2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
112 #define X509_CA_CERT_FILE "ca-cert.pem"
113 #define X509_CA_CRL_FILE "ca-crl.pem"
114 #define X509_SERVER_KEY_FILE "server-key.pem"
115 #define X509_SERVER_CERT_FILE "server-cert.pem"
117 #endif /* CONFIG_VNC_TLS */
128 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
130 int depth; /* internal VNC frame buffer byte per pixel */
133 int has_pointer_type_change;
144 #ifdef CONFIG_VNC_TLS
153 char challenge[VNC_AUTH_CHALLENGE_SIZE];
155 #ifdef CONFIG_VNC_TLS
157 gnutls_session_t tls_session;
162 kbd_layout_t *kbd_layout;
163 /* current output mode information */
164 VncWritePixels *write_pixels;
165 VncSendHextileTile *send_hextile_tile;
166 int pix_bpp, pix_big_endian;
167 int client_red_shift, client_red_max, server_red_shift, server_red_max;
168 int client_green_shift, client_green_max, server_green_shift, server_green_max;
169 int client_blue_shift, client_blue_max, server_blue_shift, server_blue_max;
171 VncReadEvent *read_handler;
172 size_t read_handler_expect;
174 uint8_t modifiers_state[256];
177 static VncState *vnc_state; /* needed for info vnc */
179 void do_info_vnc(void)
181 if (vnc_state == NULL)
182 term_printf("VNC server disabled\n");
184 term_printf("VNC server active on: ");
185 term_print_filename(vnc_state->display);
188 if (vnc_state->csock == -1)
189 term_printf("No client connected\n");
191 term_printf("Client connected\n");
196 1) Get the queue working for IO.
197 2) there is some weirdness when using the -S option (the screen is grey
198 and not totally invalidated
199 3) resolutions > 1024
202 static void vnc_write(VncState *vs, const void *data, size_t len);
203 static void vnc_write_u32(VncState *vs, uint32_t value);
204 static void vnc_write_s32(VncState *vs, int32_t value);
205 static void vnc_write_u16(VncState *vs, uint16_t value);
206 static void vnc_write_u8(VncState *vs, uint8_t value);
207 static void vnc_flush(VncState *vs);
208 static void vnc_update_client(void *opaque);
209 static void vnc_client_read(void *opaque);
211 static void vnc_colordepth(DisplayState *ds, int depth);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
268 x = MIN(x, vs->width);
269 y = MIN(y, vs->height);
270 w = MIN(x + w, vs->width) - x;
271 h = MIN(h, vs->height);
274 for (i = 0; i < w; i += 16)
275 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
278 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
281 vnc_write_u16(vs, x);
282 vnc_write_u16(vs, y);
283 vnc_write_u16(vs, w);
284 vnc_write_u16(vs, h);
286 vnc_write_s32(vs, encoding);
289 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
292 VncState *vs = ds->opaque;
294 ds->data = qemu_realloc(ds->data, w * h * vs->depth);
295 vs->old_data = qemu_realloc(vs->old_data, w * h * vs->depth);
297 if (ds->data == NULL || vs->old_data == NULL) {
298 fprintf(stderr, "vnc: memory allocation failed\n");
302 if (ds->depth != vs->depth * 8) {
303 ds->depth = vs->depth * 8;
304 console_color_init(ds);
306 size_changed = ds->width != w || ds->height != h;
309 ds->linesize = w * vs->depth;
311 vs->width = ds->width;
312 vs->height = ds->height;
313 if (vs->csock != -1 && vs->has_resize) {
314 vnc_write_u8(vs, 0); /* msg id */
316 vnc_write_u16(vs, 1); /* number of rects */
317 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
322 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
323 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
327 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
329 vnc_write(vs, pixels, size);
332 /* slowest but generic code. */
333 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
337 r = ((v >> vs->server_red_shift) & vs->server_red_max) * (vs->client_red_max + 1) /
338 (vs->server_red_max + 1);
339 g = ((v >> vs->server_green_shift) & vs->server_green_max) * (vs->client_green_max + 1) /
340 (vs->server_green_max + 1);
341 b = ((v >> vs->server_blue_shift) & vs->server_blue_max) * (vs->client_blue_max + 1) /
342 (vs->server_blue_max + 1);
343 v = (r << vs->client_red_shift) |
344 (g << vs->client_green_shift) |
345 (b << vs->client_blue_shift);
346 switch(vs->pix_bpp) {
351 if (vs->pix_big_endian) {
361 if (vs->pix_big_endian) {
376 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
380 if (vs->depth == 4) {
381 uint32_t *pixels = pixels1;
384 for(i = 0; i < n; i++) {
385 vnc_convert_pixel(vs, buf, pixels[i]);
386 vnc_write(vs, buf, vs->pix_bpp);
388 } else if (vs->depth == 2) {
389 uint16_t *pixels = pixels1;
392 for(i = 0; i < n; i++) {
393 vnc_convert_pixel(vs, buf, pixels[i]);
394 vnc_write(vs, buf, vs->pix_bpp);
396 } else if (vs->depth == 1) {
397 uint8_t *pixels = pixels1;
400 for(i = 0; i < n; i++) {
401 vnc_convert_pixel(vs, buf, pixels[i]);
402 vnc_write(vs, buf, vs->pix_bpp);
405 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
409 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
414 vnc_framebuffer_update(vs, x, y, w, h, 0);
416 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
417 for (i = 0; i < h; i++) {
418 vs->write_pixels(vs, row, w * vs->depth);
419 row += vs->ds->linesize;
423 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
425 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
426 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
430 #include "vnchextile.h"
434 #include "vnchextile.h"
438 #include "vnchextile.h"
443 #include "vnchextile.h"
449 #include "vnchextile.h"
455 #include "vnchextile.h"
459 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
463 uint8_t *last_fg, *last_bg;
465 vnc_framebuffer_update(vs, x, y, w, h, 5);
467 last_fg = (uint8_t *) malloc(vs->depth);
468 last_bg = (uint8_t *) malloc(vs->depth);
470 for (j = y; j < (y + h); j += 16) {
471 for (i = x; i < (x + w); i += 16) {
472 vs->send_hextile_tile(vs, i, j,
473 MIN(16, x + w - i), MIN(16, y + h - j),
