2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
132 int depth; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change;
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159 gnutls_session_t tls_session;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
269 for (i = 0; i < w; i += 16)
270 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
273 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
276 vnc_write_u16(vs, x);
277 vnc_write_u16(vs, y);
278 vnc_write_u16(vs, w);
279 vnc_write_u16(vs, h);
281 vnc_write_s32(vs, encoding);
284 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
287 VncState *vs = ds->opaque;
289 ds->data = realloc(ds->data, w * h * vs->depth);
290 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
292 if (ds->data == NULL || vs->old_data == NULL) {
293 fprintf(stderr, "vnc: memory allocation failed\n");
297 if (ds->depth != vs->depth * 8) {
298 ds->depth = vs->depth * 8;
299 console_color_init(ds);
301 size_changed = ds->width != w || ds->height != h;
304 ds->linesize = w * vs->depth;
305 if (vs->csock != -1 && vs->has_resize && size_changed) {
306 vnc_write_u8(vs, 0); /* msg id */
308 vnc_write_u16(vs, 1); /* number of rects */
309 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
311 vs->width = ds->width;
312 vs->height = ds->height;
317 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
319 vnc_write(vs, pixels, size);
322 /* slowest but generic code. */
323 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
325 unsigned int r, g, b;
327 r = (v >> vs->red_shift1) & vs->red_max;
328 g = (v >> vs->green_shift1) & vs->green_max;
329 b = (v >> vs->blue_shift1) & vs->blue_max;
330 v = (r << vs->red_shift) |
331 (g << vs->green_shift) |
332 (b << vs->blue_shift);
333 switch(vs->pix_bpp) {
338 if (vs->pix_big_endian) {
348 if (vs->pix_big_endian) {
363 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
365 uint32_t *pixels = pixels1;
370 for(i = 0; i < n; i++) {
371 vnc_convert_pixel(vs, buf, pixels[i]);
372 vnc_write(vs, buf, vs->pix_bpp);
376 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
381 vnc_framebuffer_update(vs, x, y, w, h, 0);
383 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
384 for (i = 0; i < h; i++) {
385 vs->write_pixels(vs, row, w * vs->depth);
386 row += vs->ds->linesize;
390 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
392 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
393 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
397 #include "vnchextile.h"
401 #include "vnchextile.h"
405 #include "vnchextile.h"
410 #include "vnchextile.h"
414 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
418 uint32_t last_fg32, last_bg32;
420 vnc_framebuffer_update(vs, x, y, w, h, 5);
423 for (j = y; j < (y + h); j += 16) {
424 for (i = x; i < (x + w); i += 16) {
425 vs->send_hextile_tile(vs, i, j,
426 MIN(16, x + w - i), MIN(16, y + h - j),
427 &last_bg32, &last_fg32, &has_bg, &has_fg);
432 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
435 send_framebuffer_update_hextile(vs, x, y, w, h);
437 send_framebuffer_update_raw(vs, x, y, w, h);
440 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
447 int pitch = ds->linesize;
448 VncState *vs = ds->opaque;
450 vnc_update_client(vs);
457 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
458 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
460 src_row = ds->data + src;
461 dst_row = ds->data + dst;
462 old_row = vs->old_data + dst;
464 for (y = 0; y < h; y++) {
465 memmove(old_row, src_row, w * vs->depth);
466 memmove(dst_row, src_row, w * vs->depth);
472 vnc_write_u8(vs, 0); /* msg id */
474 vnc_write_u16(vs, 1); /* number of rects */
475 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
476 vnc_write_u16(vs, src_x);
477 vnc_write_u16(vs, src_y);
481 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
485 for (h = 1; h < (vs->height - y); h++) {
487 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
489 for (tmp_x = last_x; tmp_x < x; tmp_x++)
490 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
496 static void vnc_update_client(void *opaque)
498 VncState *vs = opaque;
500 if (vs->need_update && vs->csock != -1) {
504 uint32_t width_mask[VNC_DIRTY_WORDS];
511 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
513 /* Walk through the dirty map and eliminate tiles that
514 really aren't dirty */
516 old_row = vs->old_data;
518 for (y = 0; y < vs->height; y++) {
519 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
525 old_ptr = (char*)old_row;
527 for (x = 0; x < vs->ds->width; x += 16) {
528 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
529 vnc_clear_bit(vs->dirty_row[y], (x / 16));
532 memcpy(old_ptr, ptr, 16 * vs->depth);
535 ptr += 16 * vs->depth;
536 old_ptr += 16 * vs->depth;
540 row += vs->ds->linesize;
541 old_row += vs->ds->linesize;
545 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
549 /* Count rectangles */
551 vnc_write_u8(vs, 0); /* msg id */
553 saved_offset = vs->output.offset;
554 vnc_write_u16(vs, 0);
