2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
32 #define VNC_REFRESH_INTERVAL (1000 / 30)
34 #include "vnc_keysym.h"
39 #include <gnutls/gnutls.h>
40 #include <gnutls/x509.h>
41 #endif /* CONFIG_VNC_TLS */
43 // #define _VNC_DEBUG 1
46 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
49 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
50 static void vnc_debug_gnutls_log(int level, const char* str) {
51 VNC_DEBUG("%d %s", level, str);
53 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #define VNC_DEBUG(fmt, ...) do { } while (0)
66 typedef struct VncState VncState;
68 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70 typedef void VncWritePixels(VncState *vs, void *data, int size);
72 typedef void VncSendHextileTile(VncState *vs,
73 int x, int y, int w, int h,
76 int *has_bg, int *has_fg);
78 #define VNC_MAX_WIDTH 2048
79 #define VNC_MAX_HEIGHT 2048
80 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82 #define VNC_AUTH_CHALLENGE_SIZE 16
93 VNC_AUTH_VENCRYPT = 19
103 VNC_AUTH_VENCRYPT_PLAIN = 256,
104 VNC_AUTH_VENCRYPT_TLSNONE = 257,
105 VNC_AUTH_VENCRYPT_TLSVNC = 258,
106 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
107 VNC_AUTH_VENCRYPT_X509NONE = 260,
108 VNC_AUTH_VENCRYPT_X509VNC = 261,
109 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
119 #endif /* CONFIG_VNC_TLS */
130 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
132 int depth; /* internal VNC frame buffer byte per pixel */
135 int has_pointer_type_change;
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
159 gnutls_session_t tls_session;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int red_shift, red_max, red_shift1;
170 int green_shift, green_max, green_shift1;
171 int blue_shift, blue_max, blue_shift1;
173 VncReadEvent *read_handler;
174 size_t read_handler_expect;
176 uint8_t modifiers_state[256];
179 static VncState *vnc_state; /* needed for info vnc */
181 void do_info_vnc(void)
183 if (vnc_state == NULL)
184 term_printf("VNC server disabled\n");
186 term_printf("VNC server active on: ");
187 term_print_filename(vnc_state->display);
190 if (vnc_state->csock == -1)
191 term_printf("No client connected\n");
193 term_printf("Client connected\n");
198 1) Get the queue working for IO.
199 2) there is some weirdness when using the -S option (the screen is grey
200 and not totally invalidated
201 3) resolutions > 1024
204 static void vnc_write(VncState *vs, const void *data, size_t len);
205 static void vnc_write_u32(VncState *vs, uint32_t value);
206 static void vnc_write_s32(VncState *vs, int32_t value);
207 static void vnc_write_u16(VncState *vs, uint16_t value);
208 static void vnc_write_u8(VncState *vs, uint8_t value);
209 static void vnc_flush(VncState *vs);
210 static void vnc_update_client(void *opaque);
211 static void vnc_client_read(void *opaque);
213 static inline void vnc_set_bit(uint32_t *d, int k)
215 d[k >> 5] |= 1 << (k & 0x1f);
218 static inline void vnc_clear_bit(uint32_t *d, int k)
220 d[k >> 5] &= ~(1 << (k & 0x1f));
223 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
233 d[j++] = (1 << n) - 1;
238 static inline int vnc_get_bit(const uint32_t *d, int k)
240 return (d[k >> 5] >> (k & 0x1f)) & 1;
243 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
247 for(i = 0; i < nb_words; i++) {
248 if ((d1[i] & d2[i]) != 0)
254 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
256 VncState *vs = ds->opaque;
261 /* round x down to ensure the loop only spans one 16-pixel block per,
262 iteration. otherwise, if (x % 16) != 0, the last iteration may span
263 two 16-pixel blocks but we only mark the first as dirty
268 x = MIN(x, vs->width);
269 y = MIN(y, vs->height);
270 w = MIN(x + w, vs->width) - x;
271 h = MIN(y + h, vs->height) - y;
274 for (i = 0; i < w; i += 16)
275 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
278 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
281 vnc_write_u16(vs, x);
282 vnc_write_u16(vs, y);
283 vnc_write_u16(vs, w);
284 vnc_write_u16(vs, h);
286 vnc_write_s32(vs, encoding);
289 static void vnc_dpy_resize(DisplayState *ds, int w, int h)
292 VncState *vs = ds->opaque;
294 ds->data = realloc(ds->data, w * h * vs->depth);
295 vs->old_data = realloc(vs->old_data, w * h * vs->depth);
297 if (ds->data == NULL || vs->old_data == NULL) {
298 fprintf(stderr, "vnc: memory allocation failed\n");
302 if (ds->depth != vs->depth * 8) {
303 ds->depth = vs->depth * 8;
304 console_color_init(ds);
306 size_changed = ds->width != w || ds->height != h;
309 ds->linesize = w * vs->depth;
310 if (vs->csock != -1 && vs->has_resize && size_changed) {
311 vnc_write_u8(vs, 0); /* msg id */
313 vnc_write_u16(vs, 1); /* number of rects */
314 vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
316 vs->width = ds->width;
317 vs->height = ds->height;
320 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
321 memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
325 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
327 vnc_write(vs, pixels, size);
330 /* slowest but generic code. */
331 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
333 unsigned int r, g, b;
335 r = (v >> vs->red_shift1) & vs->red_max;
336 g = (v >> vs->green_shift1) & vs->green_max;
337 b = (v >> vs->blue_shift1) & vs->blue_max;
338 v = (r << vs->red_shift) |
