]> git.proxmox.com Git - mirror_qemu.git/blame_incremental - vnc.c
projects / mirror_qemu.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Fix invalid #if in vnc.c when debugging is enabled (Alexander Graf)
[mirror_qemu.git] / vnc.c
... / ...
CommitLineData
1/*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26#include "qemu-common.h"
27#include "console.h"
28#include "sysemu.h"
29#include "qemu_socket.h"
30#include "qemu-timer.h"
31#include "audio/audio.h"
32
33#define VNC_REFRESH_INTERVAL (1000 / 30)
34
35#include "vnc.h"
36#include "vnc_keysym.h"
37#include "keymaps.c"
38#include "d3des.h"
39
40#ifdef CONFIG_VNC_TLS
41#include <gnutls/gnutls.h>
42#include <gnutls/x509.h>
43#endif /* CONFIG_VNC_TLS */
44
45// #define _VNC_DEBUG 1
46
47#ifdef _VNC_DEBUG
48#define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
49
50#if defined(CONFIG_VNC_TLS) && _VNC_DEBUG >= 2
51/* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
52static void vnc_debug_gnutls_log(int level, const char* str) {
53 VNC_DEBUG("%d %s", level, str);
54}
55#endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
56#else
57#define VNC_DEBUG(fmt, ...) do { } while (0)
58#endif
59
60#define count_bits(c, v) { \
61 for (c = 0; v; v >>= 1) \
62 { \
63 c += v & 1; \
64 } \
65}
66
67typedef struct Buffer
68{
69 size_t capacity;
70 size_t offset;
71 uint8_t *buffer;
72} Buffer;
73
74typedef struct VncState VncState;
75
76typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
77
78typedef void VncWritePixels(VncState *vs, void *data, int size);
79
80typedef void VncSendHextileTile(VncState *vs,
81 int x, int y, int w, int h,
82 void *last_bg,
83 void *last_fg,
84 int *has_bg, int *has_fg);
85
86#define VNC_MAX_WIDTH 2048
87#define VNC_MAX_HEIGHT 2048
88#define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
89
90#define VNC_AUTH_CHALLENGE_SIZE 16
91
92struct VncState
93{
94 QEMUTimer *timer;
95 int lsock;
96 int csock;
97 DisplayState *ds;
98 int need_update;
99 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
100 char *old_data;
101 uint32_t features;
102 int absolute;
103 int last_x;
104 int last_y;
105
106 int major;
107 int minor;
108
109 char *display;
110 char *password;
111 int auth;
112#ifdef CONFIG_VNC_TLS
113 int subauth;
114 int x509verify;
115
116 char *x509cacert;
117 char *x509cacrl;
118 char *x509cert;
119 char *x509key;
120#endif
121 char challenge[VNC_AUTH_CHALLENGE_SIZE];
122
123#ifdef CONFIG_VNC_TLS
124 int wiremode;
125 gnutls_session_t tls_session;
126#endif
127
128 Buffer output;
129 Buffer input;
130 kbd_layout_t *kbd_layout;
131 /* current output mode information */
132 VncWritePixels *write_pixels;
133 VncSendHextileTile *send_hextile_tile;
134 DisplaySurface clientds, serverds;
135
136 CaptureVoiceOut *audio_cap;
137 struct audsettings as;
138
139 VncReadEvent *read_handler;
140 size_t read_handler_expect;
141 /* input */
142 uint8_t modifiers_state[256];
143};
144
145static VncState *vnc_state; /* needed for info vnc */
146static DisplayChangeListener *dcl;
147
148void do_info_vnc(void)
149{
150 if (vnc_state == NULL || vnc_state->display == NULL)
151 term_printf("VNC server disabled\n");
152 else {
153 term_printf("VNC server active on: ");
154 term_print_filename(vnc_state->display);
155 term_printf("\n");
156
157 if (vnc_state->csock == -1)
158 term_printf("No client connected\n");
159 else
160 term_printf("Client connected\n");
161 }
162}
163
164static inline uint32_t vnc_has_feature(VncState *vs, int feature) {
165 return (vs->features & (1 << feature));
166}
167
168/* TODO
169 1) Get the queue working for IO.
170 2) there is some weirdness when using the -S option (the screen is grey
171 and not totally invalidated
172 3) resolutions > 1024
173*/
174
175static void vnc_write(VncState *vs, const void *data, size_t len);
176static void vnc_write_u32(VncState *vs, uint32_t value);
177static void vnc_write_s32(VncState *vs, int32_t value);
178static void vnc_write_u16(VncState *vs, uint16_t value);
179static void vnc_write_u8(VncState *vs, uint8_t value);
180static void vnc_flush(VncState *vs);
181static void vnc_update_client(void *opaque);
182static void vnc_client_read(void *opaque);
183
184static void vnc_colordepth(DisplayState *ds);
185
186static inline void vnc_set_bit(uint32_t *d, int k)
187{
188 d[k >> 5] |= 1 << (k & 0x1f);
189}
190
191static inline void vnc_clear_bit(uint32_t *d, int k)
192{
193 d[k >> 5] &= ~(1 << (k & 0x1f));
194}
195
196static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
197{
198 int j;
199
200 j = 0;
201 while (n >= 32) {
202 d[j++] = -1;
203 n -= 32;
204 }
205 if (n > 0)
206 d[j++] = (1 << n) - 1;
207 while (j < nb_words)
208 d[j++] = 0;
209}
210
211static inline int vnc_get_bit(const uint32_t *d, int k)
212{
213 return (d[k >> 5] >> (k & 0x1f)) & 1;
214}
215
216static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
217 int nb_words)
218{
219 int i;
220 for(i = 0; i < nb_words; i++) {
221 if ((d1[i] & d2[i]) != 0)
222 return 1;
223 }
224 return 0;
225}
226
227static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
228{
229 VncState *vs = ds->opaque;
230 int i;
231
232 h += y;
233
234 /* round x down to ensure the loop only spans one 16-pixel block per,
235 iteration. otherwise, if (x % 16) != 0, the last iteration may span
236 two 16-pixel blocks but we only mark the first as dirty
237 */
238 w += (x % 16);
239 x -= (x % 16);
240
241 x = MIN(x, vs->serverds.width);
242 y = MIN(y, vs->serverds.height);
243 w = MIN(x + w, vs->serverds.width) - x;
244 h = MIN(h, vs->serverds.height);
245
246 for (; y < h; y++)
247 for (i = 0; i < w; i += 16)
248 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
249}
250
251static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
252 int32_t encoding)
253{
254 vnc_write_u16(vs, x);
255 vnc_write_u16(vs, y);
256 vnc_write_u16(vs, w);
257 vnc_write_u16(vs, h);
258
259 vnc_write_s32(vs, encoding);
260}
261
262static void vnc_dpy_resize(DisplayState *ds)
263{
264 int size_changed;
265 VncState *vs = ds->opaque;
266
267 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
268
269 if (vs->old_data == NULL) {
270 fprintf(stderr, "vnc: memory allocation failed\n");
271 exit(1);
272 }
273
274 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
275 console_color_init(ds);
276 vnc_colordepth(ds);
277 size_changed = ds_get_width(ds) != vs->serverds.width ||
278 ds_get_height(ds) != vs->serverds.height;
279 vs->serverds = *(ds->surface);
280 if (size_changed) {
281 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_RESIZE)) {
282 vnc_write_u8(vs, 0); /* msg id */
283 vnc_write_u8(vs, 0);
284 vnc_write_u16(vs, 1); /* number of rects */
285 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
286 VNC_ENCODING_DESKTOPRESIZE);
287 vnc_flush(vs);
288 }
289 }
290
291 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
292 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
293}
294
295/* fastest code */
296static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
297{
298 vnc_write(vs, pixels, size);
299}
300
301/* slowest but generic code. */
302static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
303{
304 uint8_t r, g, b;
305
306 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
307 vs->serverds.pf.rbits);
308 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
309 vs->serverds.pf.gbits);
310 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
311 vs->serverds.pf.bbits);
312 v = (r << vs->clientds.pf.rshift) |
313 (g << vs->clientds.pf.gshift) |
314 (b << vs->clientds.pf.bshift);
315 switch(vs->clientds.pf.bytes_per_pixel) {
316 case 1:
317 buf[0] = v;
318 break;
319 case 2:
320 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
321 buf[0] = v >> 8;
322 buf[1] = v;
323 } else {
324 buf[1] = v >> 8;
325 buf[0] = v;
326 }
327 break;
328 default:
329 case 4:
330 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
331 buf[0] = v >> 24;
332 buf[1] = v >> 16;
333 buf[2] = v >> 8;
334 buf[3] = v;
335 } else {
336 buf[3] = v >> 24;
337 buf[2] = v >> 16;
338 buf[1] = v >> 8;
339 buf[0] = v;
340 }
341 break;
342 }
343}
344
345static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