474 last_bg, last_fg, &has_bg, &has_fg);
482 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
485 send_framebuffer_update_hextile(vs, x, y, w, h);
487 send_framebuffer_update_raw(vs, x, y, w, h);
490 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
497 int pitch = ds->linesize;
498 VncState *vs = ds->opaque;
500 vnc_update_client(vs);
507 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
508 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
510 src_row = ds->data + src;
511 dst_row = ds->data + dst;
512 old_row = vs->old_data + dst;
514 for (y = 0; y < h; y++) {
515 memmove(old_row, src_row, w * vs->depth);
516 memmove(dst_row, src_row, w * vs->depth);
522 vnc_write_u8(vs, 0); /* msg id */
524 vnc_write_u16(vs, 1); /* number of rects */
525 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
526 vnc_write_u16(vs, src_x);
527 vnc_write_u16(vs, src_y);
531 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
535 for (h = 1; h < (vs->height - y); h++) {
537 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
539 for (tmp_x = last_x; tmp_x < x; tmp_x++)
540 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
546 static void vnc_update_client(void *opaque)
548 VncState *vs = opaque;
550 if (vs->need_update && vs->csock != -1) {
554 uint32_t width_mask[VNC_DIRTY_WORDS];
561 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
563 /* Walk through the dirty map and eliminate tiles that
564 really aren't dirty */
566 old_row = vs->old_data;
568 for (y = 0; y < vs->height; y++) {
569 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
575 old_ptr = (char*)old_row;
577 for (x = 0; x < vs->ds->width; x += 16) {
578 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
579 vnc_clear_bit(vs->dirty_row[y], (x / 16));
582 memcpy(old_ptr, ptr, 16 * vs->depth);
585 ptr += 16 * vs->depth;
586 old_ptr += 16 * vs->depth;
590 row += vs->ds->linesize;
591 old_row += vs->ds->linesize;
595 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
599 /* Count rectangles */
601 vnc_write_u8(vs, 0); /* msg id */
603 saved_offset = vs->output.offset;
604 vnc_write_u16(vs, 0);
606 for (y = 0; y < vs->height; y++) {
609 for (x = 0; x < vs->width / 16; x++) {
610 if (vnc_get_bit(vs->dirty_row[y], x)) {
614 vnc_clear_bit(vs->dirty_row[y], x);
617 int h = find_dirty_height(vs, y, last_x, x);
618 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
625 int h = find_dirty_height(vs, y, last_x, x);
626 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
630 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
631 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
636 if (vs->csock != -1) {
637 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
642 static int vnc_listen_poll(void *opaque)
644 VncState *vs = opaque;
650 static void buffer_reserve(Buffer *buffer, size_t len)
652 if ((buffer->capacity - buffer->offset) < len) {
653 buffer->capacity += (len + 1024);
654 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
655 if (buffer->buffer == NULL) {
656 fprintf(stderr, "vnc: out of memory\n");
662 static int buffer_empty(Buffer *buffer)
664 return buffer->offset == 0;
667 static uint8_t *buffer_end(Buffer *buffer)
669 return buffer->buffer + buffer->offset;
672 static void buffer_reset(Buffer *buffer)
677 static void buffer_append(Buffer *buffer, const void *data, size_t len)
679 memcpy(buffer->buffer + buffer->offset, data, len);
680 buffer->offset += len;
683 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
685 if (ret == 0 || ret == -1) {
687 switch (last_errno) {
699 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
700 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
701 closesocket(vs->csock);
704 buffer_reset(&vs->input);
705 buffer_reset(&vs->output);
707 #ifdef CONFIG_VNC_TLS
708 if (vs->tls_session) {
709 gnutls_deinit(vs->tls_session);
710 vs->tls_session = NULL;
712 vs->wiremode = VNC_WIREMODE_CLEAR;
713 #endif /* CONFIG_VNC_TLS */
719 static void vnc_client_error(VncState *vs)
721 vnc_client_io_error(vs, -1, EINVAL);
724 static void vnc_client_write(void *opaque)
727 VncState *vs = opaque;
729 #ifdef CONFIG_VNC_TLS
730 if (vs->tls_session) {
731 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
733 if (ret == GNUTLS_E_AGAIN)
740 #endif /* CONFIG_VNC_TLS */
741 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
742 ret = vnc_client_io_error(vs, ret, socket_error());
746 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
747 vs->output.offset -= ret;
749 if (vs->output.offset == 0) {
750 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
754 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
756 vs->read_handler = func;
757 vs->read_handler_expect = expecting;
760 static void vnc_client_read(void *opaque)
762 VncState *vs = opaque;
765 buffer_reserve(&vs->input, 4096);
767 #ifdef CONFIG_VNC_TLS
768 if (vs->tls_session) {
769 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
771 if (ret == GNUTLS_E_AGAIN)
778 #endif /* CONFIG_VNC_TLS */
779 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
780 ret = vnc_client_io_error(vs, ret, socket_error());
784 vs->input.offset += ret;
786 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
787 size_t len = vs->read_handler_expect;
790 ret = vs->read_handler(vs, vs->input.buffer, len);
795 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
796 vs->input.offset -= len;
798 vs->read_handler_expect = ret;
803 static void vnc_write(VncState *vs, const void *data, size_t len)
805 buffer_reserve(&vs->output, len);
807 if (buffer_empty(&vs->output)) {
808 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
811 buffer_append(&vs->output, data, len);
814 static void vnc_write_s32(VncState *vs, int32_t value)
816 vnc_write_u32(vs, *(uint32_t *)&value);
819 static void vnc_write_u32(VncState *vs, uint32_t value)
