2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, char *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
132 int depth; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change;
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159 gnutls_session_t tls_session;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
269 for (i = 0; i < w; i += 16)
270 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
273 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
276 vnc_write_u16(vs, x);
277 vnc_write_u16(vs, y);
278 vnc_write_u16(vs, w);
279 vnc_write_u16(vs, h);
281 vnc_write_s32(vs, encoding);
284 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
287 VncState *vs = ds->opaque;
289 ds->data = realloc(ds->data, w * h * vs->depth);
290 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
292 if (ds->data == NULL || vs->old_data == NULL) {
293 fprintf(stderr, "vnc: memory allocation failed\n");
297 if (ds->depth != vs->depth * 8) {
298 ds->depth = vs->depth * 8;
299 console_color_init(ds);
301 size_changed = ds->width != w || ds->height != h;
304 ds->linesize = w * vs->depth;
305 if (vs->csock != -1 && vs->has_resize && size_changed) {
306 vnc_write_u8(vs, 0); /* msg id */
308 vnc_write_u16(vs, 1); /* number of rects */
309 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
311 vs->width = ds->width;
312 vs->height = ds->height;
317 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
319 vnc_write(vs, pixels, size);
322 /* slowest but generic code. */
323 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
325 unsigned int r, g, b;
327 r = (v >> vs->red_shift1) & vs->red_max;
328 g = (v >> vs->green_shift1) & vs->green_max;
329 b = (v >> vs->blue_shift1) & vs->blue_max;
330 v = (r << vs->red_shift) |
331 (g << vs->green_shift) |
332 (b << vs->blue_shift);
333 switch(vs->pix_bpp) {
338 if (vs->pix_big_endian) {
348 if (vs->pix_big_endian) {
363 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
365 uint32_t *pixels = pixels1;
370 for(i = 0; i < n; i++) {
371 vnc_convert_pixel(vs, buf, pixels[i]);
372 vnc_write(vs, buf, vs->pix_bpp);
376 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
381 vnc_framebuffer_update(vs, x, y, w, h, 0);
383 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
384 for (i = 0; i < h; i++) {
385 vs->write_pixels(vs, row, w * vs->depth);
386 row += vs->ds->linesize;
390 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
392 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
393 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
397 #include "vnchextile.h"
401 #include "vnchextile.h"
405 #include "vnchextile.h"
410 #include "vnchextile.h"
414 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
418 uint32_t last_fg32, last_bg32;
420 vnc_framebuffer_update(vs, x, y, w, h, 5);
423 for (j = y; j < (y + h); j += 16) {
424 for (i = x; i < (x + w); i += 16) {
425 vs->send_hextile_tile(vs, i, j,
426 MIN(16, x + w - i), MIN(16, y + h - j),
427 &last_bg32, &last_fg32, &has_bg, &has_fg);
432 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
435 send_framebuffer_update_hextile(vs, x, y, w, h);
437 send_framebuffer_update_raw(vs, x, y, w, h);
440 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
447 int pitch = ds->linesize;
448 VncState *vs = ds->opaque;
450 vnc_update_client(vs);
457 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
458 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
460 src_row = ds->data + src;
461 dst_row = ds->data + dst;
462 old_row = vs->old_data + dst;
464 for (y = 0; y < h; y++) {
465 memmove(old_row, src_row, w * vs->depth);
466 memmove(dst_row, src_row, w * vs->depth);
472 vnc_write_u8(vs, 0); /* msg id */
474 vnc_write_u16(vs, 1); /* number of rects */
475 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
476 vnc_write_u16(vs, src_x);
477 vnc_write_u16(vs, src_y);
481 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
485 for (h = 1; h < (vs->height - y); h++) {
487 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
489 for (tmp_x = last_x; tmp_x < x; tmp_x++)
490 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
496 static void vnc_update_client(void *opaque)
498 VncState *vs = opaque;
500 if (vs->need_update && vs->csock != -1) {
504 uint32_t width_mask[VNC_DIRTY_WORDS];
509 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
511 /* Walk through the dirty map and eliminate tiles that
512 really aren't dirty */
514 old_row = vs->old_data;
516 for (y = 0; y < vs->height; y++) {
517 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
524 for (x = 0; x < vs->ds->width; x += 16) {
525 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
526 vnc_clear_bit(vs->dirty_row[y], (x / 16));
529 memcpy(old_ptr, ptr, 16 * vs->depth);
532 ptr += 16 * vs->depth;
533 old_ptr += 16 * vs->depth;
537 row += vs->ds->linesize;
538 old_row += vs->ds->linesize;
542 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
546 /* Count rectangles */
548 vnc_write_u8(vs, 0); /* msg id */
550 saved_offset = vs->output.offset;