346{
347 uint8_t buf[4];
348
349 if (vs->serverds.pf.bytes_per_pixel == 4) {
350 uint32_t *pixels = pixels1;
351 int n, i;
352 n = size >> 2;
353 for(i = 0; i < n; i++) {
354 vnc_convert_pixel(vs, buf, pixels[i]);
355 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
356 }
357 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
358 uint16_t *pixels = pixels1;
359 int n, i;
360 n = size >> 1;
361 for(i = 0; i < n; i++) {
362 vnc_convert_pixel(vs, buf, pixels[i]);
363 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
364 }
365 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
366 uint8_t *pixels = pixels1;
367 int n, i;
368 n = size;
369 for(i = 0; i < n; i++) {
370 vnc_convert_pixel(vs, buf, pixels[i]);
371 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
372 }
373 } else {
374 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
375 }
376}
377
378static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
379{
380 int i;
381 uint8_t *row;
382
383 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_RAW);
384
385 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
386 for (i = 0; i < h; i++) {
387 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
388 row += ds_get_linesize(vs->ds);
389 }
390}
391
392static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
393{
394 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
395 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
396}
397
398#define BPP 8
399#include "vnchextile.h"
400#undef BPP
401
402#define BPP 16
403#include "vnchextile.h"
404#undef BPP
405
406#define BPP 32
407#include "vnchextile.h"
408#undef BPP
409
410#define GENERIC
411#define BPP 8
412#include "vnchextile.h"
413#undef BPP
414#undef GENERIC
415
416#define GENERIC
417#define BPP 16
418#include "vnchextile.h"
419#undef BPP
420#undef GENERIC
421
422#define GENERIC
423#define BPP 32
424#include "vnchextile.h"
425#undef BPP
426#undef GENERIC
427
428static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
429{
430 int i, j;
431 int has_fg, has_bg;
432 uint8_t *last_fg, *last_bg;
433
434 vnc_framebuffer_update(vs, x, y, w, h, VNC_ENCODING_HEXTILE);
435
436 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
437 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
438 has_fg = has_bg = 0;
439 for (j = y; j < (y + h); j += 16) {
440 for (i = x; i < (x + w); i += 16) {
441 vs->send_hextile_tile(vs, i, j,
442 MIN(16, x + w - i), MIN(16, y + h - j),
443 last_bg, last_fg, &has_bg, &has_fg);
444 }
445 }
446 free(last_fg);
447 free(last_bg);
448
449}
450
451static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
452{
453 if (vnc_has_feature(vs, VNC_FEATURE_HEXTILE))
454 send_framebuffer_update_hextile(vs, x, y, w, h);
455 else
456 send_framebuffer_update_raw(vs, x, y, w, h);
457}
458
459static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
460{
461 VncState *vs = ds->opaque;
462
463 vnc_update_client(vs);
464
465 vnc_write_u8(vs, 0); /* msg id */
466 vnc_write_u8(vs, 0);
467 vnc_write_u16(vs, 1); /* number of rects */
468 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, VNC_ENCODING_COPYRECT);
469 vnc_write_u16(vs, src_x);
470 vnc_write_u16(vs, src_y);
471 vnc_flush(vs);
472}
473
474static int find_dirty_height(VncState *vs, int y, int last_x, int x)
475{
476 int h;
477
478 for (h = 1; h < (vs->serverds.height - y); h++) {
479 int tmp_x;
480 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
481 break;
482 for (tmp_x = last_x; tmp_x < x; tmp_x++)
483 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
484 }
485
486 return h;
487}
488
489static void vnc_update_client(void *opaque)
490{
491 VncState *vs = opaque;
492
493 if (vs->need_update && vs->csock != -1) {
494 int y;
495 uint8_t *row;
496 char *old_row;
497 uint32_t width_mask[VNC_DIRTY_WORDS];
498 int n_rectangles;
499 int saved_offset;
500 int has_dirty = 0;
501
502 vga_hw_update();
503
504 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
505
506 /* Walk through the dirty map and eliminate tiles that
507 really aren't dirty */
508 row = ds_get_data(vs->ds);
509 old_row = vs->old_data;
510
511 for (y = 0; y < ds_get_height(vs->ds); y++) {
512 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
513 int x;
514 uint8_t *ptr;
515 char *old_ptr;
516
517 ptr = row;
518 old_ptr = (char*)old_row;
519
520 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
521 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
522 vnc_clear_bit(vs->dirty_row[y], (x / 16));
523 } else {
524 has_dirty = 1;
525 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
526 }
527
528 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
529 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
530 }
531 }
532
533 row += ds_get_linesize(vs->ds);
534 old_row += ds_get_linesize(vs->ds);
535 }
536
537 if (!has_dirty && !vs->audio_cap) {
538 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
539 return;
540 }
541
542 /* Count rectangles */
543 n_rectangles = 0;
544 vnc_write_u8(vs, 0); /* msg id */
545 vnc_write_u8(vs, 0);
546 saved_offset = vs->output.offset;
547 vnc_write_u16(vs, 0);
548
549 for (y = 0; y < vs->serverds.height; y++) {
550 int x;
551 int last_x = -1;
552 for (x = 0; x < vs->serverds.width / 16; x++) {
553 if (vnc_get_bit(vs->dirty_row[y], x)) {
554 if (last_x == -1) {
555 last_x = x;
556 }
557 vnc_clear_bit(vs->dirty_row[y], x);
558 } else {
559 if (last_x != -1) {
560 int h = find_dirty_height(vs, y, last_x, x);
561 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
562 n_rectangles++;
563 }
564 last_x = -1;
565 }
566 }
567 if (last_x != -1) {
568 int h = find_dirty_height(vs, y, last_x, x);
569 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
570 n_rectangles++;
571 }
572 }
573 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
574 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
575 vnc_flush(vs);
576
577 }
578
579 if (vs->csock != -1) {
580 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
581 }
582
583}
584
585static int vnc_listen_poll(void *opaque)
586{
587 VncState *vs = opaque;
588 if (vs->csock == -1)
589 return 1;
590 return 0;
591}
592
593static void buffer_reserve(Buffer *buffer, size_t len)
594{
595 if ((buffer->capacity - buffer->offset) < len) {
596 buffer->capacity += (len + 1024);
597 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
598 if (buffer->buffer == NULL) {
599 fprintf(stderr, "vnc: out of memory\n");
600 exit(1);
601 }
602 }
603}
604
605static int buffer_empty(Buffer *buffer)
606{
607 return buffer->offset == 0;
608}
609
610static uint8_t *buffer_end(Buffer *buffer)
611{
612 return buffer->buffer + buffer->offset;
613}
614
615static void buffer_reset(Buffer *buffer)
616{
617 buffer->offset = 0;
618}
619
620static void buffer_append(Buffer *buffer, const void *data, size_t len)
621{
622 memcpy(buffer->buffer + buffer->offset, data, len);
623 buffer->offset += len;
624}
625
626/* audio */
627static void audio_capture_notify(void *opaque, audcnotification_e cmd)
628{
629 VncState *vs = opaque;
630
631 switch (cmd) {
632 case AUD_CNOTIFY_DISABLE:
633 vnc_write_u8(vs, 255);
634 vnc_write_u8(vs, 1);
635 vnc_write_u16(vs, 0);
636 vnc_flush(vs);
637 break;
638
639 case AUD_CNOTIFY_ENABLE:
640 vnc_write_u8(vs, 255);
641 vnc_write_u8(vs, 1);
642 vnc_write_u16(vs, 1);
643 vnc_flush(vs);
644 break;
645 }
646}
647
648static void audio_capture_destroy(void *opaque)
649{
650}
651
652static void audio_capture(void *opaque, void *buf, int size)
653{
654 VncState *vs = opaque;
655
656 vnc_write_u8(vs, 255);
657 vnc_write_u8(vs, 1);
658 vnc_write_u16(vs, 2);
659 vnc_write_u32(vs, size);
660 vnc_write(vs, buf, size);
661 vnc_flush(vs);
662}
663
664static void audio_add(VncState *vs)
665{
666 struct audio_capture_ops ops;
667
668 if (vs->audio_cap) {
669 term_printf ("audio already running\n");
670 return;
671 }
672
673 ops.notify = audio_capture_notify;
674 ops.destroy = audio_capture_destroy;
675 ops.capture = audio_capture;
676
677 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
678 if (!vs->audio_cap) {
679 term_printf ("Failed to add audio capture\n");
680 }
681}
682
683static void audio_del(VncState *vs)
684{
685 if (vs->audio_cap) {