823 buf[0] = (value >> 24) & 0xFF;
824 buf[1] = (value >> 16) & 0xFF;
825 buf[2] = (value >> 8) & 0xFF;
826 buf[3] = value & 0xFF;
828 vnc_write(vs, buf, 4);
831 static void vnc_write_u16(VncState *vs, uint16_t value)
835 buf[0] = (value >> 8) & 0xFF;
836 buf[1] = value & 0xFF;
838 vnc_write(vs, buf, 2);
841 static void vnc_write_u8(VncState *vs, uint8_t value)
843 vnc_write(vs, (char *)&value, 1);
846 static void vnc_flush(VncState *vs)
848 if (vs->output.offset)
849 vnc_client_write(vs);
852 static uint8_t read_u8(uint8_t *data, size_t offset)
857 static uint16_t read_u16(uint8_t *data, size_t offset)
859 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
862 static int32_t read_s32(uint8_t *data, size_t offset)
864 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
865 (data[offset + 2] << 8) | data[offset + 3]);
868 static uint32_t read_u32(uint8_t *data, size_t offset)
870 return ((data[offset] << 24) | (data[offset + 1] << 16) |
871 (data[offset + 2] << 8) | data[offset + 3]);
874 #ifdef CONFIG_VNC_TLS
875 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
878 struct VncState *vs = (struct VncState *)transport;
882 ret = send(vs->csock, data, len, 0);
892 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
895 struct VncState *vs = (struct VncState *)transport;
899 ret = recv(vs->csock, data, len, 0);
907 #endif /* CONFIG_VNC_TLS */
909 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
913 static void check_pointer_type_change(VncState *vs, int absolute)
915 if (vs->has_pointer_type_change && vs->absolute != absolute) {
918 vnc_write_u16(vs, 1);
919 vnc_framebuffer_update(vs, absolute, 0,
920 vs->ds->width, vs->ds->height, -257);
923 vs->absolute = absolute;
926 static void pointer_event(VncState *vs, int button_mask, int x, int y)
931 if (button_mask & 0x01)
932 buttons |= MOUSE_EVENT_LBUTTON;
933 if (button_mask & 0x02)
934 buttons |= MOUSE_EVENT_MBUTTON;
935 if (button_mask & 0x04)
936 buttons |= MOUSE_EVENT_RBUTTON;
937 if (button_mask & 0x08)
939 if (button_mask & 0x10)
943 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
944 y * 0x7FFF / (vs->ds->height - 1),
946 } else if (vs->has_pointer_type_change) {
950 kbd_mouse_event(x, y, dz, buttons);
952 if (vs->last_x != -1)
953 kbd_mouse_event(x - vs->last_x,
960 check_pointer_type_change(vs, kbd_mouse_is_absolute());
963 static void reset_keys(VncState *vs)
966 for(i = 0; i < 256; i++) {
967 if (vs->modifiers_state[i]) {
969 kbd_put_keycode(0xe0);
970 kbd_put_keycode(i | 0x80);
971 vs->modifiers_state[i] = 0;
976 static void press_key(VncState *vs, int keysym)
978 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
979 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
982 static void do_key_event(VncState *vs, int down, int keycode, int sym)
984 /* QEMU console switch */
986 case 0x2a: /* Left Shift */
987 case 0x36: /* Right Shift */
988 case 0x1d: /* Left CTRL */
989 case 0x9d: /* Right CTRL */
990 case 0x38: /* Left ALT */
991 case 0xb8: /* Right ALT */
993 vs->modifiers_state[keycode] = 1;
995 vs->modifiers_state[keycode] = 0;
997 case 0x02 ... 0x0a: /* '1' to '9' keys */
998 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
999 /* Reset the modifiers sent to the current console */
1001 console_select(keycode - 0x02);
1005 case 0x3a: /* CapsLock */
1006 case 0x45: /* NumLock */
1008 vs->modifiers_state[keycode] ^= 1;
1012 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1013 /* If the numlock state needs to change then simulate an additional
1014 keypress before sending this one. This will happen if the user
1015 toggles numlock away from the VNC window.
1017 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1018 if (!vs->modifiers_state[0x45]) {
1019 vs->modifiers_state[0x45] = 1;
1020 press_key(vs, 0xff7f);
1023 if (vs->modifiers_state[0x45]) {
1024 vs->modifiers_state[0x45] = 0;
1025 press_key(vs, 0xff7f);
1030 if (is_graphic_console()) {
1032 kbd_put_keycode(0xe0);
1034 kbd_put_keycode(keycode & 0x7f);
1036 kbd_put_keycode(keycode | 0x80);
1038 /* QEMU console emulation */
1041 case 0x2a: /* Left Shift */
1042 case 0x36: /* Right Shift */
1043 case 0x1d: /* Left CTRL */
1044 case 0x9d: /* Right CTRL */
1045 case 0x38: /* Left ALT */
1046 case 0xb8: /* Right ALT */
1049 kbd_put_keysym(QEMU_KEY_UP);
1052 kbd_put_keysym(QEMU_KEY_DOWN);
1055 kbd_put_keysym(QEMU_KEY_LEFT);
1058 kbd_put_keysym(QEMU_KEY_RIGHT);
1061 kbd_put_keysym(QEMU_KEY_DELETE);
1064 kbd_put_keysym(QEMU_KEY_HOME);
1067 kbd_put_keysym(QEMU_KEY_END);
1070 kbd_put_keysym(QEMU_KEY_PAGEUP);
1073 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1076 kbd_put_keysym(sym);
1083 static void key_event(VncState *vs, int down, uint32_t sym)
1087 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1088 sym = sym - 'A' + 'a';
1090 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1091 do_key_event(vs, down, keycode, sym);
1094 static void ext_key_event(VncState *vs, int down,
1095 uint32_t sym, uint16_t keycode)
1097 /* if the user specifies a keyboard layout, always use it */
1098 if (keyboard_layout)
1099 key_event(vs, down, sym);
1101 do_key_event(vs, down, keycode, sym);
1104 static void framebuffer_update_request(VncState *vs, int incremental,
1105 int x_position, int y_position,
1108 if (x_position > vs->ds->width)
1109 x_position = vs->ds->width;
1110 if (y_position > vs->ds->height)
1111 y_position = vs->ds->height;
1112 if (x_position + w >= vs->ds->width)
1113 w = vs->ds->width - x_position;
1114 if (y_position + h >= vs->ds->height)
1115 h = vs->ds->height - y_position;
1118 vs->need_update = 1;
1120 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1122 for (i = 0; i < h; i++) {
1123 vnc_set_bits(vs->dirty_row[y_position + i],
1124 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1125 memset(old_row, 42, vs->ds->width * vs->depth);