551 vnc_write_u16(vs, 0);
553 for (y = 0; y < vs->height; y++) {
556 for (x = 0; x < vs->width / 16; x++) {
557 if (vnc_get_bit(vs->dirty_row[y], x)) {
561 vnc_clear_bit(vs->dirty_row[y], x);
564 int h = find_dirty_height(vs, y, last_x, x);
565 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
572 int h = find_dirty_height(vs, y, last_x, x);
573 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
577 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
578 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
582 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
585 static void vnc_timer_init(VncState *vs)
587 if (vs->timer == NULL) {
588 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
589 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock));
593 static void vnc_dpy_refresh(DisplayState *ds)
595 VncState *vs = ds->opaque;
600 static int vnc_listen_poll(void *opaque)
602 VncState *vs = opaque;
608 static void buffer_reserve(Buffer *buffer, size_t len)
610 if ((buffer->capacity - buffer->offset) < len) {
611 buffer->capacity += (len + 1024);
612 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
613 if (buffer->buffer == NULL) {
614 fprintf(stderr, "vnc: out of memory\n");
620 static int buffer_empty(Buffer *buffer)
622 return buffer->offset == 0;
625 static char *buffer_end(Buffer *buffer)
627 return buffer->buffer + buffer->offset;
630 static void buffer_reset(Buffer *buffer)
635 static void buffer_append(Buffer *buffer, const void *data, size_t len)
637 memcpy(buffer->buffer + buffer->offset, data, len);
638 buffer->offset += len;
641 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
643 if (ret == 0 || ret == -1) {
644 if (ret == -1 && (last_errno == EINTR || last_errno == EAGAIN))
647 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
648 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
649 closesocket(vs->csock);
651 buffer_reset(&vs->input);
652 buffer_reset(&vs->output);
655 if (vs->tls_session) {
656 gnutls_deinit(vs->tls_session);
657 vs->tls_session = NULL;
659 vs->wiremode = VNC_WIREMODE_CLEAR;
660 #endif /* CONFIG_VNC_TLS */
666 static void vnc_client_error(VncState *vs)
668 vnc_client_io_error(vs, -1, EINVAL);
671 static void vnc_client_write(void *opaque)
674 VncState *vs = opaque;
677 if (vs->tls_session) {
678 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
680 if (ret == GNUTLS_E_AGAIN)
687 #endif /* CONFIG_VNC_TLS */
688 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
689 ret = vnc_client_io_error(vs, ret, socket_error());
693 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
694 vs->output.offset -= ret;
696 if (vs->output.offset == 0) {
697 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
701 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
703 vs->read_handler = func;
704 vs->read_handler_expect = expecting;
707 static void vnc_client_read(void *opaque)
709 VncState *vs = opaque;
712 buffer_reserve(&vs->input, 4096);
715 if (vs->tls_session) {
716 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
718 if (ret == GNUTLS_E_AGAIN)
725 #endif /* CONFIG_VNC_TLS */
726 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
727 ret = vnc_client_io_error(vs, ret, socket_error());
731 vs->input.offset += ret;
733 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
734 size_t len = vs->read_handler_expect;
737 ret = vs->read_handler(vs, vs->input.buffer, len);
742 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
743 vs->input.offset -= len;
745 vs->read_handler_expect = ret;
750 static void vnc_write(VncState *vs, const void *data, size_t len)
752 buffer_reserve(&vs->output, len);
754 if (buffer_empty(&vs->output)) {
755 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
758 buffer_append(&vs->output, data, len);
761 static void vnc_write_s32(VncState *vs, int32_t value)
763 vnc_write_u32(vs, *(uint32_t *)&value);
766 static void vnc_write_u32(VncState *vs, uint32_t value)
770 buf[0] = (value >> 24) & 0xFF;
771 buf[1] = (value >> 16) & 0xFF;
772 buf[2] = (value >> 8) & 0xFF;
773 buf[3] = value & 0xFF;
775 vnc_write(vs, buf, 4);
778 static void vnc_write_u16(VncState *vs, uint16_t value)
782 buf[0] = (value >> 8) & 0xFF;
783 buf[1] = value & 0xFF;
785 vnc_write(vs, buf, 2);
788 static void vnc_write_u8(VncState *vs, uint8_t value)
790 vnc_write(vs, (char *)&value, 1);
793 static void vnc_flush(VncState *vs)
795 if (vs->output.offset)
796 vnc_client_write(vs);
799 static uint8_t read_u8(uint8_t *data, size_t offset)
804 static uint16_t read_u16(uint8_t *data, size_t offset)
806 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
809 static int32_t read_s32(uint8_t *data, size_t offset)
811 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
812 (data[offset + 2] << 8) | data[offset + 3]);
815 static uint32_t read_u32(uint8_t *data, size_t offset)
817 return ((data[offset] << 24) | (data[offset + 1] << 16) |
818 (data[offset + 2] << 8) | data[offset + 3]);
822 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
