2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "audio/audio.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
36 #include "vnc_keysym.h"
41 #include <gnutls/gnutls.h>
42 #include <gnutls/x509.h>
43 #endif /* CONFIG_VNC_TLS */
45 // #define _VNC_DEBUG 1
48 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
50 #if defined(CONFIG_VNC_TLS) && _VNC_DEBUG >= 2
51 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
52 static void vnc_debug_gnutls_log(int level, const char* str) {
53 VNC_DEBUG("%d %s", level, str);
55 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
57 #define VNC_DEBUG(fmt, ...) do { } while (0)
60 #define count_bits(c, v) { \
61 for (c = 0; v; v >>= 1) \
74 typedef struct VncState VncState;
76 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
78 typedef void VncWritePixels(VncState *vs, void *data, int size);
80 typedef void VncSendHextileTile(VncState *vs,
81 int x, int y, int w, int h,
84 int *has_bg, int *has_fg);
86 #define VNC_MAX_WIDTH 2048
87 #define VNC_MAX_HEIGHT 2048
88 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
90 #define VNC_AUTH_CHALLENGE_SIZE 16
99 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
106 uint32_t vnc_encoding;
107 uint8_t tight_quality;
108 uint8_t tight_compression;
116 #ifdef CONFIG_VNC_TLS
125 char challenge[VNC_AUTH_CHALLENGE_SIZE];
127 #ifdef CONFIG_VNC_TLS
129 gnutls_session_t tls_session;
134 kbd_layout_t *kbd_layout;
135 /* current output mode information */
136 VncWritePixels *write_pixels;
137 VncSendHextileTile *send_hextile_tile;
138 DisplaySurface clientds, serverds;
140 CaptureVoiceOut *audio_cap;
141 struct audsettings as;
143 VncReadEvent *read_handler;
144 size_t read_handler_expect;
146 uint8_t modifiers_state[256];
149 static VncState *vnc_state; /* needed for info vnc */
150 static DisplayChangeListener *dcl;
152 void do_info_vnc(void)
154 if (vnc_state == NULL || vnc_state->display == NULL)
155 term_printf("VNC server disabled\n");
157 term_printf("VNC server active on: ");
158 term_print_filename(vnc_state->display);
161 if (vnc_state->csock == -1)
162 term_printf("No client connected\n");
164 term_printf("Client connected\n");
168 static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
169 return (vs->features & (1 << feature));
173 1) Get the queue working for IO.
174 2) there is some weirdness when using the -S option (the screen is grey
175 and not totally invalidated
176 3) resolutions > 1024
179 static void vnc_write(VncState *vs, const void *data, size_t len);
180 static void vnc_write_u32(VncState *vs, uint32_t value);
181 static void vnc_write_s32(VncState *vs, int32_t value);
182 static void vnc_write_u16(VncState *vs, uint16_t value);
183 static void vnc_write_u8(VncState *vs, uint8_t value);
184 static void vnc_flush(VncState *vs);
185 static void vnc_update_client(void *opaque);
186 static void vnc_client_read(void *opaque);
188 static void vnc_colordepth(DisplayState *ds);
190 static inline void vnc_set_bit(uint32_t *d, int k)
192 d[k >> 5] |= 1 << (k & 0x1f);
195 static inline void vnc_clear_bit(uint32_t *d, int k)
197 d[k >> 5] &= ~(1 << (k & 0x1f));
200 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
210 d[j++] = (1 << n) - 1;
215 static inline int vnc_get_bit(const uint32_t *d, int k)
217 return (d[k >> 5] >> (k & 0x1f)) & 1;
220 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
224 for(i = 0; i < nb_words; i++) {
225 if ((d1[i] & d2[i]) != 0)
231 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
233 VncState *vs = ds->opaque;
238 /* round x down to ensure the loop only spans one 16-pixel block per,
239 iteration. otherwise, if (x % 16) != 0, the last iteration may span
240 two 16-pixel blocks but we only mark the first as dirty
245 x = MIN(x, vs->serverds.width);
246 y = MIN(y, vs->serverds.height);
247 w = MIN(x + w, vs->serverds.width) - x;
248 h = MIN(h, vs->serverds.height);
251 for (i = 0; i < w; i += 16)
252 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
255 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
258 vnc_write_u16(vs, x);
259 vnc_write_u16(vs, y);
260 vnc_write_u16(vs, w);
261 vnc_write_u16(vs, h);
263 vnc_write_s32(vs, encoding);
266 static void buffer_reserve(Buffer *buffer, size_t len)
268 if ((buffer->capacity - buffer->offset) < len) {
269 buffer->capacity += (len + 1024);
270 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
271 if (buffer->buffer == NULL) {
272 fprintf(stderr, "vnc: out of memory\n");
278 static int buffer_empty(Buffer *buffer)
280 return buffer->offset == 0;
283 static uint8_t *buffer_end(Buffer *buffer)
285 return buffer->buffer + buffer->offset;
288 static void buffer_reset(Buffer *buffer)
293 static void buffer_append(Buffer *buffer, const void *data, size_t len)
295 memcpy(buffer->buffer + buffer->offset, data, len);
296 buffer->offset += len;
299 static void vnc_dpy_resize(DisplayState *ds)
302 VncState *vs = ds->opaque;
304 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
306 if (vs->old_data == NULL) {
307 fprintf(stderr, "vnc: memory allocation failed\n");
311 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
312 console_color_init(ds);
314 size_changed = ds_get_width(ds) != vs->serverds.width ||
315 ds_get_height(ds) != vs->serverds.height;
316 vs->serverds = *(ds->surface);
318 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
319 vnc_write_u8(vs, 0); /* msg id */
321 vnc_write_u16(vs, 1); /* number of rects */
322 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
323 VNC_ENCODING_DESKTOPRESIZE);
328 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
329 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
333 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
335 vnc_write(vs, pixels, size);
338 /* slowest but generic code. */
339 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
343 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
344 vs->serverds.pf.rbits);
345 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