1126 old_row += vs->ds->linesize;
1131 static void send_ext_key_event_ack(VncState *vs)
1133 vnc_write_u8(vs, 0);
1134 vnc_write_u8(vs, 0);
1135 vnc_write_u16(vs, 1);
1136 vnc_framebuffer_update(vs, 0, 0, vs->ds->width, vs->ds->height, -258);
1140 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1144 vs->has_hextile = 0;
1146 vs->has_pointer_type_change = 0;
1148 vs->ds->dpy_copy = NULL;
1150 for (i = n_encodings - 1; i >= 0; i--) {
1151 switch (encodings[i]) {
1153 vs->has_hextile = 0;
1155 case 1: /* CopyRect */
1156 vs->ds->dpy_copy = vnc_copy;
1158 case 5: /* Hextile */
1159 vs->has_hextile = 1;
1161 case -223: /* DesktopResize */
1165 vs->has_pointer_type_change = 1;
1168 send_ext_key_event_ack(vs);
1175 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1178 static void set_pixel_format(VncState *vs,
1179 int bits_per_pixel, int depth,
1180 int big_endian_flag, int true_color_flag,
1181 int red_max, int green_max, int blue_max,
1182 int red_shift, int green_shift, int blue_shift)
1184 int host_big_endian_flag;
1186 #ifdef WORDS_BIGENDIAN
1187 host_big_endian_flag = 1;
1189 host_big_endian_flag = 0;
1191 if (!true_color_flag) {
1193 vnc_client_error(vs);
1196 if (bits_per_pixel == 32 &&
1197 bits_per_pixel == vs->depth * 8 &&
1198 host_big_endian_flag == big_endian_flag &&
1199 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1200 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1202 vs->write_pixels = vnc_write_pixels_copy;
1203 vs->send_hextile_tile = send_hextile_tile_32;
1205 if (bits_per_pixel == 16 &&
1206 bits_per_pixel == vs->depth * 8 &&
1207 host_big_endian_flag == big_endian_flag &&
1208 red_max == 31 && green_max == 63 && blue_max == 31 &&
1209 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1211 vs->write_pixels = vnc_write_pixels_copy;
1212 vs->send_hextile_tile = send_hextile_tile_16;
1214 if (bits_per_pixel == 8 &&
1215 bits_per_pixel == vs->depth * 8 &&
1216 red_max == 7 && green_max == 7 && blue_max == 3 &&
1217 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1219 vs->write_pixels = vnc_write_pixels_copy;
1220 vs->send_hextile_tile = send_hextile_tile_8;
1223 /* generic and slower case */
1224 if (bits_per_pixel != 8 &&
1225 bits_per_pixel != 16 &&
1226 bits_per_pixel != 32)
1228 if (vs->depth == 4) {
1229 vs->send_hextile_tile = send_hextile_tile_generic_32;
1230 } else if (vs->depth == 2) {
1231 vs->send_hextile_tile = send_hextile_tile_generic_16;
1233 vs->send_hextile_tile = send_hextile_tile_generic_8;
1236 vs->pix_big_endian = big_endian_flag;
1237 vs->write_pixels = vnc_write_pixels_generic;
1240 vs->client_red_shift = red_shift;
1241 vs->client_red_max = red_max;
1242 vs->client_green_shift = green_shift;
1243 vs->client_green_max = green_max;
1244 vs->client_blue_shift = blue_shift;
1245 vs->client_blue_max = blue_max;
1246 vs->pix_bpp = bits_per_pixel / 8;
1248 vga_hw_invalidate();
1252 static void vnc_colordepth(DisplayState *ds, int depth)
1254 int host_big_endian_flag;
1255 struct VncState *vs = ds->opaque;
1259 if (ds->depth == 32) return;
1270 #ifdef WORDS_BIGENDIAN
1271 host_big_endian_flag = 1;
1273 host_big_endian_flag = 0;
1278 vs->depth = depth / 8;
1279 vs->server_red_max = 7;
1280 vs->server_green_max = 7;
1281 vs->server_blue_max = 3;
1282 vs->server_red_shift = 5;
1283 vs->server_green_shift = 2;
1284 vs->server_blue_shift = 0;
1287 vs->depth = depth / 8;
1288 vs->server_red_max = 31;
1289 vs->server_green_max = 63;
1290 vs->server_blue_max = 31;
1291 vs->server_red_shift = 11;
1292 vs->server_green_shift = 5;
1293 vs->server_blue_shift = 0;
1297 vs->server_red_max = 255;
1298 vs->server_green_max = 255;
1299 vs->server_blue_max = 255;
1300 vs->server_red_shift = 16;
1301 vs->server_green_shift = 8;
1302 vs->server_blue_shift = 0;
1308 if (vs->pix_bpp == 4 && vs->depth == 4 &&
1309 host_big_endian_flag == vs->pix_big_endian &&
1310 vs->client_red_max == 0xff && vs->client_green_max == 0xff && vs->client_blue_max == 0xff &&
1311 vs->client_red_shift == 16 && vs->client_green_shift == 8 && vs->client_blue_shift == 0) {
1312 vs->write_pixels = vnc_write_pixels_copy;
1313 vs->send_hextile_tile = send_hextile_tile_32;
1314 } else if (vs->pix_bpp == 2 && vs->depth == 2 &&
1315 host_big_endian_flag == vs->pix_big_endian &&
1316 vs->client_red_max == 31 && vs->client_green_max == 63 && vs->client_blue_max == 31 &&
1317 vs->client_red_shift == 11 && vs->client_green_shift == 5 && vs->client_blue_shift == 0) {
1318 vs->write_pixels = vnc_write_pixels_copy;
1319 vs->send_hextile_tile = send_hextile_tile_16;
1320 } else if (vs->pix_bpp == 1 && vs->depth == 1 &&
1321 host_big_endian_flag == vs->pix_big_endian &&
1322 vs->client_red_max == 7 && vs->client_green_max == 7 && vs->client_blue_max == 3 &&
1323 vs->client_red_shift == 5 && vs->client_green_shift == 2 && vs->client_blue_shift == 0) {
1324 vs->write_pixels = vnc_write_pixels_copy;
1325 vs->send_hextile_tile = send_hextile_tile_8;
1327 if (vs->depth == 4) {
1328 vs->send_hextile_tile = send_hextile_tile_generic_32;
1329 } else if (vs->depth == 2) {
1330 vs->send_hextile_tile = send_hextile_tile_generic_16;
1332 vs->send_hextile_tile = send_hextile_tile_generic_8;
1334 vs->write_pixels = vnc_write_pixels_generic;
1338 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1348 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1349 read_u8(data, 6), read_u8(data, 7),
1350 read_u16(data, 8), read_u16(data, 10),
1351 read_u16(data, 12), read_u8(data, 14),
1352 read_u8(data, 15), read_u8(data, 16));
1359 return 4 + (read_u16(data, 2) * 4);
1361 limit = read_u16(data, 2);
1362 for (i = 0; i < limit; i++) {
1363 int32_t val = read_s32(data, 4 + (i * 4));
1364 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1367 set_encodings(vs, (int32_t *)(data + 4), limit);