686 AUD_del_capture(vs->audio_cap, vs);
687 vs->audio_cap = NULL;
688 }
689}
690
691static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
692{
693 if (ret == 0 || ret == -1) {
694 if (ret == -1) {
695 switch (last_errno) {
696 case EINTR:
697 case EAGAIN:
698#ifdef _WIN32
699 case WSAEWOULDBLOCK:
700#endif
701 return 0;
702 default:
703 break;
704 }
705 }
706
707 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
708 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
709 closesocket(vs->csock);
710 vs->csock = -1;
711 dcl->idle = 1;
712 buffer_reset(&vs->input);
713 buffer_reset(&vs->output);
714 vs->need_update = 0;
715#ifdef CONFIG_VNC_TLS
716 if (vs->tls_session) {
717 gnutls_deinit(vs->tls_session);
718 vs->tls_session = NULL;
719 }
720 vs->wiremode = VNC_WIREMODE_CLEAR;
721#endif /* CONFIG_VNC_TLS */
722 audio_del(vs);
723 return 0;
724 }
725 return ret;
726}
727
728static void vnc_client_error(VncState *vs)
729{
730 vnc_client_io_error(vs, -1, EINVAL);
731}
732
733static void vnc_client_write(void *opaque)
734{
735 long ret;
736 VncState *vs = opaque;
737
738#ifdef CONFIG_VNC_TLS
739 if (vs->tls_session) {
740 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
741 if (ret < 0) {
742 if (ret == GNUTLS_E_AGAIN)
743 errno = EAGAIN;
744 else
745 errno = EIO;
746 ret = -1;
747 }
748 } else
749#endif /* CONFIG_VNC_TLS */
750 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
751 ret = vnc_client_io_error(vs, ret, socket_error());
752 if (!ret)
753 return;
754
755 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
756 vs->output.offset -= ret;
757
758 if (vs->output.offset == 0) {
759 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
760 }
761}
762
763static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
764{
765 vs->read_handler = func;
766 vs->read_handler_expect = expecting;
767}
768
769static void vnc_client_read(void *opaque)
770{
771 VncState *vs = opaque;
772 long ret;
773
774 buffer_reserve(&vs->input, 4096);
775
776#ifdef CONFIG_VNC_TLS
777 if (vs->tls_session) {
778 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
779 if (ret < 0) {
780 if (ret == GNUTLS_E_AGAIN)
781 errno = EAGAIN;
782 else
783 errno = EIO;
784 ret = -1;
785 }
786 } else
787#endif /* CONFIG_VNC_TLS */
788 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
789 ret = vnc_client_io_error(vs, ret, socket_error());
790 if (!ret)
791 return;
792
793 vs->input.offset += ret;
794
795 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
796 size_t len = vs->read_handler_expect;
797 int ret;
798
799 ret = vs->read_handler(vs, vs->input.buffer, len);
800 if (vs->csock == -1)
801 return;
802
803 if (!ret) {
804 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
805 vs->input.offset -= len;
806 } else {
807 vs->read_handler_expect = ret;
808 }
809 }
810}
811
812static void vnc_write(VncState *vs, const void *data, size_t len)
813{
814 buffer_reserve(&vs->output, len);
815
816 if (buffer_empty(&vs->output)) {
817 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
818 }
819
820 buffer_append(&vs->output, data, len);
821}
822
823static void vnc_write_s32(VncState *vs, int32_t value)
824{
825 vnc_write_u32(vs, *(uint32_t *)&value);
826}
827
828static void vnc_write_u32(VncState *vs, uint32_t value)
829{
830 uint8_t buf[4];
831
832 buf[0] = (value >> 24) & 0xFF;
833 buf[1] = (value >> 16) & 0xFF;
834 buf[2] = (value >> 8) & 0xFF;
835 buf[3] = value & 0xFF;
836
837 vnc_write(vs, buf, 4);
838}
839
840static void vnc_write_u16(VncState *vs, uint16_t value)
841{
842 uint8_t buf[2];
843
844 buf[0] = (value >> 8) & 0xFF;
845 buf[1] = value & 0xFF;
846
847 vnc_write(vs, buf, 2);
848}
849
850static void vnc_write_u8(VncState *vs, uint8_t value)
851{
852 vnc_write(vs, (char *)&value, 1);
853}
854
855static void vnc_flush(VncState *vs)
856{
857 if (vs->output.offset)
858 vnc_client_write(vs);
859}
860
861static uint8_t read_u8(uint8_t *data, size_t offset)
862{
863 return data[offset];
864}
865
866static uint16_t read_u16(uint8_t *data, size_t offset)
867{
868 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
869}
870
871static int32_t read_s32(uint8_t *data, size_t offset)
872{
873 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
874 (data[offset + 2] << 8) | data[offset + 3]);
875}
876
877static uint32_t read_u32(uint8_t *data, size_t offset)
878{
879 return ((data[offset] << 24) | (data[offset + 1] << 16) |
880 (data[offset + 2] << 8) | data[offset + 3]);
881}
882
883#ifdef CONFIG_VNC_TLS
884static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
885 const void *data,
886 size_t len) {
887 struct VncState *vs = (struct VncState *)transport;
888 int ret;
889
890 retry:
891 ret = send(vs->csock, data, len, 0);
892 if (ret < 0) {
893 if (errno == EINTR)
894 goto retry;
895 return -1;
896 }
897 return ret;
898}
899
900
901static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
902 void *data,
903 size_t len) {
904 struct VncState *vs = (struct VncState *)transport;
905 int ret;
906
907 retry:
908 ret = recv(vs->csock, data, len, 0);
909 if (ret < 0) {
910 if (errno == EINTR)
911 goto retry;
912 return -1;
913 }
914 return ret;
915}
916#endif /* CONFIG_VNC_TLS */
917
918static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
919{
920}
921
922static void check_pointer_type_change(VncState *vs, int absolute)
923{
924 if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE) && vs->absolute != absolute) {
925 vnc_write_u8(vs, 0);
926 vnc_write_u8(vs, 0);
927 vnc_write_u16(vs, 1);
928 vnc_framebuffer_update(vs, absolute, 0,
929 ds_get_width(vs->ds), ds_get_height(vs->ds),
930 VNC_ENCODING_POINTER_TYPE_CHANGE);
931 vnc_flush(vs);
932 }
933 vs->absolute = absolute;
934}
935
936static void pointer_event(VncState *vs, int button_mask, int x, int y)
937{
938 int buttons = 0;
939 int dz = 0;
940
941 if (button_mask & 0x01)
942 buttons |= MOUSE_EVENT_LBUTTON;
943 if (button_mask & 0x02)
944 buttons |= MOUSE_EVENT_MBUTTON;
945 if (button_mask & 0x04)
946 buttons |= MOUSE_EVENT_RBUTTON;
947 if (button_mask & 0x08)
948 dz = -1;
949 if (button_mask & 0x10)
950 dz = 1;
951
952 if (vs->absolute) {
953 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
954 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
955 dz, buttons);
956 } else if (vnc_has_feature(vs, VNC_FEATURE_POINTER_TYPE_CHANGE)) {
957 x -= 0x7FFF;
958 y -= 0x7FFF;
959
960 kbd_mouse_event(x, y, dz, buttons);
961 } else {
962 if (vs->last_x != -1)
963 kbd_mouse_event(x - vs->last_x,
964 y - vs->last_y,
965 dz, buttons);
966 vs->last_x = x;
967 vs->last_y = y;
968 }
969
970 check_pointer_type_change(vs, kbd_mouse_is_absolute());
971}
972
973static void reset_keys(VncState *vs)
974{
975 int i;
976 for(i = 0; i < 256; i++) {
977 if (vs->modifiers_state[i]) {
978 if (i & 0x80)
979 kbd_put_keycode(0xe0);
980 kbd_put_keycode(i | 0x80);
981 vs->modifiers_state[i] = 0;
982 }
983 }
984}
985
986static void press_key(VncState *vs, int keysym)
987{
988 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
989 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
990}
991
992static void do_key_event(VncState *vs, int down, int keycode, int sym)
993{
994 /* QEMU console switch */
995 switch(keycode) {
996 case 0x2a: /* Left Shift */
997 case 0x36: /* Right Shift */
998 case 0x1d: /* Left CTRL */
999 case 0x9d: /* Right CTRL */
1000 case 0x38: /* Left ALT */
1001 case 0xb8: /* Right ALT */
1002 if (down)
1003 vs->modifiers_state[keycode] = 1;
1004 else
1005 vs->modifiers_state[keycode] = 0;
1006 break;
1007 case 0x02 ... 0x0a: /* '1' to '9' keys */
1008 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1009 /* Reset the modifiers sent to the current console */
1010 reset_keys(vs);
1011 console_select(keycode - 0x02);
1012 return;
1013 }
1014 break;
1015 case 0x3a: /* CapsLock */
1016 case 0x45: /* NumLock */
1017 if (!down)
1018 vs->modifiers_state[keycode] ^= 1;
1019 break;
1020 }
1021
1022 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1023 /* If the numlock state needs to change then simulate an additional
1024 keypress before sending this one. This will happen if the user
1025 toggles numlock away from the VNC window.