825 struct VncState *vs = (struct VncState *)transport;
829 ret = send(vs->csock, data, len, 0);
839 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
842 struct VncState *vs = (struct VncState *)transport;
846 ret = recv(vs->csock, data, len, 0);
854 #endif /* CONFIG_VNC_TLS */
856 static void client_cut_text(VncState *vs, size_t len, char *text)
860 static void check_pointer_type_change(VncState *vs, int absolute)
862 if (vs->has_pointer_type_change && vs->absolute != absolute) {
865 vnc_write_u16(vs, 1);
866 vnc_framebuffer_update(vs, absolute, 0,
867 vs->ds->width, vs->ds->height, -257);
870 vs->absolute = absolute;
873 static void pointer_event(VncState *vs, int button_mask, int x, int y)
878 if (button_mask & 0x01)
879 buttons |= MOUSE_EVENT_LBUTTON;
880 if (button_mask & 0x02)
881 buttons |= MOUSE_EVENT_MBUTTON;
882 if (button_mask & 0x04)
883 buttons |= MOUSE_EVENT_RBUTTON;
884 if (button_mask & 0x08)
886 if (button_mask & 0x10)
890 kbd_mouse_event(x * 0x7FFF / vs->ds->width,
891 y * 0x7FFF / vs->ds->height,
893 } else if (vs->has_pointer_type_change) {
897 kbd_mouse_event(x, y, dz, buttons);
899 if (vs->last_x != -1)
900 kbd_mouse_event(x - vs->last_x,
907 check_pointer_type_change(vs, kbd_mouse_is_absolute());
910 static void reset_keys(VncState *vs)
913 for(i = 0; i < 256; i++) {
914 if (vs->modifiers_state[i]) {
916 kbd_put_keycode(0xe0);
917 kbd_put_keycode(i | 0x80);
918 vs->modifiers_state[i] = 0;
923 static void press_key(VncState *vs, int keysym)
925 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
926 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
929 static void do_key_event(VncState *vs, int down, uint32_t sym)
933 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
935 /* QEMU console switch */
937 case 0x2a: /* Left Shift */
938 case 0x36: /* Right Shift */
939 case 0x1d: /* Left CTRL */
940 case 0x9d: /* Right CTRL */
941 case 0x38: /* Left ALT */
942 case 0xb8: /* Right ALT */
944 vs->modifiers_state[keycode] = 1;
946 vs->modifiers_state[keycode] = 0;
948 case 0x02 ... 0x0a: /* '1' to '9' keys */
949 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
950 /* Reset the modifiers sent to the current console */
952 console_select(keycode - 0x02);
956 case 0x45: /* NumLock */
958 vs->modifiers_state[keycode] ^= 1;
962 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
963 /* If the numlock state needs to change then simulate an additional
964 keypress before sending this one. This will happen if the user
965 toggles numlock away from the VNC window.
967 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
968 if (!vs->modifiers_state[0x45]) {
969 vs->modifiers_state[0x45] = 1;
970 press_key(vs, 0xff7f);
973 if (vs->modifiers_state[0x45]) {
974 vs->modifiers_state[0x45] = 0;
975 press_key(vs, 0xff7f);
980 if (is_graphic_console()) {
982 kbd_put_keycode(0xe0);
984 kbd_put_keycode(keycode & 0x7f);
986 kbd_put_keycode(keycode | 0x80);
988 /* QEMU console emulation */
991 case 0x2a: /* Left Shift */
992 case 0x36: /* Right Shift */
993 case 0x1d: /* Left CTRL */
994 case 0x9d: /* Right CTRL */
995 case 0x38: /* Left ALT */
996 case 0xb8: /* Right ALT */
999 kbd_put_keysym(QEMU_KEY_UP);
1002 kbd_put_keysym(QEMU_KEY_DOWN);
1005 kbd_put_keysym(QEMU_KEY_LEFT);
1008 kbd_put_keysym(QEMU_KEY_RIGHT);
1011 kbd_put_keysym(QEMU_KEY_DELETE);
1014 kbd_put_keysym(QEMU_KEY_HOME);
1017 kbd_put_keysym(QEMU_KEY_END);
1020 kbd_put_keysym(QEMU_KEY_PAGEUP);
1023 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1026 kbd_put_keysym(sym);
1033 static void key_event(VncState *vs, int down, uint32_t sym)
1035 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1036 sym = sym - 'A' + 'a';
1037 do_key_event(vs, down, sym);
1040 static void framebuffer_update_request(VncState *vs, int incremental,
1041 int x_position, int y_position,
1044 if (x_position > vs->ds->width)
1045 x_position = vs->ds->width;
1046 if (y_position > vs->ds->height)
1047 y_position = vs->ds->height;
1048 if (x_position + w >= vs->ds->width)
1049 w = vs->ds->width - x_position;
1050 if (y_position + h >= vs->ds->height)
1051 h = vs->ds->height - y_position;
1054 vs->need_update = 1;
1056 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1058 for (i = 0; i < h; i++) {
1059 vnc_set_bits(vs->dirty_row[y_position + i],
1060 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1061 memset(old_row, 42, vs->ds->width * vs->depth);
1062 old_row += vs->ds->linesize;
1067 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1071 vs->has_hextile = 0;
1073 vs->has_pointer_type_change = 0;
1075 vs->ds->dpy_copy = NULL;
1077 for (i = n_encodings - 1; i >= 0; i--) {
1078 switch (encodings[i]) {
1080 vs->has_hextile = 0;
1082 case 1: /* CopyRect */
1083 vs->ds->dpy_copy = vnc_copy;
1085 case 5: /* Hextile */
1086 vs->has_hextile = 1;
1088 case -223: /* DesktopResize */
1092 vs->has_pointer_type_change = 1;
1099 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1102 static int compute_nbits(unsigned int val)
1113 static void set_pixel_format(VncState *vs,