339 (g << vs->green_shift) |
340 (b << vs->blue_shift);
341 switch(vs->pix_bpp) {
346 if (vs->pix_big_endian) {
356 if (vs->pix_big_endian) {
371 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
373 uint32_t *pixels = pixels1;
378 for(i = 0; i < n; i++) {
379 vnc_convert_pixel(vs, buf, pixels[i]);
380 vnc_write(vs, buf, vs->pix_bpp);
384 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
389 vnc_framebuffer_update(vs, x, y, w, h, 0);
391 row = vs->ds->data + y * vs->ds->linesize + x * vs->depth;
392 for (i = 0; i < h; i++) {
393 vs->write_pixels(vs, row, w * vs->depth);
394 row += vs->ds->linesize;
398 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
400 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
401 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
405 #include "vnchextile.h"
409 #include "vnchextile.h"
413 #include "vnchextile.h"
418 #include "vnchextile.h"
422 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
426 uint32_t last_fg32, last_bg32;
428 vnc_framebuffer_update(vs, x, y, w, h, 5);
431 for (j = y; j < (y + h); j += 16) {
432 for (i = x; i < (x + w); i += 16) {
433 vs->send_hextile_tile(vs, i, j,
434 MIN(16, x + w - i), MIN(16, y + h - j),
435 &last_bg32, &last_fg32, &has_bg, &has_fg);
440 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
443 send_framebuffer_update_hextile(vs, x, y, w, h);
445 send_framebuffer_update_raw(vs, x, y, w, h);
448 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
455 int pitch = ds->linesize;
456 VncState *vs = ds->opaque;
458 vnc_update_client(vs);
465 src = (ds->linesize * (src_y + y) + vs->depth * src_x);
466 dst = (ds->linesize * (dst_y + y) + vs->depth * dst_x);
468 src_row = ds->data + src;
469 dst_row = ds->data + dst;
470 old_row = vs->old_data + dst;
472 for (y = 0; y < h; y++) {
473 memmove(old_row, src_row, w * vs->depth);
474 memmove(dst_row, src_row, w * vs->depth);
480 vnc_write_u8(vs, 0); /* msg id */
482 vnc_write_u16(vs, 1); /* number of rects */
483 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
484 vnc_write_u16(vs, src_x);
485 vnc_write_u16(vs, src_y);
489 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
493 for (h = 1; h < (vs->height - y); h++) {
495 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
497 for (tmp_x = last_x; tmp_x < x; tmp_x++)
498 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
504 static void vnc_update_client(void *opaque)
506 VncState *vs = opaque;
508 if (vs->need_update && vs->csock != -1) {
512 uint32_t width_mask[VNC_DIRTY_WORDS];
519 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
521 /* Walk through the dirty map and eliminate tiles that
522 really aren't dirty */
524 old_row = vs->old_data;
526 for (y = 0; y < vs->height; y++) {
527 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
533 old_ptr = (char*)old_row;
535 for (x = 0; x < vs->ds->width; x += 16) {
536 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
537 vnc_clear_bit(vs->dirty_row[y], (x / 16));
540 memcpy(old_ptr, ptr, 16 * vs->depth);
543 ptr += 16 * vs->depth;
544 old_ptr += 16 * vs->depth;
548 row += vs->ds->linesize;
549 old_row += vs->ds->linesize;
553 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
557 /* Count rectangles */
559 vnc_write_u8(vs, 0); /* msg id */
561 saved_offset = vs->output.offset;
562 vnc_write_u16(vs, 0);
564 for (y = 0; y < vs->height; y++) {
567 for (x = 0; x < vs->width / 16; x++) {
568 if (vnc_get_bit(vs->dirty_row[y], x)) {
572 vnc_clear_bit(vs->dirty_row[y], x);
575 int h = find_dirty_height(vs, y, last_x, x);
576 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
583 int h = find_dirty_height(vs, y, last_x, x);
584 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
588 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
589 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
594 if (vs->csock != -1) {
595 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
600 static int vnc_listen_poll(void *opaque)
602 VncState *vs = opaque;
608 static void buffer_reserve(Buffer *buffer, size_t len)
610 if ((buffer->capacity - buffer->offset) < len) {
611 buffer->capacity += (len + 1024);
612 buffer->buffer = realloc(buffer->buffer, buffer->capacity);
613 if (buffer->buffer == NULL) {
614 fprintf(stderr, "vnc: out of memory\n");
620 static int buffer_empty(Buffer *buffer)
622 return buffer->offset == 0;
625 static uint8_t *buffer_end(Buffer *buffer)
627 return buffer->buffer + buffer->offset;
630 static void buffer_reset(Buffer *buffer)
635 static void buffer_append(Buffer *buffer, const void *data, size_t len)
637 memcpy(buffer->buffer + buffer->offset, data, len);
638 buffer->offset += len;
641 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
643 if (ret == 0 || ret == -1) {
645 switch (last_errno) {
657 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
658 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
659 closesocket(vs->csock);
661 buffer_reset(&vs->input);
662 buffer_reset(&vs->output);
665 if (vs->tls_session) {
666 gnutls_deinit(vs->tls_session);
667 vs->tls_session = NULL;
669 vs->wiremode = VNC_WIREMODE_CLEAR;
670 #endif /* CONFIG_VNC_TLS */
676 static void vnc_client_error(VncState *vs)
678 vnc_client_io_error(vs, -1, EINVAL);
681 static void vnc_client_write(void *opaque)
684 VncState *vs = opaque;