346 vs->serverds.pf.gbits);
347 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
348 vs->serverds.pf.bbits);
349 v = (r << vs->clientds.pf.rshift) |
350 (g << vs->clientds.pf.gshift) |
351 (b << vs->clientds.pf.bshift);
352 switch(vs->clientds.pf.bytes_per_pixel) {
357 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
367 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
382 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
386 if (vs->serverds.pf.bytes_per_pixel == 4) {
387 uint32_t *pixels = pixels1;
390 for(i = 0; i < n; i++) {
391 vnc_convert_pixel(vs, buf, pixels[i]);
392 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
394 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
395 uint16_t *pixels = pixels1;
398 for(i = 0; i < n; i++) {
399 vnc_convert_pixel(vs, buf, pixels[i]);
400 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
402 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
403 uint8_t *pixels = pixels1;
406 for(i = 0; i < n; i++) {
407 vnc_convert_pixel(vs, buf, pixels[i]);
408 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
411 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
415 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
420 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
422 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
423 for (i = 0; i < h; i++) {
424 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
425 row += ds_get_linesize(vs->ds);
429 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
431 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
432 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
436 #include "vnchextile.h"
440 #include "vnchextile.h"
444 #include "vnchextile.h"
449 #include "vnchextile.h"
455 #include "vnchextile.h"
461 #include "vnchextile.h"
465 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
469 uint8_t *last_fg, *last_bg;
471 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
473 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
474 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
476 for (j = y; j < (y + h); j += 16) {
477 for (i = x; i < (x + w); i += 16) {
478 vs->send_hextile_tile(vs, i, j,
479 MIN(16, x + w - i), MIN(16, y + h - j),
480 last_bg, last_fg, &has_bg, &has_fg);
488 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
490 switch(vs->vnc_encoding) {
491 case VNC_ENCODING_HEXTILE:
492 send_framebuffer_update_hextile(vs, x, y, w, h);
495 send_framebuffer_update_raw(vs, x, y, w, h);
500 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
502 VncState *vs = ds->opaque;
504 vnc_update_client(vs);
506 vnc_write_u8(vs, 0); /* msg id */
508 vnc_write_u16(vs, 1); /* number of rects */
509 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
510 vnc_write_u16(vs, src_x);
511 vnc_write_u16(vs, src_y);
515 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
519 for (h = 1; h < (vs->serverds.height - y); h++) {
521 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
523 for (tmp_x = last_x; tmp_x < x; tmp_x++)
524 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
530 static void vnc_update_client(void *opaque)
532 VncState *vs = opaque;
534 if (vs->need_update && vs->csock != -1) {
538 uint32_t width_mask[VNC_DIRTY_WORDS];
545 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
547 /* Walk through the dirty map and eliminate tiles that
548 really aren't dirty */
549 row = ds_get_data(vs->ds);
550 old_row = vs->old_data;
552 for (y = 0; y < ds_get_height(vs->ds); y++) {
553 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
559 old_ptr = (char*)old_row;
561 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
562 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
563 vnc_clear_bit(vs->dirty_row[y], (x / 16));
566 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
569 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
570 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
574 row += ds_get_linesize(vs->ds);
575 old_row += ds_get_linesize(vs->ds);
578 if (!has_dirty && !vs->audio_cap) {
579 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
583 /* Count rectangles */
585 vnc_write_u8(vs, 0); /* msg id */
587 saved_offset = vs->output.offset;
588 vnc_write_u16(vs, 0);
590 for (y = 0; y < vs->serverds.height; y++) {
593 for (x = 0; x < vs->serverds.width / 16; x++) {
594 if (vnc_get_bit(vs->dirty_row[y], x)) {
598 vnc_clear_bit(vs->dirty_row[y], x);
601 int h = find_dirty_height(vs, y, last_x, x);
602 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
609 int h = find_dirty_height(vs, y, last_x, x);
610 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
614 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
615 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
620 if (vs->csock != -1) {
621 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
626 static int vnc_listen_poll(void *opaque)
628 VncState *vs = opaque;
635 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
637 VncState *vs = opaque;
640 case AUD_CNOTIFY_DISABLE:
641 vnc_write_u8(vs, 255);
643 vnc_write_u16(vs, 0);
647 case AUD_CNOTIFY_ENABLE:
648 vnc_write_u8(vs, 255);
650 vnc_write_u16(vs, 1);
656 static void audio_capture_destroy(void *opaque)
660 static void audio_capture(void *opaque, void *buf, int size)
662 VncState *vs = opaque;
664 vnc_write_u8(vs, 255);
666 vnc_write_u16(vs, 2);
667 vnc_write_u32(vs, size);
668 vnc_write(vs, buf, size);
672 static void audio_add(VncState *vs)
674 struct audio_capture_ops ops;
677 term_printf ("audio already running\n");
681 ops.notify = audio_capture_notify;
682 ops.destroy = audio_capture_destroy;
683 ops.capture = audio_capture;
685 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
686 if (!vs->audio_cap) {
687 term_printf ("Failed to add audio capture\n");
691 static void audio_del(VncState *vs)
694 AUD_del_capture(vs->audio_cap, vs);
695 vs->audio_cap = NULL;
699 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
701 if (ret == 0 || ret == -1) {