1114 int bits_per_pixel, int depth,
1115 int big_endian_flag, int true_color_flag,
1116 int red_max, int green_max, int blue_max,
1117 int red_shift, int green_shift, int blue_shift)
1119 int host_big_endian_flag;
1121 #ifdef WORDS_BIGENDIAN
1122 host_big_endian_flag = 1;
1124 host_big_endian_flag = 0;
1126 if (!true_color_flag) {
1128 vnc_client_error(vs);
1131 if (bits_per_pixel == 32 &&
1132 host_big_endian_flag == big_endian_flag &&
1133 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1134 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1136 vs->write_pixels = vnc_write_pixels_copy;
1137 vs->send_hextile_tile = send_hextile_tile_32;
1139 if (bits_per_pixel == 16 &&
1140 host_big_endian_flag == big_endian_flag &&
1141 red_max == 31 && green_max == 63 && blue_max == 31 &&
1142 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1144 vs->write_pixels = vnc_write_pixels_copy;
1145 vs->send_hextile_tile = send_hextile_tile_16;
1147 if (bits_per_pixel == 8 &&
1148 red_max == 7 && green_max == 7 && blue_max == 3 &&
1149 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1151 vs->write_pixels = vnc_write_pixels_copy;
1152 vs->send_hextile_tile = send_hextile_tile_8;
1155 /* generic and slower case */
1156 if (bits_per_pixel != 8 &&
1157 bits_per_pixel != 16 &&
1158 bits_per_pixel != 32)
1161 vs->red_shift = red_shift;
1162 vs->red_max = red_max;
1163 vs->red_shift1 = 24 - compute_nbits(red_max);
1164 vs->green_shift = green_shift;
1165 vs->green_max = green_max;
1166 vs->green_shift1 = 16 - compute_nbits(green_max);
1167 vs->blue_shift = blue_shift;
1168 vs->blue_max = blue_max;
1169 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1170 vs->pix_bpp = bits_per_pixel / 8;
1171 vs->pix_big_endian = big_endian_flag;
1172 vs->write_pixels = vnc_write_pixels_generic;
1173 vs->send_hextile_tile = send_hextile_tile_generic;
1176 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1177 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1178 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
1180 vga_hw_invalidate();
1184 static int protocol_client_msg(VncState *vs, char *data, size_t len)
1194 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1195 read_u8(data, 6), read_u8(data, 7),
1196 read_u16(data, 8), read_u16(data, 10),
1197 read_u16(data, 12), read_u8(data, 14),
1198 read_u8(data, 15), read_u8(data, 16));
1205 return 4 + (read_u16(data, 2) * 4);
1207 limit = read_u16(data, 2);
1208 for (i = 0; i < limit; i++) {
1209 int32_t val = read_s32(data, 4 + (i * 4));
1210 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1213 set_encodings(vs, (int32_t *)(data + 4), limit);
1219 framebuffer_update_request(vs,
1220 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1221 read_u16(data, 6), read_u16(data, 8));
1227 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1233 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1240 uint32_t dlen = read_u32(data, 4);
1245 client_cut_text(vs, read_u32(data, 4), data + 8);
1248 printf("Msg: %d\n", data[0]);
1249 vnc_client_error(vs);
1253 vnc_read_when(vs, protocol_client_msg, 1);
1257 static int protocol_client_init(VncState *vs, char *data, size_t len)
1259 char pad[3] = { 0, 0, 0 };
1263 vs->width = vs->ds->width;
1264 vs->height = vs->ds->height;
1265 vnc_write_u16(vs, vs->ds->width);
1266 vnc_write_u16(vs, vs->ds->height);
1268 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1269 vnc_write_u8(vs, vs->depth * 8); /* depth */
1270 #ifdef WORDS_BIGENDIAN
1271 vnc_write_u8(vs, 1); /* big-endian-flag */
1273 vnc_write_u8(vs, 0); /* big-endian-flag */
1275 vnc_write_u8(vs, 1); /* true-color-flag */
1276 if (vs->depth == 4) {
1277 vnc_write_u16(vs, 0xFF); /* red-max */
1278 vnc_write_u16(vs, 0xFF); /* green-max */
1279 vnc_write_u16(vs, 0xFF); /* blue-max */
1280 vnc_write_u8(vs, 16); /* red-shift */
1281 vnc_write_u8(vs, 8); /* green-shift */
1282 vnc_write_u8(vs, 0); /* blue-shift */
1283 vs->send_hextile_tile = send_hextile_tile_32;
1284 } else if (vs->depth == 2) {
1285 vnc_write_u16(vs, 31); /* red-max */
1286 vnc_write_u16(vs, 63); /* green-max */
1287 vnc_write_u16(vs, 31); /* blue-max */
1288 vnc_write_u8(vs, 11); /* red-shift */
1289 vnc_write_u8(vs, 5); /* green-shift */
1290 vnc_write_u8(vs, 0); /* blue-shift */
1291 vs->send_hextile_tile = send_hextile_tile_16;
1292 } else if (vs->depth == 1) {
1293 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1294 vnc_write_u16(vs, 7); /* red-max */
1295 vnc_write_u16(vs, 7); /* green-max */
1296 vnc_write_u16(vs, 3); /* blue-max */
1297 vnc_write_u8(vs, 5); /* red-shift */
1298 vnc_write_u8(vs, 2); /* green-shift */
1299 vnc_write_u8(vs, 0); /* blue-shift */
1300 vs->send_hextile_tile = send_hextile_tile_8;
1302 vs->write_pixels = vnc_write_pixels_copy;
1304 vnc_write(vs, pad, 3); /* padding */
1307 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1309 size = snprintf(buf, sizeof(buf), "QEMU");
1311 vnc_write_u32(vs, size);
1312 vnc_write(vs, buf, size);
1315 vnc_read_when(vs, protocol_client_msg, 1);