1373 framebuffer_update_request(vs,
1374 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1375 read_u16(data, 6), read_u16(data, 8));
1381 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1387 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1394 uint32_t dlen = read_u32(data, 4);
1399 client_cut_text(vs, read_u32(data, 4), data + 8);
1405 switch (read_u8(data, 1)) {
1410 ext_key_event(vs, read_u16(data, 2),
1411 read_u32(data, 4), read_u32(data, 8));
1414 printf("Msg: %d\n", read_u16(data, 0));
1415 vnc_client_error(vs);
1420 printf("Msg: %d\n", data[0]);
1421 vnc_client_error(vs);
1425 vnc_read_when(vs, protocol_client_msg, 1);
1429 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1431 char pad[3] = { 0, 0, 0 };
1435 vs->width = vs->ds->width;
1436 vs->height = vs->ds->height;
1437 vnc_write_u16(vs, vs->ds->width);
1438 vnc_write_u16(vs, vs->ds->height);
1440 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1441 if (vs->depth == 4) vnc_write_u8(vs, 24); /* depth */
1442 else vnc_write_u8(vs, vs->depth * 8); /* depth */
1444 #ifdef WORDS_BIGENDIAN
1445 vnc_write_u8(vs, 1); /* big-endian-flag */
1447 vnc_write_u8(vs, 0); /* big-endian-flag */
1449 vnc_write_u8(vs, 1); /* true-color-flag */
1450 if (vs->depth == 4) {
1451 vnc_write_u16(vs, 0xFF); /* red-max */
1452 vnc_write_u16(vs, 0xFF); /* green-max */
1453 vnc_write_u16(vs, 0xFF); /* blue-max */
1454 vnc_write_u8(vs, 16); /* red-shift */
1455 vnc_write_u8(vs, 8); /* green-shift */
1456 vnc_write_u8(vs, 0); /* blue-shift */
1457 vs->send_hextile_tile = send_hextile_tile_32;
1458 } else if (vs->depth == 2) {
1459 vnc_write_u16(vs, 31); /* red-max */
1460 vnc_write_u16(vs, 63); /* green-max */
1461 vnc_write_u16(vs, 31); /* blue-max */
1462 vnc_write_u8(vs, 11); /* red-shift */
1463 vnc_write_u8(vs, 5); /* green-shift */
1464 vnc_write_u8(vs, 0); /* blue-shift */
1465 vs->send_hextile_tile = send_hextile_tile_16;
1466 } else if (vs->depth == 1) {
1467 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1468 vnc_write_u16(vs, 7); /* red-max */
1469 vnc_write_u16(vs, 7); /* green-max */
1470 vnc_write_u16(vs, 3); /* blue-max */
1471 vnc_write_u8(vs, 5); /* red-shift */
1472 vnc_write_u8(vs, 2); /* green-shift */
1473 vnc_write_u8(vs, 0); /* blue-shift */
1474 vs->send_hextile_tile = send_hextile_tile_8;
1476 vs->write_pixels = vnc_write_pixels_copy;
1478 vnc_write(vs, pad, 3); /* padding */
1481 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1483 size = snprintf(buf, sizeof(buf), "QEMU");
1485 vnc_write_u32(vs, size);
1486 vnc_write(vs, buf, size);
1489 vnc_read_when(vs, protocol_client_msg, 1);
1494 static void make_challenge(VncState *vs)
1498 srand(time(NULL)+getpid()+getpid()*987654+rand());
1500 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1501 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1504 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1506 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1508 unsigned char key[8];
1510 if (!vs->password || !vs->password[0]) {
1511 VNC_DEBUG("No password configured on server");
1512 vnc_write_u32(vs, 1); /* Reject auth */
1513 if (vs->minor >= 8) {
1514 static const char err[] = "Authentication failed";
1515 vnc_write_u32(vs, sizeof(err));
1516 vnc_write(vs, err, sizeof(err));
1519 vnc_client_error(vs);
1523 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1525 /* Calculate the expected challenge response */
1526 pwlen = strlen(vs->password);
1527 for (i=0; i<sizeof(key); i++)
1528 key[i] = i<pwlen ? vs->password[i] : 0;
1530 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1531 des(response+j, response+j);
1533 /* Compare expected vs actual challenge response */
1534 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1535 VNC_DEBUG("Client challenge reponse did not match\n");
1536 vnc_write_u32(vs, 1); /* Reject auth */
1537 if (vs->minor >= 8) {
1538 static const char err[] = "Authentication failed";
1539 vnc_write_u32(vs, sizeof(err));
1540 vnc_write(vs, err, sizeof(err));
1543 vnc_client_error(vs);
1545 VNC_DEBUG("Accepting VNC challenge response\n");
1546 vnc_write_u32(vs, 0); /* Accept auth */
1549 vnc_read_when(vs, protocol_client_init, 1);
1554 static int start_auth_vnc(VncState *vs)
1557 /* Send client a 'random' challenge */
1558 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1561 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1566 #ifdef CONFIG_VNC_TLS
1567 #define DH_BITS 1024
1568 static gnutls_dh_params_t dh_params;
1570 static int vnc_tls_initialize(void)
1572 static int tlsinitialized = 0;
1577 if (gnutls_global_init () < 0)
1580 /* XXX ought to re-generate diffie-hellmen params periodically */
1581 if (gnutls_dh_params_init (&dh_params) < 0)
1583 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1587 gnutls_global_set_log_level(10);
1588 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1596 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1598 gnutls_anon_server_credentials anon_cred;
1601 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1602 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1606 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1612 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1614 gnutls_certificate_credentials_t x509_cred;
1617 if (!vs->x509cacert) {
1618 VNC_DEBUG("No CA x509 certificate specified\n");
1621 if (!vs->x509cert) {
1622 VNC_DEBUG("No server x509 certificate specified\n");
1626 VNC_DEBUG("No server private key specified\n");
1630 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1631 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1634 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1636 GNUTLS_X509_FMT_PEM)) < 0) {
1637 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1638 gnutls_certificate_free_credentials(x509_cred);