687 if (vs->tls_session) {
688 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
690 if (ret == GNUTLS_E_AGAIN)
697 #endif /* CONFIG_VNC_TLS */
698 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
699 ret = vnc_client_io_error(vs, ret, socket_error());
703 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
704 vs->output.offset -= ret;
706 if (vs->output.offset == 0) {
707 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
711 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
713 vs->read_handler = func;
714 vs->read_handler_expect = expecting;
717 static void vnc_client_read(void *opaque)
719 VncState *vs = opaque;
722 buffer_reserve(&vs->input, 4096);
725 if (vs->tls_session) {
726 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
728 if (ret == GNUTLS_E_AGAIN)
735 #endif /* CONFIG_VNC_TLS */
736 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
737 ret = vnc_client_io_error(vs, ret, socket_error());
741 vs->input.offset += ret;
743 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
744 size_t len = vs->read_handler_expect;
747 ret = vs->read_handler(vs, vs->input.buffer, len);
752 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
753 vs->input.offset -= len;
755 vs->read_handler_expect = ret;
760 static void vnc_write(VncState *vs, const void *data, size_t len)
762 buffer_reserve(&vs->output, len);
764 if (buffer_empty(&vs->output)) {
765 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
768 buffer_append(&vs->output, data, len);
771 static void vnc_write_s32(VncState *vs, int32_t value)
773 vnc_write_u32(vs, *(uint32_t *)&value);
776 static void vnc_write_u32(VncState *vs, uint32_t value)
780 buf[0] = (value >> 24) & 0xFF;
781 buf[1] = (value >> 16) & 0xFF;
782 buf[2] = (value >> 8) & 0xFF;
783 buf[3] = value & 0xFF;
785 vnc_write(vs, buf, 4);
788 static void vnc_write_u16(VncState *vs, uint16_t value)
792 buf[0] = (value >> 8) & 0xFF;
793 buf[1] = value & 0xFF;
795 vnc_write(vs, buf, 2);
798 static void vnc_write_u8(VncState *vs, uint8_t value)
800 vnc_write(vs, (char *)&value, 1);
803 static void vnc_flush(VncState *vs)
805 if (vs->output.offset)
806 vnc_client_write(vs);
809 static uint8_t read_u8(uint8_t *data, size_t offset)
814 static uint16_t read_u16(uint8_t *data, size_t offset)
816 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
819 static int32_t read_s32(uint8_t *data, size_t offset)
821 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
822 (data[offset + 2] << 8) | data[offset + 3]);
825 static uint32_t read_u32(uint8_t *data, size_t offset)
827 return ((data[offset] << 24) | (data[offset + 1] << 16) |
828 (data[offset + 2] << 8) | data[offset + 3]);
832 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
835 struct VncState *vs = (struct VncState *)transport;
839 ret = send(vs->csock, data, len, 0);
849 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
852 struct VncState *vs = (struct VncState *)transport;
856 ret = recv(vs->csock, data, len, 0);
864 #endif /* CONFIG_VNC_TLS */
866 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
870 static void check_pointer_type_change(VncState *vs, int absolute)
872 if (vs->has_pointer_type_change && vs->absolute != absolute) {
875 vnc_write_u16(vs, 1);
876 vnc_framebuffer_update(vs, absolute, 0,
877 vs->ds->width, vs->ds->height, -257);
880 vs->absolute = absolute;
883 static void pointer_event(VncState *vs, int button_mask, int x, int y)
888 if (button_mask & 0x01)
889 buttons |= MOUSE_EVENT_LBUTTON;
890 if (button_mask & 0x02)
891 buttons |= MOUSE_EVENT_MBUTTON;
892 if (button_mask & 0x04)
893 buttons |= MOUSE_EVENT_RBUTTON;
894 if (button_mask & 0x08)
896 if (button_mask & 0x10)
900 kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
901 y * 0x7FFF / (vs->ds->height - 1),
903 } else if (vs->has_pointer_type_change) {
907 kbd_mouse_event(x, y, dz, buttons);
909 if (vs->last_x != -1)
910 kbd_mouse_event(x - vs->last_x,
917 check_pointer_type_change(vs, kbd_mouse_is_absolute());
920 static void reset_keys(VncState *vs)
923 for(i = 0; i < 256; i++) {
924 if (vs->modifiers_state[i]) {
926 kbd_put_keycode(0xe0);
927 kbd_put_keycode(i | 0x80);
928 vs->modifiers_state[i] = 0;
933 static void press_key(VncState *vs, int keysym)
935 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
936 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
939 static void do_key_event(VncState *vs, int down, uint32_t sym)
943 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
945 /* QEMU console switch */
947 case 0x2a: /* Left Shift */
948 case 0x36: /* Right Shift */
949 case 0x1d: /* Left CTRL */
950 case 0x9d: /* Right CTRL */
951 case 0x38: /* Left ALT */
952 case 0xb8: /* Right ALT */
954 vs->modifiers_state[keycode] = 1;
956 vs->modifiers_state[keycode] = 0;
958 case 0x02 ... 0x0a: /* '1' to '9' keys */
959 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
960 /* Reset the modifiers sent to the current console */
962 console_select(keycode - 0x02);
966 case 0x3a: /* CapsLock */
967 case 0x45: /* NumLock */
969 vs->modifiers_state[keycode] ^= 1;
973 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
974 /* If the numlock state needs to change then simulate an additional
975 keypress before sending this one. This will happen if the user
976 toggles numlock away from the VNC window.