703 switch (last_errno) {
715 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
716 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
717 closesocket(vs->csock);
720 buffer_reset(&vs->input);
721 buffer_reset(&vs->output);
723 #ifdef CONFIG_VNC_TLS
724 if (vs->tls_session) {
725 gnutls_deinit(vs->tls_session);
726 vs->tls_session = NULL;
728 vs->wiremode = VNC_WIREMODE_CLEAR;
729 #endif /* CONFIG_VNC_TLS */
736 static void vnc_client_error(VncState *vs)
738 vnc_client_io_error(vs, -1, EINVAL);
741 static void vnc_client_write(void *opaque)
744 VncState *vs = opaque;
746 #ifdef CONFIG_VNC_TLS
747 if (vs->tls_session) {
748 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
750 if (ret == GNUTLS_E_AGAIN)
757 #endif /* CONFIG_VNC_TLS */
758 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
759 ret = vnc_client_io_error(vs, ret, socket_error());
763 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
764 vs->output.offset -= ret;
766 if (vs->output.offset == 0) {
767 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
771 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
773 vs->read_handler = func;
774 vs->read_handler_expect = expecting;
777 static void vnc_client_read(void *opaque)
779 VncState *vs = opaque;
782 buffer_reserve(&vs->input, 4096);
784 #ifdef CONFIG_VNC_TLS
785 if (vs->tls_session) {
786 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
788 if (ret == GNUTLS_E_AGAIN)
795 #endif /* CONFIG_VNC_TLS */
796 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
797 ret = vnc_client_io_error(vs, ret, socket_error());
801 vs->input.offset += ret;
803 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
804 size_t len = vs->read_handler_expect;
807 ret = vs->read_handler(vs, vs->input.buffer, len);
812 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
813 vs->input.offset -= len;
815 vs->read_handler_expect = ret;
820 static void vnc_write(VncState *vs, const void *data, size_t len)
822 buffer_reserve(&vs->output, len);
824 if (buffer_empty(&vs->output)) {
825 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
828 buffer_append(&vs->output, data, len);
831 static void vnc_write_s32(VncState *vs, int32_t value)
833 vnc_write_u32(vs, *(uint32_t *)&value);
836 static void vnc_write_u32(VncState *vs, uint32_t value)
840 buf[0] = (value >> 24) & 0xFF;
841 buf[1] = (value >> 16) & 0xFF;
842 buf[2] = (value >> 8) & 0xFF;
843 buf[3] = value & 0xFF;
845 vnc_write(vs, buf, 4);
848 static void vnc_write_u16(VncState *vs, uint16_t value)
852 buf[0] = (value >> 8) & 0xFF;
853 buf[1] = value & 0xFF;
855 vnc_write(vs, buf, 2);
858 static void vnc_write_u8(VncState *vs, uint8_t value)
860 vnc_write(vs, (char *)&value, 1);
863 static void vnc_flush(VncState *vs)
865 if (vs->output.offset)
866 vnc_client_write(vs);
869 static uint8_t read_u8(uint8_t *data, size_t offset)
874 static uint16_t read_u16(uint8_t *data, size_t offset)
876 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
879 static int32_t read_s32(uint8_t *data, size_t offset)
881 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
882 (data[offset + 2] << 8) | data[offset + 3]);
885 static uint32_t read_u32(uint8_t *data, size_t offset)
887 return ((data[offset] << 24) | (data[offset + 1] << 16) |
888 (data[offset + 2] << 8) | data[offset + 3]);
891 #ifdef CONFIG_VNC_TLS
892 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
895 struct VncState *vs = (struct VncState *)transport;
899 ret = send(vs->csock, data, len, 0);
909 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
912 struct VncState *vs = (struct VncState *)transport;
916 ret = recv(vs->csock, data, len, 0);
924 #endif /* CONFIG_VNC_TLS */
926 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
930 static void check_pointer_type_change(VncState *vs, int absolute)
932 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
935 vnc_write_u16(vs, 1);
936 vnc_framebuffer_update(vs, absolute, 0,
937 ds_get_width(vs->ds), ds_get_height(vs->ds),
938 VNC_ENCODING_POINTER_TYPE_CHANGE);
941 vs->absolute = absolute;
944 static void pointer_event(VncState *vs, int button_mask, int x, int y)
949 if (button_mask & 0x01)
950 buttons |= MOUSE_EVENT_LBUTTON;
951 if (button_mask & 0x02)
952 buttons |= MOUSE_EVENT_MBUTTON;
953 if (button_mask & 0x04)
954 buttons |= MOUSE_EVENT_RBUTTON;
955 if (button_mask & 0x08)
957 if (button_mask & 0x10)
961 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
962 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
964 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
968 kbd_mouse_event(x, y, dz, buttons);
970 if (vs->last_x != -1)
971 kbd_mouse_event(x - vs->last_x,
978 check_pointer_type_change(vs, kbd_mouse_is_absolute());
981 static void reset_keys(VncState *vs)
984 for(i = 0; i < 256; i++) {
985 if (vs->modifiers_state[i]) {
987 kbd_put_keycode(0xe0);
988 kbd_put_keycode(i | 0x80);
989 vs->modifiers_state[i] = 0;
994 static void press_key(VncState *vs, int keysym)
996 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
997 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
1000 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1002 /* QEMU console switch */
1004 case 0x2a: /* Left Shift */
1005 case 0x36: /* Right Shift */
1006 case 0x1d: /* Left CTRL */
1007 case 0x9d: /* Right CTRL */
1008 case 0x38: /* Left ALT */
1009 case 0xb8: /* Right ALT */
1011 vs->modifiers_state[keycode] = 1;
1013 vs->modifiers_state[keycode] = 0;
1015 case 0x02 ... 0x0a: /* '1' to '9' keys */
1016 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1017 /* Reset the modifiers sent to the current console */
1019 console_select(keycode - 0x02);
1023 case 0x3a: /* CapsLock */
1024 case 0x45: /* NumLock */
1026 vs->modifiers_state[keycode] ^= 1;
1030 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1031 /* If the numlock state needs to change then simulate an additional
1032 keypress before sending this one. This will happen if the user
1033 toggles numlock away from the VNC window.