1026 */
1027 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1028 if (!vs->modifiers_state[0x45]) {
1029 vs->modifiers_state[0x45] = 1;
1030 press_key(vs, 0xff7f);
1031 }
1032 } else {
1033 if (vs->modifiers_state[0x45]) {
1034 vs->modifiers_state[0x45] = 0;
1035 press_key(vs, 0xff7f);
1036 }
1037 }
1038 }
1039
1040 if (is_graphic_console()) {
1041 if (keycode & 0x80)
1042 kbd_put_keycode(0xe0);
1043 if (down)
1044 kbd_put_keycode(keycode & 0x7f);
1045 else
1046 kbd_put_keycode(keycode | 0x80);
1047 } else {
1048 /* QEMU console emulation */
1049 if (down) {
1050 switch (keycode) {
1051 case 0x2a: /* Left Shift */
1052 case 0x36: /* Right Shift */
1053 case 0x1d: /* Left CTRL */
1054 case 0x9d: /* Right CTRL */
1055 case 0x38: /* Left ALT */
1056 case 0xb8: /* Right ALT */
1057 break;
1058 case 0xc8:
1059 kbd_put_keysym(QEMU_KEY_UP);
1060 break;
1061 case 0xd0:
1062 kbd_put_keysym(QEMU_KEY_DOWN);
1063 break;
1064 case 0xcb:
1065 kbd_put_keysym(QEMU_KEY_LEFT);
1066 break;
1067 case 0xcd:
1068 kbd_put_keysym(QEMU_KEY_RIGHT);
1069 break;
1070 case 0xd3:
1071 kbd_put_keysym(QEMU_KEY_DELETE);
1072 break;
1073 case 0xc7:
1074 kbd_put_keysym(QEMU_KEY_HOME);
1075 break;
1076 case 0xcf:
1077 kbd_put_keysym(QEMU_KEY_END);
1078 break;
1079 case 0xc9:
1080 kbd_put_keysym(QEMU_KEY_PAGEUP);
1081 break;
1082 case 0xd1:
1083 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1084 break;
1085 default:
1086 kbd_put_keysym(sym);
1087 break;
1088 }
1089 }
1090 }
1091}
1092
1093static void key_event(VncState *vs, int down, uint32_t sym)
1094{
1095 int keycode;
1096
1097 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1098 sym = sym - 'A' + 'a';
1099
1100 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1101 do_key_event(vs, down, keycode, sym);
1102}
1103
1104static void ext_key_event(VncState *vs, int down,
1105 uint32_t sym, uint16_t keycode)
1106{
1107 /* if the user specifies a keyboard layout, always use it */
1108 if (keyboard_layout)
1109 key_event(vs, down, sym);
1110 else
1111 do_key_event(vs, down, keycode, sym);
1112}
1113
1114static void framebuffer_update_request(VncState *vs, int incremental,
1115 int x_position, int y_position,
1116 int w, int h)
1117{
1118 if (x_position > ds_get_width(vs->ds))
1119 x_position = ds_get_width(vs->ds);
1120 if (y_position > ds_get_height(vs->ds))
1121 y_position = ds_get_height(vs->ds);
1122 if (x_position + w >= ds_get_width(vs->ds))
1123 w = ds_get_width(vs->ds) - x_position;
1124 if (y_position + h >= ds_get_height(vs->ds))
1125 h = ds_get_height(vs->ds) - y_position;
1126
1127 int i;
1128 vs->need_update = 1;
1129 if (!incremental) {
1130 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1131
1132 for (i = 0; i < h; i++) {
1133 vnc_set_bits(vs->dirty_row[y_position + i],
1134 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1135 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1136 old_row += ds_get_linesize(vs->ds);
1137 }
1138 }
1139}
1140
1141static void send_ext_key_event_ack(VncState *vs)
1142{
1143 vnc_write_u8(vs, 0);
1144 vnc_write_u8(vs, 0);
1145 vnc_write_u16(vs, 1);
1146 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1147 VNC_ENCODING_EXT_KEY_EVENT);
1148 vnc_flush(vs);
1149}
1150
1151static void send_ext_audio_ack(VncState *vs)
1152{
1153 vnc_write_u8(vs, 0);
1154 vnc_write_u8(vs, 0);
1155 vnc_write_u16(vs, 1);
1156 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds),
1157 VNC_ENCODING_AUDIO);
1158 vnc_flush(vs);
1159}
1160
1161static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1162{
1163 int i;
1164 unsigned int enc = 0;
1165
1166 vs->features = 0;
1167 vs->absolute = -1;
1168 dcl->dpy_copy = NULL;
1169
1170 for (i = n_encodings - 1; i >= 0; i--) {
1171 enc = encodings[i];
1172 switch (enc) {
1173 case VNC_ENCODING_RAW:
1174 break;
1175 case VNC_ENCODING_COPYRECT:
1176 dcl->dpy_copy = vnc_copy;
1177 break;
1178 case VNC_ENCODING_HEXTILE:
1179 vs->features |= VNC_FEATURE_HEXTILE_MASK;
1180 break;
1181 case VNC_ENCODING_DESKTOPRESIZE:
1182 vs->features |= VNC_FEATURE_RESIZE_MASK;
1183 break;
1184 case VNC_ENCODING_POINTER_TYPE_CHANGE:
1185 vs->features |= VNC_FEATURE_POINTER_TYPE_CHANGE_MASK;
1186 break;
1187 case VNC_ENCODING_EXT_KEY_EVENT:
1188 send_ext_key_event_ack(vs);
1189 break;
1190 case VNC_ENCODING_AUDIO:
1191 send_ext_audio_ack(vs);
1192 break;
1193 case VNC_ENCODING_WMVi:
1194 vs->features |= VNC_FEATURE_WMVI_MASK;
1195 break;
1196 default:
1197 VNC_DEBUG("Unknown encoding: %d (0x%.8x): %d\n", i, enc, enc);
1198 break;
1199 }
1200 }
1201
1202 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1203}
1204
1205static void set_pixel_conversion(VncState *vs)
1206{
1207 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1208 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1209 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1210 vs->write_pixels = vnc_write_pixels_copy;
1211 switch (vs->ds->surface->pf.bits_per_pixel) {
1212 case 8:
1213 vs->send_hextile_tile = send_hextile_tile_8;
1214 break;
1215 case 16:
1216 vs->send_hextile_tile = send_hextile_tile_16;
1217 break;
1218 case 32:
1219 vs->send_hextile_tile = send_hextile_tile_32;
1220 break;
1221 }
1222 } else {
1223 vs->write_pixels = vnc_write_pixels_generic;
1224 switch (vs->ds->surface->pf.bits_per_pixel) {
1225 case 8:
1226 vs->send_hextile_tile = send_hextile_tile_generic_8;
1227 break;
1228 case 16:
1229 vs->send_hextile_tile = send_hextile_tile_generic_16;
1230 break;
1231 case 32:
1232 vs->send_hextile_tile = send_hextile_tile_generic_32;
1233 break;
1234 }
1235 }
1236}
1237
1238static void set_pixel_format(VncState *vs,
1239 int bits_per_pixel, int depth,
1240 int big_endian_flag, int true_color_flag,
1241 int red_max, int green_max, int blue_max,
1242 int red_shift, int green_shift, int blue_shift)
1243{
1244 if (!true_color_flag) {
1245 vnc_client_error(vs);
1246 return;
1247 }
1248
1249 vs->clientds = vs->serverds;
1250 vs->clientds.pf.rmax = red_max;
1251 count_bits(vs->clientds.pf.rbits, red_max);
1252 vs->clientds.pf.rshift = red_shift;
1253 vs->clientds.pf.rmask = red_max << red_shift;
1254 vs->clientds.pf.gmax = green_max;
1255 count_bits(vs->clientds.pf.gbits, green_max);
1256 vs->clientds.pf.gshift = green_shift;
1257 vs->clientds.pf.gmask = green_max << green_shift;
1258 vs->clientds.pf.bmax = blue_max;
1259 count_bits(vs->clientds.pf.bbits, blue_max);
1260 vs->clientds.pf.bshift = blue_shift;
1261 vs->clientds.pf.bmask = blue_max << blue_shift;
1262 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1263 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1264 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1265 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1266
1267 set_pixel_conversion(vs);
1268
1269 vga_hw_invalidate();
1270 vga_hw_update();
1271}
1272
1273static void pixel_format_message (VncState *vs) {
1274 char pad[3] = { 0, 0, 0 };
1275
1276 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1277 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1278
1279#ifdef WORDS_BIGENDIAN
1280 vnc_write_u8(vs, 1); /* big-endian-flag */
1281#else
1282 vnc_write_u8(vs, 0); /* big-endian-flag */
1283#endif
1284 vnc_write_u8(vs, 1); /* true-color-flag */