1642 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1645 GNUTLS_X509_FMT_PEM)) < 0) {
1646 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1647 gnutls_certificate_free_credentials(x509_cred);
1651 if (vs->x509cacrl) {
1652 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1654 GNUTLS_X509_FMT_PEM)) < 0) {
1655 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1656 gnutls_certificate_free_credentials(x509_cred);
1661 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1666 static int vnc_validate_certificate(struct VncState *vs)
1669 unsigned int status;
1670 const gnutls_datum_t *certs;
1671 unsigned int nCerts, i;
1674 VNC_DEBUG("Validating client certificate\n");
1675 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1676 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1680 if ((now = time(NULL)) == ((time_t)-1)) {
1685 if (status & GNUTLS_CERT_INVALID)
1686 VNC_DEBUG("The certificate is not trusted.\n");
1688 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1689 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1691 if (status & GNUTLS_CERT_REVOKED)
1692 VNC_DEBUG("The certificate has been revoked.\n");
1694 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1695 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1699 VNC_DEBUG("Certificate is valid!\n");
1702 /* Only support x509 for now */
1703 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1706 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1709 for (i = 0 ; i < nCerts ; i++) {
1710 gnutls_x509_crt_t cert;
1711 VNC_DEBUG ("Checking certificate chain %d\n", i);
1712 if (gnutls_x509_crt_init (&cert) < 0)
1715 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1716 gnutls_x509_crt_deinit (cert);
1720 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1721 VNC_DEBUG("The certificate has expired\n");
1722 gnutls_x509_crt_deinit (cert);
1726 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1727 VNC_DEBUG("The certificate is not yet activated\n");
1728 gnutls_x509_crt_deinit (cert);
1732 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1733 VNC_DEBUG("The certificate is not yet activated\n");
1734 gnutls_x509_crt_deinit (cert);
1738 gnutls_x509_crt_deinit (cert);
1745 static int start_auth_vencrypt_subauth(VncState *vs)
1747 switch (vs->subauth) {
1748 case VNC_AUTH_VENCRYPT_TLSNONE:
1749 case VNC_AUTH_VENCRYPT_X509NONE:
1750 VNC_DEBUG("Accept TLS auth none\n");
1751 vnc_write_u32(vs, 0); /* Accept auth completion */
1752 vnc_read_when(vs, protocol_client_init, 1);
1755 case VNC_AUTH_VENCRYPT_TLSVNC:
1756 case VNC_AUTH_VENCRYPT_X509VNC:
1757 VNC_DEBUG("Start TLS auth VNC\n");
1758 return start_auth_vnc(vs);
1760 default: /* Should not be possible, but just in case */
1761 VNC_DEBUG("Reject auth %d\n", vs->auth);
1762 vnc_write_u8(vs, 1);
1763 if (vs->minor >= 8) {
1764 static const char err[] = "Unsupported authentication type";
1765 vnc_write_u32(vs, sizeof(err));
1766 vnc_write(vs, err, sizeof(err));
1768 vnc_client_error(vs);
1774 static void vnc_handshake_io(void *opaque);
1776 static int vnc_continue_handshake(struct VncState *vs) {
1779 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1780 if (!gnutls_error_is_fatal(ret)) {
1781 VNC_DEBUG("Handshake interrupted (blocking)\n");
1782 if (!gnutls_record_get_direction(vs->tls_session))
1783 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1785 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1788 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1789 vnc_client_error(vs);
1793 if (vs->x509verify) {
1794 if (vnc_validate_certificate(vs) < 0) {
1795 VNC_DEBUG("Client verification failed\n");
1796 vnc_client_error(vs);
1799 VNC_DEBUG("Client verification passed\n");
1803 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1804 vs->wiremode = VNC_WIREMODE_TLS;
1805 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1807 return start_auth_vencrypt_subauth(vs);
1810 static void vnc_handshake_io(void *opaque) {
1811 struct VncState *vs = (struct VncState *)opaque;
1813 VNC_DEBUG("Handshake IO continue\n");
1814 vnc_continue_handshake(vs);
1817 #define NEED_X509_AUTH(vs) \
1818 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1819 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1820 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1823 static int vnc_start_tls(struct VncState *vs) {
1824 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1825 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1826 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1827 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1829 VNC_DEBUG("Do TLS setup\n");
1830 if (vnc_tls_initialize() < 0) {
1831 VNC_DEBUG("Failed to init TLS\n");
1832 vnc_client_error(vs);
1835 if (vs->tls_session == NULL) {
1836 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1837 vnc_client_error(vs);
1841 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1842 gnutls_deinit(vs->tls_session);
1843 vs->tls_session = NULL;
1844 vnc_client_error(vs);
1848 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1849 gnutls_deinit(vs->tls_session);
1850 vs->tls_session = NULL;
1851 vnc_client_error(vs);
1855 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1856 gnutls_deinit(vs->tls_session);
1857 vs->tls_session = NULL;
1858 vnc_client_error(vs);
1862 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1863 gnutls_deinit(vs->tls_session);
1864 vs->tls_session = NULL;
1865 vnc_client_error(vs);
1869 if (NEED_X509_AUTH(vs)) {
1870 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1872 gnutls_deinit(vs->tls_session);
1873 vs->tls_session = NULL;
1874 vnc_client_error(vs);
1877 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1878 gnutls_deinit(vs->tls_session);
1879 vs->tls_session = NULL;