556 for (y = 0; y < vs->height; y++) {
559 for (x = 0; x < vs->width / 16; x++) {
560 if (vnc_get_bit(vs->dirty_row[y], x)) {
564 vnc_clear_bit(vs->dirty_row[y], x);
567 int h = find_dirty_height(vs, y, last_x, x);
568 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
575 int h = find_dirty_height(vs, y, last_x, x);
576 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
580 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
581 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
586 if (vs->csock != -1) {
587 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
592 static int vnc_listen_poll(void *opaque)
594 VncState *vs = opaque;
600 static void buffer_reserve(Buffer *buffer, size_t len)
602 if ((buffer->capacity - buffer->offset) < len) {
603 buffer->capacity += (len + 1024);
604 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
605 if (buffer->buffer == NULL) {
606 fprintf(stderr, "vnc: out of memory\n");
612 static int buffer_empty(Buffer *buffer)
614 return buffer->offset == 0;
617 static uint8_t *buffer_end(Buffer *buffer)
619 return buffer->buffer + buffer->offset;
622 static void buffer_reset(Buffer *buffer)
627 static void buffer_append(Buffer *buffer, const void *data, size_t len)
629 memcpy(buffer->buffer + buffer->offset, data, len);
630 buffer->offset += len;
633 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
635 if (ret == 0 || ret == -1) {
637 switch (last_errno) {
649 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
650 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
651 closesocket(vs->csock);
653 buffer_reset(&vs->input);
654 buffer_reset(&vs->output);
657 if (vs->tls_session) {
658 gnutls_deinit(vs->tls_session);
659 vs->tls_session = NULL;
661 vs->wiremode = VNC_WIREMODE_CLEAR;
662 #endif /* CONFIG_VNC_TLS */
668 static void vnc_client_error(VncState *vs)
670 vnc_client_io_error(vs, -1, EINVAL);
673 static void vnc_client_write(void *opaque)
676 VncState *vs = opaque;
679 if (vs->tls_session) {
680 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
682 if (ret == GNUTLS_E_AGAIN)
689 #endif /* CONFIG_VNC_TLS */
690 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
691 ret = vnc_client_io_error(vs, ret, socket_error());
695 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
696 vs->output.offset -= ret;
698 if (vs->output.offset == 0) {
699 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
703 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
705 vs->read_handler = func;
706 vs->read_handler_expect = expecting;
709 static void vnc_client_read(void *opaque)
711 VncState *vs = opaque;
714 buffer_reserve(&vs->input, 4096);
717 if (vs->tls_session) {
718 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
720 if (ret == GNUTLS_E_AGAIN)
727 #endif /* CONFIG_VNC_TLS */
728 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
729 ret = vnc_client_io_error(vs, ret, socket_error());
733 vs->input.offset += ret;
735 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
736 size_t len = vs->read_handler_expect;
739 ret = vs->read_handler(vs, vs->input.buffer, len);
744 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
745 vs->input.offset -= len;
747 vs->read_handler_expect = ret;
752 static void vnc_write(VncState *vs, const void *data, size_t len)
754 buffer_reserve(&vs->output, len);
756 if (buffer_empty(&vs->output)) {
757 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
760 buffer_append(&vs->output, data, len);
763 static void vnc_write_s32(VncState *vs, int32_t value)
765 vnc_write_u32(vs, *(uint32_t *)&value);
768 static void vnc_write_u32(VncState *vs, uint32_t value)
772 buf[0] = (value >> 24) & 0xFF;
773 buf[1] = (value >> 16) & 0xFF;
774 buf[2] = (value >> 8) & 0xFF;
775 buf[3] = value & 0xFF;
777 vnc_write(vs, buf, 4);
780 static void vnc_write_u16(VncState *vs, uint16_t value)
784 buf[0] = (value >> 8) & 0xFF;
785 buf[1] = value & 0xFF;
787 vnc_write(vs, buf, 2);
790 static void vnc_write_u8(VncState *vs, uint8_t value)
792 vnc_write(vs, (char *)&value, 1);
795 static void vnc_flush(VncState *vs)
797 if (vs->output.offset)
798 vnc_client_write(vs);
801 static uint8_t read_u8(uint8_t *data, size_t offset)
806 static uint16_t read_u16(uint8_t *data, size_t offset)
808 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
811 static int32_t read_s32(uint8_t *data, size_t offset)
813 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
814 (data[offset + 2] << 8) | data[offset + 3]);
817 static uint32_t read_u32(uint8_t *data, size_t offset)
819 return ((data[offset] << 24) | (data[offset + 1] << 16) |
820 (data[offset + 2] << 8) | data[offset + 3]);
824 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
827 struct VncState *vs = (struct VncState *)transport;
831 ret = send(vs->csock, data, len, 0);
841 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
844 struct VncState *vs = (struct VncState *)transport;
848 ret = recv(vs->csock, data, len, 0);
856 #endif /* CONFIG_VNC_TLS */
858 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
