kvm: build: Make "make sync" get correct header files with latest Linux source
[kvm-userspace.git] / qemu / vnc.c
blob2d17044d61d6e004678ef00987685fe6e105389e
1 /*
2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
35 #include "keymaps.c"
36 #include "d3des.h"
38 #if CONFIG_VNC_TLS
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
45 #if _VNC_DEBUG
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
54 #else
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
56 #endif
59 typedef struct Buffer
61 size_t capacity;
62 size_t offset;
63 uint8_t *buffer;
64 } Buffer;
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
74 uint32_t *last_bg,
75 uint32_t *last_fg,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
84 enum {
85 VNC_AUTH_INVALID = 0,
86 VNC_AUTH_NONE = 1,
87 VNC_AUTH_VNC = 2,
88 VNC_AUTH_RA2 = 5,
89 VNC_AUTH_RA2NE = 6,
90 VNC_AUTH_TIGHT = 16,
91 VNC_AUTH_ULTRA = 17,
92 VNC_AUTH_TLS = 18,
93 VNC_AUTH_VENCRYPT = 19
96 #if CONFIG_VNC_TLS
97 enum {
98 VNC_WIREMODE_CLEAR,
99 VNC_WIREMODE_TLS,
102 enum {
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
112 #if CONFIG_VNC_TLS
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
117 #endif
119 #endif /* CONFIG_VNC_TLS */
121 struct VncState
123 QEMUTimer *timer;
124 int lsock;
125 int csock;
126 DisplayState *ds;
127 int need_update;
128 int width;
129 int height;
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
131 char *old_data;
132 int depth; /* internal VNC frame buffer byte per pixel */
133 int has_resize;
134 int has_hextile;
135 int has_pointer_type_change;
136 int absolute;
137 int last_x;
138 int last_y;
140 int major;
141 int minor;
143 char *display;
144 char *password;
145 int auth;
146 #if CONFIG_VNC_TLS
147 int subauth;
148 int x509verify;
150 char *x509cacert;
151 char *x509cacrl;
152 char *x509cert;
153 char *x509key;
154 #endif
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
157 #if CONFIG_VNC_TLS
158 int wiremode;
159 gnutls_session_t tls_session;
160 #endif
162 Buffer output;
163 Buffer input;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
175 /* input */
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
185 else {
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
188 term_printf("\n");
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
192 else
193 term_printf("Client connected\n");
197 /* TODO
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
225 int j;
227 j = 0;
228 while (n >= 32) {
229 d[j++] = -1;
230 n -= 32;
232 if (n > 0)
233 d[j++] = (1 << n) - 1;
234 while (j < nb_words)
235 d[j++] = 0;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
244 int nb_words)
246 int i;
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
249 return 1;
251 return 0;
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
257 int i;
259 h += y;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
265 w += (x % 16);
266 x -= (x % 16);
268 x = MIN(x, vs->width);
269 y = MIN(y, vs->height);
270 w = MIN(x + w, vs->width) - x;
271 h = MIN(h, vs->height);
273 for (; y < h; y++)
274 for (i = 0; i < w; i += 16)
275 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
278 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
279 int32_t encoding)
281 vnc_write_u16(vs, x);
282 vnc_write_u16(vs, y);
283 vnc_write_u16(vs, w);
284 vnc_write_u16(vs, h);
286 vnc_write_s32(vs, encoding);
289 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
291 int size_changed;
292 VncState *vs = ds->opaque;
294 ds->data = qemu_realloc(ds->data, w * h * vs->depth);
295 vs->old_data = qemu_realloc(vs->old_data, w * h * vs->depth);
297 if (ds->data == NULL || vs->old_data == NULL) {
298 fprintf(stderr, "vnc: memory allocation failed\n");
299 exit(1);
302 if (ds->depth != vs->depth * 8) {
303 ds->depth = vs->depth * 8;
304 console_color_init(ds);
306 size_changed = ds->width != w || ds->height != h;
307 ds->width = w;
308 ds->height = h;
309 ds->linesize = w * vs->depth;
310 if (size_changed) {
311 vs->width = ds->width;
312 vs->height = ds->height;
313 if (vs->csock != -1 && vs->has_resize) {
314 vnc_write_u8(vs, 0); /* msg id */
315 vnc_write_u8(vs, 0);
316 vnc_write_u16(vs, 1); /* number of rects */
317 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
318 vnc_flush(vs);
322 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
323 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
326 /* fastest code */
327 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
329 vnc_write(vs, pixels, size);
332 /* slowest but generic code. */
333 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
335 unsigned int r, g, b;
337 r = (v >> vs->red_shift1) & vs->red_max;
338 g = (v >> vs->green_shift1) & vs->green_max;
339 b = (v >> vs->blue_shift1) & vs->blue_max;
340 v = (r << vs->red_shift) |
341 (g << vs->green_shift) |
342 (b << vs->blue_shift);
343 switch(vs->pix_bpp) {
344 case 1:
345 buf[0] = v;
346 break;
347 case 2:
348 if (vs->pix_big_endian) {
349 buf[0] = v >> 8;
350 buf[1] = v;
351 } else {
352 buf[1] = v >> 8;
353 buf[0] = v;
355 break;
356 default:
357 case 4:
358 if (vs->pix_big_endian) {
359 buf[0] = v >> 24;
360 buf[1] = v >> 16;
361 buf[2] = v >> 8;
362 buf[3] = v;
363 } else {
364 buf[3] = v >> 24;
365 buf[2] = v >> 16;
366 buf[1] = v >> 8;
367 buf[0] = v;
369 break;
373 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
375 uint32_t *pixels = pixels1;
376 uint8_t buf[4];
377 int n, i;
379 n = size >> 2;
380 for(i = 0; i < n; i++) {
381 vnc_convert_pixel(vs, buf, pixels[i]);
382 vnc_write(vs, buf, vs->pix_bpp);
386 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
388 int i;
389 uint8_t *row;
391 vnc_framebuffer_update(vs, x, y, w, h, 0);
393 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
394 for (i = 0; i < h; i++) {
395 vs->write_pixels(vs, row, w * vs->depth);
396 row += vs->ds->linesize;
400 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
402 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
403 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
406 #define BPP 8
407 #include "vnchextile.h"
408 #undef BPP
410 #define BPP 16
411 #include "vnchextile.h"
412 #undef BPP
414 #define BPP 32
415 #include "vnchextile.h"
