2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
30 #include "qemu_socket.h"
31 #include "qemu-timer.h"
32 #include "audio/audio.h"
35 #define VNC_REFRESH_INTERVAL (1000 / 30)
38 #include "vnc_keysym.h"
43 #include <gnutls/gnutls.h>
44 #include <gnutls/x509.h>
45 #endif /* CONFIG_VNC_TLS */
47 // #define _VNC_DEBUG 1
50 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
52 #if defined(CONFIG_VNC_TLS) && _VNC_DEBUG >= 2
53 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
54 static void vnc_debug_gnutls_log(int level, const char* str) {
55 VNC_DEBUG("%d %s", level, str);
57 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
59 #define VNC_DEBUG(fmt, ...) do { } while (0)
62 #define count_bits(c, v) { \
63 for (c = 0; v; v >>= 1) \
76 typedef struct VncState VncState;
78 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
80 typedef void VncWritePixels(VncState *vs, void *data, int size);
82 typedef void VncSendHextileTile(VncState *vs,
83 int x, int y, int w, int h,
86 int *has_bg, int *has_fg);
88 #define VNC_MAX_WIDTH 2048
89 #define VNC_MAX_HEIGHT 2048
90 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
92 #define VNC_AUTH_CHALLENGE_SIZE 16
94 typedef struct VncDisplay VncDisplay;
101 kbd_layout_t *kbd_layout;
106 #ifdef CONFIG_VNC_TLS
124 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
131 uint32_t vnc_encoding;
132 uint8_t tight_quality;
133 uint8_t tight_compression;
138 char challenge[VNC_AUTH_CHALLENGE_SIZE];
140 #ifdef CONFIG_VNC_TLS
142 gnutls_session_t tls_session;
147 /* current output mode information */
148 VncWritePixels *write_pixels;
149 VncSendHextileTile *send_hextile_tile;
150 DisplaySurface clientds, serverds;
152 CaptureVoiceOut *audio_cap;
153 struct audsettings as;
155 VncReadEvent *read_handler;
156 size_t read_handler_expect;
158 uint8_t modifiers_state[256];
162 z_stream zlib_stream[4];
167 static VncDisplay *vnc_display; /* needed for info vnc */
168 static DisplayChangeListener *dcl;
170 void do_info_vnc(Monitor *mon)
172 if (vnc_display == NULL || vnc_display->display == NULL)
173 monitor_printf(mon, "VNC server disabled\n");
175 monitor_printf(mon, "VNC server active on: ");
176 monitor_print_filename(mon, vnc_display->display);
177 monitor_printf(mon, "\n");
179 if (vnc_display->clients == NULL)
180 monitor_printf(mon, "No client connected\n");
182 monitor_printf(mon, "Client connected\n");
186 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
187 return (vs->features & (1 << feature));
191 1) Get the queue working for IO.
192 2) there is some weirdness when using the -S option (the screen is grey
193 and not totally invalidated
194 3) resolutions > 1024
197 static void vnc_write(VncState *vs, const void *data, size_t len);
198 static void vnc_write_u32(VncState *vs, uint32_t value);
199 static void vnc_write_s32(VncState *vs, int32_t value);
200 static void vnc_write_u16(VncState *vs, uint16_t value);
201 static void vnc_write_u8(VncState *vs, uint8_t value);
202 static void vnc_flush(VncState *vs);
203 static void vnc_update_client(void *opaque);
204 static void vnc_client_read(void *opaque);
206 static void vnc_colordepth(VncState *vs);
208 static inline void vnc_set_bit(uint32_t *d, int k)
210 d[k >> 5] |= 1 << (k & 0x1f);
213 static inline void vnc_clear_bit(uint32_t *d, int k)
215 d[k >> 5] &= ~(1 << (k & 0x1f));
218 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
228 d[j++] = (1 << n) - 1;
233 static inline int vnc_get_bit(const uint32_t *d, int k)
235 return (d[k >> 5] >> (k & 0x1f)) & 1;
238 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
242 for(i = 0; i < nb_words; i++) {
243 if ((d1[i] & d2[i]) != 0)
249 static void vnc_update(VncState *vs, int x, int y, int w, int h)
255 /* round x down to ensure the loop only spans one 16-pixel block per,
256 iteration. otherwise, if (x % 16) != 0, the last iteration may span
257 two 16-pixel blocks but we only mark the first as dirty
262 x = MIN(x, vs->serverds.width);
263 y = MIN(y, vs->serverds.height);
264 w = MIN(x + w, vs->serverds.width) - x;
265 h = MIN(h, vs->serverds.height);
268 for (i = 0; i < w; i += 16)
269 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
272 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
274 VncDisplay *vd = ds->opaque;
275 VncState *vs = vd->clients;
277 vnc_update(vs, x, y, w, h);
282 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
285 vnc_write_u16(vs, x);
286 vnc_write_u16(vs, y);
287 vnc_write_u16(vs, w);
288 vnc_write_u16(vs, h);
290 vnc_write_s32(vs, encoding);
293 static void buffer_reserve(Buffer *buffer, size_t len)
295 if ((buffer->capacity - buffer->offset) < len) {
296 buffer->capacity += (len + 1024);
297 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
298 if (buffer->buffer == NULL) {
299 fprintf(stderr, "vnc: out of memory\n");
305 static int buffer_empty(Buffer *buffer)
307 return buffer->offset == 0;
310 static uint8_t *buffer_end(Buffer *buffer)
312 return buffer->buffer + buffer->offset;
315 static void buffer_reset(Buffer *buffer)
320 static void buffer_append(Buffer *buffer, const void *data, size_t len)
322 memcpy(buffer->buffer + buffer->offset, data, len);
323 buffer->offset += len;
326 static void vnc_resize(VncState *vs)
328 DisplayState *ds = vs->ds;
332 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
334 if (vs->old_data == NULL) {
335 fprintf(stderr, "vnc: memory allocation failed\n");
339 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
340 console_color_init(ds);
342 size_changed = ds_get_width(ds) != vs->serverds.width ||
343 ds_get_height(ds) != vs->serverds.height;
344 vs->serverds = *(ds->surface);
346 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
347 vnc_write_u8(vs, 0); /* msg id */
349 vnc_write_u16(vs, 1); /* number of rects */
350 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
351 VNC_ENCODING_DESKTOPRESIZE);
356 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
357 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
360 static void vnc_dpy_resize(DisplayState *ds)
362 VncDisplay *vd = ds->opaque;
363 VncState *vs = vd->clients;
371 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
373 vnc_write(vs, pixels, size);
376 /* slowest but generic code. */
377 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
381 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
382 vs->serverds.pf.rbits);
383 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