978 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
979 if (!vs->modifiers_state[0x45]) {
980 vs->modifiers_state[0x45] = 1;
981 press_key(vs, 0xff7f);
984 if (vs->modifiers_state[0x45]) {
985 vs->modifiers_state[0x45] = 0;
986 press_key(vs, 0xff7f);
991 if (is_graphic_console()) {
993 kbd_put_keycode(0xe0);
995 kbd_put_keycode(keycode & 0x7f);
997 kbd_put_keycode(keycode | 0x80);
999 /* QEMU console emulation */
1002 case 0x2a: /* Left Shift */
1003 case 0x36: /* Right Shift */
1004 case 0x1d: /* Left CTRL */
1005 case 0x9d: /* Right CTRL */
1006 case 0x38: /* Left ALT */
1007 case 0xb8: /* Right ALT */
1010 kbd_put_keysym(QEMU_KEY_UP);
1013 kbd_put_keysym(QEMU_KEY_DOWN);
1016 kbd_put_keysym(QEMU_KEY_LEFT);
1019 kbd_put_keysym(QEMU_KEY_RIGHT);
1022 kbd_put_keysym(QEMU_KEY_DELETE);
1025 kbd_put_keysym(QEMU_KEY_HOME);
1028 kbd_put_keysym(QEMU_KEY_END);
1031 kbd_put_keysym(QEMU_KEY_PAGEUP);
1034 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1037 kbd_put_keysym(sym);
1044 static void key_event(VncState *vs, int down, uint32_t sym)
1046 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1047 sym = sym - 'A' + 'a';
1048 do_key_event(vs, down, sym);
1051 static void framebuffer_update_request(VncState *vs, int incremental,
1052 int x_position, int y_position,
1055 if (x_position > vs->ds->width)
1056 x_position = vs->ds->width;
1057 if (y_position > vs->ds->height)
1058 y_position = vs->ds->height;
1059 if (x_position + w >= vs->ds->width)
1060 w = vs->ds->width - x_position;
1061 if (y_position + h >= vs->ds->height)
1062 h = vs->ds->height - y_position;
1065 vs->need_update = 1;
1067 char *old_row = vs->old_data + y_position * vs->ds->linesize;
1069 for (i = 0; i < h; i++) {
1070 vnc_set_bits(vs->dirty_row[y_position + i],
1071 (vs->ds->width / 16), VNC_DIRTY_WORDS);
1072 memset(old_row, 42, vs->ds->width * vs->depth);
1073 old_row += vs->ds->linesize;
1078 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1082 vs->has_hextile = 0;
1084 vs->has_pointer_type_change = 0;
1086 vs->ds->dpy_copy = NULL;
1088 for (i = n_encodings - 1; i >= 0; i--) {
1089 switch (encodings[i]) {
1091 vs->has_hextile = 0;
1093 case 1: /* CopyRect */
1094 vs->ds->dpy_copy = vnc_copy;
1096 case 5: /* Hextile */
1097 vs->has_hextile = 1;
1099 case -223: /* DesktopResize */
1103 vs->has_pointer_type_change = 1;
1110 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1113 static int compute_nbits(unsigned int val)
1124 static void set_pixel_format(VncState *vs,
1125 int bits_per_pixel, int depth,
1126 int big_endian_flag, int true_color_flag,
1127 int red_max, int green_max, int blue_max,
1128 int red_shift, int green_shift, int blue_shift)
1130 int host_big_endian_flag;
1132 #ifdef WORDS_BIGENDIAN
1133 host_big_endian_flag = 1;
1135 host_big_endian_flag = 0;
1137 if (!true_color_flag) {
1139 vnc_client_error(vs);
1142 if (bits_per_pixel == 32 &&
1143 host_big_endian_flag == big_endian_flag &&
1144 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1145 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1147 vs->write_pixels = vnc_write_pixels_copy;
1148 vs->send_hextile_tile = send_hextile_tile_32;
1150 if (bits_per_pixel == 16 &&
1151 host_big_endian_flag == big_endian_flag &&
1152 red_max == 31 && green_max == 63 && blue_max == 31 &&
1153 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1155 vs->write_pixels = vnc_write_pixels_copy;
1156 vs->send_hextile_tile = send_hextile_tile_16;
1158 if (bits_per_pixel == 8 &&
1159 red_max == 7 && green_max == 7 && blue_max == 3 &&
1160 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1162 vs->write_pixels = vnc_write_pixels_copy;
1163 vs->send_hextile_tile = send_hextile_tile_8;
1166 /* generic and slower case */
1167 if (bits_per_pixel != 8 &&
1168 bits_per_pixel != 16 &&
1169 bits_per_pixel != 32)
1172 vs->red_shift = red_shift;
1173 vs->red_max = red_max;
1174 vs->red_shift1 = 24 - compute_nbits(red_max);
1175 vs->green_shift = green_shift;
1176 vs->green_max = green_max;
1177 vs->green_shift1 = 16 - compute_nbits(green_max);
1178 vs->blue_shift = blue_shift;
1179 vs->blue_max = blue_max;
1180 vs->blue_shift1 = 8 - compute_nbits(blue_max);
1181 vs->pix_bpp = bits_per_pixel / 8;
1182 vs->pix_big_endian = big_endian_flag;
1183 vs->write_pixels = vnc_write_pixels_generic;
1184 vs->send_hextile_tile = send_hextile_tile_generic;
1187 vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
1189 vga_hw_invalidate();
1193 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1203 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1204 read_u8(data, 6), read_u8(data, 7),
1205 read_u16(data, 8), read_u16(data, 10),
1206 read_u16(data, 12), read_u8(data, 14),
1207 read_u8(data, 15), read_u8(data, 16));
1214 return 4 + (read_u16(data, 2) * 4);
1216 limit = read_u16(data, 2);
1217 for (i = 0; i < limit; i++) {
1218 int32_t val = read_s32(data, 4 + (i * 4));
1219 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1222 set_encodings(vs, (int32_t *)(data + 4), limit);
1228 framebuffer_update_request(vs,
1229 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1230 read_u16(data, 6), read_u16(data, 8));
1236 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1242 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1249 uint32_t dlen = read_u32(data, 4);
1254 client_cut_text(vs, read_u32(data, 4), data + 8);
1257 printf("Msg: %d\n", data[0]);
1258 vnc_client_error(vs);
1262 vnc_read_when(vs, protocol_client_msg, 1);
1266 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1268 char pad[3] = { 0, 0, 0 };