416 #undef BPP
418 #define GENERIC
419 #define BPP 32
420 #include "vnchextile.h"
421 #undef BPP
422 #undef GENERIC
424 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
426 int i, j;
427 int has_fg, has_bg;
428 uint32_t last_fg32, last_bg32;
430 vnc_framebuffer_update(vs, x, y, w, h, 5);
432 has_fg = has_bg = 0;
433 for (j = y; j < (y + h); j += 16) {
434 for (i = x; i < (x + w); i += 16) {
435 vs->send_hextile_tile(vs, i, j,
436 MIN(16, x + w - i), MIN(16, y + h - j),
437 &last_bg32, &last_fg32, &has_bg, &has_fg);
442 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
444 if (vs->has_hextile)
445 send_framebuffer_update_hextile(vs, x, y, w, h);
446 else
447 send_framebuffer_update_raw(vs, x, y, w, h);
450 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
452 int src, dst;
453 uint8_t *src_row;
454 uint8_t *dst_row;
455 char *old_row;
456 int y = 0;
457 int pitch = ds->linesize;
458 VncState *vs = ds->opaque;
460 vnc_update_client(vs);
462 if (dst_y > src_y) {
463 y = h - 1;
464 pitch = -pitch;
467 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
468 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
470 src_row = ds->data + src;
471 dst_row = ds->data + dst;
472 old_row = vs->old_data + dst;
474 for (y = 0; y < h; y++) {
475 memmove(old_row, src_row, w * vs->depth);
476 memmove(dst_row, src_row, w * vs->depth);
477 src_row += pitch;
478 dst_row += pitch;
479 old_row += pitch;
482 vnc_write_u8(vs, 0); /* msg id */
483 vnc_write_u8(vs, 0);
484 vnc_write_u16(vs, 1); /* number of rects */
485 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
486 vnc_write_u16(vs, src_x);
487 vnc_write_u16(vs, src_y);
488 vnc_flush(vs);
491 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
493 int h;
495 for (h = 1; h < (vs->height - y); h++) {
496 int tmp_x;
497 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
498 break;
499 for (tmp_x = last_x; tmp_x < x; tmp_x++)
500 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
503 return h;
506 static void vnc_update_client(void *opaque)
508 VncState *vs = opaque;
510 if (vs->need_update && vs->csock != -1) {
511 int y;
512 uint8_t *row;
513 char *old_row;
514 uint32_t width_mask[VNC_DIRTY_WORDS];
515 int n_rectangles;
516 int saved_offset;
517 int has_dirty = 0;
519 vga_hw_update();
521 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
523 /* Walk through the dirty map and eliminate tiles that
524 really aren't dirty */
525 row = vs->ds->data;
526 old_row = vs->old_data;
528 for (y = 0; y < vs->height; y++) {
529 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
530 int x;
531 uint8_t *ptr;
532 char *old_ptr;
534 ptr = row;
535 old_ptr = (char*)old_row;
537 for (x = 0; x < vs->ds->width; x += 16) {
538 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
539 vnc_clear_bit(vs->dirty_row[y], (x / 16));
540 } else {
541 has_dirty = 1;
542 memcpy(old_ptr, ptr, 16 * vs->depth);
545 ptr += 16 * vs->depth;
546 old_ptr += 16 * vs->depth;
550 row += vs->ds->linesize;
551 old_row += vs->ds->linesize;
554 if (!has_dirty) {
555 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
556 return;
559 /* Count rectangles */
560 n_rectangles = 0;
561 vnc_write_u8(vs, 0); /* msg id */
562 vnc_write_u8(vs, 0);
563 saved_offset = vs->output.offset;
564 vnc_write_u16(vs, 0);
566 for (y = 0; y < vs->height; y++) {
567 int x;
568 int last_x = -1;
569 for (x = 0; x < vs->width / 16; x++) {
570 if (vnc_get_bit(vs->dirty_row[y], x)) {
571 if (last_x == -1) {
572 last_x = x;
574 vnc_clear_bit(vs->dirty_row[y], x);
575 } else {
576 if (last_x != -1) {
577 int h = find_dirty_height(vs, y, last_x, x);
578 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
579 n_rectangles++;
581 last_x = -1;
584 if (last_x != -1) {
585 int h = find_dirty_height(vs, y, last_x, x);
586 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
587 n_rectangles++;
590 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
591 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
592 vnc_flush(vs);
596 if (vs->csock != -1) {
597 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
602 static int vnc_listen_poll(void *opaque)
604 VncState *vs = opaque;
605 if (vs->csock == -1)
606 return 1;
607 return 0;
610 static void buffer_reserve(Buffer *buffer, size_t len)
612 if ((buffer->capacity - buffer->offset) < len) {
613 buffer->capacity += (len + 1024);
614 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
615 if (buffer->buffer == NULL) {
616 fprintf(stderr, "vnc: out of memory\n");
617 exit(1);
622 static int buffer_empty(Buffer *buffer)
624 return buffer->offset == 0;
627 static uint8_t *buffer_end(Buffer *buffer)
629 return buffer->buffer + buffer->offset;
632 static void buffer_reset(Buffer *buffer)
634 buffer->offset = 0;
637 static void buffer_append(Buffer *buffer, const void *data, size_t len)
639 memcpy(buffer->buffer + buffer->offset, data, len);
640 buffer->offset += len;
643 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
645 if (ret == 0 || ret == -1) {
646 if (ret == -1) {
647 switch (last_errno) {
648 case EINTR:
649 case EAGAIN:
650 #ifdef _WIN32
651 case WSAEWOULDBLOCK:
652 #endif
653 return 0;
654 default:
655 break;
659 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
660 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
661 closesocket(vs->csock);
662 vs->csock = -1;
663 buffer_reset(&vs->input);
664 buffer_reset(&vs->output);
665 vs->need_update = 0;
666 #if CONFIG_VNC_TLS
667 if (vs->tls_session) {
668 gnutls_deinit(vs->tls_session);
669 vs->tls_session = NULL;
671 vs->wiremode = VNC_WIREMODE_CLEAR;
672 #endif /* CONFIG_VNC_TLS */
673 return 0;
675 return ret;
678 static void vnc_client_error(VncState *vs)
680 vnc_client_io_error(vs, -1, EINVAL);
683 static void vnc_client_write(void *opaque)
685 long ret;
686 VncState *vs = opaque;
688 #if CONFIG_VNC_TLS
689 if (vs->tls_session) {
690 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
691 if (ret < 0) {
692 if (ret == GNUTLS_E_AGAIN)
693 errno = EAGAIN;
694 else
695 errno = EIO;
696 ret = -1;
698 } else
699 #endif /* CONFIG_VNC_TLS */
700 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
701 ret = vnc_client_io_error(vs, ret, socket_error());