1320 static void make_challenge(VncState *vs)
1324 srand(time(NULL)+getpid()+getpid()*987654+rand());
1326 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1327 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1330 static int protocol_client_auth_vnc(VncState *vs, char *data, size_t len)
1332 char response[VNC_AUTH_CHALLENGE_SIZE];
1336 if (!vs->password || !vs->password[0]) {
1337 VNC_DEBUG("No password configured on server");
1338 vnc_write_u32(vs, 1); /* Reject auth */
1339 if (vs->minor >= 8) {
1340 static const char err[] = "Authentication failed";
1341 vnc_write_u32(vs, sizeof(err));
1342 vnc_write(vs, err, sizeof(err));
1345 vnc_client_error(vs);
1349 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1351 /* Calculate the expected challenge response */
1352 pwlen = strlen(vs->password);
1353 for (i=0; i<sizeof(key); i++)
1354 key[i] = i<pwlen ? vs->password[i] : 0;
1356 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1357 des(response+j, response+j);
1359 /* Compare expected vs actual challenge response */
1360 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1361 VNC_DEBUG("Client challenge reponse did not match\n");
1362 vnc_write_u32(vs, 1); /* Reject auth */
1363 if (vs->minor >= 8) {
1364 static const char err[] = "Authentication failed";
1365 vnc_write_u32(vs, sizeof(err));
1366 vnc_write(vs, err, sizeof(err));
1369 vnc_client_error(vs);
1371 VNC_DEBUG("Accepting VNC challenge response\n");
1372 vnc_write_u32(vs, 0); /* Accept auth */
1375 vnc_read_when(vs, protocol_client_init, 1);
1380 static int start_auth_vnc(VncState *vs)
1383 /* Send client a 'random' challenge */
1384 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1387 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1393 #define DH_BITS 1024
1394 static gnutls_dh_params_t dh_params;
1396 static int vnc_tls_initialize(void)
1398 static int tlsinitialized = 0;
1403 if (gnutls_global_init () < 0)
1406 /* XXX ought to re-generate diffie-hellmen params periodically */
1407 if (gnutls_dh_params_init (&dh_params) < 0)
1409 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1413 gnutls_global_set_log_level(10);
1414 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1422 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1424 gnutls_anon_server_credentials anon_cred;
1427 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1428 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1432 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1438 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1440 gnutls_certificate_credentials_t x509_cred;
1443 if (!vs->x509cacert) {
1444 VNC_DEBUG("No CA x509 certificate specified\n");
1447 if (!vs->x509cert) {
1448 VNC_DEBUG("No server x509 certificate specified\n");
1452 VNC_DEBUG("No server private key specified\n");
1456 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1457 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1460 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1462 GNUTLS_X509_FMT_PEM)) < 0) {
1463 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1464 gnutls_certificate_free_credentials(x509_cred);
1468 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1471 GNUTLS_X509_FMT_PEM)) < 0) {
1472 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1473 gnutls_certificate_free_credentials(x509_cred);
1477 if (vs->x509cacrl) {
1478 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1480 GNUTLS_X509_FMT_PEM)) < 0) {
1481 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1482 gnutls_certificate_free_credentials(x509_cred);
1487 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1492 static int vnc_validate_certificate(struct VncState *vs)
1495 unsigned int status;
1496 const gnutls_datum_t *certs;
1497 unsigned int nCerts, i;
1500 VNC_DEBUG("Validating client certificate\n");
1501 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1502 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1506 if ((now = time(NULL)) == ((time_t)-1)) {
1511 if (status & GNUTLS_CERT_INVALID)
1512 VNC_DEBUG("The certificate is not trusted.\n");
1514 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1515 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1517 if (status & GNUTLS_CERT_REVOKED)
1518 VNC_DEBUG("The certificate has been revoked.\n");
1520 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1521 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1525 VNC_DEBUG("Certificate is valid!\n");
1528 /* Only support x509 for now */
1529 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1532 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1535 for (i = 0 ; i < nCerts ; i++) {
1536 gnutls_x509_crt_t cert;
1537 VNC_DEBUG ("Checking certificate chain %d\n", i);
1538 if (gnutls_x509_crt_init (&cert) < 0)
1541 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1542 gnutls_x509_crt_deinit (cert);
1546 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1547 VNC_DEBUG("The certificate has expired\n");
1548 gnutls_x509_crt_deinit (cert);
