2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
132 int depth; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change;
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159 gnutls_session_t tls_session;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
268 x = MIN(x, vs->width);
269 y = MIN(y, vs->height);
270 w = MIN(x + w, vs->width) - x;
271 h = MIN(y + h, vs->height) - y;
274 for (i = 0; i < w; i += 16)
275 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
278 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
281 vnc_write_u16(vs, x);
282 vnc_write_u16(vs, y);
283 vnc_write_u16(vs, w);
284 vnc_write_u16(vs, h);
286 vnc_write_s32(vs, encoding);
289 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
292 VncState *vs = ds->opaque;
294 ds->data = realloc(ds->data, w * h * vs->depth);
295 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
297 if (ds->data == NULL || vs->old_data == NULL) {
298 fprintf(stderr, "vnc: memory allocation failed\n");
302 if (ds->depth != vs->depth * 8) {
303 ds->depth = vs->depth * 8;
304 console_color_init(ds);
306 size_changed = ds->width != w || ds->height != h;
309 ds->linesize = w * vs->depth;
310 if (vs->csock != -1 && vs->has_resize && size_changed) {
311 vnc_write_u8(vs, 0); /* msg id */
313 vnc_write_u16(vs, 1); /* number of rects */
314 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
316 vs->width = ds->width;
317 vs->height = ds->height;
322 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
324 vnc_write(vs, pixels, size);
327 /* slowest but generic code. */
328 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
330 unsigned int r, g, b;
332 r = (v >> vs->red_shift1) & vs->red_max;
333 g = (v >> vs->green_shift1) & vs->green_max;
334 b = (v >> vs->blue_shift1) & vs->blue_max;
335 v = (r << vs->red_shift) |
336 (g << vs->green_shift) |
337 (b << vs->blue_shift);
338 switch(vs->pix_bpp) {
343 if (vs->pix_big_endian) {
353 if (vs->pix_big_endian) {
368 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
370 uint32_t *pixels = pixels1;
375 for(i = 0; i < n; i++) {
376 vnc_convert_pixel(vs, buf, pixels[i]);
377 vnc_write(vs, buf, vs->pix_bpp);
381 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
386 vnc_framebuffer_update(vs, x, y, w, h, 0);
388 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
389 for (i = 0; i < h; i++) {
390 vs->write_pixels(vs, row, w * vs->depth);
391 row += vs->ds->linesize;
395 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
397 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
398 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
402 #include "vnchextile.h"
406 #include "vnchextile.h"
410 #include "vnchextile.h"
415 #include "vnchextile.h"
419 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
423 uint32_t last_fg32, last_bg32;
425 vnc_framebuffer_update(vs, x, y, w, h, 5);
428 for (j = y; j < (y + h); j += 16) {
429 for (i = x; i < (x + w); i += 16) {
430 vs->send_hextile_tile(vs, i, j,
431 MIN(16, x + w - i), MIN(16, y + h - j),
432 &last_bg32, &last_fg32, &has_bg, &has_fg);
437 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
440 send_framebuffer_update_hextile(vs, x, y, w, h);
442 send_framebuffer_update_raw(vs, x, y, w, h);
445 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
452 int pitch = ds->linesize;
453 VncState *vs = ds->opaque;
455 vnc_update_client(vs);
462 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
463 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
465 src_row = ds->data + src;
466 dst_row = ds->data + dst;
467 old_row = vs->old_data + dst;
469 for (y = 0; y < h; y++) {
470 memmove(old_row, src_row, w * vs->depth);
471 memmove(dst_row, src_row, w * vs->depth);
477 vnc_write_u8(vs, 0); /* msg id */
479 vnc_write_u16(vs, 1); /* number of rects */
480 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
481 vnc_write_u16(vs, src_x);
482 vnc_write_u16(vs, src_y);
486 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
490 for (h = 1; h < (vs->height - y); h++) {
492 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
494 for (tmp_x = last_x; tmp_x < x; tmp_x++)
495 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
501 static void vnc_update_client(void *opaque)
503 VncState *vs = opaque;
505 if (vs->need_update && vs->csock != -1) {
509 uint32_t width_mask[VNC_DIRTY_WORDS];
516 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
518 /* Walk through the dirty map and eliminate tiles that
519 really aren't dirty */
521 old_row = vs->old_data;
523 for (y = 0; y < vs->height; y++) {
524 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
530 old_ptr = (char*)old_row;
532 for (x = 0; x < vs->ds->width; x += 16) {
533 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
534 vnc_clear_bit(vs->dirty_row[y], (x / 16));
537 memcpy(old_ptr, ptr, 16 * vs->depth);
540 ptr += 16 * vs->depth;
541 old_ptr += 16 * vs->depth;
545 row += vs->ds->linesize;
546 old_row += vs->ds->linesize;
550 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