1272 vs->width = vs->ds->width;
1273 vs->height = vs->ds->height;
1274 vnc_write_u16(vs, vs->ds->width);
1275 vnc_write_u16(vs, vs->ds->height);
1277 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1278 vnc_write_u8(vs, vs->depth * 8); /* depth */
1279 #ifdef WORDS_BIGENDIAN
1280 vnc_write_u8(vs, 1); /* big-endian-flag */
1282 vnc_write_u8(vs, 0); /* big-endian-flag */
1284 vnc_write_u8(vs, 1); /* true-color-flag */
1285 if (vs->depth == 4) {
1286 vnc_write_u16(vs, 0xFF); /* red-max */
1287 vnc_write_u16(vs, 0xFF); /* green-max */
1288 vnc_write_u16(vs, 0xFF); /* blue-max */
1289 vnc_write_u8(vs, 16); /* red-shift */
1290 vnc_write_u8(vs, 8); /* green-shift */
1291 vnc_write_u8(vs, 0); /* blue-shift */
1292 vs->send_hextile_tile = send_hextile_tile_32;
1293 } else if (vs->depth == 2) {
1294 vnc_write_u16(vs, 31); /* red-max */
1295 vnc_write_u16(vs, 63); /* green-max */
1296 vnc_write_u16(vs, 31); /* blue-max */
1297 vnc_write_u8(vs, 11); /* red-shift */
1298 vnc_write_u8(vs, 5); /* green-shift */
1299 vnc_write_u8(vs, 0); /* blue-shift */
1300 vs->send_hextile_tile = send_hextile_tile_16;
1301 } else if (vs->depth == 1) {
1302 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1303 vnc_write_u16(vs, 7); /* red-max */
1304 vnc_write_u16(vs, 7); /* green-max */
1305 vnc_write_u16(vs, 3); /* blue-max */
1306 vnc_write_u8(vs, 5); /* red-shift */
1307 vnc_write_u8(vs, 2); /* green-shift */
1308 vnc_write_u8(vs, 0); /* blue-shift */
1309 vs->send_hextile_tile = send_hextile_tile_8;
1311 vs->write_pixels = vnc_write_pixels_copy;
1313 vnc_write(vs, pad, 3); /* padding */
1316 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1318 size = snprintf(buf, sizeof(buf), "QEMU");
1320 vnc_write_u32(vs, size);
1321 vnc_write(vs, buf, size);
1324 vnc_read_when(vs, protocol_client_msg, 1);
1329 static void make_challenge(VncState *vs)
1333 srand(time(NULL)+getpid()+getpid()*987654+rand());
1335 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1336 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1339 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1341 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1343 unsigned char key[8];
1345 if (!vs->password || !vs->password[0]) {
1346 VNC_DEBUG("No password configured on server");
1347 vnc_write_u32(vs, 1); /* Reject auth */
1348 if (vs->minor >= 8) {
1349 static const char err[] = "Authentication failed";
1350 vnc_write_u32(vs, sizeof(err));
1351 vnc_write(vs, err, sizeof(err));
1354 vnc_client_error(vs);
1358 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1360 /* Calculate the expected challenge response */
1361 pwlen = strlen(vs->password);
1362 for (i=0; i<sizeof(key); i++)
1363 key[i] = i<pwlen ? vs->password[i] : 0;
1365 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1366 des(response+j, response+j);
1368 /* Compare expected vs actual challenge response */
1369 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1370 VNC_DEBUG("Client challenge reponse did not match\n");
1371 vnc_write_u32(vs, 1); /* Reject auth */
1372 if (vs->minor >= 8) {
1373 static const char err[] = "Authentication failed";
1374 vnc_write_u32(vs, sizeof(err));
1375 vnc_write(vs, err, sizeof(err));
1378 vnc_client_error(vs);
1380 VNC_DEBUG("Accepting VNC challenge response\n");
1381 vnc_write_u32(vs, 0); /* Accept auth */
1384 vnc_read_when(vs, protocol_client_init, 1);
1389 static int start_auth_vnc(VncState *vs)
1392 /* Send client a 'random' challenge */
1393 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1396 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1402 #define DH_BITS 1024
1403 static gnutls_dh_params_t dh_params;
1405 static int vnc_tls_initialize(void)
1407 static int tlsinitialized = 0;
1412 if (gnutls_global_init () < 0)
1415 /* XXX ought to re-generate diffie-hellmen params periodically */
1416 if (gnutls_dh_params_init (&dh_params) < 0)
1418 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1422 gnutls_global_set_log_level(10);
1423 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1431 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1433 gnutls_anon_server_credentials anon_cred;
1436 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1437 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1441 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1447 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1449 gnutls_certificate_credentials_t x509_cred;
1452 if (!vs->x509cacert) {
1453 VNC_DEBUG("No CA x509 certificate specified\n");
1456 if (!vs->x509cert) {
1457 VNC_DEBUG("No server x509 certificate specified\n");
1461 VNC_DEBUG("No server private key specified\n");
1465 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1466 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1469 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1471 GNUTLS_X509_FMT_PEM)) < 0) {
1472 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1473 gnutls_certificate_free_credentials(x509_cred);
1477 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1480 GNUTLS_X509_FMT_PEM)) < 0) {
1481 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1482 gnutls_certificate_free_credentials(x509_cred);
1486 if (vs->x509cacrl) {
1487 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1489 GNUTLS_X509_FMT_PEM)) < 0) {
1490 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1491 gnutls_certificate_free_credentials(x509_cred);
1496 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1501 static int vnc_validate_certificate(struct VncState *vs)