1552 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1553 VNC_DEBUG("The certificate is not yet activated\n");
1554 gnutls_x509_crt_deinit (cert);
1558 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1559 VNC_DEBUG("The certificate is not yet activated\n");
1560 gnutls_x509_crt_deinit (cert);
1564 gnutls_x509_crt_deinit (cert);
1571 static int start_auth_vencrypt_subauth(VncState *vs)
1573 switch (vs->subauth) {
1574 case VNC_AUTH_VENCRYPT_TLSNONE:
1575 case VNC_AUTH_VENCRYPT_X509NONE:
1576 VNC_DEBUG("Accept TLS auth none\n");
1577 vnc_write_u32(vs, 0); /* Accept auth completion */
1578 vnc_read_when(vs, protocol_client_init, 1);
1581 case VNC_AUTH_VENCRYPT_TLSVNC:
1582 case VNC_AUTH_VENCRYPT_X509VNC:
1583 VNC_DEBUG("Start TLS auth VNC\n");
1584 return start_auth_vnc(vs);
1586 default: /* Should not be possible, but just in case */
1587 VNC_DEBUG("Reject auth %d\n", vs->auth);
1588 vnc_write_u8(vs, 1);
1589 if (vs->minor >= 8) {
1590 static const char err[] = "Unsupported authentication type";
1591 vnc_write_u32(vs, sizeof(err));
1592 vnc_write(vs, err, sizeof(err));
1594 vnc_client_error(vs);
1600 static void vnc_handshake_io(void *opaque);
1602 static int vnc_continue_handshake(struct VncState *vs) {
1605 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1606 if (!gnutls_error_is_fatal(ret)) {
1607 VNC_DEBUG("Handshake interrupted (blocking)\n");
1608 if (!gnutls_record_get_direction(vs->tls_session))
1609 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1611 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1614 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1615 vnc_client_error(vs);
1619 if (vs->x509verify) {
1620 if (vnc_validate_certificate(vs) < 0) {
1621 VNC_DEBUG("Client verification failed\n");
1622 vnc_client_error(vs);
1625 VNC_DEBUG("Client verification passed\n");
1629 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1630 vs->wiremode = VNC_WIREMODE_TLS;
1631 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1633 return start_auth_vencrypt_subauth(vs);
1636 static void vnc_handshake_io(void *opaque) {
1637 struct VncState *vs = (struct VncState *)opaque;
1639 VNC_DEBUG("Handshake IO continue\n");
1640 vnc_continue_handshake(vs);
1643 #define NEED_X509_AUTH(vs) \
1644 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1645 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1646 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1649 static int vnc_start_tls(struct VncState *vs) {
1650 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1651 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1652 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1653 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1655 VNC_DEBUG("Do TLS setup\n");
1656 if (vnc_tls_initialize() < 0) {
1657 VNC_DEBUG("Failed to init TLS\n");
1658 vnc_client_error(vs);
1661 if (vs->tls_session == NULL) {
1662 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1663 vnc_client_error(vs);
1667 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1668 gnutls_deinit(vs->tls_session);
1669 vs->tls_session = NULL;
1670 vnc_client_error(vs);
1674 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1675 gnutls_deinit(vs->tls_session);
1676 vs->tls_session = NULL;
1677 vnc_client_error(vs);
1681 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1682 gnutls_deinit(vs->tls_session);
1683 vs->tls_session = NULL;
1684 vnc_client_error(vs);
1688 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1689 gnutls_deinit(vs->tls_session);
1690 vs->tls_session = NULL;
1691 vnc_client_error(vs);
1695 if (NEED_X509_AUTH(vs)) {
1696 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1698 gnutls_deinit(vs->tls_session);
1699 vs->tls_session = NULL;
1700 vnc_client_error(vs);
1703 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1704 gnutls_deinit(vs->tls_session);
1705 vs->tls_session = NULL;
1706 gnutls_certificate_free_credentials(x509_cred);
1707 vnc_client_error(vs);
1710 if (vs->x509verify) {
1711 VNC_DEBUG("Requesting a client certificate\n");
1712 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1716 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1718 gnutls_deinit(vs->tls_session);
1719 vs->tls_session = NULL;
1720 vnc_client_error(vs);
1723 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1724 gnutls_deinit(vs->tls_session);
1725 vs->tls_session = NULL;
1726 gnutls_anon_free_server_credentials(anon_cred);
1727 vnc_client_error(vs);
1732 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1733 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1734 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1737 VNC_DEBUG("Start TLS handshake process\n");
1738 return vnc_continue_handshake(vs);
1741 static int protocol_client_vencrypt_auth(VncState *vs, char *data, size_t len)
1743 int auth = read_u32(data, 0);
1745 if (auth != vs->subauth) {
1746 VNC_DEBUG("Rejecting auth %d\n", auth);
1747 vnc_write_u8(vs, 0); /* Reject auth */
1749 vnc_client_error(vs);