1285 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1286 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1287 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1288 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1289 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1290 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1291 if (vs->ds->surface->pf.bits_per_pixel == 32)
1292 vs->send_hextile_tile = send_hextile_tile_32;
1293 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1294 vs->send_hextile_tile = send_hextile_tile_16;
1295 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1296 vs->send_hextile_tile = send_hextile_tile_8;
1297 vs->clientds = *(vs->ds->surface);
1298 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1299 vs->write_pixels = vnc_write_pixels_copy;
1300
1301 vnc_write(vs, pad, 3); /* padding */
1302}
1303
1304static void vnc_dpy_setdata(DisplayState *ds)
1305{
1306 /* We don't have to do anything */
1307}
1308
1309static void vnc_colordepth(DisplayState *ds)
1310{
1311 struct VncState *vs = ds->opaque;
1312
1313 if (vs->csock != -1 && vnc_has_feature(vs, VNC_FEATURE_WMVI)) {
1314 /* Sending a WMVi message to notify the client*/
1315 vnc_write_u8(vs, 0); /* msg id */
1316 vnc_write_u8(vs, 0);
1317 vnc_write_u16(vs, 1); /* number of rects */
1318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds),
1319 VNC_ENCODING_WMVi);
1320 pixel_format_message(vs);
1321 vnc_flush(vs);
1322 } else {
1323 set_pixel_conversion(vs);
1324 }
1325}
1326
1327static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1328{
1329 int i;
1330 uint16_t limit;
1331
1332 switch (data[0]) {
1333 case 0:
1334 if (len == 1)
1335 return 20;
1336
1337 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1338 read_u8(data, 6), read_u8(data, 7),
1339 read_u16(data, 8), read_u16(data, 10),
1340 read_u16(data, 12), read_u8(data, 14),
1341 read_u8(data, 15), read_u8(data, 16));
1342 break;
1343 case 2:
1344 if (len == 1)
1345 return 4;
1346
1347 if (len == 4) {
1348 limit = read_u16(data, 2);
1349 if (limit > 0)
1350 return 4 + (limit * 4);
1351 } else
1352 limit = read_u16(data, 2);
1353
1354 for (i = 0; i < limit; i++) {
1355 int32_t val = read_s32(data, 4 + (i * 4));
1356 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1357 }
1358
1359 set_encodings(vs, (int32_t *)(data + 4), limit);
1360 break;
1361 case 3:
1362 if (len == 1)
1363 return 10;
1364
1365 framebuffer_update_request(vs,
1366 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1367 read_u16(data, 6), read_u16(data, 8));
1368 break;
1369 case 4:
1370 if (len == 1)
1371 return 8;
1372
1373 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1374 break;
1375 case 5:
1376 if (len == 1)
1377 return 6;
1378
1379 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1380 break;
1381 case 6:
1382 if (len == 1)
1383 return 8;
1384
1385 if (len == 8) {
1386 uint32_t dlen = read_u32(data, 4);
1387 if (dlen > 0)
1388 return 8 + dlen;
1389 }
1390
1391 client_cut_text(vs, read_u32(data, 4), data + 8);
1392 break;
1393 case 255:
1394 if (len == 1)
1395 return 2;
1396
1397 switch (read_u8(data, 1)) {
1398 case 0:
1399 if (len == 2)
1400 return 12;
1401
1402 ext_key_event(vs, read_u16(data, 2),
1403 read_u32(data, 4), read_u32(data, 8));
1404 break;
1405 case 1:
1406 if (len == 2)
1407 return 4;
1408
1409 switch (read_u16 (data, 2)) {
1410 case 0:
1411 audio_add(vs);
1412 break;
1413 case 1:
1414 audio_del(vs);
1415 break;
1416 case 2:
1417 if (len == 4)
1418 return 10;
1419 switch (read_u8(data, 4)) {
1420 case 0: vs->as.fmt = AUD_FMT_U8; break;
1421 case 1: vs->as.fmt = AUD_FMT_S8; break;
1422 case 2: vs->as.fmt = AUD_FMT_U16; break;
1423 case 3: vs->as.fmt = AUD_FMT_S16; break;
1424 case 4: vs->as.fmt = AUD_FMT_U32; break;
1425 case 5: vs->as.fmt = AUD_FMT_S32; break;
1426 default:
1427 printf("Invalid audio format %d\n", read_u8(data, 4));
1428 vnc_client_error(vs);
1429 break;
1430 }
1431 vs->as.nchannels = read_u8(data, 5);
1432 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1433 printf("Invalid audio channel coount %d\n",
1434 read_u8(data, 5));
1435 vnc_client_error(vs);
1436 break;
1437 }
1438 vs->as.freq = read_u32(data, 6);
1439 break;
1440 default:
1441 printf ("Invalid audio message %d\n", read_u8(data, 4));
1442 vnc_client_error(vs);
1443 break;
1444 }
1445 break;
1446
1447 default:
1448 printf("Msg: %d\n", read_u16(data, 0));
1449 vnc_client_error(vs);
1450 break;
1451 }
1452 break;
1453 default:
1454 printf("Msg: %d\n", data[0]);
1455 vnc_client_error(vs);
1456 break;
1457 }
1458
1459 vnc_read_when(vs, protocol_client_msg, 1);
1460 return 0;
1461}
1462
1463static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1464{
1465 char buf[1024];
1466 int size;
1467
1468 vnc_write_u16(vs, ds_get_width(vs->ds));
1469 vnc_write_u16(vs, ds_get_height(vs->ds));
1470
1471 pixel_format_message(vs);
1472
1473 if (qemu_name)
1474 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1475 else
1476 size = snprintf(buf, sizeof(buf), "QEMU");
1477
1478 vnc_write_u32(vs, size);
1479 vnc_write(vs, buf, size);
1480 vnc_flush(vs);
1481
1482 vnc_read_when(vs, protocol_client_msg, 1);
1483
1484 return 0;
1485}
1486
1487static void make_challenge(VncState *vs)
1488{
1489 int i;
1490
1491 srand(time(NULL)+getpid()+getpid()*987654+rand());
1492
1493 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1494 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1495}
1496
1497static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1498{
1499 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1500 int i, j, pwlen;
1501 unsigned char key[8];
1502
1503 if (!vs->password || !vs->password[0]) {
1504 VNC_DEBUG("No password configured on server");
1505 vnc_write_u32(vs, 1); /* Reject auth */
1506 if (vs->minor >= 8) {
1507 static const char err[] = "Authentication failed";
1508 vnc_write_u32(vs, sizeof(err));
1509 vnc_write(vs, err, sizeof(err));
1510 }
1511 vnc_flush(vs);
1512 vnc_client_error(vs);
1513 return 0;
1514 }
1515
1516 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1517
1518 /* Calculate the expected challenge response */
1519 pwlen = strlen(vs->password);
1520 for (i=0; i<sizeof(key); i++)
1521 key[i] = i<pwlen ? vs->password[i] : 0;
1522 deskey(key, EN0);
1523 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1524 des(response+j, response+j);
1525
1526 /* Compare expected vs actual challenge response */
1527 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1528 VNC_DEBUG("Client challenge reponse did not match\n");
1529 vnc_write_u32(vs, 1); /* Reject auth */
1530 if (vs->minor >= 8) {
1531 static const char err[] = "Authentication failed";
1532 vnc_write_u32(vs, sizeof(err));
1533 vnc_write(vs, err, sizeof(err));
1534 }
1535 vnc_flush(vs);
1536 vnc_client_error(vs);
1537 } else {
1538 VNC_DEBUG("Accepting VNC challenge response\n");
1539 vnc_write_u32(vs, 0); /* Accept auth */
1540 vnc_flush(vs);
1541
1542 vnc_read_when(vs, protocol_client_init, 1);
1543 }
1544 return 0;
1545}
1546
1547static int start_auth_vnc(VncState *vs)
1548{
1549 make_challenge(vs);
1550 /* Send client a 'random' challenge */
1551 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1552 vnc_flush(vs);