554 /* Count rectangles */
556 vnc_write_u8(vs, 0); /* msg id */
558 saved_offset = vs->output.offset;
559 vnc_write_u16(vs, 0);
561 for (y = 0; y < vs->height; y++) {
564 for (x = 0; x < vs->width / 16; x++) {
565 if (vnc_get_bit(vs->dirty_row[y], x)) {
569 vnc_clear_bit(vs->dirty_row[y], x);
572 int h = find_dirty_height(vs, y, last_x, x);
573 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
580 int h = find_dirty_height(vs, y, last_x, x);
581 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
585 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
586 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
591 if (vs->csock != -1) {
592 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
597 static int vnc_listen_poll(void *opaque)
599 VncState *vs = opaque;
605 static void buffer_reserve(Buffer *buffer, size_t len)
607 if ((buffer->capacity - buffer->offset) < len) {
608 buffer->capacity += (len + 1024);
609 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
610 if (buffer->buffer == NULL) {
611 fprintf(stderr, "vnc: out of memory\n");
617 static int buffer_empty(Buffer *buffer)
619 return buffer->offset == 0;
622 static uint8_t *buffer_end(Buffer *buffer)
624 return buffer->buffer + buffer->offset;
627 static void buffer_reset(Buffer *buffer)
632 static void buffer_append(Buffer *buffer, const void *data, size_t len)
634 memcpy(buffer->buffer + buffer->offset, data, len);
635 buffer->offset += len;
638 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
640 if (ret == 0 || ret == -1) {
642 switch (last_errno) {
654 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
655 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
656 closesocket(vs->csock);
658 buffer_reset(&vs->input);
659 buffer_reset(&vs->output);
662 if (vs->tls_session) {
663 gnutls_deinit(vs->tls_session);
664 vs->tls_session = NULL;
666 vs->wiremode = VNC_WIREMODE_CLEAR;
667 #endif /* CONFIG_VNC_TLS */
673 static void vnc_client_error(VncState *vs)
675 vnc_client_io_error(vs, -1, EINVAL);
678 static void vnc_client_write(void *opaque)
681 VncState *vs = opaque;
684 if (vs->tls_session) {
685 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
687 if (ret == GNUTLS_E_AGAIN)
694 #endif /* CONFIG_VNC_TLS */
695 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
696 ret = vnc_client_io_error(vs, ret, socket_error());
700 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
701 vs->output.offset -= ret;
703 if (vs->output.offset == 0) {
704 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
708 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
710 vs->read_handler = func;
711 vs->read_handler_expect = expecting;
714 static void vnc_client_read(void *opaque)
716 VncState *vs = opaque;
719 buffer_reserve(&vs->input, 4096);
722 if (vs->tls_session) {
723 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
725 if (ret == GNUTLS_E_AGAIN)
732 #endif /* CONFIG_VNC_TLS */
733 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
734 ret = vnc_client_io_error(vs, ret, socket_error());
738 vs->input.offset += ret;
740 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
741 size_t len = vs->read_handler_expect;
744 ret = vs->read_handler(vs, vs->input.buffer, len);
749 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
750 vs->input.offset -= len;
752 vs->read_handler_expect = ret;
757 static void vnc_write(VncState *vs, const void *data, size_t len)
759 buffer_reserve(&vs->output, len);
761 if (buffer_empty(&vs->output)) {
762 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
765 buffer_append(&vs->output, data, len);
768 static void vnc_write_s32(VncState *vs, int32_t value)
770 vnc_write_u32(vs, *(uint32_t *)&value);
773 static void vnc_write_u32(VncState *vs, uint32_t value)
777 buf[0] = (value >> 24) & 0xFF;
778 buf[1] = (value >> 16) & 0xFF;
779 buf[2] = (value >> 8) & 0xFF;
780 buf[3] = value & 0xFF;
782 vnc_write(vs, buf, 4);
785 static void vnc_write_u16(VncState *vs, uint16_t value)
789 buf[0] = (value >> 8) & 0xFF;
790 buf[1] = value & 0xFF;
792 vnc_write(vs, buf, 2);
795 static void vnc_write_u8(VncState *vs, uint8_t value)
797 vnc_write(vs, (char *)&value, 1);
800 static void vnc_flush(VncState *vs)
802 if (vs->output.offset)
803 vnc_client_write(vs);
806 static uint8_t read_u8(uint8_t *data, size_t offset)
811 static uint16_t read_u16(uint8_t *data, size_t offset)
813 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
816 static int32_t read_s32(uint8_t *data, size_t offset)
818 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
819 (data[offset + 2] << 8) | data[offset + 3]);
822 static uint32_t read_u32(uint8_t *data, size_t offset)
824 return ((data[offset] << 24) | (data[offset + 1] << 16) |
825 (data[offset + 2] << 8) | data[offset + 3]);
829 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
832 struct VncState *vs = (struct VncState *)transport;
836 ret = send(vs->csock, data, len, 0);
846 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
849 struct VncState *vs = (struct VncState *)transport;