384 vs->serverds.pf.gbits);
385 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
386 vs->serverds.pf.bbits);
387 v = (r << vs->clientds.pf.rshift) |
388 (g << vs->clientds.pf.gshift) |
389 (b << vs->clientds.pf.bshift);
390 switch(vs->clientds.pf.bytes_per_pixel) {
395 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
405 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
420 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
424 if (vs->serverds.pf.bytes_per_pixel == 4) {
425 uint32_t *pixels = pixels1;
428 for(i = 0; i < n; i++) {
429 vnc_convert_pixel(vs, buf, pixels[i]);
430 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
432 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
433 uint16_t *pixels = pixels1;
436 for(i = 0; i < n; i++) {
437 vnc_convert_pixel(vs, buf, pixels[i]);
438 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
440 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
441 uint8_t *pixels = pixels1;
444 for(i = 0; i < n; i++) {
445 vnc_convert_pixel(vs, buf, pixels[i]);
446 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
449 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
453 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
458 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
459 for (i = 0; i < h; i++) {
460 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
461 row += ds_get_linesize(vs->ds);
465 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
467 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
468 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
472 #include "vnchextile.h"
476 #include "vnchextile.h"
480 #include "vnchextile.h"
485 #include "vnchextile.h"
491 #include "vnchextile.h"
497 #include "vnchextile.h"
501 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
505 uint8_t *last_fg, *last_bg;
507 last_fg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
508 last_bg = (uint8_t *) qemu_malloc(vs->serverds.pf.bytes_per_pixel);
510 for (j = y; j < (y + h); j += 16) {
511 for (i = x; i < (x + w); i += 16) {
512 vs->send_hextile_tile(vs, i, j,
513 MIN(16, x + w - i), MIN(16, y + h - j),
514 last_bg, last_fg, &has_bg, &has_fg);
522 static void vnc_zlib_init(VncState *vs)
525 for (i=0; i<(sizeof(vs->zlib_stream) / sizeof(z_stream)); i++)
526 vs->zlib_stream[i].opaque = NULL;
529 static void vnc_zlib_start(VncState *vs)
531 buffer_reset(&vs->zlib);
533 // make the output buffer be the zlib buffer, so we can compress it later
534 vs->zlib_tmp = vs->output;
535 vs->output = vs->zlib;
538 static int vnc_zlib_stop(VncState *vs, int stream_id)
540 z_streamp zstream = &vs->zlib_stream[stream_id];
543 // switch back to normal output/zlib buffers
544 vs->zlib = vs->output;
545 vs->output = vs->zlib_tmp;
547 // compress the zlib buffer
549 // initialize the stream
550 // XXX need one stream per session
551 if (zstream->opaque != vs) {
554 VNC_DEBUG("VNC: initializing zlib stream %d\n", stream_id);
555 VNC_DEBUG("VNC: opaque = %p | vs = %p\n", zstream->opaque, vs);
556 zstream->zalloc = Z_NULL;
557 zstream->zfree = Z_NULL;
559 err = deflateInit2(zstream, vs->tight_compression, Z_DEFLATED, MAX_WBITS,
560 MAX_MEM_LEVEL, Z_DEFAULT_STRATEGY);
563 fprintf(stderr, "VNC: error initializing zlib\n");
567 zstream->opaque = vs;
570 // XXX what to do if tight_compression changed in between?
572 // reserve memory in output buffer
573 buffer_reserve(&vs->output, vs->zlib.offset + 64);
576 zstream->next_in = vs->zlib.buffer;
577 zstream->avail_in = vs->zlib.offset;
578 zstream->next_out = vs->output.buffer + vs->output.offset;
579 zstream->avail_out = vs->output.capacity - vs->output.offset;
580 zstream->data_type = Z_BINARY;
581 previous_out = zstream->total_out;
584 if (deflate(zstream, Z_SYNC_FLUSH) != Z_OK) {
585 fprintf(stderr, "VNC: error during zlib compression\n");
589 vs->output.offset = vs->output.capacity - zstream->avail_out;
590 return zstream->total_out - previous_out;
593 static void send_framebuffer_update_zlib(VncState *vs, int x, int y, int w, int h)
595 int old_offset, new_offset, bytes_written;
597 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_ZLIB);
599 // remember where we put in the follow-up size
600 old_offset = vs->output.offset;
601 vnc_write_s32(vs, 0);
603 // compress the stream
605 send_framebuffer_update_raw(vs, x, y, w, h);
606 bytes_written = vnc_zlib_stop(vs, 0);
608 if (bytes_written == -1)
612 new_offset = vs->output.offset;
613 vs->output.offset = old_offset;
614 vnc_write_u32(vs, bytes_written);
615 vs->output.offset = new_offset;
618 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
620 switch(vs->vnc_encoding) {
621 case VNC_ENCODING_ZLIB:
622 send_framebuffer_update_zlib(vs, x, y, w, h);
624 case VNC_ENCODING_HEXTILE:
625 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
626 send_framebuffer_update_hextile(vs, x, y, w, h);
629 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
630 send_framebuffer_update_raw(vs, x, y, w, h);
635 static void vnc_copy(VncState *vs, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
637 vnc_update_client(vs);
639 vnc_write_u8(vs, 0); /* msg id */
641 vnc_write_u16(vs, 1); /* number of rects */
642 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
643 vnc_write_u16(vs, src_x);
644 vnc_write_u16(vs, src_y);
648 static void vnc_dpy_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
650 VncDisplay *vd = ds->opaque;
651 VncState *vs = vd->clients;
653 if (vnc_has_feature(vs, VNC_FEATURE_COPYRECT))
654 vnc_copy(vs, src_x, src_y, dst_x, dst_y, w, h);
656 vnc_update(vs, dst_x, dst_y, w, h);
661 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
665 for (h = 1; h < (vs->serverds.height - y); h++) {
667 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
669 for (tmp_x = last_x; tmp_x < x; tmp_x++)
670 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
676 static void vnc_update_client(void *opaque)
678 VncState *vs = opaque;
679 if (vs->need_update && vs->csock != -1) {
683 uint32_t width_mask[VNC_DIRTY_WORDS];
690 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
692 /* Walk through the dirty map and eliminate tiles that
693 really aren't dirty */
694 row = ds_get_data(vs->ds);
695 old_row = vs->old_data;
697 for (y = 0; y < ds_get_height(vs->ds); y++) {
698 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
704 old_ptr = (char*)old_row;
706 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