1035 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1036 if (!vs->modifiers_state[0x45]) {
1037 vs->modifiers_state[0x45] = 1;
1038 press_key(vs, 0xff7f);
1041 if (vs->modifiers_state[0x45]) {
1042 vs->modifiers_state[0x45] = 0;
1043 press_key(vs, 0xff7f);
1048 if (is_graphic_console()) {
1050 kbd_put_keycode(0xe0);
1052 kbd_put_keycode(keycode & 0x7f);
1054 kbd_put_keycode(keycode | 0x80);
1056 /* QEMU console emulation */
1059 case 0x2a: /* Left Shift */
1060 case 0x36: /* Right Shift */
1061 case 0x1d: /* Left CTRL */
1062 case 0x9d: /* Right CTRL */
1063 case 0x38: /* Left ALT */
1064 case 0xb8: /* Right ALT */
1067 kbd_put_keysym(QEMU_KEY_UP);
1070 kbd_put_keysym(QEMU_KEY_DOWN);
1073 kbd_put_keysym(QEMU_KEY_LEFT);
1076 kbd_put_keysym(QEMU_KEY_RIGHT);
1079 kbd_put_keysym(QEMU_KEY_DELETE);
1082 kbd_put_keysym(QEMU_KEY_HOME);
1085 kbd_put_keysym(QEMU_KEY_END);
1088 kbd_put_keysym(QEMU_KEY_PAGEUP);
1091 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1094 kbd_put_keysym(sym);
1101 static void key_event(VncState *vs, int down, uint32_t sym)
1105 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1106 sym = sym - 'A' + 'a';
1108 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1109 do_key_event(vs, down, keycode, sym);
1112 static void ext_key_event(VncState *vs, int down,
1113 uint32_t sym, uint16_t keycode)
1115 /* if the user specifies a keyboard layout, always use it */
1116 if (keyboard_layout)
1117 key_event(vs, down, sym);
1119 do_key_event(vs, down, keycode, sym);
1122 static void framebuffer_update_request(VncState *vs, int incremental,
1123 int x_position, int y_position,
1126 if (x_position > ds_get_width(vs->ds))
1127 x_position = ds_get_width(vs->ds);
1128 if (y_position > ds_get_height(vs->ds))
1129 y_position = ds_get_height(vs->ds);
1130 if (x_position + w >= ds_get_width(vs->ds))
1131 w = ds_get_width(vs->ds) - x_position;
1132 if (y_position + h >= ds_get_height(vs->ds))
1133 h = ds_get_height(vs->ds) - y_position;
1136 vs->need_update = 1;
1138 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1140 for (i = 0; i < h; i++) {
1141 vnc_set_bits(vs->dirty_row[y_position + i],
1142 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1143 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1144 old_row += ds_get_linesize(vs->ds);
1149 static void send_ext_key_event_ack(VncState *vs)
1151 vnc_write_u8(vs, 0);
1152 vnc_write_u8(vs, 0);
1153 vnc_write_u16(vs, 1);
1154 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1155 VNC_ENCODING_EXT_KEY_EVENT);
1159 static void send_ext_audio_ack(VncState *vs)
1161 vnc_write_u8(vs, 0);
1162 vnc_write_u8(vs, 0);
1163 vnc_write_u16(vs, 1);
1164 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1165 VNC_ENCODING_AUDIO);
1169 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1172 unsigned int enc = 0;
1175 vs->vnc_encoding = 0;
1176 vs->tight_compression = 9;
1177 vs->tight_quality = 9;
1179 dcl->dpy_copy = NULL;
1181 for (i = n_encodings - 1; i >= 0; i--) {
1184 case VNC_ENCODING_RAW:
1185 vs->vnc_encoding = enc;
1187 case VNC_ENCODING_COPYRECT:
1188 dcl->dpy_copy = vnc_copy;
1190 case VNC_ENCODING_HEXTILE:
1191 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1192 vs->vnc_encoding = enc;
1194 case VNC_ENCODING_DESKTOPRESIZE:
1195 vs->features |= VNC_FEATURE_RESIZE_MASK;
1197 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1198 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1200 case VNC_ENCODING_EXT_KEY_EVENT:
1201 send_ext_key_event_ack(vs);
1203 case VNC_ENCODING_AUDIO:
1204 send_ext_audio_ack(vs);
1206 case VNC_ENCODING_WMVi:
1207 vs->features |= VNC_FEATURE_WMVI_MASK;
1209 case VNC_ENCODING_COMPRESSLEVEL0 ... VNC_ENCODING_COMPRESSLEVEL0 + 9:
1210 vs->tight_compression = (enc & 0x0F);
1212 case VNC_ENCODING_QUALITYLEVEL0 ... VNC_ENCODING_QUALITYLEVEL0 + 9:
1213 vs->tight_quality = (enc & 0x0F);
1216 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1221 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1224 static void set_pixel_conversion(VncState *vs)
1226 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1227 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1228 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1229 vs->write_pixels = vnc_write_pixels_copy;
1230 switch (vs->ds->surface->pf.bits_per_pixel) {
1232 vs->send_hextile_tile = send_hextile_tile_8;
1235 vs->send_hextile_tile = send_hextile_tile_16;
1238 vs->send_hextile_tile = send_hextile_tile_32;
1242 vs->write_pixels = vnc_write_pixels_generic;
1243 switch (vs->ds->surface->pf.bits_per_pixel) {
1245 vs->send_hextile_tile = send_hextile_tile_generic_8;
1248 vs->send_hextile_tile = send_hextile_tile_generic_16;
1251 vs->send_hextile_tile = send_hextile_tile_generic_32;
1257 static void set_pixel_format(VncState *vs,
1258 int bits_per_pixel, int depth,
1259 int big_endian_flag, int true_color_flag,
1260 int red_max, int green_max, int blue_max,
1261 int red_shift, int green_shift, int blue_shift)
1263 if (!true_color_flag) {
1264 vnc_client_error(vs);
1268 vs->clientds = vs->serverds;
1269 vs->clientds.pf.rmax = red_max;
1270 count_bits(vs->clientds.pf.rbits, red_max);
1271 vs->clientds.pf.rshift = red_shift;
1272 vs->clientds.pf.rmask = red_max << red_shift;
1273 vs->clientds.pf.gmax = green_max;
1274 count_bits(vs->clientds.pf.gbits, green_max);
1275 vs->clientds.pf.gshift = green_shift;
1276 vs->clientds.pf.gmask = green_max << green_shift;
1277 vs->clientds.pf.bmax = blue_max;
1278 count_bits(vs->clientds.pf.bbits, blue_max);
1279 vs->clientds.pf.bshift = blue_shift;
1280 vs->clientds.pf.bmask = blue_max << blue_shift;
1281 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1282 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1283 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1284 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1286 set_pixel_conversion(vs);
1288 vga_hw_invalidate();
1292 static void pixel_format_message (VncState *vs) {
1293 char pad[3] = { 0, 0, 0 };