1553
1554 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1555 return 0;
1556}
1557
1558
1559#ifdef CONFIG_VNC_TLS
1560#define DH_BITS 1024
1561static gnutls_dh_params_t dh_params;
1562
1563static int vnc_tls_initialize(void)
1564{
1565 static int tlsinitialized = 0;
1566
1567 if (tlsinitialized)
1568 return 1;
1569
1570 if (gnutls_global_init () < 0)
1571 return 0;
1572
1573 /* XXX ought to re-generate diffie-hellmen params periodically */
1574 if (gnutls_dh_params_init (&dh_params) < 0)
1575 return 0;
1576 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1577 return 0;
1578
1579#if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1580 gnutls_global_set_log_level(10);
1581 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1582#endif
1583
1584 tlsinitialized = 1;
1585
1586 return 1;
1587}
1588
1589static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1590{
1591 gnutls_anon_server_credentials anon_cred;
1592 int ret;
1593
1594 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1595 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1596 return NULL;
1597 }
1598
1599 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1600
1601 return anon_cred;
1602}
1603
1604
1605static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1606{
1607 gnutls_certificate_credentials_t x509_cred;
1608 int ret;
1609
1610 if (!vs->x509cacert) {
1611 VNC_DEBUG("No CA x509 certificate specified\n");
1612 return NULL;
1613 }
1614 if (!vs->x509cert) {
1615 VNC_DEBUG("No server x509 certificate specified\n");
1616 return NULL;
1617 }
1618 if (!vs->x509key) {
1619 VNC_DEBUG("No server private key specified\n");
1620 return NULL;
1621 }
1622
1623 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1624 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1625 return NULL;
1626 }
1627 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1628 vs->x509cacert,
1629 GNUTLS_X509_FMT_PEM)) < 0) {
1630 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1631 gnutls_certificate_free_credentials(x509_cred);
1632 return NULL;
1633 }
1634
1635 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1636 vs->x509cert,
1637 vs->x509key,
1638 GNUTLS_X509_FMT_PEM)) < 0) {
1639 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1640 gnutls_certificate_free_credentials(x509_cred);
1641 return NULL;
1642 }
1643
1644 if (vs->x509cacrl) {
1645 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1646 vs->x509cacrl,
1647 GNUTLS_X509_FMT_PEM)) < 0) {
1648 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1649 gnutls_certificate_free_credentials(x509_cred);
1650 return NULL;
1651 }
1652 }
1653
1654 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1655
1656 return x509_cred;
1657}
1658
1659static int vnc_validate_certificate(struct VncState *vs)
1660{
1661 int ret;
1662 unsigned int status;
1663 const gnutls_datum_t *certs;
1664 unsigned int nCerts, i;
1665 time_t now;
1666
1667 VNC_DEBUG("Validating client certificate\n");
1668 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1669 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1670 return -1;
1671 }
1672
1673 if ((now = time(NULL)) == ((time_t)-1)) {
1674 return -1;
1675 }
1676
1677 if (status != 0) {
1678 if (status & GNUTLS_CERT_INVALID)
1679 VNC_DEBUG("The certificate is not trusted.\n");
1680
1681 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1682 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1683
1684 if (status & GNUTLS_CERT_REVOKED)
1685 VNC_DEBUG("The certificate has been revoked.\n");
1686
1687 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1688 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1689
1690 return -1;
1691 } else {
1692 VNC_DEBUG("Certificate is valid!\n");
1693 }
1694
1695 /* Only support x509 for now */
1696 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1697 return -1;
1698
1699 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1700 return -1;
1701
1702 for (i = 0 ; i < nCerts ; i++) {
1703 gnutls_x509_crt_t cert;
1704 VNC_DEBUG ("Checking certificate chain %d\n", i);
1705 if (gnutls_x509_crt_init (&cert) < 0)
1706 return -1;
1707
1708 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1709 gnutls_x509_crt_deinit (cert);
1710 return -1;
1711 }
1712
1713 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1714 VNC_DEBUG("The certificate has expired\n");
1715 gnutls_x509_crt_deinit (cert);
1716 return -1;
1717 }
1718
1719 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1720 VNC_DEBUG("The certificate is not yet activated\n");
1721 gnutls_x509_crt_deinit (cert);
1722 return -1;
1723 }
1724
1725 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1726 VNC_DEBUG("The certificate is not yet activated\n");
1727 gnutls_x509_crt_deinit (cert);
1728 return -1;
1729 }
1730
1731 gnutls_x509_crt_deinit (cert);
1732 }
1733
1734 return 0;
1735}
1736
1737
1738static int start_auth_vencrypt_subauth(VncState *vs)
1739{
1740 switch (vs->subauth) {
1741 case VNC_AUTH_VENCRYPT_TLSNONE:
1742 case VNC_AUTH_VENCRYPT_X509NONE:
1743 VNC_DEBUG("Accept TLS auth none\n");
1744 vnc_write_u32(vs, 0); /* Accept auth completion */
1745 vnc_read_when(vs, protocol_client_init, 1);
1746 break;
1747
1748 case VNC_AUTH_VENCRYPT_TLSVNC:
1749 case VNC_AUTH_VENCRYPT_X509VNC:
1750 VNC_DEBUG("Start TLS auth VNC\n");
1751 return start_auth_vnc(vs);
1752
1753 default: /* Should not be possible, but just in case */
1754 VNC_DEBUG("Reject auth %d\n", vs->auth);
1755 vnc_write_u8(vs, 1);
1756 if (vs->minor >= 8) {
1757 static const char err[] = "Unsupported authentication type";
1758 vnc_write_u32(vs, sizeof(err));
1759 vnc_write(vs, err, sizeof(err));
1760 }
1761 vnc_client_error(vs);
1762 }
1763
1764 return 0;
1765}
1766
1767static void vnc_handshake_io(void *opaque);
1768
1769static int vnc_continue_handshake(struct VncState *vs) {
1770 int ret;
1771
1772 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1773 if (!gnutls_error_is_fatal(ret)) {
1774 VNC_DEBUG("Handshake interrupted (blocking)\n");
1775 if (!gnutls_record_get_direction(vs->tls_session))
1776 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1777 else
1778 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1779 return 0;
1780 }
1781 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1782 vnc_client_error(vs);
1783 return -1;
1784 }
1785
1786 if (vs->x509verify) {
1787 if (vnc_validate_certificate(vs) < 0) {
1788 VNC_DEBUG("Client verification failed\n");
1789 vnc_client_error(vs);
1790 return -1;
1791 } else {
1792 VNC_DEBUG("Client verification passed\n");
1793 }
1794 }
1795
1796 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1797 vs->wiremode = VNC_WIREMODE_TLS;
1798 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1799
1800 return start_auth_vencrypt_subauth(vs);
1801}
1802
1803static void vnc_handshake_io(void *opaque) {
1804 struct VncState *vs = (struct VncState *)opaque;
1805
1806 VNC_DEBUG("Handshake IO continue\n");
1807 vnc_continue_handshake(vs);
1808}
1809
1810#define NEED_X509_AUTH(vs) \
1811 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1812 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1813 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1814