702 if (!ret)
703 return;
705 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
706 vs->output.offset -= ret;
708 if (vs->output.offset == 0) {
709 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
713 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
715 vs->read_handler = func;
716 vs->read_handler_expect = expecting;
719 static void vnc_client_read(void *opaque)
721 VncState *vs = opaque;
722 long ret;
724 buffer_reserve(&vs->input, 4096);
726 #if CONFIG_VNC_TLS
727 if (vs->tls_session) {
728 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
729 if (ret < 0) {
730 if (ret == GNUTLS_E_AGAIN)
731 errno = EAGAIN;
732 else
733 errno = EIO;
734 ret = -1;
736 } else
737 #endif /* CONFIG_VNC_TLS */
738 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
739 ret = vnc_client_io_error(vs, ret, socket_error());
740 if (!ret)
741 return;
743 vs->input.offset += ret;
745 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
746 size_t len = vs->read_handler_expect;
747 int ret;
749 ret = vs->read_handler(vs, vs->input.buffer, len);
750 if (vs->csock == -1)
751 return;
753 if (!ret) {
754 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
755 vs->input.offset -= len;
756 } else {
757 vs->read_handler_expect = ret;
762 static void vnc_write(VncState *vs, const void *data, size_t len)
764 buffer_reserve(&vs->output, len);
766 if (buffer_empty(&vs->output)) {
767 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
770 buffer_append(&vs->output, data, len);
773 static void vnc_write_s32(VncState *vs, int32_t value)
775 vnc_write_u32(vs, *(uint32_t *)&value);
778 static void vnc_write_u32(VncState *vs, uint32_t value)
780 uint8_t buf[4];
782 buf[0] = (value >> 24) & 0xFF;
783 buf[1] = (value >> 16) & 0xFF;
784 buf[2] = (value >> 8) & 0xFF;
785 buf[3] = value & 0xFF;
787 vnc_write(vs, buf, 4);
790 static void vnc_write_u16(VncState *vs, uint16_t value)
792 uint8_t buf[2];
794 buf[0] = (value >> 8) & 0xFF;
795 buf[1] = value & 0xFF;
797 vnc_write(vs, buf, 2);
800 static void vnc_write_u8(VncState *vs, uint8_t value)
802 vnc_write(vs, (char *)&value, 1);
805 static void vnc_flush(VncState *vs)
807 if (vs->output.offset)
808 vnc_client_write(vs);
811 static uint8_t read_u8(uint8_t *data, size_t offset)
813 return data[offset];
816 static uint16_t read_u16(uint8_t *data, size_t offset)
818 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
821 static int32_t read_s32(uint8_t *data, size_t offset)
823 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
824 (data[offset + 2] << 8) | data[offset + 3]);
827 static uint32_t read_u32(uint8_t *data, size_t offset)
829 return ((data[offset] << 24) | (data[offset + 1] << 16) |
830 (data[offset + 2] << 8) | data[offset + 3]);
833 #if CONFIG_VNC_TLS
834 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
835 const void *data,
836 size_t len) {
837 struct VncState *vs = (struct VncState *)transport;
838 int ret;
840 retry:
841 ret = send(vs->csock, data, len, 0);
842 if (ret < 0) {
843 if (errno == EINTR)
844 goto retry;
845 return -1;
847 return ret;
851 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
852 void *data,
853 size_t len) {
854 struct VncState *vs = (struct VncState *)transport;
855 int ret;
857 retry:
858 ret = recv(vs->csock, data, len, 0);
859 if (ret < 0) {
860 if (errno == EINTR)
861 goto retry;
862 return -1;
864 return ret;
866 #endif /* CONFIG_VNC_TLS */
868 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
872 static void check_pointer_type_change(VncState *vs, int absolute)
874 if (vs->has_pointer_type_change && vs->absolute != absolute) {
875 vnc_write_u8(vs, 0);
876 vnc_write_u8(vs, 0);
877 vnc_write_u16(vs, 1);
878 vnc_framebuffer_update(vs, absolute, 0,
879 vs->ds->width, vs->ds->height, -257);
880 vnc_flush(vs);
882 vs->absolute = absolute;
885 static void pointer_event(VncState *vs, int button_mask, int x, int y)
887 int buttons = 0;
888 int dz = 0;
890 if (button_mask & 0x01)
891 buttons |= MOUSE_EVENT_LBUTTON;
892 if (button_mask & 0x02)
893 buttons |= MOUSE_EVENT_MBUTTON;
894 if (button_mask & 0x04)
895 buttons |= MOUSE_EVENT_RBUTTON;
896 if (button_mask & 0x08)
897 dz = -1;
898 if (button_mask & 0x10)
899 dz = 1;
901 if (vs->absolute) {
902 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
903 y * 0x7FFF / (vs->ds->height - 1),
904 dz, buttons);
905 } else if (vs->has_pointer_type_change) {
906 x -= 0x7FFF;
907 y -= 0x7FFF;
909 kbd_mouse_event(x, y, dz, buttons);
910 } else {
911 if (vs->last_x != -1)
912 kbd_mouse_event(x - vs->last_x,
913 y - vs->last_y,
914 dz, buttons);
915 vs->last_x = x;
916 vs->last_y = y;
919 check_pointer_type_change(vs, kbd_mouse_is_absolute());
922 static void reset_keys(VncState *vs)
924 int i;
925 for(i = 0; i < 256; i++) {
926 if (vs->modifiers_state[i]) {
927 if (i & 0x80)
928 kbd_put_keycode(0xe0);
929 kbd_put_keycode(i | 0x80);
930 vs->modifiers_state[i] = 0;
935 static void press_key(VncState *vs, int keysym)
937 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
938 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
941 static void do_key_event(VncState *vs, int down, uint32_t sym)
943 int keycode;
945 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
947 /* QEMU console switch */
948 switch(keycode) {
949 case 0x2a: /* Left Shift */
950 case 0x36: /* Right Shift */
951 case 0x1d: /* Left CTRL */
952 case 0x9d: /* Right CTRL */
953 case 0x38: /* Left ALT */
954 case 0xb8: /* Right ALT */
955 if (down)
956 vs->modifiers_state[keycode] = 1;
957 else
958 vs->modifiers_state[keycode] = 0;
959 break;
960 case 0x02 ... 0x0a: /* '1' to '9' keys */
961 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
962 /* Reset the modifiers sent to the current console */
963 reset_keys(vs);
964 console_select(keycode - 0x02);
965 return;
967 break;
968 case 0x3a: /* CapsLock */
969 case 0x45: /* NumLock */
970 if (!down)
971 vs->modifiers_state[keycode] ^= 1;
972 break;
975 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
976 /* If the numlock state needs to change then simulate an additional
977 keypress before sending this one. This will happen if the user
978 toggles numlock away from the VNC window.
