2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, char *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
132 int depth; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change;
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159 gnutls_session_t tls_session;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
262 for (i = 0; i < w; i += 16)
263 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
266 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
269 vnc_write_u16(vs, x);
270 vnc_write_u16(vs, y);
271 vnc_write_u16(vs, w);
272 vnc_write_u16(vs, h);
274 vnc_write_s32(vs, encoding);
277 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
280 VncState *vs = ds->opaque;
282 ds->data = realloc(ds->data, w * h * vs->depth);
283 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
285 if (ds->data == NULL || vs->old_data == NULL) {
286 fprintf(stderr, "vnc: memory allocation failed\n");
290 if (ds->depth != vs->depth * 8) {
291 ds->depth = vs->depth * 8;
292 console_color_init(ds);
294 size_changed = ds->width != w || ds->height != h;
297 ds->linesize = w * vs->depth;
298 if (vs->csock != -1 && vs->has_resize && size_changed) {
299 vnc_write_u8(vs, 0); /* msg id */
301 vnc_write_u16(vs, 1); /* number of rects */
302 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
304 vs->width = ds->width;
305 vs->height = ds->height;
310 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
312 vnc_write(vs, pixels, size);
315 /* slowest but generic code. */
316 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
318 unsigned int r, g, b;
320 r = (v >> vs->red_shift1) & vs->red_max;
321 g = (v >> vs->green_shift1) & vs->green_max;
322 b = (v >> vs->blue_shift1) & vs->blue_max;
323 v = (r << vs->red_shift) |
324 (g << vs->green_shift) |
325 (b << vs->blue_shift);
326 switch(vs->pix_bpp) {
331 if (vs->pix_big_endian) {
341 if (vs->pix_big_endian) {
356 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
358 uint32_t *pixels = pixels1;
363 for(i = 0; i < n; i++) {
364 vnc_convert_pixel(vs, buf, pixels[i]);
365 vnc_write(vs, buf, vs->pix_bpp);
369 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
374 vnc_framebuffer_update(vs, x, y, w, h, 0);
376 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
377 for (i = 0; i < h; i++) {
378 vs->write_pixels(vs, row, w * vs->depth);
379 row += vs->ds->linesize;
383 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
385 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
386 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
390 #include "vnchextile.h"
394 #include "vnchextile.h"
398 #include "vnchextile.h"
403 #include "vnchextile.h"
407 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
411 uint32_t last_fg32, last_bg32;
413 vnc_framebuffer_update(vs, x, y, w, h, 5);
416 for (j = y; j < (y + h); j += 16) {
417 for (i = x; i < (x + w); i += 16) {
418 vs->send_hextile_tile(vs, i, j,
419 MIN(16, x + w - i), MIN(16, y + h - j),
420 &last_bg32, &last_fg32, &has_bg, &has_fg);
425 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
428 send_framebuffer_update_hextile(vs, x, y, w, h);
430 send_framebuffer_update_raw(vs, x, y, w, h);
433 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
440 int pitch = ds->linesize;
441 VncState *vs = ds->opaque;
443 vnc_update_client(vs);
450 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
451 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
453 src_row = ds->data + src;
454 dst_row = ds->data + dst;
455 old_row = vs->old_data + dst;
457 for (y = 0; y < h; y++) {
458 memmove(old_row, src_row, w * vs->depth);
459 memmove(dst_row, src_row, w * vs->depth);
465 vnc_write_u8(vs, 0); /* msg id */
467 vnc_write_u16(vs, 1); /* number of rects */
468 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
469 vnc_write_u16(vs, src_x);
470 vnc_write_u16(vs, src_y);
474 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
478 for (h = 1; h < (vs->height - y); h++) {
480 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
482 for (tmp_x = last_x; tmp_x < x; tmp_x++)
483 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
489 static void vnc_update_client(void *opaque)
491 VncState *vs = opaque;
493 if (vs->need_update && vs->csock != -1) {
497 uint32_t width_mask[VNC_DIRTY_WORDS];
502 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
504 /* Walk through the dirty map and eliminate tiles that
505 really aren't dirty */
507 old_row = vs->old_data;
509 for (y = 0; y < vs->height; y++) {
510 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
517 for (x = 0; x < vs->ds->width; x += 16) {
518 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
519 vnc_clear_bit(vs->dirty_row[y], (x / 16));
522 memcpy(old_ptr, ptr, 16 * vs->depth);
525 ptr += 16 * vs->depth;
526 old_ptr += 16 * vs->depth;
530 row += vs->ds->linesize;
531 old_row += vs->ds->linesize;
535 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
539 /* Count rectangles */
541 vnc_write_u8(vs, 0); /* msg id */
543 saved_offset = vs->output.offset;