707 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
708 vnc_clear_bit(vs->dirty_row[y], (x / 16));
711 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
714 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
715 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
719 row += ds_get_linesize(vs->ds);
720 old_row += ds_get_linesize(vs->ds);
723 if (!has_dirty && !vs->audio_cap) {
724 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
728 /* Count rectangles */
730 vnc_write_u8(vs, 0); /* msg id */
732 saved_offset = vs->output.offset;
733 vnc_write_u16(vs, 0);
735 for (y = 0; y < vs->serverds.height; y++) {
738 for (x = 0; x < vs->serverds.width / 16; x++) {
739 if (vnc_get_bit(vs->dirty_row[y], x)) {
743 vnc_clear_bit(vs->dirty_row[y], x);
746 int h = find_dirty_height(vs, y, last_x, x);
747 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
754 int h = find_dirty_height(vs, y, last_x, x);
755 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
759 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
760 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
765 if (vs->csock != -1) {
766 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
772 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
774 VncState *vs = opaque;
777 case AUD_CNOTIFY_DISABLE:
778 vnc_write_u8(vs, 255);
780 vnc_write_u16(vs, 0);
784 case AUD_CNOTIFY_ENABLE:
785 vnc_write_u8(vs, 255);
787 vnc_write_u16(vs, 1);
793 static void audio_capture_destroy(void *opaque)
797 static void audio_capture(void *opaque, void *buf, int size)
799 VncState *vs = opaque;
801 vnc_write_u8(vs, 255);
803 vnc_write_u16(vs, 2);
804 vnc_write_u32(vs, size);
805 vnc_write(vs, buf, size);
809 static void audio_add(VncState *vs)
811 Monitor *mon = cur_mon;
812 struct audio_capture_ops ops;
815 monitor_printf(mon, "audio already running\n");
819 ops.notify = audio_capture_notify;
820 ops.destroy = audio_capture_destroy;
821 ops.capture = audio_capture;
823 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
824 if (!vs->audio_cap) {
825 monitor_printf(mon, "Failed to add audio capture\n");
829 static void audio_del(VncState *vs)
832 AUD_del_capture(vs->audio_cap, vs);
833 vs->audio_cap = NULL;
837 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
839 if (ret == 0 || ret == -1) {
841 switch (last_errno) {
853 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
854 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
855 closesocket(vs->csock);
856 qemu_del_timer(vs->timer);
857 qemu_free_timer(vs->timer);
858 if (vs->input.buffer) qemu_free(vs->input.buffer);
859 if (vs->output.buffer) qemu_free(vs->output.buffer);
860 #ifdef CONFIG_VNC_TLS
861 if (vs->tls_session) {
862 gnutls_deinit(vs->tls_session);
863 vs->tls_session = NULL;
865 #endif /* CONFIG_VNC_TLS */
868 VncState *p, *parent = NULL;
869 for (p = vs->vd->clients; p != NULL; p = p->next) {
872 parent->next = p->next;
874 vs->vd->clients = p->next;
879 if (!vs->vd->clients)
882 qemu_free(vs->old_data);
890 static void vnc_client_error(VncState *vs)
892 vnc_client_io_error(vs, -1, EINVAL);
895 static void vnc_client_write(void *opaque)
898 VncState *vs = opaque;
900 #ifdef CONFIG_VNC_TLS
901 if (vs->tls_session) {
902 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
904 if (ret == GNUTLS_E_AGAIN)
911 #endif /* CONFIG_VNC_TLS */
912 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
913 ret = vnc_client_io_error(vs, ret, socket_error());
917 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
918 vs->output.offset -= ret;
920 if (vs->output.offset == 0) {
921 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
925 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
927 vs->read_handler = func;
928 vs->read_handler_expect = expecting;
931 static void vnc_client_read(void *opaque)
933 VncState *vs = opaque;
936 buffer_reserve(&vs->input, 4096);
938 #ifdef CONFIG_VNC_TLS
939 if (vs->tls_session) {
940 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
942 if (ret == GNUTLS_E_AGAIN)
949 #endif /* CONFIG_VNC_TLS */
950 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
951 ret = vnc_client_io_error(vs, ret, socket_error());
955 vs->input.offset += ret;
957 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
958 size_t len = vs->read_handler_expect;
961 ret = vs->read_handler(vs, vs->input.buffer, len);
966 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
967 vs->input.offset -= len;
969 vs->read_handler_expect = ret;
974 static void vnc_write(VncState *vs, const void *data, size_t len)
976 buffer_reserve(&vs->output, len);
978 if (buffer_empty(&vs->output)) {
979 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
982 buffer_append(&vs->output, data, len);
985 static void vnc_write_s32(VncState *vs, int32_t value)
987 vnc_write_u32(vs, *(uint32_t *)&value);
990 static void vnc_write_u32(VncState *vs, uint32_t value)
994 buf[0] = (value >> 24) & 0xFF;
995 buf[1] = (value >> 16) & 0xFF;
996 buf[2] = (value >> 8) & 0xFF;
997 buf[3] = value & 0xFF;
999 vnc_write(vs, buf, 4);
1002 static void vnc_write_u16(VncState *vs, uint16_t value)
1006 buf[0] = (value >> 8) & 0xFF;
1007 buf[1] = value & 0xFF;
1009 vnc_write(vs, buf, 2);
1012 static void vnc_write_u8(VncState *vs, uint8_t value)
1014 vnc_write(vs, (char *)&value, 1);
1017 static void vnc_flush(VncState *vs)
1019 if (vs->output.offset)
1020 vnc_client_write(vs);
1023 static uint8_t read_u8(uint8_t *data, size_t offset)
1025 return data[offset];
1028 static uint16_t read_u16(uint8_t *data, size_t offset)
1030 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
1033 static int32_t read_s32(uint8_t *data, size_t offset)
1035 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
1036 (data[offset + 2] << 8) | data[offset + 3]);
1039 static uint32_t read_u32(uint8_t *data, size_t offset)
1041 return ((data[offset] << 24) | (data[offset + 1] << 16) |
1042 (data[offset + 2] << 8) | data[offset + 3]);
1045 #ifdef CONFIG_VNC_TLS
1046 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
1049 struct VncState *vs = (struct VncState *)transport;
1053 ret = send(vs->csock, data, len, 0);
1063 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
1066 struct VncState *vs = (struct VncState *)transport;
1070 ret = recv(vs->csock, data, len, 0);
1078 #endif /* CONFIG_VNC_TLS */
1080 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
1084 static void check_pointer_type_change(VncState *vs, int absolute)