1504 unsigned int status;
1505 const gnutls_datum_t *certs;
1506 unsigned int nCerts, i;
1509 VNC_DEBUG("Validating client certificate\n");
1510 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1511 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1515 if ((now = time(NULL)) == ((time_t)-1)) {
1520 if (status & GNUTLS_CERT_INVALID)
1521 VNC_DEBUG("The certificate is not trusted.\n");
1523 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1524 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1526 if (status & GNUTLS_CERT_REVOKED)
1527 VNC_DEBUG("The certificate has been revoked.\n");
1529 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1530 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1534 VNC_DEBUG("Certificate is valid!\n");
1537 /* Only support x509 for now */
1538 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1541 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1544 for (i = 0 ; i < nCerts ; i++) {
1545 gnutls_x509_crt_t cert;
1546 VNC_DEBUG ("Checking certificate chain %d\n", i);
1547 if (gnutls_x509_crt_init (&cert) < 0)
1550 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1551 gnutls_x509_crt_deinit (cert);
1555 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1556 VNC_DEBUG("The certificate has expired\n");
1557 gnutls_x509_crt_deinit (cert);
1561 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1562 VNC_DEBUG("The certificate is not yet activated\n");
1563 gnutls_x509_crt_deinit (cert);
1567 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1568 VNC_DEBUG("The certificate is not yet activated\n");
1569 gnutls_x509_crt_deinit (cert);
1573 gnutls_x509_crt_deinit (cert);
1580 static int start_auth_vencrypt_subauth(VncState *vs)
1582 switch (vs->subauth) {
1583 case VNC_AUTH_VENCRYPT_TLSNONE:
1584 case VNC_AUTH_VENCRYPT_X509NONE:
1585 VNC_DEBUG("Accept TLS auth none\n");
1586 vnc_write_u32(vs, 0); /* Accept auth completion */
1587 vnc_read_when(vs, protocol_client_init, 1);
1590 case VNC_AUTH_VENCRYPT_TLSVNC:
1591 case VNC_AUTH_VENCRYPT_X509VNC:
1592 VNC_DEBUG("Start TLS auth VNC\n");
1593 return start_auth_vnc(vs);
1595 default: /* Should not be possible, but just in case */
1596 VNC_DEBUG("Reject auth %d\n", vs->auth);
1597 vnc_write_u8(vs, 1);
1598 if (vs->minor >= 8) {
1599 static const char err[] = "Unsupported authentication type";
1600 vnc_write_u32(vs, sizeof(err));
1601 vnc_write(vs, err, sizeof(err));
1603 vnc_client_error(vs);
1609 static void vnc_handshake_io(void *opaque);
1611 static int vnc_continue_handshake(struct VncState *vs) {
1614 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1615 if (!gnutls_error_is_fatal(ret)) {
1616 VNC_DEBUG("Handshake interrupted (blocking)\n");
1617 if (!gnutls_record_get_direction(vs->tls_session))
1618 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1620 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1623 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1624 vnc_client_error(vs);
1628 if (vs->x509verify) {
1629 if (vnc_validate_certificate(vs) < 0) {
1630 VNC_DEBUG("Client verification failed\n");
1631 vnc_client_error(vs);
1634 VNC_DEBUG("Client verification passed\n");
1638 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1639 vs->wiremode = VNC_WIREMODE_TLS;
1640 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1642 return start_auth_vencrypt_subauth(vs);
1645 static void vnc_handshake_io(void *opaque) {
1646 struct VncState *vs = (struct VncState *)opaque;
1648 VNC_DEBUG("Handshake IO continue\n");
1649 vnc_continue_handshake(vs);
1652 #define NEED_X509_AUTH(vs) \
1653 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1654 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1655 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1658 static int vnc_start_tls(struct VncState *vs) {
1659 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1660 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1661 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1662 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1664 VNC_DEBUG("Do TLS setup\n");
1665 if (vnc_tls_initialize() < 0) {
1666 VNC_DEBUG("Failed to init TLS\n");
1667 vnc_client_error(vs);
1670 if (vs->tls_session == NULL) {
1671 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1672 vnc_client_error(vs);
1676 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1677 gnutls_deinit(vs->tls_session);
1678 vs->tls_session = NULL;
1679 vnc_client_error(vs);
1683 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1684 gnutls_deinit(vs->tls_session);
1685 vs->tls_session = NULL;
1686 vnc_client_error(vs);
1690 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1691 gnutls_deinit(vs->tls_session);
1692 vs->tls_session = NULL;
1693 vnc_client_error(vs);
1697 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1698 gnutls_deinit(vs->tls_session);
1699 vs->tls_session = NULL;
1700 vnc_client_error(vs);
1704 if (NEED_X509_AUTH(vs)) {
1705 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1707 gnutls_deinit(vs->tls_session);
1708 vs->tls_session = NULL;
1709 vnc_client_error(vs);
1712 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1713 gnutls_deinit(vs->tls_session);
1714 vs->tls_session = NULL;
1715 gnutls_certificate_free_credentials(x509_cred);
1716 vnc_client_error(vs);
1719 if (vs->x509verify) {
1720 VNC_DEBUG("Requesting a client certificate\n");
1721 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1725 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1727 gnutls_deinit(vs->tls_session);