544 vnc_write_u16(vs, 0);
546 for (y = 0; y < vs->height; y++) {
549 for (x = 0; x < vs->width / 16; x++) {
550 if (vnc_get_bit(vs->dirty_row[y], x)) {
554 vnc_clear_bit(vs->dirty_row[y], x);
557 int h = find_dirty_height(vs, y, last_x, x);
558 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
565 int h = find_dirty_height(vs, y, last_x, x);
566 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
570 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
571 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
575 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
578 static void vnc_timer_init(VncState *vs)
580 if (vs->timer == NULL) {
581 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
582 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock));
586 static void vnc_dpy_refresh(DisplayState *ds)
588 VncState *vs = ds->opaque;
593 static int vnc_listen_poll(void *opaque)
595 VncState *vs = opaque;
601 static void buffer_reserve(Buffer *buffer, size_t len)
603 if ((buffer->capacity - buffer->offset) < len) {
604 buffer->capacity += (len + 1024);
605 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
606 if (buffer->buffer == NULL) {
607 fprintf(stderr, "vnc: out of memory\n");
613 static int buffer_empty(Buffer *buffer)
615 return buffer->offset == 0;
618 static char *buffer_end(Buffer *buffer)
620 return buffer->buffer + buffer->offset;
623 static void buffer_reset(Buffer *buffer)
628 static void buffer_append(Buffer *buffer, const void *data, size_t len)
630 memcpy(buffer->buffer + buffer->offset, data, len);
631 buffer->offset += len;
634 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
636 if (ret == 0 || ret == -1) {
637 if (ret == -1 && (last_errno == EINTR || last_errno == EAGAIN))
640 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
641 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
642 closesocket(vs->csock);
644 buffer_reset(&vs->input);
645 buffer_reset(&vs->output);
648 if (vs->tls_session) {
649 gnutls_deinit(vs->tls_session);
650 vs->tls_session = NULL;
652 vs->wiremode = VNC_WIREMODE_CLEAR;
653 #endif /* CONFIG_VNC_TLS */
659 static void vnc_client_error(VncState *vs)
661 vnc_client_io_error(vs, -1, EINVAL);
664 static void vnc_client_write(void *opaque)
667 VncState *vs = opaque;
670 if (vs->tls_session) {
671 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
673 if (ret == GNUTLS_E_AGAIN)
680 #endif /* CONFIG_VNC_TLS */
681 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
682 ret = vnc_client_io_error(vs, ret, socket_error());
686 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
687 vs->output.offset -= ret;
689 if (vs->output.offset == 0) {
690 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
694 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
696 vs->read_handler = func;
697 vs->read_handler_expect = expecting;
700 static void vnc_client_read(void *opaque)
702 VncState *vs = opaque;
705 buffer_reserve(&vs->input, 4096);
708 if (vs->tls_session) {
709 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
711 if (ret == GNUTLS_E_AGAIN)
718 #endif /* CONFIG_VNC_TLS */
719 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
720 ret = vnc_client_io_error(vs, ret, socket_error());
724 vs->input.offset += ret;
726 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
727 size_t len = vs->read_handler_expect;
730 ret = vs->read_handler(vs, vs->input.buffer, len);
735 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
736 vs->input.offset -= len;
738 vs->read_handler_expect = ret;
743 static void vnc_write(VncState *vs, const void *data, size_t len)
745 buffer_reserve(&vs->output, len);
747 if (buffer_empty(&vs->output)) {
748 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
751 buffer_append(&vs->output, data, len);
754 static void vnc_write_s32(VncState *vs, int32_t value)
756 vnc_write_u32(vs, *(uint32_t *)&value);
759 static void vnc_write_u32(VncState *vs, uint32_t value)
763 buf[0] = (value >> 24) & 0xFF;
764 buf[1] = (value >> 16) & 0xFF;
765 buf[2] = (value >> 8) & 0xFF;
766 buf[3] = value & 0xFF;
768 vnc_write(vs, buf, 4);
771 static void vnc_write_u16(VncState *vs, uint16_t value)
775 buf[0] = (value >> 8) & 0xFF;
776 buf[1] = value & 0xFF;
778 vnc_write(vs, buf, 2);
781 static void vnc_write_u8(VncState *vs, uint8_t value)
783 vnc_write(vs, (char *)&value, 1);
786 static void vnc_flush(VncState *vs)
788 if (vs->output.offset)
789 vnc_client_write(vs);
792 static uint8_t read_u8(uint8_t *data, size_t offset)
797 static uint16_t read_u16(uint8_t *data, size_t offset)
799 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
802 static int32_t read_s32(uint8_t *data, size_t offset)
804 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
805 (data[offset + 2] << 8) | data[offset + 3]);
808 static uint32_t read_u32(uint8_t *data, size_t offset)
810 return ((data[offset] << 24) | (data[offset + 1] << 16) |
811 (data[offset + 2] << 8) | data[offset + 3]);
815 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