1086 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
1087 vnc_write_u8(vs, 0);
1088 vnc_write_u8(vs, 0);
1089 vnc_write_u16(vs, 1);
1090 vnc_framebuffer_update(vs, absolute, 0,
1091 ds_get_width(vs->ds), ds_get_height(vs->ds),
1092 VNC_ENCODING_POINTER_TYPE_CHANGE);
1095 vs->absolute = absolute;
1098 static void pointer_event(VncState *vs, int button_mask, int x, int y)
1103 if (button_mask & 0x01)
1104 buttons |= MOUSE_EVENT_LBUTTON;
1105 if (button_mask & 0x02)
1106 buttons |= MOUSE_EVENT_MBUTTON;
1107 if (button_mask & 0x04)
1108 buttons |= MOUSE_EVENT_RBUTTON;
1109 if (button_mask & 0x08)
1111 if (button_mask & 0x10)
1115 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
1116 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
1118 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
1122 kbd_mouse_event(x, y, dz, buttons);
1124 if (vs->last_x != -1)
1125 kbd_mouse_event(x - vs->last_x,
1132 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1135 static void reset_keys(VncState *vs)
1138 for(i = 0; i < 256; i++) {
1139 if (vs->modifiers_state[i]) {
1141 kbd_put_keycode(0xe0);
1142 kbd_put_keycode(i | 0x80);
1143 vs->modifiers_state[i] = 0;
1148 static void press_key(VncState *vs, int keysym)
1150 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) & 0x7f);
1151 kbd_put_keycode(keysym2scancode(vs->vd->kbd_layout, keysym) | 0x80);
1154 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1156 /* QEMU console switch */
1158 case 0x2a: /* Left Shift */
1159 case 0x36: /* Right Shift */
1160 case 0x1d: /* Left CTRL */
1161 case 0x9d: /* Right CTRL */
1162 case 0x38: /* Left ALT */
1163 case 0xb8: /* Right ALT */
1165 vs->modifiers_state[keycode] = 1;
1167 vs->modifiers_state[keycode] = 0;
1169 case 0x02 ... 0x0a: /* '1' to '9' keys */
1170 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1171 /* Reset the modifiers sent to the current console */
1173 console_select(keycode - 0x02);
1177 case 0x3a: /* CapsLock */
1178 case 0x45: /* NumLock */
1180 vs->modifiers_state[keycode] ^= 1;
1184 if (keycode_is_keypad(vs->vd->kbd_layout, keycode)) {
1185 /* If the numlock state needs to change then simulate an additional
1186 keypress before sending this one. This will happen if the user
1187 toggles numlock away from the VNC window.
1189 if (keysym_is_numlock(vs->vd->kbd_layout, sym & 0xFFFF)) {
1190 if (!vs->modifiers_state[0x45]) {
1191 vs->modifiers_state[0x45] = 1;
1192 press_key(vs, 0xff7f);
1195 if (vs->modifiers_state[0x45]) {
1196 vs->modifiers_state[0x45] = 0;
1197 press_key(vs, 0xff7f);
1202 if (is_graphic_console()) {
1204 kbd_put_keycode(0xe0);
1206 kbd_put_keycode(keycode & 0x7f);
1208 kbd_put_keycode(keycode | 0x80);
1210 /* QEMU console emulation */
1213 case 0x2a: /* Left Shift */
1214 case 0x36: /* Right Shift */
1215 case 0x1d: /* Left CTRL */
1216 case 0x9d: /* Right CTRL */
1217 case 0x38: /* Left ALT */
1218 case 0xb8: /* Right ALT */
1221 kbd_put_keysym(QEMU_KEY_UP);
1224 kbd_put_keysym(QEMU_KEY_DOWN);
1227 kbd_put_keysym(QEMU_KEY_LEFT);
1230 kbd_put_keysym(QEMU_KEY_RIGHT);
1233 kbd_put_keysym(QEMU_KEY_DELETE);
1236 kbd_put_keysym(QEMU_KEY_HOME);
1239 kbd_put_keysym(QEMU_KEY_END);
1242 kbd_put_keysym(QEMU_KEY_PAGEUP);
1245 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1248 kbd_put_keysym(sym);
1255 static void key_event(VncState *vs, int down, uint32_t sym)
1259 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1260 sym = sym - 'A' + 'a';
1262 keycode = keysym2scancode(vs->vd->kbd_layout, sym & 0xFFFF);
1263 do_key_event(vs, down, keycode, sym);
1266 static void ext_key_event(VncState *vs, int down,
1267 uint32_t sym, uint16_t keycode)
1269 /* if the user specifies a keyboard layout, always use it */
1270 if (keyboard_layout)
1271 key_event(vs, down, sym);
1273 do_key_event(vs, down, keycode, sym);
1276 static void framebuffer_update_request(VncState *vs, int incremental,
1277 int x_position, int y_position,
1280 if (x_position > ds_get_width(vs->ds))
1281 x_position = ds_get_width(vs->ds);
1282 if (y_position > ds_get_height(vs->ds))
1283 y_position = ds_get_height(vs->ds);
1284 if (x_position + w >= ds_get_width(vs->ds))
1285 w = ds_get_width(vs->ds) - x_position;
1286 if (y_position + h >= ds_get_height(vs->ds))
1287 h = ds_get_height(vs->ds) - y_position;
1290 vs->need_update = 1;
1292 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1294 for (i = 0; i < h; i++) {
1295 vnc_set_bits(vs->dirty_row[y_position + i],
1296 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1297 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1298 old_row += ds_get_linesize(vs->ds);
1303 static void send_ext_key_event_ack(VncState *vs)
1305 vnc_write_u8(vs, 0);
1306 vnc_write_u8(vs, 0);
1307 vnc_write_u16(vs, 1);
1308 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1309 VNC_ENCODING_EXT_KEY_EVENT);
1313 static void send_ext_audio_ack(VncState *vs)
1315 vnc_write_u8(vs, 0);
1316 vnc_write_u8(vs, 0);
1317 vnc_write_u16(vs, 1);
1318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1319 VNC_ENCODING_AUDIO);
1323 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1326 unsigned int enc = 0;
1330 vs->vnc_encoding = 0;
1331 vs->tight_compression = 9;
1332 vs->tight_quality = 9;
1335 for (i = n_encodings - 1; i >= 0; i--) {
1338 case VNC_ENCODING_RAW:
1339 vs->vnc_encoding = enc;
1341 case VNC_ENCODING_COPYRECT:
1342 vs->features |= VNC_FEATURE_COPYRECT_MASK;
1344 case VNC_ENCODING_HEXTILE:
1345 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1346 vs->vnc_encoding = enc;
1348 case VNC_ENCODING_ZLIB:
1349 vs->features |= VNC_FEATURE_ZLIB_MASK;
1350 vs->vnc_encoding = enc;
1352 case VNC_ENCODING_DESKTOPRESIZE:
1353 vs->features |= VNC_FEATURE_RESIZE_MASK;
1355 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1356 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1358 case VNC_ENCODING_EXT_KEY_EVENT:
1359 send_ext_key_event_ack(vs);
1361 case VNC_ENCODING_AUDIO:
1362 send_ext_audio_ack(vs);
1364 case VNC_ENCODING_WMVi:
1365 vs->features |= VNC_FEATURE_WMVI_MASK;
1367 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1368 vs->tight_compression = (enc & 0x0F);
1370 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1371 vs->tight_quality = (enc & 0x0F);
1374 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1379 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1382 static void set_pixel_conversion(VncState *vs)