1295 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1296 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1298 #ifdef WORDS_BIGENDIAN
1299 vnc_write_u8(vs, 1); /* big-endian-flag */
1301 vnc_write_u8(vs, 0); /* big-endian-flag */
1303 vnc_write_u8(vs, 1); /* true-color-flag */
1304 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1305 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1306 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1307 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1308 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1309 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1310 if (vs->ds->surface->pf.bits_per_pixel == 32)
1311 vs->send_hextile_tile = send_hextile_tile_32;
1312 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1313 vs->send_hextile_tile = send_hextile_tile_16;
1314 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1315 vs->send_hextile_tile = send_hextile_tile_8;
1316 vs->clientds = *(vs->ds->surface);
1317 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1318 vs->write_pixels = vnc_write_pixels_copy;
1320 vnc_write(vs, pad, 3); /* padding */
1323 static void vnc_dpy_setdata(DisplayState *ds)
1325 /* We don't have to do anything */
1328 static void vnc_colordepth(DisplayState *ds)
1330 struct VncState *vs = ds->opaque;
1332 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1333 /* Sending a WMVi message to notify the client*/
1334 vnc_write_u8(vs, 0); /* msg id */
1335 vnc_write_u8(vs, 0);
1336 vnc_write_u16(vs, 1); /* number of rects */
1337 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
1339 pixel_format_message(vs);
1342 set_pixel_conversion(vs);
1346 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1356 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1357 read_u8(data, 6), read_u8(data, 7),
1358 read_u16(data, 8), read_u16(data, 10),
1359 read_u16(data, 12), read_u8(data, 14),
1360 read_u8(data, 15), read_u8(data, 16));
1367 limit = read_u16(data, 2);
1369 return 4 + (limit * 4);
1371 limit = read_u16(data, 2);
1373 for (i = 0; i < limit; i++) {
1374 int32_t val = read_s32(data, 4 + (i * 4));
1375 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1378 set_encodings(vs, (int32_t *)(data + 4), limit);
1384 framebuffer_update_request(vs,
1385 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1386 read_u16(data, 6), read_u16(data, 8));
1392 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1398 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1405 uint32_t dlen = read_u32(data, 4);
1410 client_cut_text(vs, read_u32(data, 4), data + 8);
1416 switch (read_u8(data, 1)) {
1421 ext_key_event(vs, read_u16(data, 2),
1422 read_u32(data, 4), read_u32(data, 8));
1428 switch (read_u16 (data, 2)) {
1438 switch (read_u8(data, 4)) {
1439 case 0: vs->as.fmt = AUD_FMT_U8; break;
1440 case 1: vs->as.fmt = AUD_FMT_S8; break;
1441 case 2: vs->as.fmt = AUD_FMT_U16; break;
1442 case 3: vs->as.fmt = AUD_FMT_S16; break;
1443 case 4: vs->as.fmt = AUD_FMT_U32; break;
1444 case 5: vs->as.fmt = AUD_FMT_S32; break;
1446 printf("Invalid audio format %d\n", read_u8(data, 4));
1447 vnc_client_error(vs);
1450 vs->as.nchannels = read_u8(data, 5);
1451 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1452 printf("Invalid audio channel coount %d\n",
1454 vnc_client_error(vs);
1457 vs->as.freq = read_u32(data, 6);
1460 printf ("Invalid audio message %d\n", read_u8(data, 4));
1461 vnc_client_error(vs);
1467 printf("Msg: %d\n", read_u16(data, 0));
1468 vnc_client_error(vs);
1473 printf("Msg: %d\n", data[0]);
1474 vnc_client_error(vs);
1478 vnc_read_when(vs, protocol_client_msg, 1);
1482 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1487 vnc_write_u16(vs, ds_get_width(vs->ds));
1488 vnc_write_u16(vs, ds_get_height(vs->ds));
1490 pixel_format_message(vs);
1493 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1495 size = snprintf(buf, sizeof(buf), "QEMU");
1497 vnc_write_u32(vs, size);
1498 vnc_write(vs, buf, size);
1501 vnc_read_when(vs, protocol_client_msg, 1);
1506 static void make_challenge(VncState *vs)
1510 srand(time(NULL)+getpid()+getpid()*987654+rand());
1512 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1513 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1516 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1518 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1520 unsigned char key[8];
1522 if (!vs->password || !vs->password[0]) {
1523 VNC_DEBUG("No password configured on server");
1524 vnc_write_u32(vs, 1); /* Reject auth */
1525 if (vs->minor >= 8) {
1526 static const char err[] = "Authentication failed";
1527 vnc_write_u32(vs, sizeof(err));
1528 vnc_write(vs, err, sizeof(err));
1531 vnc_client_error(vs);
1535 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1537 /* Calculate the expected challenge response */
1538 pwlen = strlen(vs->password);
1539 for (i=0; i<sizeof(key); i++)
1540 key[i] = i<pwlen ? vs->password[i] : 0;
1542 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1543 des(response+j, response+j);
1545 /* Compare expected vs actual challenge response */
1546 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1547 VNC_DEBUG("Client challenge reponse did not match\n");
1548 vnc_write_u32(vs, 1); /* Reject auth */
1549 if (vs->minor >= 8) {
1550 static const char err[] = "Authentication failed";
1551 vnc_write_u32(vs, sizeof(err));
1552 vnc_write(vs, err, sizeof(err));
1555 vnc_client_error(vs);
1557 VNC_DEBUG("Accepting VNC challenge response\n");
1558 vnc_write_u32(vs, 0); /* Accept auth */
1561 vnc_read_when(vs, protocol_client_init, 1);
1566 static int start_auth_vnc(VncState *vs)
1569 /* Send client a 'random' challenge */
1570 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1573 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1578 #ifdef CONFIG_VNC_TLS
1579 #define DH_BITS 1024
1580 static gnutls_dh_params_t dh_params;
1582 static int vnc_tls_initialize(void)
1584 static int tlsinitialized = 0;
1589 if (gnutls_global_init () < 0)