1728 vs->tls_session = NULL;
1729 vnc_client_error(vs);
1732 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1733 gnutls_deinit(vs->tls_session);
1734 vs->tls_session = NULL;
1735 gnutls_anon_free_server_credentials(anon_cred);
1736 vnc_client_error(vs);
1741 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1742 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1743 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1746 VNC_DEBUG("Start TLS handshake process\n");
1747 return vnc_continue_handshake(vs);
1750 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1752 int auth = read_u32(data, 0);
1754 if (auth != vs->subauth) {
1755 VNC_DEBUG("Rejecting auth %d\n", auth);
1756 vnc_write_u8(vs, 0); /* Reject auth */
1758 vnc_client_error(vs);
1760 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1761 vnc_write_u8(vs, 1); /* Accept auth */
1764 if (vnc_start_tls(vs) < 0) {
1765 VNC_DEBUG("Failed to complete TLS\n");
1769 if (vs->wiremode == VNC_WIREMODE_TLS) {
1770 VNC_DEBUG("Starting VeNCrypt subauth\n");
1771 return start_auth_vencrypt_subauth(vs);
1773 VNC_DEBUG("TLS handshake blocked\n");
1780 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1784 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1785 vnc_write_u8(vs, 1); /* Reject version */
1787 vnc_client_error(vs);
1789 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1790 vnc_write_u8(vs, 0); /* Accept version */
1791 vnc_write_u8(vs, 1); /* Number of sub-auths */
1792 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1794 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1799 static int start_auth_vencrypt(VncState *vs)
1801 /* Send VeNCrypt version 0.2 */
1802 vnc_write_u8(vs, 0);
1803 vnc_write_u8(vs, 2);
1805 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1808 #endif /* CONFIG_VNC_TLS */
1810 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1812 /* We only advertise 1 auth scheme at a time, so client
1813 * must pick the one we sent. Verify this */
1814 if (data[0] != vs->auth) { /* Reject auth */
1815 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1816 vnc_write_u32(vs, 1);
1817 if (vs->minor >= 8) {
1818 static const char err[] = "Authentication failed";
1819 vnc_write_u32(vs, sizeof(err));
1820 vnc_write(vs, err, sizeof(err));
1822 vnc_client_error(vs);
1823 } else { /* Accept requested auth */
1824 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1827 VNC_DEBUG("Accept auth none\n");
1828 if (vs->minor >= 8) {
1829 vnc_write_u32(vs, 0); /* Accept auth completion */
1832 vnc_read_when(vs, protocol_client_init, 1);
1836 VNC_DEBUG("Start VNC auth\n");
1837 return start_auth_vnc(vs);
1840 case VNC_AUTH_VENCRYPT:
1841 VNC_DEBUG("Accept VeNCrypt auth\n");;
1842 return start_auth_vencrypt(vs);
1843 #endif /* CONFIG_VNC_TLS */
1845 default: /* Should not be possible, but just in case */
1846 VNC_DEBUG("Reject auth %d\n", vs->auth);
1847 vnc_write_u8(vs, 1);
1848 if (vs->minor >= 8) {
1849 static const char err[] = "Authentication failed";
1850 vnc_write_u32(vs, sizeof(err));
1851 vnc_write(vs, err, sizeof(err));
1853 vnc_client_error(vs);
1859 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
1863 memcpy(local, version, 12);
1866 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
1867 VNC_DEBUG("Malformed protocol version %s\n", local);
1868 vnc_client_error(vs);
1871 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
1872 if (vs->major != 3 ||
1878 VNC_DEBUG("Unsupported client version\n");
1879 vnc_write_u32(vs, VNC_AUTH_INVALID);
1881 vnc_client_error(vs);
1884 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
1885 * as equivalent to v3.3 by servers
1887 if (vs->minor == 4 || vs->minor == 5)
1890 if (vs->minor == 3) {
1891 if (vs->auth == VNC_AUTH_NONE) {
1892 VNC_DEBUG("Tell client auth none\n");
1893 vnc_write_u32(vs, vs->auth);
1895 vnc_read_when(vs, protocol_client_init, 1);
1896 } else if (vs->auth == VNC_AUTH_VNC) {
1897 VNC_DEBUG("Tell client VNC auth\n");
1898 vnc_write_u32(vs, vs->auth);
1902 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
1903 vnc_write_u32(vs, VNC_AUTH_INVALID);
1905 vnc_client_error(vs);
1908 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
1909 vnc_write_u8(vs, 1); /* num auth */
1910 vnc_write_u8(vs, vs->auth);
1911 vnc_read_when(vs, protocol_client_auth, 1);
1918 static void vnc_connect(VncState *vs)
1920 VNC_DEBUG("New client on socket %d\n", vs->csock);
1921 socket_set_nonblock(vs->csock);
1922 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
1923 vnc_write(vs, "RFB 003.008\n", 12);
1925 vnc_read_when(vs, protocol_version, 12);
1926 memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
1927 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
1929 vs->has_hextile = 0;
1930 vs->ds->dpy_copy = NULL;
1931 vnc_update_client(vs);
1934 static void vnc_listen_read(void *opaque)
1936 VncState *vs = opaque;
1937 struct sockaddr_in addr;
1938 socklen_t addrlen = sizeof(addr);
1943 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
1944 if (vs->csock != -1) {
1949 extern int parse_host_port(struct sockaddr_in *saddr, const char *str);
1951 void vnc_display_init(DisplayState *ds)
1955 vs = qemu_mallocz(sizeof(VncState));
1962 vs->password = NULL;
1972 if (!keyboard_layout)
1973 keyboard_layout = "en-us";
1975 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
1976 if (!vs->kbd_layout)
1979 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
1981 vs->ds->data = NULL;
1982 vs->ds->dpy_update = vnc_dpy_update;