1384 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1385 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1386 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1387 vs->write_pixels = vnc_write_pixels_copy;
1388 switch (vs->ds->surface->pf.bits_per_pixel) {
1390 vs->send_hextile_tile = send_hextile_tile_8;
1393 vs->send_hextile_tile = send_hextile_tile_16;
1396 vs->send_hextile_tile = send_hextile_tile_32;
1400 vs->write_pixels = vnc_write_pixels_generic;
1401 switch (vs->ds->surface->pf.bits_per_pixel) {
1403 vs->send_hextile_tile = send_hextile_tile_generic_8;
1406 vs->send_hextile_tile = send_hextile_tile_generic_16;
1409 vs->send_hextile_tile = send_hextile_tile_generic_32;
1415 static void set_pixel_format(VncState *vs,
1416 int bits_per_pixel, int depth,
1417 int big_endian_flag, int true_color_flag,
1418 int red_max, int green_max, int blue_max,
1419 int red_shift, int green_shift, int blue_shift)
1421 if (!true_color_flag) {
1422 vnc_client_error(vs);
1426 vs->clientds = vs->serverds;
1427 vs->clientds.pf.rmax = red_max;
1428 count_bits(vs->clientds.pf.rbits, red_max);
1429 vs->clientds.pf.rshift = red_shift;
1430 vs->clientds.pf.rmask = red_max << red_shift;
1431 vs->clientds.pf.gmax = green_max;
1432 count_bits(vs->clientds.pf.gbits, green_max);
1433 vs->clientds.pf.gshift = green_shift;
1434 vs->clientds.pf.gmask = green_max << green_shift;
1435 vs->clientds.pf.bmax = blue_max;
1436 count_bits(vs->clientds.pf.bbits, blue_max);
1437 vs->clientds.pf.bshift = blue_shift;
1438 vs->clientds.pf.bmask = blue_max << blue_shift;
1439 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1440 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1441 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1442 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1444 set_pixel_conversion(vs);
1446 vga_hw_invalidate();
1450 static void pixel_format_message (VncState *vs) {
1451 char pad[3] = { 0, 0, 0 };
1453 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1454 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1456 #ifdef WORDS_BIGENDIAN
1457 vnc_write_u8(vs, 1); /* big-endian-flag */
1459 vnc_write_u8(vs, 0); /* big-endian-flag */
1461 vnc_write_u8(vs, 1); /* true-color-flag */
1462 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1463 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1464 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1465 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1466 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1467 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1468 if (vs->ds->surface->pf.bits_per_pixel == 32)
1469 vs->send_hextile_tile = send_hextile_tile_32;
1470 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1471 vs->send_hextile_tile = send_hextile_tile_16;
1472 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1473 vs->send_hextile_tile = send_hextile_tile_8;
1474 vs->clientds = *(vs->ds->surface);
1475 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1476 vs->write_pixels = vnc_write_pixels_copy;
1478 vnc_write(vs, pad, 3); /* padding */
1481 static void vnc_dpy_setdata(DisplayState *ds)
1483 /* We don't have to do anything */
1486 static void vnc_colordepth(VncState *vs)
1488 if (vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1489 /* Sending a WMVi message to notify the client*/
1490 vnc_write_u8(vs, 0); /* msg id */
1491 vnc_write_u8(vs, 0);
1492 vnc_write_u16(vs, 1); /* number of rects */
1493 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds),
1494 ds_get_height(vs->ds), VNC_ENCODING_WMVi);
1495 pixel_format_message(vs);
1498 set_pixel_conversion(vs);
1502 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1512 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1513 read_u8(data, 6), read_u8(data, 7),
1514 read_u16(data, 8), read_u16(data, 10),
1515 read_u16(data, 12), read_u8(data, 14),
1516 read_u8(data, 15), read_u8(data, 16));
1523 limit = read_u16(data, 2);
1525 return 4 + (limit * 4);
1527 limit = read_u16(data, 2);
1529 for (i = 0; i < limit; i++) {
1530 int32_t val = read_s32(data, 4 + (i * 4));
1531 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1534 set_encodings(vs, (int32_t *)(data + 4), limit);
1540 framebuffer_update_request(vs,
1541 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1542 read_u16(data, 6), read_u16(data, 8));
1548 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1554 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1561 uint32_t dlen = read_u32(data, 4);
1566 client_cut_text(vs, read_u32(data, 4), data + 8);
1572 switch (read_u8(data, 1)) {
1577 ext_key_event(vs, read_u16(data, 2),
1578 read_u32(data, 4), read_u32(data, 8));
1584 switch (read_u16 (data, 2)) {
1594 switch (read_u8(data, 4)) {
1595 case 0: vs->as.fmt = AUD_FMT_U8; break;
1596 case 1: vs->as.fmt = AUD_FMT_S8; break;
1597 case 2: vs->as.fmt = AUD_FMT_U16; break;
1598 case 3: vs->as.fmt = AUD_FMT_S16; break;
1599 case 4: vs->as.fmt = AUD_FMT_U32; break;
1600 case 5: vs->as.fmt = AUD_FMT_S32; break;
1602 printf("Invalid audio format %d\n", read_u8(data, 4));
1603 vnc_client_error(vs);
1606 vs->as.nchannels = read_u8(data, 5);
1607 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1608 printf("Invalid audio channel coount %d\n",
1610 vnc_client_error(vs);
1613 vs->as.freq = read_u32(data, 6);
1616 printf ("Invalid audio message %d\n", read_u8(data, 4));
1617 vnc_client_error(vs);
1623 printf("Msg: %d\n", read_u16(data, 0));
1624 vnc_client_error(vs);
1629 printf("Msg: %d\n", data[0]);
1630 vnc_client_error(vs);
1634 vnc_read_when(vs, protocol_client_msg, 1);
1638 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1643 vnc_write_u16(vs, ds_get_width(vs->ds));
1644 vnc_write_u16(vs, ds_get_height(vs->ds));
1646 pixel_format_message(vs);
1649 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1651 size = snprintf(buf, sizeof(buf), "QEMU");
1653 vnc_write_u32(vs, size);
1654 vnc_write(vs, buf, size);
1657 vnc_read_when(vs, protocol_client_msg, 1);
1662 static void make_challenge(VncState *vs)
1666 srand(time(NULL)+getpid()+getpid()*987654+rand());
1668 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1669 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1672 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1674 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1676 unsigned char key[8];
1678 if (!vs->vd->password || !vs->vd->password[0]) {