1592 /* XXX ought to re-generate diffie-hellmen params periodically */
1593 if (gnutls_dh_params_init (&dh_params) < 0)
1595 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1598 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1599 gnutls_global_set_log_level(10);
1600 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1608 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1610 gnutls_anon_server_credentials anon_cred;
1613 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1614 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1618 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1624 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1626 gnutls_certificate_credentials_t x509_cred;
1629 if (!vs->x509cacert) {
1630 VNC_DEBUG("No CA x509 certificate specified\n");
1633 if (!vs->x509cert) {
1634 VNC_DEBUG("No server x509 certificate specified\n");
1638 VNC_DEBUG("No server private key specified\n");
1642 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1643 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1646 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1648 GNUTLS_X509_FMT_PEM)) < 0) {
1649 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1650 gnutls_certificate_free_credentials(x509_cred);
1654 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1657 GNUTLS_X509_FMT_PEM)) < 0) {
1658 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1659 gnutls_certificate_free_credentials(x509_cred);
1663 if (vs->x509cacrl) {
1664 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1666 GNUTLS_X509_FMT_PEM)) < 0) {
1667 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1668 gnutls_certificate_free_credentials(x509_cred);
1673 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1678 static int vnc_validate_certificate(struct VncState *vs)
1681 unsigned int status;
1682 const gnutls_datum_t *certs;
1683 unsigned int nCerts, i;
1686 VNC_DEBUG("Validating client certificate\n");
1687 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1688 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1692 if ((now = time(NULL)) == ((time_t)-1)) {
1697 if (status & GNUTLS_CERT_INVALID)
1698 VNC_DEBUG("The certificate is not trusted.\n");
1700 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1701 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1703 if (status & GNUTLS_CERT_REVOKED)
1704 VNC_DEBUG("The certificate has been revoked.\n");
1706 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1707 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1711 VNC_DEBUG("Certificate is valid!\n");
1714 /* Only support x509 for now */
1715 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1718 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1721 for (i = 0 ; i < nCerts ; i++) {
1722 gnutls_x509_crt_t cert;
1723 VNC_DEBUG ("Checking certificate chain %d\n", i);
1724 if (gnutls_x509_crt_init (&cert) < 0)
1727 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1728 gnutls_x509_crt_deinit (cert);
1732 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1733 VNC_DEBUG("The certificate has expired\n");
1734 gnutls_x509_crt_deinit (cert);
1738 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1739 VNC_DEBUG("The certificate is not yet activated\n");
1740 gnutls_x509_crt_deinit (cert);
1744 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1745 VNC_DEBUG("The certificate is not yet activated\n");
1746 gnutls_x509_crt_deinit (cert);
1750 gnutls_x509_crt_deinit (cert);
1757 static int start_auth_vencrypt_subauth(VncState *vs)
1759 switch (vs->subauth) {
1760 case VNC_AUTH_VENCRYPT_TLSNONE:
1761 case VNC_AUTH_VENCRYPT_X509NONE:
1762 VNC_DEBUG("Accept TLS auth none\n");
1763 vnc_write_u32(vs, 0); /* Accept auth completion */
1764 vnc_read_when(vs, protocol_client_init, 1);
1767 case VNC_AUTH_VENCRYPT_TLSVNC:
1768 case VNC_AUTH_VENCRYPT_X509VNC:
1769 VNC_DEBUG("Start TLS auth VNC\n");
1770 return start_auth_vnc(vs);
1772 default: /* Should not be possible, but just in case */
1773 VNC_DEBUG("Reject auth %d\n", vs->auth);
1774 vnc_write_u8(vs, 1);
1775 if (vs->minor >= 8) {
1776 static const char err[] = "Unsupported authentication type";
1777 vnc_write_u32(vs, sizeof(err));
1778 vnc_write(vs, err, sizeof(err));
1780 vnc_client_error(vs);
1786 static void vnc_handshake_io(void *opaque);
1788 static int vnc_continue_handshake(struct VncState *vs) {
1791 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1792 if (!gnutls_error_is_fatal(ret)) {
1793 VNC_DEBUG("Handshake interrupted (blocking)\n");
1794 if (!gnutls_record_get_direction(vs->tls_session))
1795 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1797 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1800 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1801 vnc_client_error(vs);
1805 if (vs->x509verify) {
1806 if (vnc_validate_certificate(vs) < 0) {
1807 VNC_DEBUG("Client verification failed\n");
1808 vnc_client_error(vs);
1811 VNC_DEBUG("Client verification passed\n");
1815 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1816 vs->wiremode = VNC_WIREMODE_TLS;
1817 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1819 return start_auth_vencrypt_subauth(vs);
1822 static void vnc_handshake_io(void *opaque) {
1823 struct VncState *vs = (struct VncState *)opaque;
1825 VNC_DEBUG("Handshake IO continue\n");
1826 vnc_continue_handshake(vs);
1829 #define NEED_X509_AUTH(vs) \
1830 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1831 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1832 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1835 static int vnc_start_tls(struct VncState *vs) {
1836 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1837 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1838 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1839 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1841 VNC_DEBUG("Do TLS setup\n");
1842 if (vnc_tls_initialize() < 0) {
1843 VNC_DEBUG("Failed to init TLS\n");
1844 vnc_client_error(vs);