980 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
981 if (!vs->modifiers_state[0x45]) {
982 vs->modifiers_state[0x45] = 1;
983 press_key(vs, 0xff7f);
985 } else {
986 if (vs->modifiers_state[0x45]) {
987 vs->modifiers_state[0x45] = 0;
988 press_key(vs, 0xff7f);
993 if (is_graphic_console()) {
994 if (keycode & 0x80)
995 kbd_put_keycode(0xe0);
996 if (down)
997 kbd_put_keycode(keycode & 0x7f);
998 else
999 kbd_put_keycode(keycode | 0x80);
1000 } else {
1001 /* QEMU console emulation */
1002 if (down) {
1003 switch (keycode) {
1004 case 0x2a: /* Left Shift */
1005 case 0x36: /* Right Shift */
1006 case 0x1d: /* Left CTRL */
1007 case 0x9d: /* Right CTRL */
1008 case 0x38: /* Left ALT */
1009 case 0xb8: /* Right ALT */
1010 break;
1011 case 0xc8:
1012 kbd_put_keysym(QEMU_KEY_UP);
1013 break;
1014 case 0xd0:
1015 kbd_put_keysym(QEMU_KEY_DOWN);
1016 break;
1017 case 0xcb:
1018 kbd_put_keysym(QEMU_KEY_LEFT);
1019 break;
1020 case 0xcd:
1021 kbd_put_keysym(QEMU_KEY_RIGHT);
1022 break;
1023 case 0xd3:
1024 kbd_put_keysym(QEMU_KEY_DELETE);
1025 break;
1026 case 0xc7:
1027 kbd_put_keysym(QEMU_KEY_HOME);
1028 break;
1029 case 0xcf:
1030 kbd_put_keysym(QEMU_KEY_END);
1031 break;
1032 case 0xc9:
1033 kbd_put_keysym(QEMU_KEY_PAGEUP);
1034 break;
1035 case 0xd1:
1036 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1037 break;
1038 default:
1039 kbd_put_keysym(sym);
1040 break;
1046 static void key_event(VncState *vs, int down, uint32_t sym)
1048 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1049 sym = sym - 'A' + 'a';
1050 do_key_event(vs, down, sym);
1053 static void framebuffer_update_request(VncState *vs, int incremental,
1054 int x_position, int y_position,
1055 int w, int h)
1057 if (x_position > vs->ds->width)
1058 x_position = vs->ds->width;
1059 if (y_position > vs->ds->height)
1060 y_position = vs->ds->height;
1061 if (x_position + w >= vs->ds->width)
1062 w = vs->ds->width - x_position;
1063 if (y_position + h >= vs->ds->height)
1064 h = vs->ds->height - y_position;
1066 int i;
1067 vs->need_update = 1;
1068 if (!incremental) {
1069 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1071 for (i = 0; i < h; i++) {
1072 vnc_set_bits(vs->dirty_row[y_position + i],
1073 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1074 memset(old_row, 42, vs->ds->width * vs->depth);
1075 old_row += vs->ds->linesize;
1080 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1082 int i;
1084 vs->has_hextile = 0;
1085 vs->has_resize = 0;
1086 vs->has_pointer_type_change = 0;
1087 vs->absolute = -1;
1088 vs->ds->dpy_copy = NULL;
1090 for (i = n_encodings - 1; i >= 0; i--) {
1091 switch (encodings[i]) {
1092 case 0: /* Raw */
1093 vs->has_hextile = 0;
1094 break;
1095 case 1: /* CopyRect */
1096 vs->ds->dpy_copy = vnc_copy;
1097 break;
1098 case 5: /* Hextile */
1099 vs->has_hextile = 1;
1100 break;
1101 case -223: /* DesktopResize */
1102 vs->has_resize = 1;
1103 break;
1104 case -257:
1105 vs->has_pointer_type_change = 1;
1106 break;
1107 default:
1108 break;
1112 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1115 static int compute_nbits(unsigned int val)
1117 int n;
1118 n = 0;
1119 while (val != 0) {
1120 n++;
1121 val >>= 1;
1123 return n;
1126 static void set_pixel_format(VncState *vs,
1127 int bits_per_pixel, int depth,
1128 int big_endian_flag, int true_color_flag,
1129 int red_max, int green_max, int blue_max,
1130 int red_shift, int green_shift, int blue_shift)
1132 int host_big_endian_flag;
1134 #ifdef WORDS_BIGENDIAN
1135 host_big_endian_flag = 1;
1136 #else
1137 host_big_endian_flag = 0;
1138 #endif
1139 if (!true_color_flag) {
1140 fail:
1141 vnc_client_error(vs);
1142 return;
1144 if (bits_per_pixel == 32 &&
1145 host_big_endian_flag == big_endian_flag &&
1146 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1147 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1148 vs->depth = 4;
1149 vs->write_pixels = vnc_write_pixels_copy;
1150 vs->send_hextile_tile = send_hextile_tile_32;
1151 } else
1152 if (bits_per_pixel == 16 &&
1153 host_big_endian_flag == big_endian_flag &&
1154 red_max == 31 && green_max == 63 && blue_max == 31 &&
1155 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1156 vs->depth = 2;
1157 vs->write_pixels = vnc_write_pixels_copy;
1158 vs->send_hextile_tile = send_hextile_tile_16;
1159 } else
1160 if (bits_per_pixel == 8 &&
1161 red_max == 7 && green_max == 7 && blue_max == 3 &&
1162 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1163 vs->depth = 1;
1164 vs->write_pixels = vnc_write_pixels_copy;
1165 vs->send_hextile_tile = send_hextile_tile_8;
1166 } else
1168 /* generic and slower case */
1169 if (bits_per_pixel != 8 &&
1170 bits_per_pixel != 16 &&
1171 bits_per_pixel != 32)
1172 goto fail;
1173 vs->depth = 4;
1174 vs->red_shift = red_shift;
1175 vs->red_max = red_max;
1176 vs->red_shift1 = 24 - compute_nbits(red_max);
1177 vs->green_shift = green_shift;
1178 vs->green_max = green_max;
1179 vs->green_shift1 = 16 - compute_nbits(green_max);
1180 vs->blue_shift = blue_shift;
1181 vs->blue_max = blue_max;
1182 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1183 vs->pix_bpp = bits_per_pixel / 8;
1184 vs->pix_big_endian = big_endian_flag;
1185 vs->write_pixels = vnc_write_pixels_generic;
1186 vs->send_hextile_tile = send_hextile_tile_generic;
1189 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1191 vga_hw_invalidate();
1192 vga_hw_update();
1195 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1197 int i;
1198 uint16_t limit;
1200 switch (data[0]) {
1201 case 0:
1202 if (len == 1)
1203 return 20;
1205 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1206 read_u8(data, 6), read_u8(data, 7),
1207 read_u16(data, 8), read_u16(data, 10),
1208 read_u16(data, 12), read_u8(data, 14),
1209 read_u8(data, 15), read_u8(data, 16));
1210 break;
1211 case 2:
1212 if (len == 1)
1213 return 4;
1215 if (len == 4)
1216 return 4 + (read_u16(data, 2) * 4);
1218 limit = read_u16(data, 2);
1219 for (i = 0; i < limit; i++) {
1220 int32_t val = read_s32(data, 4 + (i * 4));
1221 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1224 set_encodings(vs, (int32_t *)(data + 4), limit);
1225 break;
1226 case 3:
1227 if (len == 1)
1228 return 10;
1230 framebuffer_update_request(vs,
1231 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1232 read_u16(data, 6), read_u16(data, 8));
1233 break;
1234 case 4:
1235 if (len == 1)
1236 return 8;
1238 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1239 break;
1240 case 5:
1241 if (len == 1)
1242 return 6;
1244 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1245 break;
1246 case 6:
1247 if (len == 1)
1248 return 8;
1250 if (len == 8) {
1251 uint32_t dlen = read_u32(data, 4);
1252 if (dlen > 0)
1253 return 8 + dlen;
1256 client_cut_text(vs, read_u32(data, 4), data + 8);