1679 VNC_DEBUG("No password configured on server");
1680 vnc_write_u32(vs, 1); /* Reject auth */
1681 if (vs->minor >= 8) {
1682 static const char err[] = "Authentication failed";
1683 vnc_write_u32(vs, sizeof(err));
1684 vnc_write(vs, err, sizeof(err));
1687 vnc_client_error(vs);
1691 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1693 /* Calculate the expected challenge response */
1694 pwlen = strlen(vs->vd->password);
1695 for (i=0; i<sizeof(key); i++)
1696 key[i] = i<pwlen ? vs->vd->password[i] : 0;
1698 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1699 des(response+j, response+j);
1701 /* Compare expected vs actual challenge response */
1702 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1703 VNC_DEBUG("Client challenge reponse did not match\n");
1704 vnc_write_u32(vs, 1); /* Reject auth */
1705 if (vs->minor >= 8) {
1706 static const char err[] = "Authentication failed";
1707 vnc_write_u32(vs, sizeof(err));
1708 vnc_write(vs, err, sizeof(err));
1711 vnc_client_error(vs);
1713 VNC_DEBUG("Accepting VNC challenge response\n");
1714 vnc_write_u32(vs, 0); /* Accept auth */
1717 vnc_read_when(vs, protocol_client_init, 1);
1722 static int start_auth_vnc(VncState *vs)
1725 /* Send client a 'random' challenge */
1726 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1729 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1734 #ifdef CONFIG_VNC_TLS
1735 #define DH_BITS 1024
1736 static gnutls_dh_params_t dh_params;
1738 static int vnc_tls_initialize(void)
1740 static int tlsinitialized = 0;
1745 if (gnutls_global_init () < 0)
1748 /* XXX ought to re-generate diffie-hellmen params periodically */
1749 if (gnutls_dh_params_init (&dh_params) < 0)
1751 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1754 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1755 gnutls_global_set_log_level(10);
1756 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1764 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1766 gnutls_anon_server_credentials anon_cred;
1769 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1770 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1774 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1780 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1782 gnutls_certificate_credentials_t x509_cred;
1785 if (!vs->vd->x509cacert) {
1786 VNC_DEBUG("No CA x509 certificate specified\n");
1789 if (!vs->vd->x509cert) {
1790 VNC_DEBUG("No server x509 certificate specified\n");
1793 if (!vs->vd->x509key) {
1794 VNC_DEBUG("No server private key specified\n");
1798 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1799 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1802 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1804 GNUTLS_X509_FMT_PEM)) < 0) {
1805 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1806 gnutls_certificate_free_credentials(x509_cred);
1810 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1813 GNUTLS_X509_FMT_PEM)) < 0) {
1814 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1815 gnutls_certificate_free_credentials(x509_cred);
1819 if (vs->vd->x509cacrl) {
1820 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1822 GNUTLS_X509_FMT_PEM)) < 0) {
1823 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1824 gnutls_certificate_free_credentials(x509_cred);
1829 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1834 static int vnc_validate_certificate(struct VncState *vs)
1837 unsigned int status;
1838 const gnutls_datum_t *certs;
1839 unsigned int nCerts, i;
1842 VNC_DEBUG("Validating client certificate\n");
1843 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1844 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1848 if ((now = time(NULL)) == ((time_t)-1)) {
1853 if (status & GNUTLS_CERT_INVALID)
1854 VNC_DEBUG("The certificate is not trusted.\n");
1856 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1857 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1859 if (status & GNUTLS_CERT_REVOKED)
1860 VNC_DEBUG("The certificate has been revoked.\n");
1862 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1863 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1867 VNC_DEBUG("Certificate is valid!\n");
1870 /* Only support x509 for now */
1871 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1874 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1877 for (i = 0 ; i < nCerts ; i++) {
1878 gnutls_x509_crt_t cert;
1879 VNC_DEBUG ("Checking certificate chain %d\n", i);
1880 if (gnutls_x509_crt_init (&cert) < 0)
1883 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1884 gnutls_x509_crt_deinit (cert);
1888 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1889 VNC_DEBUG("The certificate has expired\n");
1890 gnutls_x509_crt_deinit (cert);
1894 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1895 VNC_DEBUG("The certificate is not yet activated\n");
1896 gnutls_x509_crt_deinit (cert);
1900 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1901 VNC_DEBUG("The certificate is not yet activated\n");
1902 gnutls_x509_crt_deinit (cert);
1906 gnutls_x509_crt_deinit (cert);
1913 static int start_auth_vencrypt_subauth(VncState *vs)
1915 switch (vs->vd->subauth) {
1916 case VNC_AUTH_VENCRYPT_TLSNONE:
1917 case VNC_AUTH_VENCRYPT_X509NONE:
1918 VNC_DEBUG("Accept TLS auth none\n");
1919 vnc_write_u32(vs, 0); /* Accept auth completion */
1920 vnc_read_when(vs, protocol_client_init, 1);
1923 case VNC_AUTH_VENCRYPT_TLSVNC:
1924 case VNC_AUTH_VENCRYPT_X509VNC:
1925 VNC_DEBUG("Start TLS auth VNC\n");
1926 return start_auth_vnc(vs);
1928 default: /* Should not be possible, but just in case */
1929 VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
1930 vnc_write_u8(vs, 1);
1931 if (vs->minor >= 8) {
1932 static const char err[] = "Unsupported authentication type";
1933 vnc_write_u32(vs, sizeof(err));
1934 vnc_write(vs, err, sizeof(err));
1936 vnc_client_error(vs);
1942 static void vnc_handshake_io(void *opaque);
1944 static int vnc_continue_handshake(struct VncState *vs) {
1947 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1948 if (!gnutls_error_is_fatal(ret)) {
1949 VNC_DEBUG("Handshake interrupted (blocking)\n");
1950 if (!gnutls_record_get_direction(vs->tls_session))
1951 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1953 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1956 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1957 vnc_client_error(vs);
1961 if (vs->vd->x509verify) {