1847 if (vs->tls_session == NULL) {
1848 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1849 vnc_client_error(vs);
1853 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1854 gnutls_deinit(vs->tls_session);
1855 vs->tls_session = NULL;
1856 vnc_client_error(vs);
1860 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1861 gnutls_deinit(vs->tls_session);
1862 vs->tls_session = NULL;
1863 vnc_client_error(vs);
1867 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1868 gnutls_deinit(vs->tls_session);
1869 vs->tls_session = NULL;
1870 vnc_client_error(vs);
1874 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1875 gnutls_deinit(vs->tls_session);
1876 vs->tls_session = NULL;
1877 vnc_client_error(vs);
1881 if (NEED_X509_AUTH(vs)) {
1882 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1884 gnutls_deinit(vs->tls_session);
1885 vs->tls_session = NULL;
1886 vnc_client_error(vs);
1889 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1890 gnutls_deinit(vs->tls_session);
1891 vs->tls_session = NULL;
1892 gnutls_certificate_free_credentials(x509_cred);
1893 vnc_client_error(vs);
1896 if (vs->x509verify) {
1897 VNC_DEBUG("Requesting a client certificate\n");
1898 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1902 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1904 gnutls_deinit(vs->tls_session);
1905 vs->tls_session = NULL;
1906 vnc_client_error(vs);
1909 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1910 gnutls_deinit(vs->tls_session);
1911 vs->tls_session = NULL;
1912 gnutls_anon_free_server_credentials(anon_cred);
1913 vnc_client_error(vs);
1918 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1919 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1920 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1923 VNC_DEBUG("Start TLS handshake process\n");
1924 return vnc_continue_handshake(vs);
1927 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1929 int auth = read_u32(data, 0);
1931 if (auth != vs->subauth) {
1932 VNC_DEBUG("Rejecting auth %d\n", auth);
1933 vnc_write_u8(vs, 0); /* Reject auth */
1935 vnc_client_error(vs);
1937 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1938 vnc_write_u8(vs, 1); /* Accept auth */
1941 if (vnc_start_tls(vs) < 0) {
1942 VNC_DEBUG("Failed to complete TLS\n");
1946 if (vs->wiremode == VNC_WIREMODE_TLS) {
1947 VNC_DEBUG("Starting VeNCrypt subauth\n");
1948 return start_auth_vencrypt_subauth(vs);
1950 VNC_DEBUG("TLS handshake blocked\n");
1957 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1961 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1962 vnc_write_u8(vs, 1); /* Reject version */
1964 vnc_client_error(vs);
1966 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1967 vnc_write_u8(vs, 0); /* Accept version */
1968 vnc_write_u8(vs, 1); /* Number of sub-auths */
1969 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1971 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1976 static int start_auth_vencrypt(VncState *vs)
1978 /* Send VeNCrypt version 0.2 */
1979 vnc_write_u8(vs, 0);
1980 vnc_write_u8(vs, 2);
1982 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1985 #endif /* CONFIG_VNC_TLS */
1987 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1989 /* We only advertise 1 auth scheme at a time, so client
1990 * must pick the one we sent. Verify this */
1991 if (data[0] != vs->auth) { /* Reject auth */
1992 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1993 vnc_write_u32(vs, 1);
1994 if (vs->minor >= 8) {
1995 static const char err[] = "Authentication failed";
1996 vnc_write_u32(vs, sizeof(err));
1997 vnc_write(vs, err, sizeof(err));
1999 vnc_client_error(vs);
2000 } else { /* Accept requested auth */
2001 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2004 VNC_DEBUG("Accept auth none\n");
2005 if (vs->minor >= 8) {
2006 vnc_write_u32(vs, 0); /* Accept auth completion */
2009 vnc_read_when(vs, protocol_client_init, 1);
2013 VNC_DEBUG("Start VNC auth\n");
2014 return start_auth_vnc(vs);
2016 #ifdef CONFIG_VNC_TLS
2017 case VNC_AUTH_VENCRYPT:
2018 VNC_DEBUG("Accept VeNCrypt auth\n");;
2019 return start_auth_vencrypt(vs);
2020 #endif /* CONFIG_VNC_TLS */
2022 default: /* Should not be possible, but just in case */
2023 VNC_DEBUG("Reject auth %d\n", vs->auth);
2024 vnc_write_u8(vs, 1);
2025 if (vs->minor >= 8) {
2026 static const char err[] = "Authentication failed";
2027 vnc_write_u32(vs, sizeof(err));
2028 vnc_write(vs, err, sizeof(err));
2030 vnc_client_error(vs);
2036 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2040 memcpy(local, version, 12);
2043 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2044 VNC_DEBUG("Malformed protocol version %s\n", local);
2045 vnc_client_error(vs);
2048 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2049 if (vs->major != 3 ||
2055 VNC_DEBUG("Unsupported client version\n");
2056 vnc_write_u32(vs, VNC_AUTH_INVALID);
2058 vnc_client_error(vs);
2061 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2062 * as equivalent to v3.3 by servers
2064 if (vs->minor == 4 || vs->minor == 5)
2067 if (vs->minor == 3) {
2068 if (vs->auth == VNC_AUTH_NONE) {
2069 VNC_DEBUG("Tell client auth none\n");
2070 vnc_write_u32(vs, vs->auth);
2072 vnc_read_when(vs, protocol_client_init, 1);
2073 } else if (vs->auth == VNC_AUTH_VNC) {
2074 VNC_DEBUG("Tell client VNC auth\n");
2075 vnc_write_u32(vs, vs->auth);
2079 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2080 vnc_write_u32(vs, VNC_AUTH_INVALID);
2082 vnc_client_error(vs);
2085 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2086 vnc_write_u8(vs, 1); /* num auth */
2087 vnc_write_u8(vs, vs->auth);
2088 vnc_read_when(vs, protocol_client_auth, 1);
2095 static void vnc_connect(VncState *vs)
2097 VNC_DEBUG("New client on socket %d\n", vs->csock);
2099 socket_set_nonblock(vs->csock);
2100 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2101 vnc_write(vs, "RFB 003.008\n", 12);
2103 vnc_read_when(vs, protocol_version, 12);