1880 gnutls_certificate_free_credentials(x509_cred);
1881 vnc_client_error(vs);
1884 if (vs->x509verify) {
1885 VNC_DEBUG("Requesting a client certificate\n");
1886 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1890 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1892 gnutls_deinit(vs->tls_session);
1893 vs->tls_session = NULL;
1894 vnc_client_error(vs);
1897 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1898 gnutls_deinit(vs->tls_session);
1899 vs->tls_session = NULL;
1900 gnutls_anon_free_server_credentials(anon_cred);
1901 vnc_client_error(vs);
1906 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1907 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1908 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1911 VNC_DEBUG("Start TLS handshake process\n");
1912 return vnc_continue_handshake(vs);
1915 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1917 int auth = read_u32(data, 0);
1919 if (auth != vs->subauth) {
1920 VNC_DEBUG("Rejecting auth %d\n", auth);
1921 vnc_write_u8(vs, 0); /* Reject auth */
1923 vnc_client_error(vs);
1925 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1926 vnc_write_u8(vs, 1); /* Accept auth */
1929 if (vnc_start_tls(vs) < 0) {
1930 VNC_DEBUG("Failed to complete TLS\n");
1934 if (vs->wiremode == VNC_WIREMODE_TLS) {
1935 VNC_DEBUG("Starting VeNCrypt subauth\n");
1936 return start_auth_vencrypt_subauth(vs);
1938 VNC_DEBUG("TLS handshake blocked\n");
1945 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1949 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1950 vnc_write_u8(vs, 1); /* Reject version */
1952 vnc_client_error(vs);
1954 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1955 vnc_write_u8(vs, 0); /* Accept version */
1956 vnc_write_u8(vs, 1); /* Number of sub-auths */
1957 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1959 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1964 static int start_auth_vencrypt(VncState *vs)
1966 /* Send VeNCrypt version 0.2 */
1967 vnc_write_u8(vs, 0);
1968 vnc_write_u8(vs, 2);
1970 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1973 #endif /* CONFIG_VNC_TLS */
1975 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1977 /* We only advertise 1 auth scheme at a time, so client
1978 * must pick the one we sent. Verify this */
1979 if (data[0] != vs->auth) { /* Reject auth */
1980 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1981 vnc_write_u32(vs, 1);
1982 if (vs->minor >= 8) {
1983 static const char err[] = "Authentication failed";
1984 vnc_write_u32(vs, sizeof(err));
1985 vnc_write(vs, err, sizeof(err));
1987 vnc_client_error(vs);
1988 } else { /* Accept requested auth */
1989 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1992 VNC_DEBUG("Accept auth none\n");
1993 if (vs->minor >= 8) {
1994 vnc_write_u32(vs, 0); /* Accept auth completion */
1997 vnc_read_when(vs, protocol_client_init, 1);
2001 VNC_DEBUG("Start VNC auth\n");
2002 return start_auth_vnc(vs);
2004 #ifdef CONFIG_VNC_TLS
2005 case VNC_AUTH_VENCRYPT:
2006 VNC_DEBUG("Accept VeNCrypt auth\n");;
2007 return start_auth_vencrypt(vs);
2008 #endif /* CONFIG_VNC_TLS */
2010 default: /* Should not be possible, but just in case */
2011 VNC_DEBUG("Reject auth %d\n", vs->auth);
2012 vnc_write_u8(vs, 1);
2013 if (vs->minor >= 8) {
2014 static const char err[] = "Authentication failed";
2015 vnc_write_u32(vs, sizeof(err));
2016 vnc_write(vs, err, sizeof(err));
2018 vnc_client_error(vs);
2024 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2028 memcpy(local, version, 12);
2031 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2032 VNC_DEBUG("Malformed protocol version %s\n", local);
2033 vnc_client_error(vs);
2036 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2037 if (vs->major != 3 ||
2043 VNC_DEBUG("Unsupported client version\n");
2044 vnc_write_u32(vs, VNC_AUTH_INVALID);
2046 vnc_client_error(vs);
2049 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2050 * as equivalent to v3.3 by servers
2052 if (vs->minor == 4 || vs->minor == 5)
2055 if (vs->minor == 3) {
2056 if (vs->auth == VNC_AUTH_NONE) {
2057 VNC_DEBUG("Tell client auth none\n");
2058 vnc_write_u32(vs, vs->auth);
2060 vnc_read_when(vs, protocol_client_init, 1);
2061 } else if (vs->auth == VNC_AUTH_VNC) {
2062 VNC_DEBUG("Tell client VNC auth\n");
2063 vnc_write_u32(vs, vs->auth);
2067 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2068 vnc_write_u32(vs, VNC_AUTH_INVALID);
2070 vnc_client_error(vs);
2073 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2074 vnc_write_u8(vs, 1); /* num auth */
2075 vnc_write_u8(vs, vs->auth);
2076 vnc_read_when(vs, protocol_client_auth, 1);
2083 static void vnc_connect(VncState *vs)
2085 VNC_DEBUG("New client on socket %d\n", vs->csock);
2087 socket_set_nonblock(vs->csock);
2088 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2089 vnc_write(vs, "RFB 003.008\n", 12);
2091 vnc_read_when(vs, protocol_version, 12);
2092 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
2093 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2095 vs->has_hextile = 0;
2096 vs->ds->dpy_copy = NULL;
2097 vnc_update_client(vs);
2100 static void vnc_listen_read(void *opaque)
2102 VncState *vs = opaque;
2103 struct sockaddr_in addr;
2104 socklen_t addrlen = sizeof(addr);
2109 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2110 if (vs->csock != -1) {
2115 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
2117 void vnc_display_init(DisplayState *ds)
2121 vs = qemu_mallocz(sizeof(VncState));
2129 vs->password = NULL;
2138 if (keyboard_layout)
2139 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2141 vs->kbd_layout = init_keyboard_layout("en-us");
2143 if (!vs->kbd_layout)
2146 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2148 vs->ds->data = NULL;
2149 vs->ds->dpy_update = vnc_dpy_update;