1962 if (vnc_validate_certificate(vs) < 0) {
1963 VNC_DEBUG("Client verification failed\n");
1964 vnc_client_error(vs);
1967 VNC_DEBUG("Client verification passed\n");
1971 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1972 vs->wiremode = VNC_WIREMODE_TLS;
1973 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1975 return start_auth_vencrypt_subauth(vs);
1978 static void vnc_handshake_io(void *opaque) {
1979 struct VncState *vs = (struct VncState *)opaque;
1981 VNC_DEBUG("Handshake IO continue\n");
1982 vnc_continue_handshake(vs);
1985 #define NEED_X509_AUTH(vs) \
1986 ((vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1987 (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1988 (vs)->vd->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1991 static int vnc_start_tls(struct VncState *vs) {
1992 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1993 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1994 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1995 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1997 VNC_DEBUG("Do TLS setup\n");
1998 if (vnc_tls_initialize() < 0) {
1999 VNC_DEBUG("Failed to init TLS\n");
2000 vnc_client_error(vs);
2003 if (vs->tls_session == NULL) {
2004 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
2005 vnc_client_error(vs);
2009 if (gnutls_set_default_priority(vs->tls_session) < 0) {
2010 gnutls_deinit(vs->tls_session);
2011 vs->tls_session = NULL;
2012 vnc_client_error(vs);
2016 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
2017 gnutls_deinit(vs->tls_session);
2018 vs->tls_session = NULL;
2019 vnc_client_error(vs);
2023 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
2024 gnutls_deinit(vs->tls_session);
2025 vs->tls_session = NULL;
2026 vnc_client_error(vs);
2030 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
2031 gnutls_deinit(vs->tls_session);
2032 vs->tls_session = NULL;
2033 vnc_client_error(vs);
2037 if (NEED_X509_AUTH(vs)) {
2038 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
2040 gnutls_deinit(vs->tls_session);
2041 vs->tls_session = NULL;
2042 vnc_client_error(vs);
2045 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
2046 gnutls_deinit(vs->tls_session);
2047 vs->tls_session = NULL;
2048 gnutls_certificate_free_credentials(x509_cred);
2049 vnc_client_error(vs);
2052 if (vs->vd->x509verify) {
2053 VNC_DEBUG("Requesting a client certificate\n");
2054 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
2058 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
2060 gnutls_deinit(vs->tls_session);
2061 vs->tls_session = NULL;
2062 vnc_client_error(vs);
2065 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
2066 gnutls_deinit(vs->tls_session);
2067 vs->tls_session = NULL;
2068 gnutls_anon_free_server_credentials(anon_cred);
2069 vnc_client_error(vs);
2074 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
2075 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
2076 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
2079 VNC_DEBUG("Start TLS handshake process\n");
2080 return vnc_continue_handshake(vs);
2083 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
2085 int auth = read_u32(data, 0);
2087 if (auth != vs->vd->subauth) {
2088 VNC_DEBUG("Rejecting auth %d\n", auth);
2089 vnc_write_u8(vs, 0); /* Reject auth */
2091 vnc_client_error(vs);
2093 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
2094 vnc_write_u8(vs, 1); /* Accept auth */
2097 if (vnc_start_tls(vs) < 0) {
2098 VNC_DEBUG("Failed to complete TLS\n");
2105 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
2109 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
2110 vnc_write_u8(vs, 1); /* Reject version */
2112 vnc_client_error(vs);
2114 VNC_DEBUG("Sending allowed auth %d\n", vs->vd->subauth);
2115 vnc_write_u8(vs, 0); /* Accept version */
2116 vnc_write_u8(vs, 1); /* Number of sub-auths */
2117 vnc_write_u32(vs, vs->vd->subauth); /* The supported auth */
2119 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
2124 static int start_auth_vencrypt(VncState *vs)
2126 /* Send VeNCrypt version 0.2 */
2127 vnc_write_u8(vs, 0);
2128 vnc_write_u8(vs, 2);
2130 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
2133 #endif /* CONFIG_VNC_TLS */
2135 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2137 /* We only advertise 1 auth scheme at a time, so client
2138 * must pick the one we sent. Verify this */
2139 if (data[0] != vs->vd->auth) { /* Reject auth */
2140 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
2141 vnc_write_u32(vs, 1);
2142 if (vs->minor >= 8) {
2143 static const char err[] = "Authentication failed";
2144 vnc_write_u32(vs, sizeof(err));
2145 vnc_write(vs, err, sizeof(err));
2147 vnc_client_error(vs);
2148 } else { /* Accept requested auth */
2149 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2150 switch (vs->vd->auth) {
2152 VNC_DEBUG("Accept auth none\n");
2153 if (vs->minor >= 8) {
2154 vnc_write_u32(vs, 0); /* Accept auth completion */
2157 vnc_read_when(vs, protocol_client_init, 1);
2161 VNC_DEBUG("Start VNC auth\n");
2162 return start_auth_vnc(vs);
2164 #ifdef CONFIG_VNC_TLS
2165 case VNC_AUTH_VENCRYPT:
2166 VNC_DEBUG("Accept VeNCrypt auth\n");;
2167 return start_auth_vencrypt(vs);
2168 #endif /* CONFIG_VNC_TLS */
2170 default: /* Should not be possible, but just in case */
2171 VNC_DEBUG("Reject auth %d\n", vs->vd->auth);
2172 vnc_write_u8(vs, 1);
2173 if (vs->minor >= 8) {
2174 static const char err[] = "Authentication failed";
2175 vnc_write_u32(vs, sizeof(err));
2176 vnc_write(vs, err, sizeof(err));
2178 vnc_client_error(vs);
2184 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2188 memcpy(local, version, 12);
2191 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2192 VNC_DEBUG("Malformed protocol version %s\n", local);
2193 vnc_client_error(vs);
2196 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2197 if (vs->major != 3 ||
2203 VNC_DEBUG("Unsupported client version\n");
2204 vnc_write_u32(vs, VNC_AUTH_INVALID);
2206 vnc_client_error(vs);
2209 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2210 * as equivalent to v3.3 by servers
2212 if (vs->minor == 4 || vs->minor == 5)
2215 if (vs->minor == 3) {
2216 if (vs->vd->auth == VNC_AUTH_NONE) {
2217 VNC_DEBUG("Tell client auth none\n");
2218 vnc_write_u32(vs, vs->vd->auth);
2220 vnc_read_when(vs, protocol_client_init, 1);
2221 } else if (vs->vd->auth == VNC_AUTH_VNC) {