853 ret = recv(vs->csock, data, len, 0);
861 #endif /* CONFIG_VNC_TLS */
863 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
867 static void check_pointer_type_change(VncState *vs, int absolute)
869 if (vs->has_pointer_type_change && vs->absolute != absolute) {
872 vnc_write_u16(vs, 1);
873 vnc_framebuffer_update(vs, absolute, 0,
874 vs->ds->width, vs->ds->height, -257);
877 vs->absolute = absolute;
880 static void pointer_event(VncState *vs, int button_mask, int x, int y)
885 if (button_mask & 0x01)
886 buttons |= MOUSE_EVENT_LBUTTON;
887 if (button_mask & 0x02)
888 buttons |= MOUSE_EVENT_MBUTTON;
889 if (button_mask & 0x04)
890 buttons |= MOUSE_EVENT_RBUTTON;
891 if (button_mask & 0x08)
893 if (button_mask & 0x10)
897 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
898 y * 0x7FFF / (vs->ds->height - 1),
900 } else if (vs->has_pointer_type_change) {
904 kbd_mouse_event(x, y, dz, buttons);
906 if (vs->last_x != -1)
907 kbd_mouse_event(x - vs->last_x,
914 check_pointer_type_change(vs, kbd_mouse_is_absolute());
917 static void reset_keys(VncState *vs)
920 for(i = 0; i < 256; i++) {
921 if (vs->modifiers_state[i]) {
923 kbd_put_keycode(0xe0);
924 kbd_put_keycode(i | 0x80);
925 vs->modifiers_state[i] = 0;
930 static void press_key(VncState *vs, int keysym)
932 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
933 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
936 static void do_key_event(VncState *vs, int down, uint32_t sym)
940 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
942 /* QEMU console switch */
944 case 0x2a: /* Left Shift */
945 case 0x36: /* Right Shift */
946 case 0x1d: /* Left CTRL */
947 case 0x9d: /* Right CTRL */
948 case 0x38: /* Left ALT */
949 case 0xb8: /* Right ALT */
951 vs->modifiers_state[keycode] = 1;
953 vs->modifiers_state[keycode] = 0;
955 case 0x02 ... 0x0a: /* '1' to '9' keys */
956 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
957 /* Reset the modifiers sent to the current console */
959 console_select(keycode - 0x02);
963 case 0x3a: /* CapsLock */
964 case 0x45: /* NumLock */
966 vs->modifiers_state[keycode] ^= 1;
970 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
971 /* If the numlock state needs to change then simulate an additional
972 keypress before sending this one. This will happen if the user
973 toggles numlock away from the VNC window.
975 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
976 if (!vs->modifiers_state[0x45]) {
977 vs->modifiers_state[0x45] = 1;
978 press_key(vs, 0xff7f);
981 if (vs->modifiers_state[0x45]) {
982 vs->modifiers_state[0x45] = 0;
983 press_key(vs, 0xff7f);
988 if (is_graphic_console()) {
990 kbd_put_keycode(0xe0);
992 kbd_put_keycode(keycode & 0x7f);
994 kbd_put_keycode(keycode | 0x80);
996 /* QEMU console emulation */
999 case 0x2a: /* Left Shift */
1000 case 0x36: /* Right Shift */
1001 case 0x1d: /* Left CTRL */
1002 case 0x9d: /* Right CTRL */
1003 case 0x38: /* Left ALT */
1004 case 0xb8: /* Right ALT */
1007 kbd_put_keysym(QEMU_KEY_UP);
1010 kbd_put_keysym(QEMU_KEY_DOWN);
1013 kbd_put_keysym(QEMU_KEY_LEFT);
1016 kbd_put_keysym(QEMU_KEY_RIGHT);
1019 kbd_put_keysym(QEMU_KEY_DELETE);
1022 kbd_put_keysym(QEMU_KEY_HOME);
1025 kbd_put_keysym(QEMU_KEY_END);
1028 kbd_put_keysym(QEMU_KEY_PAGEUP);
1031 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1034 kbd_put_keysym(sym);
1041 static void key_event(VncState *vs, int down, uint32_t sym)
1043 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1044 sym = sym - 'A' + 'a';
1045 do_key_event(vs, down, sym);
1048 static void framebuffer_update_request(VncState *vs, int incremental,
1049 int x_position, int y_position,
1052 if (x_position > vs->ds->width)
1053 x_position = vs->ds->width;
1054 if (y_position > vs->ds->height)
1055 y_position = vs->ds->height;
1056 if (x_position + w >= vs->ds->width)
1057 w = vs->ds->width - x_position;
1058 if (y_position + h >= vs->ds->height)
1059 h = vs->ds->height - y_position;
1062 vs->need_update = 1;
1064 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1066 for (i = 0; i < h; i++) {
1067 vnc_set_bits(vs->dirty_row[y_position + i],
1068 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1069 memset(old_row, 42, vs->ds->width * vs->depth);
1070 old_row += vs->ds->linesize;
1075 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1079 vs->has_hextile = 0;
1081 vs->has_pointer_type_change = 0;
1083 vs->ds->dpy_copy = NULL;
1085 for (i = n_encodings - 1; i >= 0; i--) {
1086 switch (encodings[i]) {
1088 vs->has_hextile = 0;
1090 case 1: /* CopyRect */
1091 vs->ds->dpy_copy = vnc_copy;
1093 case 5: /* Hextile */
1094 vs->has_hextile = 1;
1096 case -223: /* DesktopResize */
1100 vs->has_pointer_type_change = 1;
1107 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1110 static int compute_nbits(unsigned int val)
1121 static void set_pixel_format(VncState *vs,
1122 int bits_per_pixel, int depth,
1123 int big_endian_flag, int true_color_flag,
1124 int red_max, int green_max, int blue_max,
1125 int red_shift, int green_shift, int blue_shift)