862 static void check_pointer_type_change(VncState *vs, int absolute)
864 if (vs->has_pointer_type_change && vs->absolute != absolute) {
867 vnc_write_u16(vs, 1);
868 vnc_framebuffer_update(vs, absolute, 0,
869 vs->ds->width, vs->ds->height, -257);
872 vs->absolute = absolute;
875 static void pointer_event(VncState *vs, int button_mask, int x, int y)
880 if (button_mask & 0x01)
881 buttons |= MOUSE_EVENT_LBUTTON;
882 if (button_mask & 0x02)
883 buttons |= MOUSE_EVENT_MBUTTON;
884 if (button_mask & 0x04)
885 buttons |= MOUSE_EVENT_RBUTTON;
886 if (button_mask & 0x08)
888 if (button_mask & 0x10)
892 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
893 y * 0x7FFF / (vs->ds->height - 1),
895 } else if (vs->has_pointer_type_change) {
899 kbd_mouse_event(x, y, dz, buttons);
901 if (vs->last_x != -1)
902 kbd_mouse_event(x - vs->last_x,
909 check_pointer_type_change(vs, kbd_mouse_is_absolute());
912 static void reset_keys(VncState *vs)
915 for(i = 0; i < 256; i++) {
916 if (vs->modifiers_state[i]) {
918 kbd_put_keycode(0xe0);
919 kbd_put_keycode(i | 0x80);
920 vs->modifiers_state[i] = 0;
925 static void press_key(VncState *vs, int keysym)
927 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
928 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
931 static void do_key_event(VncState *vs, int down, uint32_t sym)
935 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
937 /* QEMU console switch */
939 case 0x2a: /* Left Shift */
940 case 0x36: /* Right Shift */
941 case 0x1d: /* Left CTRL */
942 case 0x9d: /* Right CTRL */
943 case 0x38: /* Left ALT */
944 case 0xb8: /* Right ALT */
946 vs->modifiers_state[keycode] = 1;
948 vs->modifiers_state[keycode] = 0;
950 case 0x02 ... 0x0a: /* '1' to '9' keys */
951 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
952 /* Reset the modifiers sent to the current console */
954 console_select(keycode - 0x02);
958 case 0x3a: /* CapsLock */
959 case 0x45: /* NumLock */
961 vs->modifiers_state[keycode] ^= 1;
965 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
966 /* If the numlock state needs to change then simulate an additional
967 keypress before sending this one. This will happen if the user
968 toggles numlock away from the VNC window.
970 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
971 if (!vs->modifiers_state[0x45]) {
972 vs->modifiers_state[0x45] = 1;
973 press_key(vs, 0xff7f);
976 if (vs->modifiers_state[0x45]) {
977 vs->modifiers_state[0x45] = 0;
978 press_key(vs, 0xff7f);
983 if (is_graphic_console()) {
985 kbd_put_keycode(0xe0);
987 kbd_put_keycode(keycode & 0x7f);
989 kbd_put_keycode(keycode | 0x80);
991 /* QEMU console emulation */
994 case 0x2a: /* Left Shift */
995 case 0x36: /* Right Shift */
996 case 0x1d: /* Left CTRL */
997 case 0x9d: /* Right CTRL */
998 case 0x38: /* Left ALT */
999 case 0xb8: /* Right ALT */
1002 kbd_put_keysym(QEMU_KEY_UP);
1005 kbd_put_keysym(QEMU_KEY_DOWN);
1008 kbd_put_keysym(QEMU_KEY_LEFT);
1011 kbd_put_keysym(QEMU_KEY_RIGHT);
1014 kbd_put_keysym(QEMU_KEY_DELETE);
1017 kbd_put_keysym(QEMU_KEY_HOME);
1020 kbd_put_keysym(QEMU_KEY_END);
1023 kbd_put_keysym(QEMU_KEY_PAGEUP);
1026 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1029 kbd_put_keysym(sym);
1036 static void key_event(VncState *vs, int down, uint32_t sym)
1038 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1039 sym = sym - 'A' + 'a';
1040 do_key_event(vs, down, sym);
1043 static void framebuffer_update_request(VncState *vs, int incremental,
1044 int x_position, int y_position,
1047 if (x_position > vs->ds->width)
1048 x_position = vs->ds->width;
1049 if (y_position > vs->ds->height)
1050 y_position = vs->ds->height;
1051 if (x_position + w >= vs->ds->width)
1052 w = vs->ds->width - x_position;
1053 if (y_position + h >= vs->ds->height)
1054 h = vs->ds->height - y_position;
1057 vs->need_update = 1;
1059 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1061 for (i = 0; i < h; i++) {
1062 vnc_set_bits(vs->dirty_row[y_position + i],
1063 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1064 memset(old_row, 42, vs->ds->width * vs->depth);
1065 old_row += vs->ds->linesize;
1070 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1074 vs->has_hextile = 0;
1076 vs->has_pointer_type_change = 0;
1078 vs->ds->dpy_copy = NULL;
1080 for (i = n_encodings - 1; i >= 0; i--) {
1081 switch (encodings[i]) {
1083 vs->has_hextile = 0;
1085 case 1: /* CopyRect */
1086 vs->ds->dpy_copy = vnc_copy;
1088 case 5: /* Hextile */
1089 vs->has_hextile = 1;
1091 case -223: /* DesktopResize */
1095 vs->has_pointer_type_change = 1;
1102 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1105 static int compute_nbits(unsigned int val)
1116 static void set_pixel_format(VncState *vs,
1117 int bits_per_pixel, int depth,
1118 int big_endian_flag, int true_color_flag,
1119 int red_max, int green_max, int blue_max,
1120 int red_shift, int green_shift, int blue_shift)
1122 int host_big_endian_flag;
1124 #ifdef WORDS_BIGENDIAN