1257 break;
1258 default:
1259 printf("Msg: %d\n", data[0]);
1260 vnc_client_error(vs);
1261 break;
1264 vnc_read_when(vs, protocol_client_msg, 1);
1265 return 0;
1268 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1270 char pad[3] = { 0, 0, 0 };
1271 char buf[1024];
1272 int size;
1274 vs->width = vs->ds->width;
1275 vs->height = vs->ds->height;
1276 vnc_write_u16(vs, vs->ds->width);
1277 vnc_write_u16(vs, vs->ds->height);
1279 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1280 vnc_write_u8(vs, vs->depth * 8); /* depth */
1281 #ifdef WORDS_BIGENDIAN
1282 vnc_write_u8(vs, 1); /* big-endian-flag */
1283 #else
1284 vnc_write_u8(vs, 0); /* big-endian-flag */
1285 #endif
1286 vnc_write_u8(vs, 1); /* true-color-flag */
1287 if (vs->depth == 4) {
1288 vnc_write_u16(vs, 0xFF); /* red-max */
1289 vnc_write_u16(vs, 0xFF); /* green-max */
1290 vnc_write_u16(vs, 0xFF); /* blue-max */
1291 vnc_write_u8(vs, 16); /* red-shift */
1292 vnc_write_u8(vs, 8); /* green-shift */
1293 vnc_write_u8(vs, 0); /* blue-shift */
1294 vs->send_hextile_tile = send_hextile_tile_32;
1295 } else if (vs->depth == 2) {
1296 vnc_write_u16(vs, 31); /* red-max */
1297 vnc_write_u16(vs, 63); /* green-max */
1298 vnc_write_u16(vs, 31); /* blue-max */
1299 vnc_write_u8(vs, 11); /* red-shift */
1300 vnc_write_u8(vs, 5); /* green-shift */
1301 vnc_write_u8(vs, 0); /* blue-shift */
1302 vs->send_hextile_tile = send_hextile_tile_16;
1303 } else if (vs->depth == 1) {
1304 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1305 vnc_write_u16(vs, 7); /* red-max */
1306 vnc_write_u16(vs, 7); /* green-max */
1307 vnc_write_u16(vs, 3); /* blue-max */
1308 vnc_write_u8(vs, 5); /* red-shift */
1309 vnc_write_u8(vs, 2); /* green-shift */
1310 vnc_write_u8(vs, 0); /* blue-shift */
1311 vs->send_hextile_tile = send_hextile_tile_8;
1313 vs->write_pixels = vnc_write_pixels_copy;
1315 vnc_write(vs, pad, 3); /* padding */
1317 if (qemu_name)
1318 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1319 else
1320 size = snprintf(buf, sizeof(buf), "QEMU");
1322 vnc_write_u32(vs, size);
1323 vnc_write(vs, buf, size);
1324 vnc_flush(vs);
1326 vnc_read_when(vs, protocol_client_msg, 1);
1328 return 0;
1331 static void make_challenge(VncState *vs)
1333 int i;
1335 srand(time(NULL)+getpid()+getpid()*987654+rand());
1337 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1338 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1341 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1343 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1344 int i, j, pwlen;
1345 unsigned char key[8];
1347 if (!vs->password || !vs->password[0]) {
1348 VNC_DEBUG("No password configured on server");
1349 vnc_write_u32(vs, 1); /* Reject auth */
1350 if (vs->minor >= 8) {
1351 static const char err[] = "Authentication failed";
1352 vnc_write_u32(vs, sizeof(err));
1353 vnc_write(vs, err, sizeof(err));
1355 vnc_flush(vs);
1356 vnc_client_error(vs);
1357 return 0;
1360 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1362 /* Calculate the expected challenge response */
1363 pwlen = strlen(vs->password);
1364 for (i=0; i<sizeof(key); i++)
1365 key[i] = i<pwlen ? vs->password[i] : 0;
1366 deskey(key, EN0);
1367 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1368 des(response+j, response+j);
1370 /* Compare expected vs actual challenge response */
1371 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1372 VNC_DEBUG("Client challenge reponse did not match\n");
1373 vnc_write_u32(vs, 1); /* Reject auth */
1374 if (vs->minor >= 8) {
1375 static const char err[] = "Authentication failed";
1376 vnc_write_u32(vs, sizeof(err));
1377 vnc_write(vs, err, sizeof(err));
1379 vnc_flush(vs);
1380 vnc_client_error(vs);
1381 } else {
1382 VNC_DEBUG("Accepting VNC challenge response\n");
1383 vnc_write_u32(vs, 0); /* Accept auth */
1384 vnc_flush(vs);
1386 vnc_read_when(vs, protocol_client_init, 1);
1388 return 0;
1391 static int start_auth_vnc(VncState *vs)
1393 make_challenge(vs);
1394 /* Send client a 'random' challenge */
1395 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1396 vnc_flush(vs);
1398 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1399 return 0;
1403 #if CONFIG_VNC_TLS
1404 #define DH_BITS 1024
1405 static gnutls_dh_params_t dh_params;
1407 static int vnc_tls_initialize(void)
1409 static int tlsinitialized = 0;
1411 if (tlsinitialized)
1412 return 1;
1414 if (gnutls_global_init () < 0)
1415 return 0;
1417 /* XXX ought to re-generate diffie-hellmen params periodically */
1418 if (gnutls_dh_params_init (&dh_params) < 0)
1419 return 0;
1420 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1421 return 0;
1423 #if _VNC_DEBUG == 2
1424 gnutls_global_set_log_level(10);
1425 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1426 #endif
1428 tlsinitialized = 1;
1430 return 1;
1433 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1435 gnutls_anon_server_credentials anon_cred;
1436 int ret;
1438 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1439 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1440 return NULL;
1443 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1445 return anon_cred;
1449 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1451 gnutls_certificate_credentials_t x509_cred;
1452 int ret;
1454 if (!vs->x509cacert) {
1455 VNC_DEBUG("No CA x509 certificate specified\n");
1456 return NULL;
1458 if (!vs->x509cert) {
1459 VNC_DEBUG("No server x509 certificate specified\n");
1460 return NULL;
1462 if (!vs->x509key) {
1463 VNC_DEBUG("No server private key specified\n");
1464 return NULL;
1467 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1468 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1469 return NULL;
1471 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1472 vs->x509cacert,
1473 GNUTLS_X509_FMT_PEM)) < 0) {
1474 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1475 gnutls_certificate_free_credentials(x509_cred);
1476 return NULL;
1479 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1480 vs->x509cert,
1481 vs->x509key,
1482 GNUTLS_X509_FMT_PEM)) < 0) {
1483 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1484 gnutls_certificate_free_credentials(x509_cred);
1485 return NULL;
1488 if (vs->x509cacrl) {
1489 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1490 vs->x509cacrl,
1491 GNUTLS_X509_FMT_PEM)) < 0) {
1492 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1493 gnutls_certificate_free_credentials(x509_cred);
1494 return NULL;
1498 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1500 return x509_cred;
1503 static int vnc_validate_certificate(struct VncState *vs)
1505 int ret;
1506 unsigned int status;
1507 const gnutls_datum_t *certs;
1508 unsigned int nCerts, i;
1509 time_t now;
