_layout
= "en-us";
1977 vs
->kbd_layout
= init_keyboard_layout(keyboard_layout
);
1978 if (!vs
->kbd_layout
)
1981 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
1983 vs
->ds
->data
= NULL
;
1984 vs
->ds
->dpy_update
= vnc_dpy_update
;
1985 vs
->ds
->dpy_resize
= vnc_dpy_resize
;
1986 vs
->ds
->dpy_refresh
= NULL
;
1988 vnc_dpy_resize(vs
->ds
, 640, 400);
1992 static int vnc_set_x509_credential(VncState
*vs
,
1993 const char *certdir
,
1994 const char *filename
,
2005 if (!(*cred
= qemu_malloc(strlen(certdir
) + strlen(filename
) + 2)))
2008 strcpy(*cred
, certdir
);
2010 strcat(*cred
, filename
);
2012 VNC_DEBUG("Check %s\n", *cred
);
2013 if (stat(*cred
, &sb
) < 0) {
2016 if (ignoreMissing
&& errno
== ENOENT
)
2024 static int vnc_set_x509_credential_dir(VncState
*vs
,
2025 const char *certdir
)
2027 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CERT_FILE
, &vs
->x509cacert
, 0) < 0)
2029 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CRL_FILE
, &vs
->x509cacrl
, 1) < 0)
2031 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_CERT_FILE
, &vs
->x509cert
, 0) < 0)
2033 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_KEY_FILE
, &vs
->x509key
, 0) < 0)
2039 qemu_free(vs
->x509cacert
);
2040 qemu_free(vs
->x509cacrl
);
2041 qemu_free(vs
->x509cert
);
2042 qemu_free(vs
->x509key
);
2043 vs
->x509cacert
= vs
->x509cacrl
= vs
->x509cert
= vs
->x509key
= NULL
;
2046 #endif /* CONFIG_VNC_TLS */
2048 void vnc_display_close(DisplayState
*ds
)
2050 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2053 qemu_free(vs
->display
);
2056 if (vs
->lsock
!= -1) {
2057 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2061 if (vs
->csock
!= -1) {
2062 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
2063 closesocket(vs
->csock
);
2065 buffer_reset(&vs
->input
);
2066 buffer_reset(&vs
->output
);
2067 vs
->need_update
= 0;
2069 if (vs
->tls_session
) {
2070 gnutls_deinit(vs
->tls_session
);
2071 vs
->tls_session
= NULL
;
2073 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
2074 #endif /* CONFIG_VNC_TLS */
2076 vs
->auth
= VNC_AUTH_INVALID
;
2078 vs
->subauth
= VNC_AUTH_INVALID
;
2083 int vnc_display_password(DisplayState
*ds
, const char *password
)
2085 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2088 qemu_free(vs
->password
);
2089 vs
->password
= NULL
;
2091 if (password
&& password
[0]) {
2092 if (!(vs
->password
= qemu_strdup(password
)))
2099 int vnc_display_open(DisplayState
*ds
, const char *display
)
2101 struct sockaddr
*addr
;
2102 struct sockaddr_in iaddr
;
2104 struct sockaddr_un uaddr
;
2107 int reuse_addr
, ret
;
2109 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2110 const char *options
;
2114 int tls
= 0, x509
= 0;
2117 vnc_display_close(ds
);
2118 if (strcmp(display
, "none") == 0)
2121 if (!(vs
->display
= strdup(display
)))
2125 while ((options
= strchr(options
, ','))) {
2127 if (strncmp(options
, "password", 8) == 0) {
2128 password
= 1; /* Require password auth */
2129 } else if (strncmp(options
, "reverse", 7) == 0) {
2132 } else if (strncmp(options
, "tls", 3) == 0) {
2133 tls
= 1; /* Require TLS */
2134 } else if (strncmp(options
, "x509", 4) == 0) {
2136 x509
= 1; /* Require x509 certificates */
2137 if (strncmp(options
, "x509verify", 10) == 0)
2138 vs
->x509verify
= 1; /* ...and verify client certs */
2140 /* Now check for 'x509=/some/path' postfix
2141 * and use that to setup x509 certificate/key paths */
2142 start
= strchr(options
, '=');
2143 end
= strchr(options
, ',');
2144 if (start
&& (!end
|| (start
< end
))) {
2145 int len
= end
? end
-(start
+1) : strlen(start
+1);
2146 char *path
= qemu_malloc(len
+1);
2147 strncpy(path
, start
+1, len
);
2149 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2150 if (vnc_set_x509_credential_dir(vs
, path
) < 0) {
2151 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2153 qemu_free(vs
->display
);
2159 fprintf(stderr
, "No certificate path provided\n");
2160 qemu_free(vs
->display
);
2171 vs
->auth
= VNC_AUTH_VENCRYPT
;
2173 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2174 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2176 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2177 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2181 VNC_DEBUG("Initializing VNC server with password auth\n");
2182 vs
->auth
= VNC_AUTH_VNC
;
2184 vs
->subauth
= VNC_AUTH_INVALID
;
2190 vs
->auth
= VNC_AUTH_VENCRYPT
;
2192 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2193 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2195 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2196 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2200 VNC_DEBUG("Initializing VNC server with no auth\n");
2201 vs
->auth
= VNC_AUTH_NONE
;
2203 vs
->subauth
= VNC_AUTH_INVALID
;
2208 if (strstart(display
, "unix:", &p
)) {
2209 addr
= (struct sockaddr
*)&uaddr
;
2210 addrlen
= sizeof(uaddr
);
2212 vs
->lsock
= socket(PF_UNIX
, SOCK_STREAM
, 0);
2213 if (vs
->lsock
== -1) {
2214 fprintf(stderr
, "Could not create socket\n");
2220 uaddr
.sun_family
= AF_UNIX
;
2221 memset(uaddr
.sun_path
, 0, 108);
2222 snprintf(uaddr
.sun_path
, 108, "%s", p
);
2225 unlink(uaddr
.sun_path
);
2230 addr
= (struct sockaddr
*)&iaddr
;
2231 addrlen
= sizeof(iaddr
);
2233 if (parse_host_port(&iaddr
, display
) < 0) {
2234 fprintf(stderr
, "Could not parse VNC address\n");
2240 iaddr
.sin_port
= htons(ntohs(iaddr
.sin_port
) + (reverse
? 0 : 5900));
2242 vs
->lsock
= socket(PF_INET
, SOCK_STREAM
, 0);
2243 if (vs
->lsock
== -1) {
2244 fprintf(stderr
, "Could not create socket\n");
2251 ret
= setsockopt(vs
->lsock
, SOL_SOCKET
, SO_REUSEADDR
,
2252 (const char *)&reuse_addr
, sizeof(reuse_addr
));
2254 fprintf(stderr
, "setsockopt() failed\n");
2264 if (connect(vs
->lsock
, addr
, addrlen
) == -1) {
2265 fprintf(stderr
, "Connection to VNC client failed\n");
2272 vs
->csock
= vs
->lsock
;
2279 if (bind(vs
->lsock
, addr
, addrlen
) == -1) {
2280 fprintf(stderr
, "bind() failed\n");
2288 if (listen(vs
->lsock
, 1) == -1) {
2289 fprintf(stderr
, "listen() failed\n");
2297 return qemu_set_fd_handler2(vs
->lsock
, vnc_listen_poll
, vnc_listen_read
, NULL
, vs
);