1125 host_big_endian_flag = 1;
1127 host_big_endian_flag = 0;
1129 if (!true_color_flag) {
1131 vnc_client_error(vs);
1134 if (bits_per_pixel == 32 &&
1135 host_big_endian_flag == big_endian_flag &&
1136 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1137 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1139 vs->write_pixels = vnc_write_pixels_copy;
1140 vs->send_hextile_tile = send_hextile_tile_32;
1142 if (bits_per_pixel == 16 &&
1143 host_big_endian_flag == big_endian_flag &&
1144 red_max == 31 && green_max == 63 && blue_max == 31 &&
1145 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1147 vs->write_pixels = vnc_write_pixels_copy;
1148 vs->send_hextile_tile = send_hextile_tile_16;
1150 if (bits_per_pixel == 8 &&
1151 red_max == 7 && green_max == 7 && blue_max == 3 &&
1152 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1154 vs->write_pixels = vnc_write_pixels_copy;
1155 vs->send_hextile_tile = send_hextile_tile_8;
1158 /* generic and slower case */
1159 if (bits_per_pixel != 8 &&
1160 bits_per_pixel != 16 &&
1161 bits_per_pixel != 32)
1164 vs->red_shift = red_shift;
1165 vs->red_max = red_max;
1166 vs->red_shift1 = 24 - compute_nbits(red_max);
1167 vs->green_shift = green_shift;
1168 vs->green_max = green_max;
1169 vs->green_shift1 = 16 - compute_nbits(green_max);
1170 vs->blue_shift = blue_shift;
1171 vs->blue_max = blue_max;
1172 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1173 vs->pix_bpp = bits_per_pixel / 8;
1174 vs->pix_big_endian = big_endian_flag;
1175 vs->write_pixels = vnc_write_pixels_generic;
1176 vs->send_hextile_tile = send_hextile_tile_generic;
1179 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1180 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1181 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1183 vga_hw_invalidate();
1187 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1197 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1198 read_u8(data, 6), read_u8(data, 7),
1199 read_u16(data, 8), read_u16(data, 10),
1200 read_u16(data, 12), read_u8(data, 14),
1201 read_u8(data, 15), read_u8(data, 16));
1208 return 4 + (read_u16(data, 2) * 4);
1210 limit = read_u16(data, 2);
1211 for (i = 0; i < limit; i++) {
1212 int32_t val = read_s32(data, 4 + (i * 4));
1213 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1216 set_encodings(vs, (int32_t *)(data + 4), limit);
1222 framebuffer_update_request(vs,
1223 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1224 read_u16(data, 6), read_u16(data, 8));
1230 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1236 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1243 uint32_t dlen = read_u32(data, 4);
1248 client_cut_text(vs, read_u32(data, 4), data + 8);
1251 printf("Msg: %d\n", data[0]);
1252 vnc_client_error(vs);
1256 vnc_read_when(vs, protocol_client_msg, 1);
1260 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1262 char pad[3] = { 0, 0, 0 };
1266 vs->width = vs->ds->width;
1267 vs->height = vs->ds->height;
1268 vnc_write_u16(vs, vs->ds->width);
1269 vnc_write_u16(vs, vs->ds->height);
1271 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1272 vnc_write_u8(vs, vs->depth * 8); /* depth */
1273 #ifdef WORDS_BIGENDIAN
1274 vnc_write_u8(vs, 1); /* big-endian-flag */
1276 vnc_write_u8(vs, 0); /* big-endian-flag */
1278 vnc_write_u8(vs, 1); /* true-color-flag */
1279 if (vs->depth == 4) {
1280 vnc_write_u16(vs, 0xFF); /* red-max */
1281 vnc_write_u16(vs, 0xFF); /* green-max */
1282 vnc_write_u16(vs, 0xFF); /* blue-max */
1283 vnc_write_u8(vs, 16); /* red-shift */
1284 vnc_write_u8(vs, 8); /* green-shift */
1285 vnc_write_u8(vs, 0); /* blue-shift */
1286 vs->send_hextile_tile = send_hextile_tile_32;
1287 } else if (vs->depth == 2) {
1288 vnc_write_u16(vs, 31); /* red-max */
1289 vnc_write_u16(vs, 63); /* green-max */
1290 vnc_write_u16(vs, 31); /* blue-max */
1291 vnc_write_u8(vs, 11); /* red-shift */
1292 vnc_write_u8(vs, 5); /* green-shift */
1293 vnc_write_u8(vs, 0); /* blue-shift */
1294 vs->send_hextile_tile = send_hextile_tile_16;
1295 } else if (vs->depth == 1) {
1296 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1297 vnc_write_u16(vs, 7); /* red-max */
1298 vnc_write_u16(vs, 7); /* green-max */
1299 vnc_write_u16(vs, 3); /* blue-max */
1300 vnc_write_u8(vs, 5); /* red-shift */
1301 vnc_write_u8(vs, 2); /* green-shift */
1302 vnc_write_u8(vs, 0); /* blue-shift */
1303 vs->send_hextile_tile = send_hextile_tile_8;
1305 vs->write_pixels = vnc_write_pixels_copy;
1307 vnc_write(vs, pad, 3); /* padding */
1310 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1312 size = snprintf(buf, sizeof(buf), "QEMU");
1314 vnc_write_u32(vs, size);
1315 vnc_write(vs, buf, size);
1318 vnc_read_when(vs, protocol_client_msg, 1);
1323 static void make_challenge(VncState *vs)
1327 srand(time(NULL)+getpid()+getpid()*987654+rand());
1329 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1330 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1333 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1335 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1337 unsigned char key[8];