818 struct VncState *vs = (struct VncState *)transport;
822 ret = send(vs->csock, data, len, 0);
832 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
835 struct VncState *vs = (struct VncState *)transport;
839 ret = recv(vs->csock, data, len, 0);
847 #endif /* CONFIG_VNC_TLS */
849 static void client_cut_text(VncState *vs, size_t len, char *text)
853 static void check_pointer_type_change(VncState *vs, int absolute)
855 if (vs->has_pointer_type_change && vs->absolute != absolute) {
858 vnc_write_u16(vs, 1);
859 vnc_framebuffer_update(vs, absolute, 0,
860 vs->ds->width, vs->ds->height, -257);
863 vs->absolute = absolute;
866 static void pointer_event(VncState *vs, int button_mask, int x, int y)
871 if (button_mask & 0x01)
872 buttons |= MOUSE_EVENT_LBUTTON;
873 if (button_mask & 0x02)
874 buttons |= MOUSE_EVENT_MBUTTON;
875 if (button_mask & 0x04)
876 buttons |= MOUSE_EVENT_RBUTTON;
877 if (button_mask & 0x08)
879 if (button_mask & 0x10)
883 kbd_mouse_event(x * 0x7FFF / vs->ds->width,
884 y * 0x7FFF / vs->ds->height,
886 } else if (vs->has_pointer_type_change) {
890 kbd_mouse_event(x, y, dz, buttons);
892 if (vs->last_x != -1)
893 kbd_mouse_event(x - vs->last_x,
900 check_pointer_type_change(vs, kbd_mouse_is_absolute());
903 static void reset_keys(VncState *vs)
906 for(i = 0; i < 256; i++) {
907 if (vs->modifiers_state[i]) {
909 kbd_put_keycode(0xe0);
910 kbd_put_keycode(i | 0x80);
911 vs->modifiers_state[i] = 0;
916 static void press_key(VncState *vs, int keysym)
918 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
919 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
922 static void do_key_event(VncState *vs, int down, uint32_t sym)
926 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
928 /* QEMU console switch */
930 case 0x2a: /* Left Shift */
931 case 0x36: /* Right Shift */
932 case 0x1d: /* Left CTRL */
933 case 0x9d: /* Right CTRL */
934 case 0x38: /* Left ALT */
935 case 0xb8: /* Right ALT */
937 vs->modifiers_state[keycode] = 1;
939 vs->modifiers_state[keycode] = 0;
941 case 0x02 ... 0x0a: /* '1' to '9' keys */
942 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
943 /* Reset the modifiers sent to the current console */
945 console_select(keycode - 0x02);
949 case 0x45: /* NumLock */
951 vs->modifiers_state[keycode] ^= 1;
955 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
956 /* If the numlock state needs to change then simulate an additional
957 keypress before sending this one. This will happen if the user
958 toggles numlock away from the VNC window.
960 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
961 if (!vs->modifiers_state[0x45]) {
962 vs->modifiers_state[0x45] = 1;
963 press_key(vs, 0xff7f);
966 if (vs->modifiers_state[0x45]) {
967 vs->modifiers_state[0x45] = 0;
968 press_key(vs, 0xff7f);
973 if (is_graphic_console()) {
975 kbd_put_keycode(0xe0);
977 kbd_put_keycode(keycode & 0x7f);
979 kbd_put_keycode(keycode | 0x80);
981 /* QEMU console emulation */
984 case 0x2a: /* Left Shift */
985 case 0x36: /* Right Shift */
986 case 0x1d: /* Left CTRL */
987 case 0x9d: /* Right CTRL */
988 case 0x38: /* Left ALT */
989 case 0xb8: /* Right ALT */
992 kbd_put_keysym(QEMU_KEY_UP);
995 kbd_put_keysym(QEMU_KEY_DOWN);
998 kbd_put_keysym(QEMU_KEY_LEFT);
1001 kbd_put_keysym(QEMU_KEY_RIGHT);
1004 kbd_put_keysym(QEMU_KEY_DELETE);
1007 kbd_put_keysym(QEMU_KEY_HOME);
1010 kbd_put_keysym(QEMU_KEY_END);
1013 kbd_put_keysym(QEMU_KEY_PAGEUP);
1016 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1019 kbd_put_keysym(sym);
1026 static void key_event(VncState *vs, int down, uint32_t sym)
1028 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1029 sym = sym - 'A' + 'a';
1030 do_key_event(vs, down, sym);
1033 static void framebuffer_update_request(VncState *vs, int incremental,
1034 int x_position, int y_position,
1037 if (x_position > vs->ds->width)
1038 x_position = vs->ds->width;
1039 if (y_position > vs->ds->height)
1040 y_position = vs->ds->height;
1041 if (x_position + w >= vs->ds->width)
1042 w = vs->ds->width - x_position;
1043 if (y_position + h >= vs->ds->height)
1044 h = vs->ds->height - y_position;
1047 vs->need_update = 1;
1049 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1051 for (i = 0; i < h; i++) {
1052 vnc_set_bits(vs->dirty_row[y_position + i],
1053 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1054 memset(old_row, 42, vs->ds->width * vs->depth);
1055 old_row += vs->ds->linesize;
1060 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1064 vs->has_hextile = 0;
1066 vs->has_pointer_type_change = 0;
1068 vs->ds->dpy_copy = NULL;
1070 for (i = n_encodings - 1; i >= 0; i--) {
1071 switch (encodings[i]) {
1073 vs->has_hextile = 0;
1075 case 1: /* CopyRect */
1076 vs->ds->dpy_copy = vnc_copy;
1078 case 5: /* Hextile */
1079 vs->has_hextile = 1;
1081 case -223: /* DesktopResize */
1085 vs->has_pointer_type_change = 1;
1092 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1095 static int compute_nbits(unsigned int val)
1106 static void set_pixel_format(VncState *vs,