1127 int host_big_endian_flag;
1129 #ifdef WORDS_BIGENDIAN
1130 host_big_endian_flag = 1;
1132 host_big_endian_flag = 0;
1134 if (!true_color_flag) {
1136 vnc_client_error(vs);
1139 if (bits_per_pixel == 32 &&
1140 host_big_endian_flag == big_endian_flag &&
1141 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1142 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1144 vs->write_pixels = vnc_write_pixels_copy;
1145 vs->send_hextile_tile = send_hextile_tile_32;
1147 if (bits_per_pixel == 16 &&
1148 host_big_endian_flag == big_endian_flag &&
1149 red_max == 31 && green_max == 63 && blue_max == 31 &&
1150 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1152 vs->write_pixels = vnc_write_pixels_copy;
1153 vs->send_hextile_tile = send_hextile_tile_16;
1155 if (bits_per_pixel == 8 &&
1156 red_max == 7 && green_max == 7 && blue_max == 3 &&
1157 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1159 vs->write_pixels = vnc_write_pixels_copy;
1160 vs->send_hextile_tile = send_hextile_tile_8;
1163 /* generic and slower case */
1164 if (bits_per_pixel != 8 &&
1165 bits_per_pixel != 16 &&
1166 bits_per_pixel != 32)
1169 vs->red_shift = red_shift;
1170 vs->red_max = red_max;
1171 vs->red_shift1 = 24 - compute_nbits(red_max);
1172 vs->green_shift = green_shift;
1173 vs->green_max = green_max;
1174 vs->green_shift1 = 16 - compute_nbits(green_max);
1175 vs->blue_shift = blue_shift;
1176 vs->blue_max = blue_max;
1177 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1178 vs->pix_bpp = bits_per_pixel / 8;
1179 vs->pix_big_endian = big_endian_flag;
1180 vs->write_pixels = vnc_write_pixels_generic;
1181 vs->send_hextile_tile = send_hextile_tile_generic;
1184 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1185 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1186 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1188 vga_hw_invalidate();
1192 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1202 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1203 read_u8(data, 6), read_u8(data, 7),
1204 read_u16(data, 8), read_u16(data, 10),
1205 read_u16(data, 12), read_u8(data, 14),
1206 read_u8(data, 15), read_u8(data, 16));
1213 return 4 + (read_u16(data, 2) * 4);
1215 limit = read_u16(data, 2);
1216 for (i = 0; i < limit; i++) {
1217 int32_t val = read_s32(data, 4 + (i * 4));
1218 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1221 set_encodings(vs, (int32_t *)(data + 4), limit);
1227 framebuffer_update_request(vs,
1228 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1229 read_u16(data, 6), read_u16(data, 8));
1235 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1241 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1248 uint32_t dlen = read_u32(data, 4);
1253 client_cut_text(vs, read_u32(data, 4), data + 8);
1256 printf("Msg: %d\n", data[0]);
1257 vnc_client_error(vs);
1261 vnc_read_when(vs, protocol_client_msg, 1);
1265 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1267 char pad[3] = { 0, 0, 0 };
1271 vs->width = vs->ds->width;
1272 vs->height = vs->ds->height;
1273 vnc_write_u16(vs, vs->ds->width);
1274 vnc_write_u16(vs, vs->ds->height);
1276 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1277 vnc_write_u8(vs, vs->depth * 8); /* depth */
1278 #ifdef WORDS_BIGENDIAN
1279 vnc_write_u8(vs, 1); /* big-endian-flag */
1281 vnc_write_u8(vs, 0); /* big-endian-flag */
1283 vnc_write_u8(vs, 1); /* true-color-flag */
1284 if (vs->depth == 4) {
1285 vnc_write_u16(vs, 0xFF); /* red-max */
1286 vnc_write_u16(vs, 0xFF); /* green-max */
1287 vnc_write_u16(vs, 0xFF); /* blue-max */
1288 vnc_write_u8(vs, 16); /* red-shift */
1289 vnc_write_u8(vs, 8); /* green-shift */
1290 vnc_write_u8(vs, 0); /* blue-shift */
1291 vs->send_hextile_tile = send_hextile_tile_32;
1292 } else if (vs->depth == 2) {
1293 vnc_write_u16(vs, 31); /* red-max */
1294 vnc_write_u16(vs, 63); /* green-max */
1295 vnc_write_u16(vs, 31); /* blue-max */
1296 vnc_write_u8(vs, 11); /* red-shift */
1297 vnc_write_u8(vs, 5); /* green-shift */
1298 vnc_write_u8(vs, 0); /* blue-shift */
1299 vs->send_hextile_tile = send_hextile_tile_16;
1300 } else if (vs->depth == 1) {
1301 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1302 vnc_write_u16(vs, 7); /* red-max */
1303 vnc_write_u16(vs, 7); /* green-max */
1304 vnc_write_u16(vs, 3); /* blue-max */
1305 vnc_write_u8(vs, 5); /* red-shift */
1306 vnc_write_u8(vs, 2); /* green-shift */
1307 vnc_write_u8(vs, 0); /* blue-shift */
1308 vs->send_hextile_tile = send_hextile_tile_8;
1310 vs->write_pixels = vnc_write_pixels_copy;
1312 vnc_write(vs, pad, 3); /* padding */
1315 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1317 size = snprintf(buf, sizeof(buf), "QEMU");
1319 vnc_write_u32(vs, size);
1320 vnc_write(vs, buf, size);
1323 vnc_read_when(vs, protocol_client_msg, 1);
1328 static void make_challenge(VncState *vs)
1332 srand(time(NULL)+getpid()+getpid()*987654+rand());