1339 if (!vs->password || !vs->password[0]) {
1340 VNC_DEBUG("No password configured on server");
1341 vnc_write_u32(vs, 1); /* Reject auth */
1342 if (vs->minor >= 8) {
1343 static const char err[] = "Authentication failed";
1344 vnc_write_u32(vs, sizeof(err));
1345 vnc_write(vs, err, sizeof(err));
1348 vnc_client_error(vs);
1352 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1354 /* Calculate the expected challenge response */
1355 pwlen = strlen(vs->password);
1356 for (i=0; i<sizeof(key); i++)
1357 key[i] = i<pwlen ? vs->password[i] : 0;
1359 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1360 des(response+j, response+j);
1362 /* Compare expected vs actual challenge response */
1363 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1364 VNC_DEBUG("Client challenge reponse did not match\n");
1365 vnc_write_u32(vs, 1); /* Reject auth */
1366 if (vs->minor >= 8) {
1367 static const char err[] = "Authentication failed";
1368 vnc_write_u32(vs, sizeof(err));
1369 vnc_write(vs, err, sizeof(err));
1372 vnc_client_error(vs);
1374 VNC_DEBUG("Accepting VNC challenge response\n");
1375 vnc_write_u32(vs, 0); /* Accept auth */
1378 vnc_read_when(vs, protocol_client_init, 1);
1383 static int start_auth_vnc(VncState *vs)
1386 /* Send client a 'random' challenge */
1387 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1390 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1396 #define DH_BITS 1024
1397 static gnutls_dh_params_t dh_params;
1399 static int vnc_tls_initialize(void)
1401 static int tlsinitialized = 0;
1406 if (gnutls_global_init () < 0)
1409 /* XXX ought to re-generate diffie-hellmen params periodically */
1410 if (gnutls_dh_params_init (&dh_params) < 0)
1412 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1416 gnutls_global_set_log_level(10);
1417 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1425 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1427 gnutls_anon_server_credentials anon_cred;
1430 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1431 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1435 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1441 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1443 gnutls_certificate_credentials_t x509_cred;
1446 if (!vs->x509cacert) {
1447 VNC_DEBUG("No CA x509 certificate specified\n");
1450 if (!vs->x509cert) {
1451 VNC_DEBUG("No server x509 certificate specified\n");
1455 VNC_DEBUG("No server private key specified\n");
1459 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1460 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1463 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1465 GNUTLS_X509_FMT_PEM)) < 0) {
1466 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1467 gnutls_certificate_free_credentials(x509_cred);
1471 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1474 GNUTLS_X509_FMT_PEM)) < 0) {
1475 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1476 gnutls_certificate_free_credentials(x509_cred);
1480 if (vs->x509cacrl) {
1481 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1483 GNUTLS_X509_FMT_PEM)) < 0) {
1484 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1485 gnutls_certificate_free_credentials(x509_cred);
1490 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1495 static int vnc_validate_certificate(struct VncState *vs)
1498 unsigned int status;
1499 const gnutls_datum_t *certs;
1500 unsigned int nCerts, i;
1503 VNC_DEBUG("Validating client certificate\n");
1504 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1505 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1509 if ((now = time(NULL)) == ((time_t)-1)) {
1514 if (status & GNUTLS_CERT_INVALID)
1515 VNC_DEBUG("The certificate is not trusted.\n");
1517 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1518 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1520 if (status & GNUTLS_CERT_REVOKED)
1521 VNC_DEBUG("The certificate has been revoked.\n");
1523 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1524 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1528 VNC_DEBUG("Certificate is valid!\n");
1531 /* Only support x509 for now */
1532 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1535 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1538 for (i = 0 ; i < nCerts ; i++) {
1539 gnutls_x509_crt_t cert;
1540 VNC_DEBUG ("Checking certificate chain %d\n", i);
1541 if (gnutls_x509_crt_init (&cert) < 0)
1544 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1545 gnutls_x509_crt_deinit (cert);
1549 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1550 VNC_DEBUG("The certificate has expired\n");
1551 gnutls_x509_crt_deinit (cert);
1555 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1556 VNC_DEBUG("The certificate is not yet activated\n");
1557 gnutls_x509_crt_deinit (cert);
1561 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1562 VNC_DEBUG("The certificate is not yet activated\n");