1511 VNC_DEBUG("Validating client certificate\n");
1512 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1513 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1514 return -1;
1517 if ((now = time(NULL)) == ((time_t)-1)) {
1518 return -1;
1521 if (status != 0) {
1522 if (status & GNUTLS_CERT_INVALID)
1523 VNC_DEBUG("The certificate is not trusted.\n");
1525 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1526 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1528 if (status & GNUTLS_CERT_REVOKED)
1529 VNC_DEBUG("The certificate has been revoked.\n");
1531 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1532 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1534 return -1;
1535 } else {
1536 VNC_DEBUG("Certificate is valid!\n");
1539 /* Only support x509 for now */
1540 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1541 return -1;
1543 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1544 return -1;
1546 for (i = 0 ; i < nCerts ; i++) {
1547 gnutls_x509_crt_t cert;
1548 VNC_DEBUG ("Checking certificate chain %d\n", i);
1549 if (gnutls_x509_crt_init (&cert) < 0)
1550 return -1;
1552 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1553 gnutls_x509_crt_deinit (cert);
1554 return -1;
1557 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1558 VNC_DEBUG("The certificate has expired\n");
1559 gnutls_x509_crt_deinit (cert);
1560 return -1;
1563 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1564 VNC_DEBUG("The certificate is not yet activated\n");
1565 gnutls_x509_crt_deinit (cert);
1566 return -1;
1569 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1570 VNC_DEBUG("The certificate is not yet activated\n");
1571 gnutls_x509_crt_deinit (cert);
1572 return -1;
1575 gnutls_x509_crt_deinit (cert);
1578 return 0;
1582 static int start_auth_vencrypt_subauth(VncState *vs)
1584 switch (vs->subauth) {
1585 case VNC_AUTH_VENCRYPT_TLSNONE:
1586 case VNC_AUTH_VENCRYPT_X509NONE:
1587 VNC_DEBUG("Accept TLS auth none\n");
1588 vnc_write_u32(vs, 0); /* Accept auth completion */
1589 vnc_read_when(vs, protocol_client_init, 1);
1590 break;
1592 case VNC_AUTH_VENCRYPT_TLSVNC:
1593 case VNC_AUTH_VENCRYPT_X509VNC:
1594 VNC_DEBUG("Start TLS auth VNC\n");
1595 return start_auth_vnc(vs);
1597 default: /* Should not be possible, but just in case */
1598 VNC_DEBUG("Reject auth %d\n", vs->auth);
1599 vnc_write_u8(vs, 1);
1600 if (vs->minor >= 8) {
1601 static const char err[] = "Unsupported authentication type";
1602 vnc_write_u32(vs, sizeof(err));
1603 vnc_write(vs, err, sizeof(err));
1605 vnc_client_error(vs);
1608 return 0;
1611 static void vnc_handshake_io(void *opaque);
1613 static int vnc_continue_handshake(struct VncState *vs) {
1614 int ret;
1616 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1617 if (!gnutls_error_is_fatal(ret)) {
1618 VNC_DEBUG("Handshake interrupted (blocking)\n");
1619 if (!gnutls_record_get_direction(vs->tls_session))
1620 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1621 else
1622 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1623 return 0;
1625 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1626 vnc_client_error(vs);
1627 return -1;
1630 if (vs->x509verify) {
1631 if (vnc_validate_certificate(vs) < 0) {
1632 VNC_DEBUG("Client verification failed\n");
1633 vnc_client_error(vs);
1634 return -1;
1635 } else {
1636 VNC_DEBUG("Client verification passed\n");
1640 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1641 vs->wiremode = VNC_WIREMODE_TLS;
1642 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1644 return start_auth_vencrypt_subauth(vs);
1647 static void vnc_handshake_io(void *opaque) {
1648 struct VncState *vs = (struct VncState *)opaque;
1650 VNC_DEBUG("Handshake IO continue\n");
1651 vnc_continue_handshake(vs);
1654 #define NEED_X509_AUTH(vs) \
1655 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1656 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1657 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1660 static int vnc_start_tls(struct VncState *vs) {
1661 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1662 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1663 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1664 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1666 VNC_DEBUG("Do TLS setup\n");
1667 if (vnc_tls_initialize() < 0) {
1668 VNC_DEBUG("Failed to init TLS\n");
1669 vnc_client_error(vs);
1670 return -1;
1672 if (vs->tls_session == NULL) {
1673 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1674 vnc_client_error(vs);
1675 return -1;
1678 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1679 gnutls_deinit(vs->tls_session);
1680 vs->tls_session = NULL;
1681 vnc_client_error(vs);
1682 return -1;
1685 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1686 gnutls_deinit(vs->tls_session);
1687 vs->tls_session = NULL;
1688 vnc_client_error(vs);
1689 return -1;
1692 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1693 gnutls_deinit(vs->tls_session);
1694 vs->tls_session = NULL;
1695 vnc_client_error(vs);
1696 return -1;
1699 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1700 gnutls_deinit(vs->tls_session);
1701 vs->tls_session = NULL;
1702 vnc_client_error(vs);
1703 return -1;
1706 if (NEED_X509_AUTH(vs)) {
1707 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1708 if (!x509_cred) {
1709 gnutls_deinit(vs->tls_session);
1710 vs->tls_session = NULL;
1711 vnc_client_error(vs);
1712 return -1;
1714 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1715 gnutls_deinit(vs->tls_session);
1716 vs->tls_session = NULL;
1717 gnutls_certificate_free_credentials(x509_cred);
1718 vnc_client_error(vs);
1719 return -1;
1721 if (vs->x509verify) {
1722 VNC_DEBUG("Requesting a client certificate\n");
1723 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1726 } else {
1727 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1728 if (!anon_cred) {
1729 gnutls_deinit(vs->tls_session);
1730 vs->tls_session = NULL;
1731 vnc_client_error(vs);
1732 return -1;
1734 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1735 gnutls_deinit(vs->tls_session);
1736 vs->tls_session = NULL;
1737 gnutls_anon_free_server_credentials(anon_cred);
1738 vnc_client_error(vs);
1739 return -1;
1743 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1744 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1745 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1748 VNC_DEBUG("Start TLS handshake process\n");
1749 return vnc_continue_handshake(vs);
1752 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1754 int auth = read_u32(data, 0);
1756 if (auth != vs->subauth) {
1757 VNC_DEBUG("Rejecting auth %d\n", auth);
1758 vnc_write_u8(vs, 0); /* Reject auth */
1759 vnc_flush(vs);
1760 vnc_client_error(vs);
1761 } else {