2150 vs->ds->dpy_resize = vnc_dpy_resize;
2151 vs->ds->dpy_refresh = NULL;
2153 vnc_colordepth(vs->ds, 32);
2154 vnc_dpy_resize(vs->ds, 640, 400);
2157 #ifdef CONFIG_VNC_TLS
2158 static int vnc_set_x509_credential(VncState *vs,
2159 const char *certdir,
2160 const char *filename,
2171 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2174 strcpy(*cred, certdir);
2176 strcat(*cred, filename);
2178 VNC_DEBUG("Check %s\n", *cred);
2179 if (stat(*cred, &sb) < 0) {
2182 if (ignoreMissing && errno == ENOENT)
2190 static int vnc_set_x509_credential_dir(VncState *vs,
2191 const char *certdir)
2193 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2195 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2197 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2199 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2205 qemu_free(vs->x509cacert);
2206 qemu_free(vs->x509cacrl);
2207 qemu_free(vs->x509cert);
2208 qemu_free(vs->x509key);
2209 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2212 #endif /* CONFIG_VNC_TLS */
2214 void vnc_display_close(DisplayState *ds)
2216 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2219 qemu_free(vs->display);
2222 if (vs->lsock != -1) {
2223 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2227 if (vs->csock != -1) {
2228 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2229 closesocket(vs->csock);
2231 buffer_reset(&vs->input);
2232 buffer_reset(&vs->output);
2233 vs->need_update = 0;
2234 #ifdef CONFIG_VNC_TLS
2235 if (vs->tls_session) {
2236 gnutls_deinit(vs->tls_session);
2237 vs->tls_session = NULL;
2239 vs->wiremode = VNC_WIREMODE_CLEAR;
2240 #endif /* CONFIG_VNC_TLS */
2242 vs->auth = VNC_AUTH_INVALID;
2243 #ifdef CONFIG_VNC_TLS
2244 vs->subauth = VNC_AUTH_INVALID;
2249 int vnc_display_password(DisplayState *ds, const char *password)
2251 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2254 qemu_free(vs->password);
2255 vs->password = NULL;
2257 if (password && password[0]) {
2258 if (!(vs->password = qemu_strdup(password)))
2265 int vnc_display_open(DisplayState *ds, const char *display)
2267 struct sockaddr *addr;
2268 struct sockaddr_in iaddr;
2270 struct sockaddr_un uaddr;
2273 int reuse_addr, ret;
2275 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2276 const char *options;
2279 #ifdef CONFIG_VNC_TLS
2280 int tls = 0, x509 = 0;
2283 vnc_display_close(ds);
2284 if (strcmp(display, "none") == 0)
2287 if (!(vs->display = strdup(display)))
2291 while ((options = strchr(options, ','))) {
2293 if (strncmp(options, "password", 8) == 0) {
2294 password = 1; /* Require password auth */
2295 } else if (strncmp(options, "reverse", 7) == 0) {
2297 #ifdef CONFIG_VNC_TLS
2298 } else if (strncmp(options, "tls", 3) == 0) {
2299 tls = 1; /* Require TLS */
2300 } else if (strncmp(options, "x509", 4) == 0) {
2302 x509 = 1; /* Require x509 certificates */
2303 if (strncmp(options, "x509verify", 10) == 0)
2304 vs->x509verify = 1; /* ...and verify client certs */
2306 /* Now check for 'x509=/some/path' postfix
2307 * and use that to setup x509 certificate/key paths */
2308 start = strchr(options, '=');
2309 end = strchr(options, ',');
2310 if (start && (!end || (start < end))) {
2311 int len = end ? end-(start+1) : strlen(start+1);
2312 char *path = qemu_malloc(len+1);
2313 strncpy(path, start+1, len);
2315 VNC_DEBUG("Trying certificate path '%s'\n", path);
2316 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2317 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2319 qemu_free(vs->display);
2325 fprintf(stderr, "No certificate path provided\n");
2326 qemu_free(vs->display);
2335 #ifdef CONFIG_VNC_TLS
2337 vs->auth = VNC_AUTH_VENCRYPT;
2339 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2340 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2342 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2343 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2347 VNC_DEBUG("Initializing VNC server with password auth\n");
2348 vs->auth = VNC_AUTH_VNC;
2349 #ifdef CONFIG_VNC_TLS
2350 vs->subauth = VNC_AUTH_INVALID;
2354 #ifdef CONFIG_VNC_TLS
2356 vs->auth = VNC_AUTH_VENCRYPT;
2358 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2359 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2361 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2362 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2366 VNC_DEBUG("Initializing VNC server with no auth\n");
2367 vs->auth = VNC_AUTH_NONE;
2368 #ifdef CONFIG_VNC_TLS
2369 vs->subauth = VNC_AUTH_INVALID;
2374 if (strstart(display, "unix:", &p)) {
2375 addr = (struct sockaddr *)&uaddr;
2376 addrlen = sizeof(uaddr);
2378 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2379 if (vs->lsock == -1) {
2380 fprintf(stderr, "Could not create socket\n");
2386 uaddr.sun_family = AF_UNIX;
2387 memset(uaddr.sun_path, 0, 108);
2388 snprintf(uaddr.sun_path, 108, "%s", p);
2391 unlink(uaddr.sun_path);
2396 addr = (struct sockaddr *)&iaddr;
2397 addrlen = sizeof(iaddr);
2399 if (parse_host_port(&iaddr, display) < 0) {
2400 fprintf(stderr, "Could not parse VNC address\n");
2406 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2408 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2409 if (vs->lsock == -1) {
2410 fprintf(stderr, "Could not create socket\n");
2417 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2418 (const char *)&reuse_addr, sizeof(reuse_addr));
2420 fprintf(stderr, "setsockopt() failed\n");
2430 if (connect(vs->lsock, addr, addrlen) == -1) {
2431 fprintf(stderr, "Connection to VNC client failed\n");
2438 vs->csock = vs->lsock;
2445 if (bind(vs->lsock, addr, addrlen) == -1) {
2446 fprintf(stderr, "bind() failed\n");
2454 if (listen(vs->lsock, 1) == -1) {
2455 fprintf(stderr, "listen() failed\n");
2463 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);