1563 gnutls_x509_crt_deinit (cert);
1567 gnutls_x509_crt_deinit (cert);
1574 static int start_auth_vencrypt_subauth(VncState *vs)
1576 switch (vs->subauth) {
1577 case VNC_AUTH_VENCRYPT_TLSNONE:
1578 case VNC_AUTH_VENCRYPT_X509NONE:
1579 VNC_DEBUG("Accept TLS auth none\n");
1580 vnc_write_u32(vs, 0); /* Accept auth completion */
1581 vnc_read_when(vs, protocol_client_init, 1);
1584 case VNC_AUTH_VENCRYPT_TLSVNC:
1585 case VNC_AUTH_VENCRYPT_X509VNC:
1586 VNC_DEBUG("Start TLS auth VNC\n");
1587 return start_auth_vnc(vs);
1589 default: /* Should not be possible, but just in case */
1590 VNC_DEBUG("Reject auth %d\n", vs->auth);
1591 vnc_write_u8(vs, 1);
1592 if (vs->minor >= 8) {
1593 static const char err[] = "Unsupported authentication type";
1594 vnc_write_u32(vs, sizeof(err));
1595 vnc_write(vs, err, sizeof(err));
1597 vnc_client_error(vs);
1603 static void vnc_handshake_io(void *opaque);
1605 static int vnc_continue_handshake(struct VncState *vs) {
1608 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1609 if (!gnutls_error_is_fatal(ret)) {
1610 VNC_DEBUG("Handshake interrupted (blocking)\n");
1611 if (!gnutls_record_get_direction(vs->tls_session))
1612 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1614 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1617 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1618 vnc_client_error(vs);
1622 if (vs->x509verify) {
1623 if (vnc_validate_certificate(vs) < 0) {
1624 VNC_DEBUG("Client verification failed\n");
1625 vnc_client_error(vs);
1628 VNC_DEBUG("Client verification passed\n");
1632 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1633 vs->wiremode = VNC_WIREMODE_TLS;
1634 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1636 return start_auth_vencrypt_subauth(vs);
1639 static void vnc_handshake_io(void *opaque) {
1640 struct VncState *vs = (struct VncState *)opaque;
1642 VNC_DEBUG("Handshake IO continue\n");
1643 vnc_continue_handshake(vs);
1646 #define NEED_X509_AUTH(vs) \
1647 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1648 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1649 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1652 static int vnc_start_tls(struct VncState *vs) {
1653 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1654 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1655 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1656 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1658 VNC_DEBUG("Do TLS setup\n");
1659 if (vnc_tls_initialize() < 0) {
1660 VNC_DEBUG("Failed to init TLS\n");
1661 vnc_client_error(vs);
1664 if (vs->tls_session == NULL) {
1665 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1666 vnc_client_error(vs);
1670 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1671 gnutls_deinit(vs->tls_session);
1672 vs->tls_session = NULL;
1673 vnc_client_error(vs);
1677 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1678 gnutls_deinit(vs->tls_session);
1679 vs->tls_session = NULL;
1680 vnc_client_error(vs);
1684 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1685 gnutls_deinit(vs->tls_session);
1686 vs->tls_session = NULL;
1687 vnc_client_error(vs);
1691 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1692 gnutls_deinit(vs->tls_session);
1693 vs->tls_session = NULL;
1694 vnc_client_error(vs);
1698 if (NEED_X509_AUTH(vs)) {
1699 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1701 gnutls_deinit(vs->tls_session);
1702 vs->tls_session = NULL;
1703 vnc_client_error(vs);
1706 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1707 gnutls_deinit(vs->tls_session);
1708 vs->tls_session = NULL;
1709 gnutls_certificate_free_credentials(x509_cred);
1710 vnc_client_error(vs);
1713 if (vs->x509verify) {
1714 VNC_DEBUG("Requesting a client certificate\n");
1715 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1719 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1721 gnutls_deinit(vs->tls_session);
1722 vs->tls_session = NULL;
1723 vnc_client_error(vs);
1726 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1727 gnutls_deinit(vs->tls_session);
1728 vs->tls_session = NULL;
1729 gnutls_anon_free_server_credentials(anon_cred);
1730 vnc_client_error(vs);
1735 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1736 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1737 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1740 VNC_DEBUG("Start TLS handshake process\n");
1741 return vnc_continue_handshake(vs);
1744 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1746 int auth = read_u32(data, 0);
1748 if (auth != vs->subauth) {
1749 VNC_DEBUG("Rejecting auth %d\n", auth);
1750 vnc_write_u8(vs, 0); /* Reject auth */
1752 vnc_client_error(vs);
1754 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1755 vnc_write_u8(vs, 1); /* Accept auth */
1758 if (vnc_start_tls(vs) < 0) {
1759 VNC_DEBUG("Failed to complete TLS\n");
1763 if (vs->wiremode == VNC_WIREMODE_TLS) {
1764 VNC_DEBUG("Starting VeNCrypt subauth\n");