1107 int bits_per_pixel, int depth,
1108 int big_endian_flag, int true_color_flag,
1109 int red_max, int green_max, int blue_max,
1110 int red_shift, int green_shift, int blue_shift)
1112 int host_big_endian_flag;
1114 #ifdef WORDS_BIGENDIAN
1115 host_big_endian_flag = 1;
1117 host_big_endian_flag = 0;
1119 if (!true_color_flag) {
1121 vnc_client_error(vs);
1124 if (bits_per_pixel == 32 &&
1125 host_big_endian_flag == big_endian_flag &&
1126 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1127 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1129 vs->write_pixels = vnc_write_pixels_copy;
1130 vs->send_hextile_tile = send_hextile_tile_32;
1132 if (bits_per_pixel == 16 &&
1133 host_big_endian_flag == big_endian_flag &&
1134 red_max == 31 && green_max == 63 && blue_max == 31 &&
1135 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1137 vs->write_pixels = vnc_write_pixels_copy;
1138 vs->send_hextile_tile = send_hextile_tile_16;
1140 if (bits_per_pixel == 8 &&
1141 red_max == 7 && green_max == 7 && blue_max == 3 &&
1142 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1144 vs->write_pixels = vnc_write_pixels_copy;
1145 vs->send_hextile_tile = send_hextile_tile_8;
1148 /* generic and slower case */
1149 if (bits_per_pixel != 8 &&
1150 bits_per_pixel != 16 &&
1151 bits_per_pixel != 32)
1154 vs->red_shift = red_shift;
1155 vs->red_max = red_max;
1156 vs->red_shift1 = 24 - compute_nbits(red_max);
1157 vs->green_shift = green_shift;
1158 vs->green_max = green_max;
1159 vs->green_shift1 = 16 - compute_nbits(green_max);
1160 vs->blue_shift = blue_shift;
1161 vs->blue_max = blue_max;
1162 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1163 vs->pix_bpp = bits_per_pixel / 8;
1164 vs->pix_big_endian = big_endian_flag;
1165 vs->write_pixels = vnc_write_pixels_generic;
1166 vs->send_hextile_tile = send_hextile_tile_generic;
1169 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1170 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1171 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1173 vga_hw_invalidate();
1177 static int protocol_client_msg(VncState *vs, char *data, size_t len)
1187 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1188 read_u8(data, 6), read_u8(data, 7),
1189 read_u16(data, 8), read_u16(data, 10),
1190 read_u16(data, 12), read_u8(data, 14),
1191 read_u8(data, 15), read_u8(data, 16));
1198 return 4 + (read_u16(data, 2) * 4);
1200 limit = read_u16(data, 2);
1201 for (i = 0; i < limit; i++) {
1202 int32_t val = read_s32(data, 4 + (i * 4));
1203 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1206 set_encodings(vs, (int32_t *)(data + 4), limit);
1212 framebuffer_update_request(vs,
1213 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1214 read_u16(data, 6), read_u16(data, 8));
1220 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1226 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1233 uint32_t dlen = read_u32(data, 4);
1238 client_cut_text(vs, read_u32(data, 4), data + 8);
1241 printf("Msg: %d\n", data[0]);
1242 vnc_client_error(vs);
1246 vnc_read_when(vs, protocol_client_msg, 1);
1250 static int protocol_client_init(VncState *vs, char *data, size_t len)
1252 char pad[3] = { 0, 0, 0 };
1256 vs->width = vs->ds->width;
1257 vs->height = vs->ds->height;
1258 vnc_write_u16(vs, vs->ds->width);
1259 vnc_write_u16(vs, vs->ds->height);
1261 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1262 vnc_write_u8(vs, vs->depth * 8); /* depth */
1263 #ifdef WORDS_BIGENDIAN
1264 vnc_write_u8(vs, 1); /* big-endian-flag */
1266 vnc_write_u8(vs, 0); /* big-endian-flag */
1268 vnc_write_u8(vs, 1); /* true-color-flag */
1269 if (vs->depth == 4) {
1270 vnc_write_u16(vs, 0xFF); /* red-max */
1271 vnc_write_u16(vs, 0xFF); /* green-max */
1272 vnc_write_u16(vs, 0xFF); /* blue-max */
1273 vnc_write_u8(vs, 16); /* red-shift */
1274 vnc_write_u8(vs, 8); /* green-shift */
1275 vnc_write_u8(vs, 0); /* blue-shift */
1276 vs->send_hextile_tile = send_hextile_tile_32;
1277 } else if (vs->depth == 2) {
1278 vnc_write_u16(vs, 31); /* red-max */
1279 vnc_write_u16(vs, 63); /* green-max */
1280 vnc_write_u16(vs, 31); /* blue-max */
1281 vnc_write_u8(vs, 11); /* red-shift */
1282 vnc_write_u8(vs, 5); /* green-shift */
1283 vnc_write_u8(vs, 0); /* blue-shift */
1284 vs->send_hextile_tile = send_hextile_tile_16;
1285 } else if (vs->depth == 1) {
1286 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1287 vnc_write_u16(vs, 7); /* red-max */
1288 vnc_write_u16(vs, 7); /* green-max */
1289 vnc_write_u16(vs, 3); /* blue-max */
1290 vnc_write_u8(vs, 5); /* red-shift */
1291 vnc_write_u8(vs, 2); /* green-shift */
1292 vnc_write_u8(vs, 0); /* blue-shift */
1293 vs->send_hextile_tile = send_hextile_tile_8;
1295 vs->write_pixels = vnc_write_pixels_copy;
1297 vnc_write(vs, pad, 3); /* padding */
1300 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1302 size = snprintf(buf, sizeof(buf), "QEMU");
1304 vnc_write_u32(vs, size);
1305 vnc_write(vs, buf, size);
1308 vnc_read_when(vs, protocol_client_msg, 1);