1334 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1335 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1338 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1340 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1342 unsigned char key[8];
1344 if (!vs->password || !vs->password[0]) {
1345 VNC_DEBUG("No password configured on server");
1346 vnc_write_u32(vs, 1); /* Reject auth */
1347 if (vs->minor >= 8) {
1348 static const char err[] = "Authentication failed";
1349 vnc_write_u32(vs, sizeof(err));
1350 vnc_write(vs, err, sizeof(err));
1353 vnc_client_error(vs);
1357 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1359 /* Calculate the expected challenge response */
1360 pwlen = strlen(vs->password);
1361 for (i=0; i<sizeof(key); i++)
1362 key[i] = i<pwlen ? vs->password[i] : 0;
1364 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1365 des(response+j, response+j);
1367 /* Compare expected vs actual challenge response */
1368 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1369 VNC_DEBUG("Client challenge reponse did not match\n");
1370 vnc_write_u32(vs, 1); /* Reject auth */
1371 if (vs->minor >= 8) {
1372 static const char err[] = "Authentication failed";
1373 vnc_write_u32(vs, sizeof(err));
1374 vnc_write(vs, err, sizeof(err));
1377 vnc_client_error(vs);
1379 VNC_DEBUG("Accepting VNC challenge response\n");
1380 vnc_write_u32(vs, 0); /* Accept auth */
1383 vnc_read_when(vs, protocol_client_init, 1);
1388 static int start_auth_vnc(VncState *vs)
1391 /* Send client a 'random' challenge */
1392 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1395 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1401 #define DH_BITS 1024
1402 static gnutls_dh_params_t dh_params;
1404 static int vnc_tls_initialize(void)
1406 static int tlsinitialized = 0;
1411 if (gnutls_global_init () < 0)
1414 /* XXX ought to re-generate diffie-hellmen params periodically */
1415 if (gnutls_dh_params_init (&dh_params) < 0)
1417 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1421 gnutls_global_set_log_level(10);
1422 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1430 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1432 gnutls_anon_server_credentials anon_cred;
1435 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1436 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1440 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1446 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1448 gnutls_certificate_credentials_t x509_cred;
1451 if (!vs->x509cacert) {
1452 VNC_DEBUG("No CA x509 certificate specified\n");
1455 if (!vs->x509cert) {
1456 VNC_DEBUG("No server x509 certificate specified\n");
1460 VNC_DEBUG("No server private key specified\n");
1464 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1465 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1468 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1470 GNUTLS_X509_FMT_PEM)) < 0) {
1471 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1472 gnutls_certificate_free_credentials(x509_cred);
1476 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1479 GNUTLS_X509_FMT_PEM)) < 0) {
1480 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1481 gnutls_certificate_free_credentials(x509_cred);
1485 if (vs->x509cacrl) {
1486 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1488 GNUTLS_X509_FMT_PEM)) < 0) {
1489 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1490 gnutls_certificate_free_credentials(x509_cred);
1495 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1500 static int vnc_validate_certificate(struct VncState *vs)
1503 unsigned int status;
1504 const gnutls_datum_t *certs;
1505 unsigned int nCerts, i;
1508 VNC_DEBUG("Validating client certificate\n");
1509 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1510 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1514 if ((now = time(NULL)) == ((time_t)-1)) {
1519 if (status & GNUTLS_CERT_INVALID)
1520 VNC_DEBUG("The certificate is not trusted.\n");
1522 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1523 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1525 if (status & GNUTLS_CERT_REVOKED)
1526 VNC_DEBUG("The certificate has been revoked.\n");
1528 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1529 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1533 VNC_DEBUG("Certificate is valid!\n");
1536 /* Only support x509 for now */
1537 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1540 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1543 for (i = 0 ; i < nCerts ; i++) {
1544 gnutls_x509_crt_t cert;
1545 VNC_DEBUG ("Checking certificate chain %d\n", i);
1546 if (gnutls_x509_crt_init (&cert) < 0)
1549 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1550 gnutls_x509_crt_deinit (cert);
1554 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1555 VNC_DEBUG("The certificate has expired\n");
1556 gnutls_x509_crt_deinit (cert);
1560 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1561 VNC_DEBUG("The certificate is not yet activated\n");
1562 gnutls_x509_crt_deinit (cert);