1762 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1763 vnc_write_u8(vs, 1); /* Accept auth */
1764 vnc_flush(vs);
1766 if (vnc_start_tls(vs) < 0) {
1767 VNC_DEBUG("Failed to complete TLS\n");
1768 return 0;
1771 if (vs->wiremode == VNC_WIREMODE_TLS) {
1772 VNC_DEBUG("Starting VeNCrypt subauth\n");
1773 return start_auth_vencrypt_subauth(vs);
1774 } else {
1775 VNC_DEBUG("TLS handshake blocked\n");
1776 return 0;
1779 return 0;
1782 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1784 if (data[0] != 0 ||
1785 data[1] != 2) {
1786 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1787 vnc_write_u8(vs, 1); /* Reject version */
1788 vnc_flush(vs);
1789 vnc_client_error(vs);
1790 } else {
1791 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1792 vnc_write_u8(vs, 0); /* Accept version */
1793 vnc_write_u8(vs, 1); /* Number of sub-auths */
1794 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1795 vnc_flush(vs);
1796 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1798 return 0;
1801 static int start_auth_vencrypt(VncState *vs)
1803 /* Send VeNCrypt version 0.2 */
1804 vnc_write_u8(vs, 0);
1805 vnc_write_u8(vs, 2);
1807 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1808 return 0;
1810 #endif /* CONFIG_VNC_TLS */
1812 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1814 /* We only advertise 1 auth scheme at a time, so client
1815 * must pick the one we sent. Verify this */
1816 if (data[0] != vs->auth) { /* Reject auth */
1817 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1818 vnc_write_u32(vs, 1);
1819 if (vs->minor >= 8) {
1820 static const char err[] = "Authentication failed";
1821 vnc_write_u32(vs, sizeof(err));
1822 vnc_write(vs, err, sizeof(err));
1824 vnc_client_error(vs);
1825 } else { /* Accept requested auth */
1826 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1827 switch (vs->auth) {
1828 case VNC_AUTH_NONE:
1829 VNC_DEBUG("Accept auth none\n");
1830 if (vs->minor >= 8) {
1831 vnc_write_u32(vs, 0); /* Accept auth completion */
1832 vnc_flush(vs);
1834 vnc_read_when(vs, protocol_client_init, 1);
1835 break;
1837 case VNC_AUTH_VNC:
1838 VNC_DEBUG("Start VNC auth\n");
1839 return start_auth_vnc(vs);
1841 #if CONFIG_VNC_TLS
1842 case VNC_AUTH_VENCRYPT:
1843 VNC_DEBUG("Accept VeNCrypt auth\n");;
1844 return start_auth_vencrypt(vs);
1845 #endif /* CONFIG_VNC_TLS */
1847 default: /* Should not be possible, but just in case */
1848 VNC_DEBUG("Reject auth %d\n", vs->auth);
1849 vnc_write_u8(vs, 1);
1850 if (vs->minor >= 8) {
1851 static const char err[] = "Authentication failed";
1852 vnc_write_u32(vs, sizeof(err));
1853 vnc_write(vs, err, sizeof(err));
1855 vnc_client_error(vs);
1858 return 0;
1861 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1863 char local[13];
1865 memcpy(local, version, 12);
1866 local[12] = 0;
1868 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1869 VNC_DEBUG("Malformed protocol version %s\n", local);
1870 vnc_client_error(vs);
1871 return 0;
1873 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1874 if (vs->major != 3 ||
1875 (vs->minor != 3 &&
1876 vs->minor != 4 &&
1877 vs->minor != 5 &&
1878 vs->minor != 7 &&
1879 vs->minor != 8)) {
1880 VNC_DEBUG("Unsupported client version\n");
1881 vnc_write_u32(vs, VNC_AUTH_INVALID);
1882 vnc_flush(vs);
1883 vnc_client_error(vs);
1884 return 0;
1886 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1887 * as equivalent to v3.3 by servers
1889 if (vs->minor == 4 || vs->minor == 5)
1890 vs->minor = 3;
1892 if (vs->minor == 3) {
1893 if (vs->auth == VNC_AUTH_NONE) {
1894 VNC_DEBUG("Tell client auth none\n");
1895 vnc_write_u32(vs, vs->auth);
1896 vnc_flush(vs);
1897 vnc_read_when(vs, protocol_client_init, 1);
1898 } else if (vs->auth == VNC_AUTH_VNC) {
1899 VNC_DEBUG("Tell client VNC auth\n");
1900 vnc_write_u32(vs, vs->auth);
1901 vnc_flush(vs);
1902 start_auth_vnc(vs);
1903 } else {
1904 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1905 vnc_write_u32(vs, VNC_AUTH_INVALID);
1906 vnc_flush(vs);
1907 vnc_client_error(vs);
1909 } else {
1910 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1911 vnc_write_u8(vs, 1); /* num auth */
1912 vnc_write_u8(vs, vs->auth);
1913 vnc_read_when(vs, protocol_client_auth, 1);
1914 vnc_flush(vs);
1917 return 0;
1920 static void vnc_connect(VncState *vs)
1922 VNC_DEBUG("New client on socket %d\n", vs->csock);
1923 socket_set_nonblock(vs->csock);
1924 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1925 vnc_write(vs, "RFB 003.008\n", 12);
1926 vnc_flush(vs);
1927 vnc_read_when(vs, protocol_version, 12);
1928 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1929 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1930 vs->has_resize = 0;
1931 vs->has_hextile = 0;
1932 vs->ds->dpy_copy = NULL;
1933 vnc_update_client(vs);
1936 static void vnc_listen_read(void *opaque)
1938 VncState *vs = opaque;
1939 struct sockaddr_in addr;
1940 socklen_t addrlen = sizeof(addr);
1942 /* Catch-up */
1943 vga_hw_update();
1945 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1946 if (vs->csock != -1) {
1947 vnc_connect(vs);
1951 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1953 void vnc_display_init(DisplayState *ds)
1955 VncState *vs;
1957 vs = qemu_mallocz(sizeof(VncState));
1958 if (!vs)
1959 exit(1);
1961 ds->opaque = vs;
1962 vnc_state = vs;
1963 vs->display = NULL;
1964 vs->password = NULL;
1966 vs->lsock = -1;
1967 vs->csock = -1;
1968 vs->depth = 4;
1969 vs->last_x = -1;
1970 vs->last_y = -1;
1972 vs->ds = ds;
1974 if (!keyboard_layout)
1975 keyboard_layout = "en-us";
1977 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1978 if (!vs->kbd_layout)
1979 exit(1);
1981 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1983 vs->ds->data = NULL;
1984 vs->ds->dpy_update = vnc_dpy_update;
1985 vs->ds->dpy_resize = vnc_dpy_resize;
1986 vs->ds->dpy_refresh = NULL;
1988 vnc_dpy_resize(vs->ds, 640, 400);
1991 #if CONFIG_VNC_TLS
1992 static int vnc_set_x509_credential(VncState *vs,
1993 const char *certdir,
1994 const char *filename,
1995 char **cred,
1996 int ignoreMissing)
1998 struct stat sb;
2000 if (*cred) {
2001 qemu_free(*cred);
2002 *cred = NULL;
2005 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2006 return -1;
2008 strcpy(*cred, certdir);
2009 strcat(*cred, "/");
2010 strcat(*cred, filename);
2012 VNC_DEBUG("Check %s\n", *cred);
2013 if (stat(*cred, &sb) < 0) {
2014 qemu_free(*cred);
2015 *cred = NULL;
2016 if (ignoreMissing && errno == ENOENT)
2017 return 0;
2018 return -1;
2021 return 0;
2024 static int vnc_set_x509_credential_dir(VncState *vs,
2025 const char *certdir)
2027 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2028 goto cleanup;
2029 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2030 goto cleanup;