1313 static void make_challenge(VncState *vs)
1317 srand(time(NULL)+getpid()+getpid()*987654+rand());
1319 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1320 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1323 static int protocol_client_auth_vnc(VncState *vs, char *data, size_t len)
1325 char response[VNC_AUTH_CHALLENGE_SIZE];
1329 if (!vs->password || !vs->password[0]) {
1330 VNC_DEBUG("No password configured on server");
1331 vnc_write_u32(vs, 1); /* Reject auth */
1332 if (vs->minor >= 8) {
1333 static const char err[] = "Authentication failed";
1334 vnc_write_u32(vs, sizeof(err));
1335 vnc_write(vs, err, sizeof(err));
1338 vnc_client_error(vs);
1342 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1344 /* Calculate the expected challenge response */
1345 pwlen = strlen(vs->password);
1346 for (i=0; i<sizeof(key); i++)
1347 key[i] = i<pwlen ? vs->password[i] : 0;
1349 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1350 des(response+j, response+j);
1352 /* Compare expected vs actual challenge response */
1353 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1354 VNC_DEBUG("Client challenge reponse did not match\n");
1355 vnc_write_u32(vs, 1); /* Reject auth */
1356 if (vs->minor >= 8) {
1357 static const char err[] = "Authentication failed";
1358 vnc_write_u32(vs, sizeof(err));
1359 vnc_write(vs, err, sizeof(err));
1362 vnc_client_error(vs);
1364 VNC_DEBUG("Accepting VNC challenge response\n");
1365 vnc_write_u32(vs, 0); /* Accept auth */
1368 vnc_read_when(vs, protocol_client_init, 1);
1373 static int start_auth_vnc(VncState *vs)
1376 /* Send client a 'random' challenge */
1377 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1380 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1386 #define DH_BITS 1024
1387 static gnutls_dh_params_t dh_params;
1389 static int vnc_tls_initialize(void)
1391 static int tlsinitialized = 0;
1396 if (gnutls_global_init () < 0)
1399 /* XXX ought to re-generate diffie-hellmen params periodically */
1400 if (gnutls_dh_params_init (&dh_params) < 0)
1402 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1406 gnutls_global_set_log_level(10);
1407 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1415 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1417 gnutls_anon_server_credentials anon_cred;
1420 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1421 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1425 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1431 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1433 gnutls_certificate_credentials_t x509_cred;
1436 if (!vs->x509cacert) {
1437 VNC_DEBUG("No CA x509 certificate specified\n");
1440 if (!vs->x509cert) {
1441 VNC_DEBUG("No server x509 certificate specified\n");
1445 VNC_DEBUG("No server private key specified\n");
1449 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1450 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1453 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1455 GNUTLS_X509_FMT_PEM)) < 0) {
1456 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1457 gnutls_certificate_free_credentials(x509_cred);
1461 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1464 GNUTLS_X509_FMT_PEM)) < 0) {
1465 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1466 gnutls_certificate_free_credentials(x509_cred);
1470 if (vs->x509cacrl) {
1471 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1473 GNUTLS_X509_FMT_PEM)) < 0) {
1474 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1475 gnutls_certificate_free_credentials(x509_cred);
1480 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1485 static int vnc_validate_certificate(struct VncState *vs)
1488 unsigned int status;
1489 const gnutls_datum_t *certs;
1490 unsigned int nCerts, i;
1493 VNC_DEBUG("Validating client certificate\n");
1494 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1495 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1499 if ((now = time(NULL)) == ((time_t)-1)) {
1504 if (status & GNUTLS_CERT_INVALID)
1505 VNC_DEBUG("The certificate is not trusted.\n");
1507 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1508 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1510 if (status & GNUTLS_CERT_REVOKED)
1511 VNC_DEBUG("The certificate has been revoked.\n");
1513 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1514 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1518 VNC_DEBUG("Certificate is valid!\n");
1521 /* Only support x509 for now */
1522 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1525 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1528 for (i = 0 ; i < nCerts ; i++) {
1529 gnutls_x509_crt_t cert;
1530 VNC_DEBUG ("Checking certificate chain %d\n", i);
1531 if (gnutls_x509_crt_init (&cert) < 0)
1534 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1535 gnutls_x509_crt_deinit (cert);
1539 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1540 VNC_DEBUG("The certificate has expired\n");
1541 gnutls_x509_crt_deinit (cert);