1815
1816static int vnc_start_tls(struct VncState *vs) {
1817 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1818 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1819 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1820 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1821
1822 VNC_DEBUG("Do TLS setup\n");
1823 if (vnc_tls_initialize() < 0) {
1824 VNC_DEBUG("Failed to init TLS\n");
1825 vnc_client_error(vs);
1826 return -1;
1827 }
1828 if (vs->tls_session == NULL) {
1829 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1830 vnc_client_error(vs);
1831 return -1;
1832 }
1833
1834 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1835 gnutls_deinit(vs->tls_session);
1836 vs->tls_session = NULL;
1837 vnc_client_error(vs);
1838 return -1;
1839 }
1840
1841 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1842 gnutls_deinit(vs->tls_session);
1843 vs->tls_session = NULL;
1844 vnc_client_error(vs);
1845 return -1;
1846 }
1847
1848 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1849 gnutls_deinit(vs->tls_session);
1850 vs->tls_session = NULL;
1851 vnc_client_error(vs);
1852 return -1;
1853 }
1854
1855 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1856 gnutls_deinit(vs->tls_session);
1857 vs->tls_session = NULL;
1858 vnc_client_error(vs);
1859 return -1;
1860 }
1861
1862 if (NEED_X509_AUTH(vs)) {
1863 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1864 if (!x509_cred) {
1865 gnutls_deinit(vs->tls_session);
1866 vs->tls_session = NULL;
1867 vnc_client_error(vs);
1868 return -1;
1869 }
1870 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1871 gnutls_deinit(vs->tls_session);
1872 vs->tls_session = NULL;
1873 gnutls_certificate_free_credentials(x509_cred);
1874 vnc_client_error(vs);
1875 return -1;
1876 }
1877 if (vs->x509verify) {
1878 VNC_DEBUG("Requesting a client certificate\n");
1879 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1880 }
1881
1882 } else {
1883 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1884 if (!anon_cred) {
1885 gnutls_deinit(vs->tls_session);
1886 vs->tls_session = NULL;
1887 vnc_client_error(vs);
1888 return -1;
1889 }
1890 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1891 gnutls_deinit(vs->tls_session);
1892 vs->tls_session = NULL;
1893 gnutls_anon_free_server_credentials(anon_cred);
1894 vnc_client_error(vs);
1895 return -1;
1896 }
1897 }
1898
1899 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1900 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1901 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1902 }
1903
1904 VNC_DEBUG("Start TLS handshake process\n");
1905 return vnc_continue_handshake(vs);
1906}
1907
1908static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1909{
1910 int auth = read_u32(data, 0);
1911
1912 if (auth != vs->subauth) {
1913 VNC_DEBUG("Rejecting auth %d\n", auth);
1914 vnc_write_u8(vs, 0); /* Reject auth */
1915 vnc_flush(vs);
1916 vnc_client_error(vs);
1917 } else {
1918 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1919 vnc_write_u8(vs, 1); /* Accept auth */
1920 vnc_flush(vs);
1921
1922 if (vnc_start_tls(vs) < 0) {
1923 VNC_DEBUG("Failed to complete TLS\n");
1924 return 0;
1925 }
1926
1927 if (vs->wiremode == VNC_WIREMODE_TLS) {
1928 VNC_DEBUG("Starting VeNCrypt subauth\n");
1929 return start_auth_vencrypt_subauth(vs);
1930 } else {
1931 VNC_DEBUG("TLS handshake blocked\n");
1932 return 0;
1933 }
1934 }
1935 return 0;
1936}
1937
1938static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1939{
1940 if (data[0] != 0 ||
1941 data[1] != 2) {
1942 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1943 vnc_write_u8(vs, 1); /* Reject version */
1944 vnc_flush(vs);
1945 vnc_client_error(vs);
1946 } else {
1947 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1948 vnc_write_u8(vs, 0); /* Accept version */
1949 vnc_write_u8(vs, 1); /* Number of sub-auths */
1950 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1951 vnc_flush(vs);
1952 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1953 }
1954 return 0;
1955}
1956
1957static int start_auth_vencrypt(VncState *vs)
1958{
1959 /* Send VeNCrypt version 0.2 */
1960 vnc_write_u8(vs, 0);
1961 vnc_write_u8(vs, 2);
1962
1963 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1964 return 0;
1965}
1966#endif /* CONFIG_VNC_TLS */
1967
1968static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1969{
1970 /* We only advertise 1 auth scheme at a time, so client
1971 * must pick the one we sent. Verify this */
1972 if (data[0] != vs->auth) { /* Reject auth */
1973 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1974 vnc_write_u32(vs, 1);
1975 if (vs->minor >= 8) {
1976 static const char err[] = "Authentication failed";
1977 vnc_write_u32(vs, sizeof(err));
1978 vnc_write(vs, err, sizeof(err));
1979 }
1980 vnc_client_error(vs);
1981 } else { /* Accept requested auth */
1982 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1983 switch (vs->auth) {
1984 case VNC_AUTH_NONE:
1985 VNC_DEBUG("Accept auth none\n");
1986 if (vs->minor >= 8) {
1987 vnc_write_u32(vs, 0); /* Accept auth completion */
1988 vnc_flush(vs);
1989 }
1990 vnc_read_when(vs, protocol_client_init, 1);
1991 break;
1992
1993 case VNC_AUTH_VNC:
1994 VNC_DEBUG("Start VNC auth\n");
1995 return start_auth_vnc(vs);
1996
1997#ifdef CONFIG_VNC_TLS
1998 case VNC_AUTH_VENCRYPT:
1999 VNC_DEBUG("Accept VeNCrypt auth\n");;
2000 return start_auth_vencrypt(vs);
2001#endif /* CONFIG_VNC_TLS */
2002
2003 default: /* Should not be possible, but just in case */
2004 VNC_DEBUG("Reject auth %d\n", vs->auth);
2005 vnc_write_u8(vs, 1);
2006 if (vs->minor >= 8) {
2007 static const char err[] = "Authentication failed";
2008 vnc_write_u32(vs, sizeof(err));
2009 vnc_write(vs, err, sizeof(err));
2010 }
2011 vnc_client_error(vs);
2012 }
2013 }
2014 return 0;
2015}
2016
2017static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2018{
2019 char local[13];
2020
2021 memcpy(local, version, 12);
2022 local[12] = 0;
2023
2024 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2025 VNC_DEBUG("Malformed protocol version %s\n", local);
2026 vnc_client_error(vs);
2027 return 0;
2028 }
2029 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2030 if (vs->major != 3 ||
2031 (vs->minor != 3 &&
2032 vs->minor != 4 &&
2033 vs->minor != 5 &&
2034 vs->minor != 7 &&
2035 vs->minor != 8)) {
2036 VNC_DEBUG("Unsupported client version\n");
2037 vnc_write_u32(vs, VNC_AUTH_INVALID);
2038 vnc_flush(vs);
2039 vnc_client_error(vs);
2040 return 0;
2041 }
2042 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2043 * as equivalent to v3.3 by servers
2044 */
2045 if (vs->minor == 4 || vs->minor == 5)
2046 vs->minor = 3;
2047
2048 if (vs->minor == 3) {
2049 if (vs->auth == VNC_AUTH_NONE) {
2050 VNC_DEBUG("Tell client auth none\n");
2051 vnc_write_u32(vs, vs->auth);
2052 vnc_flush(vs);
2053 vnc_read_when(vs, protocol_client_init, 1);
2054 } else if (vs->auth == VNC_AUTH_VNC) {
2055 VNC_DEBUG("Tell client VNC auth\n");
2056 vnc_write_u32(vs, vs->auth);
2057 vnc_flush(vs);
2058 start_auth_vnc(vs);
2059 } else {
2060 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2061 vnc_write_u32(vs, VNC_AUTH_INVALID);