1751 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1752 vnc_write_u8(vs, 1); /* Accept auth */
1755 if (vnc_start_tls(vs) < 0) {
1756 VNC_DEBUG("Failed to complete TLS\n");
1760 if (vs->wiremode == VNC_WIREMODE_TLS) {
1761 VNC_DEBUG("Starting VeNCrypt subauth\n");
1762 return start_auth_vencrypt_subauth(vs);
1764 VNC_DEBUG("TLS handshake blocked\n");
1771 static int protocol_client_vencrypt_init(VncState *vs, char *data, size_t len)
1775 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1776 vnc_write_u8(vs, 1); /* Reject version */
1778 vnc_client_error(vs);
1780 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1781 vnc_write_u8(vs, 0); /* Accept version */
1782 vnc_write_u8(vs, 1); /* Number of sub-auths */
1783 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1785 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1790 static int start_auth_vencrypt(VncState *vs)
1792 /* Send VeNCrypt version 0.2 */
1793 vnc_write_u8(vs, 0);
1794 vnc_write_u8(vs, 2);
1796 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1799 #endif /* CONFIG_VNC_TLS */
1801 static int protocol_client_auth(VncState *vs, char *data, size_t len)
1803 /* We only advertise 1 auth scheme at a time, so client
1804 * must pick the one we sent. Verify this */
1805 if (data[0] != vs->auth) { /* Reject auth */
1806 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1807 vnc_write_u32(vs, 1);
1808 if (vs->minor >= 8) {
1809 static const char err[] = "Authentication failed";
1810 vnc_write_u32(vs, sizeof(err));
1811 vnc_write(vs, err, sizeof(err));
1813 vnc_client_error(vs);
1814 } else { /* Accept requested auth */
1815 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1818 VNC_DEBUG("Accept auth none\n");
1819 if (vs->minor >= 8) {
1820 vnc_write_u32(vs, 0); /* Accept auth completion */
1823 vnc_read_when(vs, protocol_client_init, 1);
1827 VNC_DEBUG("Start VNC auth\n");
1828 return start_auth_vnc(vs);
1831 case VNC_AUTH_VENCRYPT:
1832 VNC_DEBUG("Accept VeNCrypt auth\n");;
1833 return start_auth_vencrypt(vs);
1834 #endif /* CONFIG_VNC_TLS */
1836 default: /* Should not be possible, but just in case */
1837 VNC_DEBUG("Reject auth %d\n", vs->auth);
1838 vnc_write_u8(vs, 1);
1839 if (vs->minor >= 8) {
1840 static const char err[] = "Authentication failed";
1841 vnc_write_u32(vs, sizeof(err));
1842 vnc_write(vs, err, sizeof(err));
1844 vnc_client_error(vs);
1850 static int protocol_version(VncState *vs, char *version, size_t len)
1854 memcpy(local, version, 12);
1857 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1858 VNC_DEBUG("Malformed protocol version %s\n", local);
1859 vnc_client_error(vs);
1862 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1863 if (vs->major != 3 ||
1869 VNC_DEBUG("Unsupported client version\n");
1870 vnc_write_u32(vs, VNC_AUTH_INVALID);
1872 vnc_client_error(vs);
1875 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1876 * as equivalent to v3.3 by servers
1878 if (vs->minor == 4 || vs->minor == 5)
1881 if (vs->minor == 3) {
1882 if (vs->auth == VNC_AUTH_NONE) {
1883 VNC_DEBUG("Tell client auth none\n");
1884 vnc_write_u32(vs, vs->auth);
1886 vnc_read_when(vs, protocol_client_init, 1);
1887 } else if (vs->auth == VNC_AUTH_VNC) {
1888 VNC_DEBUG("Tell client VNC auth\n");
1889 vnc_write_u32(vs, vs->auth);
1893 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1894 vnc_write_u32(vs, VNC_AUTH_INVALID);
1896 vnc_client_error(vs);
1899 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1900 vnc_write_u8(vs, 1); /* num auth */
1901 vnc_write_u8(vs, vs->auth);
1902 vnc_read_when(vs, protocol_client_auth, 1);
1909 static void vnc_listen_read(void *opaque)
1911 VncState *vs = opaque;
1912 struct sockaddr_in addr;
1913 socklen_t addrlen = sizeof(addr);
1915 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1916 if (vs->csock != -1) {
1917 VNC_DEBUG("New client on socket %d\n", vs->csock);
1918 socket_set_nonblock(vs->csock);
1919 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, opaque);
1920 vnc_write(vs, "RFB 003.008\n", 12);
1922 vnc_read_when(vs, protocol_version, 12);
1923 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1924 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1926 vs->has_hextile = 0;
1927 vs->ds->dpy_copy = NULL;
1931 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1933 void vnc_display_init(DisplayState *ds)
1937 vs = qemu_mallocz(sizeof(VncState));
1944 vs->password = NULL;
1954 if (!keyboard_layout)
1955 keyboard_layout = "en-us";
1957 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1958 if (!vs->kbd_layout)
1961 vs->ds->data = NULL;
1962 vs->ds->dpy_update = vnc_dpy_update;
1963 vs->ds->dpy_resize = vnc_dpy_resize;
1964 vs->ds->dpy_refresh = vnc_dpy_refresh;
1966 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1968 vnc_dpy_resize(vs->ds, 640, 400);
1972 static int vnc_set_x509_credential(VncState *vs,
1973 const char *certdir,
1974 const char *filename,
1985 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
1988 strcpy(*cred, certdir);
1990 strcat(*cred, filename);