1566 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1567 VNC_DEBUG("The certificate is not yet activated\n");
1568 gnutls_x509_crt_deinit (cert);
1572 gnutls_x509_crt_deinit (cert);
1579 static int start_auth_vencrypt_subauth(VncState *vs)
1581 switch (vs->subauth) {
1582 case VNC_AUTH_VENCRYPT_TLSNONE:
1583 case VNC_AUTH_VENCRYPT_X509NONE:
1584 VNC_DEBUG("Accept TLS auth none\n");
1585 vnc_write_u32(vs, 0); /* Accept auth completion */
1586 vnc_read_when(vs, protocol_client_init, 1);
1589 case VNC_AUTH_VENCRYPT_TLSVNC:
1590 case VNC_AUTH_VENCRYPT_X509VNC:
1591 VNC_DEBUG("Start TLS auth VNC\n");
1592 return start_auth_vnc(vs);
1594 default: /* Should not be possible, but just in case */
1595 VNC_DEBUG("Reject auth %d\n", vs->auth);
1596 vnc_write_u8(vs, 1);
1597 if (vs->minor >= 8) {
1598 static const char err[] = "Unsupported authentication type";
1599 vnc_write_u32(vs, sizeof(err));
1600 vnc_write(vs, err, sizeof(err));
1602 vnc_client_error(vs);
1608 static void vnc_handshake_io(void *opaque);
1610 static int vnc_continue_handshake(struct VncState *vs) {
1613 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1614 if (!gnutls_error_is_fatal(ret)) {
1615 VNC_DEBUG("Handshake interrupted (blocking)\n");
1616 if (!gnutls_record_get_direction(vs->tls_session))
1617 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1619 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1622 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1623 vnc_client_error(vs);
1627 if (vs->x509verify) {
1628 if (vnc_validate_certificate(vs) < 0) {
1629 VNC_DEBUG("Client verification failed\n");
1630 vnc_client_error(vs);
1633 VNC_DEBUG("Client verification passed\n");
1637 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1638 vs->wiremode = VNC_WIREMODE_TLS;
1639 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1641 return start_auth_vencrypt_subauth(vs);
1644 static void vnc_handshake_io(void *opaque) {
1645 struct VncState *vs = (struct VncState *)opaque;
1647 VNC_DEBUG("Handshake IO continue\n");
1648 vnc_continue_handshake(vs);
1651 #define NEED_X509_AUTH(vs) \
1652 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1653 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1654 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1657 static int vnc_start_tls(struct VncState *vs) {
1658 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1659 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1660 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1661 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1663 VNC_DEBUG("Do TLS setup\n");
1664 if (vnc_tls_initialize() < 0) {
1665 VNC_DEBUG("Failed to init TLS\n");
1666 vnc_client_error(vs);
1669 if (vs->tls_session == NULL) {
1670 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1671 vnc_client_error(vs);
1675 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1676 gnutls_deinit(vs->tls_session);
1677 vs->tls_session = NULL;
1678 vnc_client_error(vs);
1682 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1683 gnutls_deinit(vs->tls_session);
1684 vs->tls_session = NULL;
1685 vnc_client_error(vs);
1689 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1690 gnutls_deinit(vs->tls_session);
1691 vs->tls_session = NULL;
1692 vnc_client_error(vs);
1696 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1697 gnutls_deinit(vs->tls_session);
1698 vs->tls_session = NULL;
1699 vnc_client_error(vs);
1703 if (NEED_X509_AUTH(vs)) {
1704 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1706 gnutls_deinit(vs->tls_session);
1707 vs->tls_session = NULL;
1708 vnc_client_error(vs);
1711 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1712 gnutls_deinit(vs->tls_session);
1713 vs->tls_session = NULL;
1714 gnutls_certificate_free_credentials(x509_cred);
1715 vnc_client_error(vs);
1718 if (vs->x509verify) {
1719 VNC_DEBUG("Requesting a client certificate\n");
1720 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1724 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1726 gnutls_deinit(vs->tls_session);
1727 vs->tls_session = NULL;
1728 vnc_client_error(vs);
1731 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1732 gnutls_deinit(vs->tls_session);
1733 vs->tls_session = NULL;
1734 gnutls_anon_free_server_credentials(anon_cred);
1735 vnc_client_error(vs);
1740 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1741 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1742 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1745 VNC_DEBUG("Start TLS handshake process\n");
1746 return vnc_continue_handshake(vs);
1749 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1751 int auth = read_u32(data, 0);
1753 if (auth != vs->subauth) {
1754 VNC_DEBUG("Rejecting auth %d\n", auth);
1755 vnc_write_u8(vs, 0); /* Reject auth */
1757 vnc_client_error(vs);
1759 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1760 vnc_write_u8(vs, 1); /* Accept auth */
1763 if (vnc_start_tls(vs) < 0) {
1764 VNC_DEBUG("Failed to complete TLS\n");
1768 if (vs->wiremode == VNC_WIREMODE_TLS) {