2222 VNC_DEBUG("Tell client VNC auth\n");
2223 vnc_write_u32(vs, vs->vd->auth);
2227 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->vd->auth);
2228 vnc_write_u32(vs, VNC_AUTH_INVALID);
2230 vnc_client_error(vs);
2233 VNC_DEBUG("Telling client we support auth %d\n", vs->vd->auth);
2234 vnc_write_u8(vs, 1); /* num auth */
2235 vnc_write_u8(vs, vs->vd->auth);
2236 vnc_read_when(vs, protocol_client_auth, 1);
2243 static void vnc_connect(VncDisplay *vd, int csock)
2245 VncState *vs = qemu_mallocz(sizeof(VncState));
2248 VNC_DEBUG("New client on socket %d\n", csock);
2250 socket_set_nonblock(vs->csock);
2251 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2255 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2259 vs->as.freq = 44100;
2260 vs->as.nchannels = 2;
2261 vs->as.fmt = AUD_FMT_S16;
2262 vs->as.endianness = 0;
2265 vnc_write(vs, "RFB 003.008\n", 12);
2267 vnc_read_when(vs, protocol_version, 12);
2268 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2269 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2270 vnc_update_client(vs);
2273 vs->next = vd->clients;
2277 static void vnc_listen_read(void *opaque)
2279 VncDisplay *vs = opaque;
2280 struct sockaddr_in addr;
2281 socklen_t addrlen = sizeof(addr);
2286 int csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2288 vnc_connect(vs, csock);
2292 void vnc_display_init(DisplayState *ds)
2296 vs = qemu_mallocz(sizeof(VncState));
2297 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2307 if (keyboard_layout)
2308 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2310 vs->kbd_layout = init_keyboard_layout("en-us");
2312 if (!vs->kbd_layout)
2315 dcl->dpy_copy = vnc_dpy_copy;
2316 dcl->dpy_update = vnc_dpy_update;
2317 dcl->dpy_resize = vnc_dpy_resize;
2318 dcl->dpy_setdata = vnc_dpy_setdata;
2319 register_displaychangelistener(ds, dcl);
2322 #ifdef CONFIG_VNC_TLS
2323 static int vnc_set_x509_credential(VncDisplay *vs,
2324 const char *certdir,
2325 const char *filename,
2336 *cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2);
2338 strcpy(*cred, certdir);
2340 strcat(*cred, filename);
2342 VNC_DEBUG("Check %s\n", *cred);
2343 if (stat(*cred, &sb) < 0) {
2346 if (ignoreMissing && errno == ENOENT)
2354 static int vnc_set_x509_credential_dir(VncDisplay *vs,
2355 const char *certdir)
2357 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2359 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2361 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2363 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2369 qemu_free(vs->x509cacert);
2370 qemu_free(vs->x509cacrl);
2371 qemu_free(vs->x509cert);
2372 qemu_free(vs->x509key);
2373 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2376 #endif /* CONFIG_VNC_TLS */
2378 void vnc_display_close(DisplayState *ds)
2380 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2385 qemu_free(vs->display);
2388 if (vs->lsock != -1) {
2389 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2393 vs->auth = VNC_AUTH_INVALID;
2394 #ifdef CONFIG_VNC_TLS
2395 vs->subauth = VNC_AUTH_INVALID;
2400 int vnc_display_password(DisplayState *ds, const char *password)
2402 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2405 qemu_free(vs->password);
2406 vs->password = NULL;
2408 if (password && password[0]) {
2409 if (!(vs->password = qemu_strdup(password)))
2416 int vnc_display_open(DisplayState *ds, const char *display)
2418 VncDisplay *vs = ds ? (VncDisplay *)ds->opaque : vnc_display;
2419 const char *options;
2423 #ifdef CONFIG_VNC_TLS
2424 int tls = 0, x509 = 0;
2429 vnc_display_close(ds);
2430 if (strcmp(display, "none") == 0)
2433 if (!(vs->display = strdup(display)))
2437 while ((options = strchr(options, ','))) {
2439 if (strncmp(options, "password", 8) == 0) {
2440 password = 1; /* Require password auth */
2441 } else if (strncmp(options, "reverse", 7) == 0) {
2443 } else if (strncmp(options, "to=", 3) == 0) {
2444 to_port = atoi(options+3) + 5900;
2445 #ifdef CONFIG_VNC_TLS
2446 } else if (strncmp(options, "tls", 3) == 0) {
2447 tls = 1; /* Require TLS */
2448 } else if (strncmp(options, "x509", 4) == 0) {
2450 x509 = 1; /* Require x509 certificates */
2451 if (strncmp(options, "x509verify", 10) == 0)
2452 vs->x509verify = 1; /* ...and verify client certs */
2454 /* Now check for 'x509=/some/path' postfix
2455 * and use that to setup x509 certificate/key paths */
2456 start = strchr(options, '=');
2457 end = strchr(options, ',');
2458 if (start && (!end || (start < end))) {
2459 int len = end ? end-(start+1) : strlen(start+1);
2460 char *path = qemu_strndup(start + 1, len);
2462 VNC_DEBUG("Trying certificate path '%s'\n", path);
2463 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2464 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2466 qemu_free(vs->display);
2472 fprintf(stderr, "No certificate path provided\n");
2473 qemu_free(vs->display);
2482 #ifdef CONFIG_VNC_TLS
2484 vs->auth = VNC_AUTH_VENCRYPT;
2486 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2487 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2489 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2490 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2494 VNC_DEBUG("Initializing VNC server with password auth\n");
2495 vs->auth = VNC_AUTH_VNC;
2496 #ifdef CONFIG_VNC_TLS
2497 vs->subauth = VNC_AUTH_INVALID;
2501 #ifdef CONFIG_VNC_TLS
2503 vs->auth = VNC_AUTH_VENCRYPT;
2505 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2506 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2508 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2509 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2513 VNC_DEBUG("Initializing VNC server with no auth\n");
2514 vs->auth = VNC_AUTH_NONE;
2515 #ifdef CONFIG_VNC_TLS
2516 vs->subauth = VNC_AUTH_INVALID;
2522 /* connect to viewer */
2523 if (strncmp(display, "unix:", 5) == 0)
2524 vs->lsock = unix_connect(display+5);
2526 vs->lsock = inet_connect(display, SOCK_STREAM);
2527 if (-1 == vs->lsock) {
2532 int csock = vs->lsock;
2534 vnc_connect(vs, csock);
2539 /* listen for connects */
2541 dpy = qemu_malloc(256);
2542 if (strncmp(display, "unix:", 5) == 0) {
2543 pstrcpy(dpy, 256, "unix:");
2544 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2546 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2548 if (-1 == vs->lsock) {
2556 return qemu_set_fd_handler2(vs->lsock, NULL, vnc_listen_read, NULL, vs);
projects / qemu / blob