1545 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1546 VNC_DEBUG("The certificate is not yet activated\n");
1547 gnutls_x509_crt_deinit (cert);
1551 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1552 VNC_DEBUG("The certificate is not yet activated\n");
1553 gnutls_x509_crt_deinit (cert);
1557 gnutls_x509_crt_deinit (cert);
1564 static int start_auth_vencrypt_subauth(VncState *vs)
1566 switch (vs->subauth) {
1567 case VNC_AUTH_VENCRYPT_TLSNONE:
1568 case VNC_AUTH_VENCRYPT_X509NONE:
1569 VNC_DEBUG("Accept TLS auth none\n");
1570 vnc_write_u32(vs, 0); /* Accept auth completion */
1571 vnc_read_when(vs, protocol_client_init, 1);
1574 case VNC_AUTH_VENCRYPT_TLSVNC:
1575 case VNC_AUTH_VENCRYPT_X509VNC:
1576 VNC_DEBUG("Start TLS auth VNC\n");
1577 return start_auth_vnc(vs);
1579 default: /* Should not be possible, but just in case */
1580 VNC_DEBUG("Reject auth %d\n", vs->auth);
1581 vnc_write_u8(vs, 1);
1582 if (vs->minor >= 8) {
1583 static const char err[] = "Unsupported authentication type";
1584 vnc_write_u32(vs, sizeof(err));
1585 vnc_write(vs, err, sizeof(err));
1587 vnc_client_error(vs);
1593 static void vnc_handshake_io(void *opaque);
1595 static int vnc_continue_handshake(struct VncState *vs) {
1598 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1599 if (!gnutls_error_is_fatal(ret)) {
1600 VNC_DEBUG("Handshake interrupted (blocking)\n");
1601 if (!gnutls_record_get_direction(vs->tls_session))
1602 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1604 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1607 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1608 vnc_client_error(vs);
1612 if (vs->x509verify) {
1613 if (vnc_validate_certificate(vs) < 0) {
1614 VNC_DEBUG("Client verification failed\n");
1615 vnc_client_error(vs);
1618 VNC_DEBUG("Client verification passed\n");
1622 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1623 vs->wiremode = VNC_WIREMODE_TLS;
1624 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1626 return start_auth_vencrypt_subauth(vs);
1629 static void vnc_handshake_io(void *opaque) {
1630 struct VncState *vs = (struct VncState *)opaque;
1632 VNC_DEBUG("Handshake IO continue\n");
1633 vnc_continue_handshake(vs);
1636 #define NEED_X509_AUTH(vs) \
1637 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1638 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1639 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1642 static int vnc_start_tls(struct VncState *vs) {
1643 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1644 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1645 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1646 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1648 VNC_DEBUG("Do TLS setup\n");
1649 if (vnc_tls_initialize() < 0) {
1650 VNC_DEBUG("Failed to init TLS\n");
1651 vnc_client_error(vs);
1654 if (vs->tls_session == NULL) {
1655 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1656 vnc_client_error(vs);
1660 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1661 gnutls_deinit(vs->tls_session);
1662 vs->tls_session = NULL;
1663 vnc_client_error(vs);
1667 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1668 gnutls_deinit(vs->tls_session);
1669 vs->tls_session = NULL;
1670 vnc_client_error(vs);
1674 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1675 gnutls_deinit(vs->tls_session);
1676 vs->tls_session = NULL;
1677 vnc_client_error(vs);
1681 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1682 gnutls_deinit(vs->tls_session);
1683 vs->tls_session = NULL;
1684 vnc_client_error(vs);
1688 if (NEED_X509_AUTH(vs)) {
1689 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1691 gnutls_deinit(vs->tls_session);
1692 vs->tls_session = NULL;
1693 vnc_client_error(vs);
1696 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1697 gnutls_deinit(vs->tls_session);
1698 vs->tls_session = NULL;
1699 gnutls_certificate_free_credentials(x509_cred);
1700 vnc_client_error(vs);
1703 if (vs->x509verify) {
1704 VNC_DEBUG("Requesting a client certificate\n");
1705 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1709 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1711 gnutls_deinit(vs->tls_session);
1712 vs->tls_session = NULL;
1713 vnc_client_error(vs);
1716 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1717 gnutls_deinit(vs->tls_session);
1718 vs->tls_session = NULL;
1719 gnutls_anon_free_server_credentials(anon_cred);
1720 vnc_client_error(vs);
1725 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1726 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1727 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1730 VNC_DEBUG("Start TLS handshake process\n");
1731 return vnc_continue_handshake(vs);
1734 static int protocol_client_vencrypt_auth(VncState *vs, char *data, size_t len)
1736 int auth = read_u32(data, 0);
1738 if (auth != vs->subauth) {
1739 VNC_DEBUG("Rejecting auth %d\n", auth);
1740 vnc_write_u8(vs, 0); /* Reject auth */
1742 vnc_client_error(vs);