1769 VNC_DEBUG("Starting VeNCrypt subauth\n");
1770 return start_auth_vencrypt_subauth(vs);
1772 VNC_DEBUG("TLS handshake blocked\n");
1779 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1783 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1784 vnc_write_u8(vs, 1); /* Reject version */
1786 vnc_client_error(vs);
1788 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1789 vnc_write_u8(vs, 0); /* Accept version */
1790 vnc_write_u8(vs, 1); /* Number of sub-auths */
1791 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1793 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1798 static int start_auth_vencrypt(VncState *vs)
1800 /* Send VeNCrypt version 0.2 */
1801 vnc_write_u8(vs, 0);
1802 vnc_write_u8(vs, 2);
1804 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1807 #endif /* CONFIG_VNC_TLS */
1809 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1811 /* We only advertise 1 auth scheme at a time, so client
1812 * must pick the one we sent. Verify this */
1813 if (data[0] != vs->auth) { /* Reject auth */
1814 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1815 vnc_write_u32(vs, 1);
1816 if (vs->minor >= 8) {
1817 static const char err[] = "Authentication failed";
1818 vnc_write_u32(vs, sizeof(err));
1819 vnc_write(vs, err, sizeof(err));
1821 vnc_client_error(vs);
1822 } else { /* Accept requested auth */
1823 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1826 VNC_DEBUG("Accept auth none\n");
1827 if (vs->minor >= 8) {
1828 vnc_write_u32(vs, 0); /* Accept auth completion */
1831 vnc_read_when(vs, protocol_client_init, 1);
1835 VNC_DEBUG("Start VNC auth\n");
1836 return start_auth_vnc(vs);
1839 case VNC_AUTH_VENCRYPT:
1840 VNC_DEBUG("Accept VeNCrypt auth\n");;
1841 return start_auth_vencrypt(vs);
1842 #endif /* CONFIG_VNC_TLS */
1844 default: /* Should not be possible, but just in case */
1845 VNC_DEBUG("Reject auth %d\n", vs->auth);
1846 vnc_write_u8(vs, 1);
1847 if (vs->minor >= 8) {
1848 static const char err[] = "Authentication failed";
1849 vnc_write_u32(vs, sizeof(err));
1850 vnc_write(vs, err, sizeof(err));
1852 vnc_client_error(vs);
1858 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1862 memcpy(local, version, 12);
1865 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1866 VNC_DEBUG("Malformed protocol version %s\n", local);
1867 vnc_client_error(vs);
1870 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1871 if (vs->major != 3 ||
1877 VNC_DEBUG("Unsupported client version\n");
1878 vnc_write_u32(vs, VNC_AUTH_INVALID);
1880 vnc_client_error(vs);
1883 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1884 * as equivalent to v3.3 by servers
1886 if (vs->minor == 4 || vs->minor == 5)
1889 if (vs->minor == 3) {
1890 if (vs->auth == VNC_AUTH_NONE) {
1891 VNC_DEBUG("Tell client auth none\n");
1892 vnc_write_u32(vs, vs->auth);
1894 vnc_read_when(vs, protocol_client_init, 1);
1895 } else if (vs->auth == VNC_AUTH_VNC) {
1896 VNC_DEBUG("Tell client VNC auth\n");
1897 vnc_write_u32(vs, vs->auth);
1901 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1902 vnc_write_u32(vs, VNC_AUTH_INVALID);
1904 vnc_client_error(vs);
1907 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1908 vnc_write_u8(vs, 1); /* num auth */
1909 vnc_write_u8(vs, vs->auth);
1910 vnc_read_when(vs, protocol_client_auth, 1);
1917 static void vnc_connect(VncState *vs)
1919 VNC_DEBUG("New client on socket %d\n", vs->csock);
1920 socket_set_nonblock(vs->csock);
1921 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1922 vnc_write(vs, "RFB 003.008\n", 12);
1924 vnc_read_when(vs, protocol_version, 12);
1925 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1926 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1928 vs->has_hextile = 0;
1929 vs->ds->dpy_copy = NULL;
1930 vnc_update_client(vs);
1933 static void vnc_listen_read(void *opaque)
1935 VncState *vs = opaque;
1936 struct sockaddr_in addr;
1937 socklen_t addrlen = sizeof(addr);
1942 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1943 if (vs->csock != -1) {
1948 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1950 void vnc_display_init(DisplayState *ds)
1954 vs = qemu_mallocz(sizeof(VncState));
1961 vs->password = NULL;
1971 if (!keyboard_layout)
1972 keyboard_layout = "en-us";
1974 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1975 if (!vs->kbd_layout)
1978 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1980 vs->ds->data = NULL;
1981 vs->ds->dpy_update = vnc_dpy_update;
1982 vs->ds->dpy_resize = vnc_dpy_resize;
1983 vs->ds->dpy_refresh = NULL;
1985 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1987 vnc_dpy_resize(vs->ds, 640, 400);
1991 static int vnc_set_x509_credential(VncState *vs,
1992 const char *certdir,
1993 const char *filename,
2004 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2007 strcpy(*cred, certdir);
2009 strcat(*cred, filename);
2011 VNC_DEBUG("Check %s\n", *cred);
2012 if (stat(*cred, &sb) < 0) {
2015 if (ignoreMissing && errno == ENOENT)
2023 static int vnc_set_x509_credential_dir(VncState *vs,