1765 return start_auth_vencrypt_subauth(vs);
1767 VNC_DEBUG("TLS handshake blocked\n");
1774 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1778 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1779 vnc_write_u8(vs, 1); /* Reject version */
1781 vnc_client_error(vs);
1783 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1784 vnc_write_u8(vs, 0); /* Accept version */
1785 vnc_write_u8(vs, 1); /* Number of sub-auths */
1786 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1788 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1793 static int start_auth_vencrypt(VncState *vs)
1795 /* Send VeNCrypt version 0.2 */
1796 vnc_write_u8(vs, 0);
1797 vnc_write_u8(vs, 2);
1799 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1802 #endif /* CONFIG_VNC_TLS */
1804 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1806 /* We only advertise 1 auth scheme at a time, so client
1807 * must pick the one we sent. Verify this */
1808 if (data[0] != vs->auth) { /* Reject auth */
1809 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1810 vnc_write_u32(vs, 1);
1811 if (vs->minor >= 8) {
1812 static const char err[] = "Authentication failed";
1813 vnc_write_u32(vs, sizeof(err));
1814 vnc_write(vs, err, sizeof(err));
1816 vnc_client_error(vs);
1817 } else { /* Accept requested auth */
1818 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1821 VNC_DEBUG("Accept auth none\n");
1822 if (vs->minor >= 8) {
1823 vnc_write_u32(vs, 0); /* Accept auth completion */
1826 vnc_read_when(vs, protocol_client_init, 1);
1830 VNC_DEBUG("Start VNC auth\n");
1831 return start_auth_vnc(vs);
1834 case VNC_AUTH_VENCRYPT:
1835 VNC_DEBUG("Accept VeNCrypt auth\n");;
1836 return start_auth_vencrypt(vs);
1837 #endif /* CONFIG_VNC_TLS */
1839 default: /* Should not be possible, but just in case */
1840 VNC_DEBUG("Reject auth %d\n", vs->auth);
1841 vnc_write_u8(vs, 1);
1842 if (vs->minor >= 8) {
1843 static const char err[] = "Authentication failed";
1844 vnc_write_u32(vs, sizeof(err));
1845 vnc_write(vs, err, sizeof(err));
1847 vnc_client_error(vs);
1853 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1857 memcpy(local, version, 12);
1860 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1861 VNC_DEBUG("Malformed protocol version %s\n", local);
1862 vnc_client_error(vs);
1865 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1866 if (vs->major != 3 ||
1872 VNC_DEBUG("Unsupported client version\n");
1873 vnc_write_u32(vs, VNC_AUTH_INVALID);
1875 vnc_client_error(vs);
1878 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1879 * as equivalent to v3.3 by servers
1881 if (vs->minor == 4 || vs->minor == 5)
1884 if (vs->minor == 3) {
1885 if (vs->auth == VNC_AUTH_NONE) {
1886 VNC_DEBUG("Tell client auth none\n");
1887 vnc_write_u32(vs, vs->auth);
1889 vnc_read_when(vs, protocol_client_init, 1);
1890 } else if (vs->auth == VNC_AUTH_VNC) {
1891 VNC_DEBUG("Tell client VNC auth\n");
1892 vnc_write_u32(vs, vs->auth);
1896 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1897 vnc_write_u32(vs, VNC_AUTH_INVALID);
1899 vnc_client_error(vs);
1902 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1903 vnc_write_u8(vs, 1); /* num auth */
1904 vnc_write_u8(vs, vs->auth);
1905 vnc_read_when(vs, protocol_client_auth, 1);
1912 static void vnc_connect(VncState *vs)
1914 VNC_DEBUG("New client on socket %d\n", vs->csock);
1915 socket_set_nonblock(vs->csock);
1916 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1917 vnc_write(vs, "RFB 003.008\n", 12);
1919 vnc_read_when(vs, protocol_version, 12);
1920 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1921 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1923 vs->has_hextile = 0;
1924 vs->ds->dpy_copy = NULL;
1925 vnc_update_client(vs);
1928 static void vnc_listen_read(void *opaque)
1930 VncState *vs = opaque;
1931 struct sockaddr_in addr;
1932 socklen_t addrlen = sizeof(addr);
1937 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1938 if (vs->csock != -1) {
1943 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1945 void vnc_display_init(DisplayState *ds)
1949 vs = qemu_mallocz(sizeof(VncState));
1956 vs->password = NULL;
1966 if (!keyboard_layout)
1967 keyboard_layout = "en-us";
1969 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1970 if (!vs->kbd_layout)
1973 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1975 vs->ds->data = NULL;
1976 vs->ds->dpy_update = vnc_dpy_update;
1977 vs->ds->dpy_resize = vnc_dpy_resize;
1978 vs->ds->dpy_refresh = NULL;
1980 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1982 vnc_dpy_resize(vs->ds, 640, 400);
1986 static int vnc_set_x509_credential(VncState *vs,
1987 const char *certdir,
1988 const char *filename,
1999 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2002 strcpy(*cred, certdir);
2004 strcat(*cred, filename);
2006 VNC_DEBUG("Check %s\n", *cred);
2007 if (stat(*cred, &sb) < 0) {
2010 if (ignoreMissing && errno == ENOENT)
2018 static int vnc_set_x509_credential_dir(VncState *vs,
2019 const char *certdir)