1744 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1745 vnc_write_u8(vs, 1); /* Accept auth */
1748 if (vnc_start_tls(vs) < 0) {
1749 VNC_DEBUG("Failed to complete TLS\n");
1753 if (vs->wiremode == VNC_WIREMODE_TLS) {
1754 VNC_DEBUG("Starting VeNCrypt subauth\n");
1755 return start_auth_vencrypt_subauth(vs);
1757 VNC_DEBUG("TLS handshake blocked\n");
1764 static int protocol_client_vencrypt_init(VncState *vs, char *data, size_t len)
1768 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1769 vnc_write_u8(vs, 1); /* Reject version */
1771 vnc_client_error(vs);
1773 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1774 vnc_write_u8(vs, 0); /* Accept version */
1775 vnc_write_u8(vs, 1); /* Number of sub-auths */
1776 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1778 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1783 static int start_auth_vencrypt(VncState *vs)
1785 /* Send VeNCrypt version 0.2 */
1786 vnc_write_u8(vs, 0);
1787 vnc_write_u8(vs, 2);
1789 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1792 #endif /* CONFIG_VNC_TLS */
1794 static int protocol_client_auth(VncState *vs, char *data, size_t len)
1796 /* We only advertise 1 auth scheme at a time, so client
1797 * must pick the one we sent. Verify this */
1798 if (data[0] != vs->auth) { /* Reject auth */
1799 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1800 vnc_write_u32(vs, 1);
1801 if (vs->minor >= 8) {
1802 static const char err[] = "Authentication failed";
1803 vnc_write_u32(vs, sizeof(err));
1804 vnc_write(vs, err, sizeof(err));
1806 vnc_client_error(vs);
1807 } else { /* Accept requested auth */
1808 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1811 VNC_DEBUG("Accept auth none\n");
1812 if (vs->minor >= 8) {
1813 vnc_write_u32(vs, 0); /* Accept auth completion */
1816 vnc_read_when(vs, protocol_client_init, 1);
1820 VNC_DEBUG("Start VNC auth\n");
1821 return start_auth_vnc(vs);
1824 case VNC_AUTH_VENCRYPT:
1825 VNC_DEBUG("Accept VeNCrypt auth\n");;
1826 return start_auth_vencrypt(vs);
1827 #endif /* CONFIG_VNC_TLS */
1829 default: /* Should not be possible, but just in case */
1830 VNC_DEBUG("Reject auth %d\n", vs->auth);
1831 vnc_write_u8(vs, 1);
1832 if (vs->minor >= 8) {
1833 static const char err[] = "Authentication failed";
1834 vnc_write_u32(vs, sizeof(err));
1835 vnc_write(vs, err, sizeof(err));
1837 vnc_client_error(vs);
1843 static int protocol_version(VncState *vs, char *version, size_t len)
1847 memcpy(local, version, 12);
1850 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1851 VNC_DEBUG("Malformed protocol version %s\n", local);
1852 vnc_client_error(vs);
1855 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1856 if (vs->major != 3 ||
1862 VNC_DEBUG("Unsupported client version\n");
1863 vnc_write_u32(vs, VNC_AUTH_INVALID);
1865 vnc_client_error(vs);
1868 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1869 * as equivalent to v3.3 by servers
1871 if (vs->minor == 4 || vs->minor == 5)
1874 if (vs->minor == 3) {
1875 if (vs->auth == VNC_AUTH_NONE) {
1876 VNC_DEBUG("Tell client auth none\n");
1877 vnc_write_u32(vs, vs->auth);
1879 vnc_read_when(vs, protocol_client_init, 1);
1880 } else if (vs->auth == VNC_AUTH_VNC) {
1881 VNC_DEBUG("Tell client VNC auth\n");
1882 vnc_write_u32(vs, vs->auth);
1886 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1887 vnc_write_u32(vs, VNC_AUTH_INVALID);
1889 vnc_client_error(vs);
1892 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1893 vnc_write_u8(vs, 1); /* num auth */
1894 vnc_write_u8(vs, vs->auth);
1895 vnc_read_when(vs, protocol_client_auth, 1);
1902 static void vnc_listen_read(void *opaque)
1904 VncState *vs = opaque;
1905 struct sockaddr_in addr;
1906 socklen_t addrlen = sizeof(addr);
1908 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1909 if (vs->csock != -1) {
1910 VNC_DEBUG("New client on socket %d\n", vs->csock);
1911 socket_set_nonblock(vs->csock);
1912 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, opaque);
1913 vnc_write(vs, "RFB 003.008\n", 12);
1915 vnc_read_when(vs, protocol_version, 12);
1916 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1917 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1919 vs->has_hextile = 0;
1920 vs->ds->dpy_copy = NULL;
1924 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1926 void vnc_display_init(DisplayState *ds)
1930 vs = qemu_mallocz(sizeof(VncState));
1937 vs->password = NULL;
1947 if (!keyboard_layout)
1948 keyboard_layout = "en-us";
1950 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1951 if (!vs->kbd_layout)
1954 vs->ds->data = NULL;
1955 vs->ds->dpy_update = vnc_dpy_update;
1956 vs->ds->dpy_resize = vnc_dpy_resize;
1957 vs->ds->dpy_refresh = vnc_dpy_refresh;
1959 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1961 vnc_dpy_resize(vs->ds, 640, 400);
1965 static int vnc_set_x509_credential(VncState *vs,
1966 const char *certdir,
1967 const char *filename,
1978 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
1981 strcpy(*cred, certdir);
1983 strcat(*cred, filename);