2024 const char *certdir)
2026 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2028 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2030 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2032 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2038 qemu_free(vs->x509cacert);
2039 qemu_free(vs->x509cacrl);
2040 qemu_free(vs->x509cert);
2041 qemu_free(vs->x509key);
2042 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2045 #endif /* CONFIG_VNC_TLS */
2047 void vnc_display_close(DisplayState *ds)
2049 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2052 qemu_free(vs->display);
2055 if (vs->lsock != -1) {
2056 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2060 if (vs->csock != -1) {
2061 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2062 closesocket(vs->csock);
2064 buffer_reset(&vs->input);
2065 buffer_reset(&vs->output);
2066 vs->need_update = 0;
2068 if (vs->tls_session) {
2069 gnutls_deinit(vs->tls_session);
2070 vs->tls_session = NULL;
2072 vs->wiremode = VNC_WIREMODE_CLEAR;
2073 #endif /* CONFIG_VNC_TLS */
2075 vs->auth = VNC_AUTH_INVALID;
2077 vs->subauth = VNC_AUTH_INVALID;
2082 int vnc_display_password(DisplayState *ds, const char *password)
2084 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2087 qemu_free(vs->password);
2088 vs->password = NULL;
2090 if (password && password[0]) {
2091 if (!(vs->password = qemu_strdup(password)))
2098 int vnc_display_open(DisplayState *ds, const char *display)
2100 struct sockaddr *addr;
2101 struct sockaddr_in iaddr;
2103 struct sockaddr_un uaddr;
2106 int reuse_addr, ret;
2108 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2109 const char *options;
2113 int tls = 0, x509 = 0;
2116 vnc_display_close(ds);
2117 if (strcmp(display, "none") == 0)
2120 if (!(vs->display = strdup(display)))
2124 while ((options = strchr(options, ','))) {
2126 if (strncmp(options, "password", 8) == 0) {
2127 password = 1; /* Require password auth */
2128 } else if (strncmp(options, "reverse", 7) == 0) {
2131 } else if (strncmp(options, "tls", 3) == 0) {
2132 tls = 1; /* Require TLS */
2133 } else if (strncmp(options, "x509", 4) == 0) {
2135 x509 = 1; /* Require x509 certificates */
2136 if (strncmp(options, "x509verify", 10) == 0)
2137 vs->x509verify = 1; /* ...and verify client certs */
2139 /* Now check for 'x509=/some/path' postfix
2140 * and use that to setup x509 certificate/key paths */
2141 start = strchr(options, '=');
2142 end = strchr(options, ',');
2143 if (start && (!end || (start < end))) {
2144 int len = end ? end-(start+1) : strlen(start+1);
2145 char *path = qemu_malloc(len+1);
2146 strncpy(path, start+1, len);
2148 VNC_DEBUG("Trying certificate path '%s'\n", path);
2149 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2150 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2152 qemu_free(vs->display);
2158 fprintf(stderr, "No certificate path provided\n");
2159 qemu_free(vs->display);
2170 vs->auth = VNC_AUTH_VENCRYPT;
2172 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2173 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2175 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2176 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2180 VNC_DEBUG("Initializing VNC server with password auth\n");
2181 vs->auth = VNC_AUTH_VNC;
2183 vs->subauth = VNC_AUTH_INVALID;
2189 vs->auth = VNC_AUTH_VENCRYPT;
2191 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2192 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2194 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2195 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2199 VNC_DEBUG("Initializing VNC server with no auth\n");
2200 vs->auth = VNC_AUTH_NONE;
2202 vs->subauth = VNC_AUTH_INVALID;
2207 if (strstart(display, "unix:", &p)) {
2208 addr = (struct sockaddr *)&uaddr;
2209 addrlen = sizeof(uaddr);
2211 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2212 if (vs->lsock == -1) {
2213 fprintf(stderr, "Could not create socket\n");
2219 uaddr.sun_family = AF_UNIX;
2220 memset(uaddr.sun_path, 0, 108);
2221 snprintf(uaddr.sun_path, 108, "%s", p);
2224 unlink(uaddr.sun_path);
2229 addr = (struct sockaddr *)&iaddr;
2230 addrlen = sizeof(iaddr);
2232 if (parse_host_port(&iaddr, display) < 0) {
2233 fprintf(stderr, "Could not parse VNC address\n");
2239 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2241 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2242 if (vs->lsock == -1) {
2243 fprintf(stderr, "Could not create socket\n");
2250 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2251 (const char *)&reuse_addr, sizeof(reuse_addr));
2253 fprintf(stderr, "setsockopt() failed\n");
2263 if (connect(vs->lsock, addr, addrlen) == -1) {
2264 fprintf(stderr, "Connection to VNC client failed\n");
2271 vs->csock = vs->lsock;
2278 if (bind(vs->lsock, addr, addrlen) == -1) {
2279 fprintf(stderr, "bind() failed\n");
2287 if (listen(vs->lsock, 1) == -1) {
2288 fprintf(stderr, "listen() failed\n");
2296 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);