2104 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2105 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2107 dcl->dpy_copy = NULL;
2108 vnc_update_client(vs);
2112 static void vnc_listen_read(void *opaque)
2114 VncState *vs = opaque;
2115 struct sockaddr_in addr;
2116 socklen_t addrlen = sizeof(addr);
2121 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2122 if (vs->csock != -1) {
2127 void vnc_display_init(DisplayState *ds)
2131 vs = qemu_mallocz(sizeof(VncState));
2132 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2140 vs->password = NULL;
2149 if (keyboard_layout)
2150 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2152 vs->kbd_layout = init_keyboard_layout("en-us");
2154 if (!vs->kbd_layout)
2157 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2159 dcl->dpy_update = vnc_dpy_update;
2160 dcl->dpy_resize = vnc_dpy_resize;
2161 dcl->dpy_setdata = vnc_dpy_setdata;
2162 dcl->dpy_refresh = NULL;
2163 register_displaychangelistener(ds, dcl);
2165 vs->as.freq = 44100;
2166 vs->as.nchannels = 2;
2167 vs->as.fmt = AUD_FMT_S16;
2168 vs->as.endianness = 0;
2171 #ifdef CONFIG_VNC_TLS
2172 static int vnc_set_x509_credential(VncState *vs,
2173 const char *certdir,
2174 const char *filename,
2185 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2188 strcpy(*cred, certdir);
2190 strcat(*cred, filename);
2192 VNC_DEBUG("Check %s\n", *cred);
2193 if (stat(*cred, &sb) < 0) {
2196 if (ignoreMissing && errno == ENOENT)
2204 static int vnc_set_x509_credential_dir(VncState *vs,
2205 const char *certdir)
2207 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2209 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2211 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2213 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2219 qemu_free(vs->x509cacert);
2220 qemu_free(vs->x509cacrl);
2221 qemu_free(vs->x509cert);
2222 qemu_free(vs->x509key);
2223 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2226 #endif /* CONFIG_VNC_TLS */
2228 void vnc_display_close(DisplayState *ds)
2230 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2233 qemu_free(vs->display);
2236 if (vs->lsock != -1) {
2237 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2241 if (vs->csock != -1) {
2242 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2243 closesocket(vs->csock);
2245 buffer_reset(&vs->input);
2246 buffer_reset(&vs->output);
2247 vs->need_update = 0;
2248 #ifdef CONFIG_VNC_TLS
2249 if (vs->tls_session) {
2250 gnutls_deinit(vs->tls_session);
2251 vs->tls_session = NULL;
2253 vs->wiremode = VNC_WIREMODE_CLEAR;
2254 #endif /* CONFIG_VNC_TLS */
2256 vs->auth = VNC_AUTH_INVALID;
2257 #ifdef CONFIG_VNC_TLS
2258 vs->subauth = VNC_AUTH_INVALID;
2264 int vnc_display_password(DisplayState *ds, const char *password)
2266 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2269 qemu_free(vs->password);
2270 vs->password = NULL;
2272 if (password && password[0]) {
2273 if (!(vs->password = qemu_strdup(password)))
2280 int vnc_display_open(DisplayState *ds, const char *display)
2282 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2283 const char *options;
2287 #ifdef CONFIG_VNC_TLS
2288 int tls = 0, x509 = 0;
2291 vnc_display_close(ds);
2292 if (strcmp(display, "none") == 0)
2295 if (!(vs->display = strdup(display)))
2299 while ((options = strchr(options, ','))) {
2301 if (strncmp(options, "password", 8) == 0) {
2302 password = 1; /* Require password auth */
2303 } else if (strncmp(options, "reverse", 7) == 0) {
2305 } else if (strncmp(options, "to=", 3) == 0) {
2306 to_port = atoi(options+3) + 5900;
2307 #ifdef CONFIG_VNC_TLS
2308 } else if (strncmp(options, "tls", 3) == 0) {
2309 tls = 1; /* Require TLS */
2310 } else if (strncmp(options, "x509", 4) == 0) {
2312 x509 = 1; /* Require x509 certificates */
2313 if (strncmp(options, "x509verify", 10) == 0)
2314 vs->x509verify = 1; /* ...and verify client certs */
2316 /* Now check for 'x509=/some/path' postfix
2317 * and use that to setup x509 certificate/key paths */
2318 start = strchr(options, '=');
2319 end = strchr(options, ',');
2320 if (start && (!end || (start < end))) {
2321 int len = end ? end-(start+1) : strlen(start+1);
2322 char *path = qemu_strndup(start + 1, len);
2324 VNC_DEBUG("Trying certificate path '%s'\n", path);
2325 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2326 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2328 qemu_free(vs->display);
2334 fprintf(stderr, "No certificate path provided\n");
2335 qemu_free(vs->display);
2344 #ifdef CONFIG_VNC_TLS
2346 vs->auth = VNC_AUTH_VENCRYPT;
2348 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2349 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2351 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2352 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2356 VNC_DEBUG("Initializing VNC server with password auth\n");
2357 vs->auth = VNC_AUTH_VNC;
2358 #ifdef CONFIG_VNC_TLS
2359 vs->subauth = VNC_AUTH_INVALID;
2363 #ifdef CONFIG_VNC_TLS
2365 vs->auth = VNC_AUTH_VENCRYPT;
2367 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2368 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2370 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2371 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2375 VNC_DEBUG("Initializing VNC server with no auth\n");
2376 vs->auth = VNC_AUTH_NONE;
2377 #ifdef CONFIG_VNC_TLS
2378 vs->subauth = VNC_AUTH_INVALID;
2384 /* connect to viewer */
2385 if (strncmp(display, "unix:", 5) == 0)
2386 vs->lsock = unix_connect(display+5);
2388 vs->lsock = inet_connect(display, SOCK_STREAM);
2389 if (-1 == vs->lsock) {
2394 vs->csock = vs->lsock;
2401 /* listen for connects */
2403 dpy = qemu_malloc(256);
2404 if (strncmp(display, "unix:", 5) == 0) {
2405 pstrcpy(dpy, 256, "unix:");
2406 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2408 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2410 if (-1 == vs->lsock) {
2419 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
projects / qemu / blob