2031 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2032 goto cleanup;
2033 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2034 goto cleanup;
2036 return 0;
2038 cleanup:
2039 qemu_free(vs->x509cacert);
2040 qemu_free(vs->x509cacrl);
2041 qemu_free(vs->x509cert);
2042 qemu_free(vs->x509key);
2043 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2044 return -1;
2046 #endif /* CONFIG_VNC_TLS */
2048 void vnc_display_close(DisplayState *ds)
2050 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2052 if (vs->display) {
2053 qemu_free(vs->display);
2054 vs->display = NULL;
2056 if (vs->lsock != -1) {
2057 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2058 close(vs->lsock);
2059 vs->lsock = -1;
2061 if (vs->csock != -1) {
2062 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2063 closesocket(vs->csock);
2064 vs->csock = -1;
2065 buffer_reset(&vs->input);
2066 buffer_reset(&vs->output);
2067 vs->need_update = 0;
2068 #if CONFIG_VNC_TLS
2069 if (vs->tls_session) {
2070 gnutls_deinit(vs->tls_session);
2071 vs->tls_session = NULL;
2073 vs->wiremode = VNC_WIREMODE_CLEAR;
2074 #endif /* CONFIG_VNC_TLS */
2076 vs->auth = VNC_AUTH_INVALID;
2077 #if CONFIG_VNC_TLS
2078 vs->subauth = VNC_AUTH_INVALID;
2079 vs->x509verify = 0;
2080 #endif
2083 int vnc_display_password(DisplayState *ds, const char *password)
2085 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2087 if (vs->password) {
2088 qemu_free(vs->password);
2089 vs->password = NULL;
2091 if (password && password[0]) {
2092 if (!(vs->password = qemu_strdup(password)))
2093 return -1;
2096 return 0;
2099 int vnc_display_open(DisplayState *ds, const char *display)
2101 struct sockaddr *addr;
2102 struct sockaddr_in iaddr;
2103 #ifndef _WIN32
2104 struct sockaddr_un uaddr;
2105 const char *p;
2106 #endif
2107 int reuse_addr, ret;
2108 socklen_t addrlen;
2109 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2110 const char *options;
2111 int password = 0;
2112 int reverse = 0;
2113 #if CONFIG_VNC_TLS
2114 int tls = 0, x509 = 0;
2115 #endif
2117 vnc_display_close(ds);
2118 if (strcmp(display, "none") == 0)
2119 return 0;
2121 if (!(vs->display = strdup(display)))
2122 return -1;
2124 options = display;
2125 while ((options = strchr(options, ','))) {
2126 options++;
2127 if (strncmp(options, "password", 8) == 0) {
2128 password = 1; /* Require password auth */
2129 } else if (strncmp(options, "reverse", 7) == 0) {
2130 reverse = 1;
2131 #if CONFIG_VNC_TLS
2132 } else if (strncmp(options, "tls", 3) == 0) {
2133 tls = 1; /* Require TLS */
2134 } else if (strncmp(options, "x509", 4) == 0) {
2135 char *start, *end;
2136 x509 = 1; /* Require x509 certificates */
2137 if (strncmp(options, "x509verify", 10) == 0)
2138 vs->x509verify = 1; /* ...and verify client certs */
2140 /* Now check for 'x509=/some/path' postfix
2141 * and use that to setup x509 certificate/key paths */
2142 start = strchr(options, '=');
2143 end = strchr(options, ',');
2144 if (start && (!end || (start < end))) {
2145 int len = end ? end-(start+1) : strlen(start+1);
2146 char *path = qemu_malloc(len+1);
2147 strncpy(path, start+1, len);
2148 path[len] = '\0';
2149 VNC_DEBUG("Trying certificate path '%s'\n", path);
2150 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2151 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2152 qemu_free(path);
2153 qemu_free(vs->display);
2154 vs->display = NULL;
2155 return -1;
2157 qemu_free(path);
2158 } else {
2159 fprintf(stderr, "No certificate path provided\n");
2160 qemu_free(vs->display);
2161 vs->display = NULL;
2162 return -1;
2164 #endif
2168 if (password) {
2169 #if CONFIG_VNC_TLS
2170 if (tls) {
2171 vs->auth = VNC_AUTH_VENCRYPT;
2172 if (x509) {
2173 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2174 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2175 } else {
2176 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2177 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2179 } else {
2180 #endif
2181 VNC_DEBUG("Initializing VNC server with password auth\n");
2182 vs->auth = VNC_AUTH_VNC;
2183 #if CONFIG_VNC_TLS
2184 vs->subauth = VNC_AUTH_INVALID;
2186 #endif
2187 } else {
2188 #if CONFIG_VNC_TLS
2189 if (tls) {
2190 vs->auth = VNC_AUTH_VENCRYPT;
2191 if (x509) {
2192 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2193 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2194 } else {
2195 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2196 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2198 } else {
2199 #endif
2200 VNC_DEBUG("Initializing VNC server with no auth\n");
2201 vs->auth = VNC_AUTH_NONE;
2202 #if CONFIG_VNC_TLS
2203 vs->subauth = VNC_AUTH_INVALID;
2205 #endif
2207 #ifndef _WIN32
2208 if (strstart(display, "unix:", &p)) {
2209 addr = (struct sockaddr *)&uaddr;
2210 addrlen = sizeof(uaddr);
2212 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2213 if (vs->lsock == -1) {
2214 fprintf(stderr, "Could not create socket\n");
2215 free(vs->display);
2216 vs->display = NULL;
2217 return -1;
2220 uaddr.sun_family = AF_UNIX;
2221 memset(uaddr.sun_path, 0, 108);
2222 snprintf(uaddr.sun_path, 108, "%s", p);
2224 if (!reverse) {
2225 unlink(uaddr.sun_path);
2227 } else
2228 #endif
2230 addr = (struct sockaddr *)&iaddr;
2231 addrlen = sizeof(iaddr);
2233 if (parse_host_port(&iaddr, display) < 0) {
2234 fprintf(stderr, "Could not parse VNC address\n");
2235 free(vs->display);
2236 vs->display = NULL;
2237 return -1;
2240 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2242 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2243 if (vs->lsock == -1) {
2244 fprintf(stderr, "Could not create socket\n");
2245 free(vs->display);
2246 vs->display = NULL;
2247 return -1;
2250 reuse_addr = 1;
2251 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2252 (const char *)&reuse_addr, sizeof(reuse_addr));
2253 if (ret == -1) {
2254 fprintf(stderr, "setsockopt() failed\n");
2255 close(vs->lsock);
2256 vs->lsock = -1;
2257 free(vs->display);
2258 vs->display = NULL;
2259 return -1;
2263 if (reverse) {
2264 if (connect(vs->lsock, addr, addrlen) == -1) {
2265 fprintf(stderr, "Connection to VNC client failed\n");
2266 close(vs->lsock);
2267 vs->lsock = -1;
2268 free(vs->display);
2269 vs->display = NULL;
2270 return -1;
2271 } else {
2272 vs->csock = vs->lsock;
2273 vs->lsock = -1;
2274 vnc_connect(vs);
2275 return 0;
2279 if (bind(vs->lsock, addr, addrlen) == -1) {
2280 fprintf(stderr, "bind() failed\n");
2281 close(vs->lsock);
2282 vs->lsock = -1;
2283 free(vs->display);
2284 vs->display = NULL;
2285 return -1;
2288 if (listen(vs->lsock, 1) == -1) {
2289 fprintf(stderr, "listen() failed\n");
2290 close(vs->lsock);
2291 vs->lsock = -1;
2292 free(vs->display);
2293 vs->display = NULL;
2294 return -1;
2297 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);