2021 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2023 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2025 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2027 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2033 qemu_free(vs->x509cacert);
2034 qemu_free(vs->x509cacrl);
2035 qemu_free(vs->x509cert);
2036 qemu_free(vs->x509key);
2037 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2040 #endif /* CONFIG_VNC_TLS */
2042 void vnc_display_close(DisplayState *ds)
2044 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2047 qemu_free(vs->display);
2050 if (vs->lsock != -1) {
2051 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2055 if (vs->csock != -1) {
2056 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2057 closesocket(vs->csock);
2059 buffer_reset(&vs->input);
2060 buffer_reset(&vs->output);
2061 vs->need_update = 0;
2063 if (vs->tls_session) {
2064 gnutls_deinit(vs->tls_session);
2065 vs->tls_session = NULL;
2067 vs->wiremode = VNC_WIREMODE_CLEAR;
2068 #endif /* CONFIG_VNC_TLS */
2070 vs->auth = VNC_AUTH_INVALID;
2072 vs->subauth = VNC_AUTH_INVALID;
2077 int vnc_display_password(DisplayState *ds, const char *password)
2079 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2082 qemu_free(vs->password);
2083 vs->password = NULL;
2085 if (password && password[0]) {
2086 if (!(vs->password = qemu_strdup(password)))
2093 int vnc_display_open(DisplayState *ds, const char *display)
2095 struct sockaddr *addr;
2096 struct sockaddr_in iaddr;
2098 struct sockaddr_un uaddr;
2101 int reuse_addr, ret;
2103 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2104 const char *options;
2108 int tls = 0, x509 = 0;
2111 vnc_display_close(ds);
2112 if (strcmp(display, "none") == 0)
2115 if (!(vs->display = strdup(display)))
2119 while ((options = strchr(options, ','))) {
2121 if (strncmp(options, "password", 8) == 0) {
2122 password = 1; /* Require password auth */
2123 } else if (strncmp(options, "reverse", 7) == 0) {
2126 } else if (strncmp(options, "tls", 3) == 0) {
2127 tls = 1; /* Require TLS */
2128 } else if (strncmp(options, "x509", 4) == 0) {
2130 x509 = 1; /* Require x509 certificates */
2131 if (strncmp(options, "x509verify", 10) == 0)
2132 vs->x509verify = 1; /* ...and verify client certs */
2134 /* Now check for 'x509=/some/path' postfix
2135 * and use that to setup x509 certificate/key paths */
2136 start = strchr(options, '=');
2137 end = strchr(options, ',');
2138 if (start && (!end || (start < end))) {
2139 int len = end ? end-(start+1) : strlen(start+1);
2140 char *path = qemu_malloc(len+1);
2141 strncpy(path, start+1, len);
2143 VNC_DEBUG("Trying certificate path '%s'\n", path);
2144 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2145 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2147 qemu_free(vs->display);
2153 fprintf(stderr, "No certificate path provided\n");
2154 qemu_free(vs->display);
2165 vs->auth = VNC_AUTH_VENCRYPT;
2167 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2168 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2170 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2171 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2175 VNC_DEBUG("Initializing VNC server with password auth\n");
2176 vs->auth = VNC_AUTH_VNC;
2178 vs->subauth = VNC_AUTH_INVALID;
2184 vs->auth = VNC_AUTH_VENCRYPT;
2186 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2187 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2189 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2190 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2194 VNC_DEBUG("Initializing VNC server with no auth\n");
2195 vs->auth = VNC_AUTH_NONE;
2197 vs->subauth = VNC_AUTH_INVALID;
2202 if (strstart(display, "unix:", &p)) {
2203 addr = (struct sockaddr *)&uaddr;
2204 addrlen = sizeof(uaddr);
2206 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2207 if (vs->lsock == -1) {
2208 fprintf(stderr, "Could not create socket\n");
2214 uaddr.sun_family = AF_UNIX;
2215 memset(uaddr.sun_path, 0, 108);
2216 snprintf(uaddr.sun_path, 108, "%s", p);
2219 unlink(uaddr.sun_path);
2224 addr = (struct sockaddr *)&iaddr;
2225 addrlen = sizeof(iaddr);
2227 if (parse_host_port(&iaddr, display) < 0) {
2228 fprintf(stderr, "Could not parse VNC address\n");
2234 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2236 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2237 if (vs->lsock == -1) {
2238 fprintf(stderr, "Could not create socket\n");
2245 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2246 (const char *)&reuse_addr, sizeof(reuse_addr));
2248 fprintf(stderr, "setsockopt() failed\n");
2258 if (connect(vs->lsock, addr, addrlen) == -1) {
2259 fprintf(stderr, "Connection to VNC client failed\n");
2266 vs->csock = vs->lsock;
2273 if (bind(vs->lsock, addr, addrlen) == -1) {
2274 fprintf(stderr, "bind() failed\n");
2282 if (listen(vs->lsock, 1) == -1) {
2283 fprintf(stderr, "listen() failed\n");
2291 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
projects / qemu / blob