1992 VNC_DEBUG("Check %s\n", *cred);
1993 if (stat(*cred, &sb) < 0) {
1996 if (ignoreMissing && errno == ENOENT)
2004 static int vnc_set_x509_credential_dir(VncState *vs,
2005 const char *certdir)
2007 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2009 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2011 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2013 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2019 qemu_free(vs->x509cacert);
2020 qemu_free(vs->x509cacrl);
2021 qemu_free(vs->x509cert);
2022 qemu_free(vs->x509key);
2023 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2026 #endif /* CONFIG_VNC_TLS */
2028 void vnc_display_close(DisplayState *ds)
2030 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2033 qemu_free(vs->display);
2036 if (vs->lsock != -1) {
2037 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2041 if (vs->csock != -1) {
2042 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2043 closesocket(vs->csock);
2045 buffer_reset(&vs->input);
2046 buffer_reset(&vs->output);
2047 vs->need_update = 0;
2049 if (vs->tls_session) {
2050 gnutls_deinit(vs->tls_session);
2051 vs->tls_session = NULL;
2053 vs->wiremode = VNC_WIREMODE_CLEAR;
2054 #endif /* CONFIG_VNC_TLS */
2056 vs->auth = VNC_AUTH_INVALID;
2058 vs->subauth = VNC_AUTH_INVALID;
2063 int vnc_display_password(DisplayState *ds, const char *password)
2065 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2068 qemu_free(vs->password);
2069 vs->password = NULL;
2071 if (password && password[0]) {
2072 if (!(vs->password = qemu_strdup(password)))
2079 int vnc_display_open(DisplayState *ds, const char *display)
2081 struct sockaddr *addr;
2082 struct sockaddr_in iaddr;
2084 struct sockaddr_un uaddr;
2086 int reuse_addr, ret;
2089 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2090 const char *options;
2093 int tls = 0, x509 = 0;
2096 vnc_display_close(ds);
2097 if (strcmp(display, "none") == 0)
2100 if (!(vs->display = strdup(display)))
2104 while ((options = strchr(options, ','))) {
2106 if (strncmp(options, "password", 8) == 0) {
2107 password = 1; /* Require password auth */
2109 } else if (strncmp(options, "tls", 3) == 0) {
2110 tls = 1; /* Require TLS */
2111 } else if (strncmp(options, "x509", 4) == 0) {
2113 x509 = 1; /* Require x509 certificates */
2114 if (strncmp(options, "x509verify", 10) == 0)
2115 vs->x509verify = 1; /* ...and verify client certs */
2117 /* Now check for 'x509=/some/path' postfix
2118 * and use that to setup x509 certificate/key paths */
2119 start = strchr(options, '=');
2120 end = strchr(options, ',');
2121 if (start && (!end || (start < end))) {
2122 int len = end ? end-(start+1) : strlen(start+1);
2123 char *path = qemu_malloc(len+1);
2124 strncpy(path, start+1, len);
2126 VNC_DEBUG("Trying certificate path '%s'\n", path);
2127 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2128 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2130 qemu_free(vs->display);
2136 fprintf(stderr, "No certificate path provided\n");
2137 qemu_free(vs->display);
2148 vs->auth = VNC_AUTH_VENCRYPT;
2150 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2151 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2153 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2154 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2158 VNC_DEBUG("Initializing VNC server with password auth\n");
2159 vs->auth = VNC_AUTH_VNC;
2161 vs->subauth = VNC_AUTH_INVALID;
2167 vs->auth = VNC_AUTH_VENCRYPT;
2169 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2170 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2172 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2173 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2177 VNC_DEBUG("Initializing VNC server with no auth\n");
2178 vs->auth = VNC_AUTH_NONE;
2180 vs->subauth = VNC_AUTH_INVALID;
2185 if (strstart(display, "unix:", &p)) {
2186 addr = (struct sockaddr *)&uaddr;
2187 addrlen = sizeof(uaddr);
2189 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2190 if (vs->lsock == -1) {
2191 fprintf(stderr, "Could not create socket\n");
2197 uaddr.sun_family = AF_UNIX;
2198 memset(uaddr.sun_path, 0, 108);
2199 snprintf(uaddr.sun_path, 108, "%s", p);
2201 unlink(uaddr.sun_path);
2205 addr = (struct sockaddr *)&iaddr;
2206 addrlen = sizeof(iaddr);
2208 if (parse_host_port(&iaddr, display) < 0) {
2209 fprintf(stderr, "Could not parse VNC address\n");
2215 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + 5900);
2217 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2218 if (vs->lsock == -1) {
2219 fprintf(stderr, "Could not create socket\n");
2226 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2227 (const char *)&reuse_addr, sizeof(reuse_addr));
2229 fprintf(stderr, "setsockopt() failed\n");
2238 if (bind(vs->lsock, addr, addrlen) == -1) {
2239 fprintf(stderr, "bind() failed\n");
2247 if (listen(vs->lsock, 1) == -1) {
2248 fprintf(stderr, "listen() failed\n");
2256 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);