1983 vs->ds->dpy_resize = vnc_dpy_resize;
1984 vs->ds->dpy_refresh = NULL;
1986 vnc_dpy_resize(vs->ds, 640, 400);
1990 static int vnc_set_x509_credential(VncState *vs,
1991 const char *certdir,
1992 const char *filename,
2003 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2006 strcpy(*cred, certdir);
2008 strcat(*cred, filename);
2010 VNC_DEBUG("Check %s\n", *cred);
2011 if (stat(*cred, &sb) < 0) {
2014 if (ignoreMissing && errno == ENOENT)
2022 static int vnc_set_x509_credential_dir(VncState *vs,
2023 const char *certdir)
2025 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2027 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2029 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2031 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2037 qemu_free(vs->x509cacert);
2038 qemu_free(vs->x509cacrl);
2039 qemu_free(vs->x509cert);
2040 qemu_free(vs->x509key);
2041 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2044 #endif /* CONFIG_VNC_TLS */
2046 void vnc_display_close(DisplayState *ds)
2048 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2051 qemu_free(vs->display);
2054 if (vs->lsock != -1) {
2055 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2059 if (vs->csock != -1) {
2060 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2061 closesocket(vs->csock);
2063 buffer_reset(&vs->input);
2064 buffer_reset(&vs->output);
2065 vs->need_update = 0;
2067 if (vs->tls_session) {
2068 gnutls_deinit(vs->tls_session);
2069 vs->tls_session = NULL;
2071 vs->wiremode = VNC_WIREMODE_CLEAR;
2072 #endif /* CONFIG_VNC_TLS */
2074 vs->auth = VNC_AUTH_INVALID;
2076 vs->subauth = VNC_AUTH_INVALID;
2081 int vnc_display_password(DisplayState *ds, const char *password)
2083 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2086 qemu_free(vs->password);
2087 vs->password = NULL;
2089 if (password && password[0]) {
2090 if (!(vs->password = qemu_strdup(password)))
2097 int vnc_display_open(DisplayState *ds, const char *display)
2099 struct sockaddr *addr;
2100 struct sockaddr_in iaddr;
2102 struct sockaddr_un uaddr;
2105 int reuse_addr, ret;
2107 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2108 const char *options;
2112 int tls = 0, x509 = 0;
2115 vnc_display_close(ds);
2116 if (strcmp(display, "none") == 0)
2119 if (!(vs->display = strdup(display)))
2123 while ((options = strchr(options, ','))) {
2125 if (strncmp(options, "password", 8) == 0) {
2126 password = 1; /* Require password auth */
2127 } else if (strncmp(options, "reverse", 7) == 0) {
2130 } else if (strncmp(options, "tls", 3) == 0) {
2131 tls = 1; /* Require TLS */
2132 } else if (strncmp(options, "x509", 4) == 0) {
2134 x509 = 1; /* Require x509 certificates */
2135 if (strncmp(options, "x509verify", 10) == 0)
2136 vs->x509verify = 1; /* ...and verify client certs */
2138 /* Now check for 'x509=/some/path' postfix
2139 * and use that to setup x509 certificate/key paths */
2140 start = strchr(options, '=');
2141 end = strchr(options, ',');
2142 if (start && (!end || (start < end))) {
2143 int len = end ? end-(start+1) : strlen(start+1);
2144 char *path = qemu_malloc(len+1);
2145 strncpy(path, start+1, len);
2147 VNC_DEBUG("Trying certificate path '%s'\n", path);
2148 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2149 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2151 qemu_free(vs->display);
2157 fprintf(stderr, "No certificate path provided\n");
2158 qemu_free(vs->display);
2169 vs->auth = VNC_AUTH_VENCRYPT;
2171 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2172 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2174 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2175 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2179 VNC_DEBUG("Initializing VNC server with password auth\n");
2180 vs->auth = VNC_AUTH_VNC;
2182 vs->subauth = VNC_AUTH_INVALID;
2188 vs->auth = VNC_AUTH_VENCRYPT;
2190 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2191 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2193 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2194 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2198 VNC_DEBUG("Initializing VNC server with no auth\n");
2199 vs->auth = VNC_AUTH_NONE;
2201 vs->subauth = VNC_AUTH_INVALID;
2206 if (strstart(display, "unix:", &p)) {
2207 addr = (struct sockaddr *)&uaddr;
2208 addrlen = sizeof(uaddr);
2210 vs->lsock = socket(PF_UNIX, SOCK_STREAM, 0);
2211 if (vs->lsock == -1) {
2212 fprintf(stderr, "Could not create socket\n");
2218 uaddr.sun_family = AF_UNIX;
2219 memset(uaddr.sun_path, 0, 108);
2220 snprintf(uaddr.sun_path, 108, "%s", p);
2223 unlink(uaddr.sun_path);
2228 addr = (struct sockaddr *)&iaddr;
2229 addrlen = sizeof(iaddr);
2231 if (parse_host_port(&iaddr, display) < 0) {
2232 fprintf(stderr, "Could not parse VNC address\n");
2238 iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
2240 vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
2241 if (vs->lsock == -1) {
2242 fprintf(stderr, "Could not create socket\n");
2249 ret = setsockopt(vs->lsock, SOL_SOCKET, SO_REUSEADDR,
2250 (const char *)&reuse_addr, sizeof(reuse_addr));
2252 fprintf(stderr, "setsockopt() failed\n");
2262 if (connect(vs->lsock, addr, addrlen) == -1) {
2263 fprintf(stderr, "Connection to VNC client failed\n");
2270 vs->csock = vs->lsock;
2277 if (bind(vs->lsock, addr, addrlen) == -1) {
2278 fprintf(stderr, "bind() failed\n");
2286 if (listen(vs->lsock, 1) == -1) {
2287 fprintf(stderr, "listen() failed\n");
2295 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
projects / qemu / blob