1985 VNC_DEBUG("Check %s\n", *cred);
1986 if (stat(*cred, &sb) < 0) {
1989 if (ignoreMissing && errno == ENOENT)
1997 static int vnc_set_x509_credential_dir(VncState *vs,
1998 const char *certdir)
2000 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2002 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2004 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2006 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2012 qemu_free(vs->x509cacert);
2013 qemu_free(vs->x509cacrl);
2014 qemu_free(vs->x509cert);
2015 qemu_free(vs->x509key);
2016 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2019 #endif /* CONFIG_VNC_TLS */
2021 void vnc_display_close(DisplayState *ds)
2023 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2026 qemu_free(vs->display);
2029 if (vs->lsock != -1) {
2030 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2034 if (vs->csock != -1) {
2035 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2036 closesocket(vs->csock);
2038 buffer_reset(&vs->input);
2039 buffer_reset(&vs->output);
2040 vs->need_update = 0;
2042 if (vs->tls_session) {
2043 gnutls_deinit(vs->tls_session);
2044 vs->tls_session = NULL;
2046 vs->wiremode = VNC_WIREMODE_CLEAR;
2047 #endif /* CONFIG_VNC_TLS */
2049 vs->auth = VNC_AUTH_INVALID;
2051 vs->subauth = VNC_AUTH_INVALID;
2056 int vnc_display_password(DisplayState *ds, const char *password)
2058 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2061 qemu_free(vs->password);
2062 vs->password = NULL;
2064 if (password && password[0]) {
2065 if (!(vs->password = qemu_strdup(password)))
2072 int vnc_display_open(DisplayState *ds, const char *display)
2074 struct sockaddr *addr;
2075 struct sockaddr_in iaddr;
2077 struct sockaddr_un uaddr;
2079 int reuse_addr, ret;
2082 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2083 const char *options;
2086 int tls = 0, x509 = 0;
2089 vnc_display_close(ds);
2090 if (strcmp(display, "none") == 0)
2093 if (!(vs->display = strdup(display)))
2097 while ((options = strchr(options, ','))) {
2099 if (strncmp(options, "password", 8) == 0) {
2100 password = 1; /* Require password auth */
2102 } else if (strncmp(options, "tls", 3) == 0) {
2103 tls = 1; /* Require TLS */
2104 } else if (strncmp(options, "x509", 4) == 0) {
2106 x509 = 1; /* Require x509 certificates */
2107 if (strncmp(options, "x509verify", 10) == 0)
2108 vs->x509verify = 1; /* ...and verify client certs */
2110 /* Now check for 'x509=/some/path' postfix
2111 * and use that to setup x509 certificate/key paths */
2112 start = strchr(options, '=');
2113 end = strchr(options, ',');
2114 if (start && (!end || (start < end))) {
2115 int len = end ? end-(start+1) : strlen(start+1);
2116 char *path = qemu_malloc(len+1);
2117 strncpy(path, start+1, len);
2119 VNC_DEBUG("Trying certificate path '%s'\n", path);
2120 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2121 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2123 qemu_free(vs->display);
2129 fprintf(stderr, "No certificate path provided\n");
2130 qemu_free(vs->display);
2141 vs->auth = VNC_AUTH_VENCRYPT;
2143 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2144 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2146 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2147 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2151 VNC_DEBUG("Initializing VNC server with password auth\n");
2152 vs->auth = VNC_AUTH_VNC;
2154 vs->subauth = VNC_AUTH_INVALID;
2160 vs->auth = VNC_AUTH_VENCRYPT;
2162 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2163 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2165 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2166 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2170 VNC_DEBUG("Initializing VNC server with no auth\n");
2171 vs->auth = VNC_AUTH_NONE;
2173 vs->subauth = VNC_AUTH_INVALID;
2178 if (strstart(display, "unix:", &p)) {
2179 addr = (struct sockaddr *)&uaddr;
2180 addrlen = sizeof(uaddr);
2182 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2183 if (vs->lsock == -1) {
2184 fprintf(stderr, "Could not create socket\n");
2190 uaddr.sun_family = AF_UNIX;
2191 memset(uaddr.sun_path, 0, 108);
2192 snprintf(uaddr.sun_path, 108, "%s", p);
2194 unlink(uaddr.sun_path);
2198 addr = (struct sockaddr *)&iaddr;
2199 addrlen = sizeof(iaddr);
2201 if (parse_host_port(&iaddr, display) < 0) {
2202 fprintf(stderr, "Could not parse VNC address\n");
2208 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + 5900);
2210 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2211 if (vs->lsock == -1) {
2212 fprintf(stderr, "Could not create socket\n");
2219 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2220 (const char *)&reuse_addr, sizeof(reuse_addr));
2222 fprintf(stderr, "setsockopt() failed\n");
2231 if (bind(vs->lsock, addr, addrlen) == -1) {
2232 fprintf(stderr, "bind() failed\n");
2240 if (listen(vs->lsock, 1) == -1) {
2241 fprintf(stderr, "listen() failed\n");
2249 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
projects / qemu / blob