2062 vnc_flush(vs);
2063 vnc_client_error(vs);
2064 }
2065 } else {
2066 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2067 vnc_write_u8(vs, 1); /* num auth */
2068 vnc_write_u8(vs, vs->auth);
2069 vnc_read_when(vs, protocol_client_auth, 1);
2070 vnc_flush(vs);
2071 }
2072
2073 return 0;
2074}
2075
2076static void vnc_connect(VncState *vs)
2077{
2078 VNC_DEBUG("New client on socket %d\n", vs->csock);
2079 dcl->idle = 0;
2080 socket_set_nonblock(vs->csock);
2081 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2082 vnc_write(vs, "RFB 003.008\n", 12);
2083 vnc_flush(vs);
2084 vnc_read_when(vs, protocol_version, 12);
2085 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2086 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2087 vs->features = 0;
2088 dcl->dpy_copy = NULL;
2089 vnc_update_client(vs);
2090 reset_keys(vs);
2091}
2092
2093static void vnc_listen_read(void *opaque)
2094{
2095 VncState *vs = opaque;
2096 struct sockaddr_in addr;
2097 socklen_t addrlen = sizeof(addr);
2098
2099 /* Catch-up */
2100 vga_hw_update();
2101
2102 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2103 if (vs->csock != -1) {
2104 vnc_connect(vs);
2105 }
2106}
2107
2108void vnc_display_init(DisplayState *ds)
2109{
2110 VncState *vs;
2111
2112 vs = qemu_mallocz(sizeof(VncState));
2113 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2114 if (!vs || !dcl)
2115 exit(1);
2116
2117 ds->opaque = vs;
2118 dcl->idle = 1;
2119 vnc_state = vs;
2120 vs->display = NULL;
2121 vs->password = NULL;
2122
2123 vs->lsock = -1;
2124 vs->csock = -1;
2125 vs->last_x = -1;
2126 vs->last_y = -1;
2127
2128 vs->ds = ds;
2129
2130 if (keyboard_layout)
2131 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2132 else
2133 vs->kbd_layout = init_keyboard_layout("en-us");
2134
2135 if (!vs->kbd_layout)
2136 exit(1);
2137
2138 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2139
2140 dcl->dpy_update = vnc_dpy_update;
2141 dcl->dpy_resize = vnc_dpy_resize;
2142 dcl->dpy_setdata = vnc_dpy_setdata;
2143 dcl->dpy_refresh = NULL;
2144 register_displaychangelistener(ds, dcl);
2145
2146 vs->as.freq = 44100;
2147 vs->as.nchannels = 2;
2148 vs->as.fmt = AUD_FMT_S16;
2149 vs->as.endianness = 0;
2150}
2151
2152#ifdef CONFIG_VNC_TLS
2153static int vnc_set_x509_credential(VncState *vs,
2154 const char *certdir,
2155 const char *filename,
2156 char **cred,
2157 int ignoreMissing)
2158{
2159 struct stat sb;
2160
2161 if (*cred) {
2162 qemu_free(*cred);
2163 *cred = NULL;
2164 }
2165
2166 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2167 return -1;
2168
2169 strcpy(*cred, certdir);
2170 strcat(*cred, "/");
2171 strcat(*cred, filename);
2172
2173 VNC_DEBUG("Check %s\n", *cred);
2174 if (stat(*cred, &sb) < 0) {
2175 qemu_free(*cred);
2176 *cred = NULL;
2177 if (ignoreMissing && errno == ENOENT)
2178 return 0;
2179 return -1;
2180 }
2181
2182 return 0;
2183}
2184
2185static int vnc_set_x509_credential_dir(VncState *vs,
2186 const char *certdir)
2187{
2188 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2189 goto cleanup;
2190 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2191 goto cleanup;
2192 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2193 goto cleanup;
2194 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2195 goto cleanup;
2196
2197 return 0;
2198
2199 cleanup:
2200 qemu_free(vs->x509cacert);
2201 qemu_free(vs->x509cacrl);
2202 qemu_free(vs->x509cert);
2203 qemu_free(vs->x509key);
2204 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2205 return -1;
2206}
2207#endif /* CONFIG_VNC_TLS */
2208
2209void vnc_display_close(DisplayState *ds)
2210{
2211 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2212
2213 if (vs->display) {
2214 qemu_free(vs->display);
2215 vs->display = NULL;
2216 }
2217 if (vs->lsock != -1) {
2218 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2219 close(vs->lsock);
2220 vs->lsock = -1;
2221 }
2222 if (vs->csock != -1) {
2223 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2224 closesocket(vs->csock);
2225 vs->csock = -1;
2226 buffer_reset(&vs->input);
2227 buffer_reset(&vs->output);
2228 vs->need_update = 0;
2229#ifdef CONFIG_VNC_TLS
2230 if (vs->tls_session) {
2231 gnutls_deinit(vs->tls_session);
2232 vs->tls_session = NULL;
2233 }
2234 vs->wiremode = VNC_WIREMODE_CLEAR;
2235#endif /* CONFIG_VNC_TLS */
2236 }
2237 vs->auth = VNC_AUTH_INVALID;
2238#ifdef CONFIG_VNC_TLS
2239 vs->subauth = VNC_AUTH_INVALID;
2240 vs->x509verify = 0;
2241#endif
2242 audio_del(vs);
2243}
2244
2245int vnc_display_password(DisplayState *ds, const char *password)
2246{
2247 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2248
2249 if (vs->password) {
2250 qemu_free(vs->password);
2251 vs->password = NULL;
2252 }
2253 if (password && password[0]) {
2254 if (!(vs->password = qemu_strdup(password)))
2255 return -1;
2256 }
2257
2258 return 0;
2259}
2260
2261int vnc_display_open(DisplayState *ds, const char *display)
2262{
2263 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2264 const char *options;
2265 int password = 0;
2266 int reverse = 0;
2267 int to_port = 0;
2268#ifdef CONFIG_VNC_TLS
2269 int tls = 0, x509 = 0;
2270#endif
2271
2272 vnc_display_close(ds);
2273 if (strcmp(display, "none") == 0)
2274 return 0;
2275
2276 if (!(vs->display = strdup(display)))
2277 return -1;
2278
2279 options = display;
2280 while ((options = strchr(options, ','))) {
2281 options++;
2282 if (strncmp(options, "password", 8) == 0) {
2283 password = 1; /* Require password auth */
2284 } else if (strncmp(options, "reverse", 7) == 0) {
2285 reverse = 1;
2286 } else if (strncmp(options, "to=", 3) == 0) {
2287 to_port = atoi(options+3) + 5900;
2288#ifdef CONFIG_VNC_TLS
2289 } else if (strncmp(options, "tls", 3) == 0) {
2290 tls = 1; /* Require TLS */
2291 } else if (strncmp(options, "x509", 4) == 0) {
2292 char *start, *end;
2293 x509 = 1; /* Require x509 certificates */
2294 if (strncmp(options, "x509verify", 10) == 0)
2295 vs->x509verify = 1; /* ...and verify client certs */
2296
2297 /* Now check for 'x509=/some/path' postfix
2298 * and use that to setup x509 certificate/key paths */
2299 start = strchr(options, '=');
2300 end = strchr(options, ',');
2301 if (start && (!end || (start < end))) {
2302 int len = end ? end-(start+1) : strlen(start+1);
2303 char *path = qemu_strndup(start + 1, len);
2304
2305 VNC_DEBUG("Trying certificate path '%s'\n", path);
2306 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2307 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2308 qemu_free(path);
2309 qemu_free(vs->display);
2310 vs->display = NULL;
2311 return -1;
2312 }
2313 qemu_free(path);
2314 } else {
2315 fprintf(stderr, "No certificate path provided\n");
2316 qemu_free(vs->display);
2317 vs->display = NULL;
2318 return -1;
2319 }
2320#endif
2321 }
2322 }
2323
2324 if (password) {
2325#ifdef CONFIG_VNC_TLS
2326 if (tls) {
2327 vs->auth = VNC_AUTH_VENCRYPT;
2328 if (x509) {
2329 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2330 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2331 } else {
2332 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2333 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2334 }
2335 } else {
2336#endif
2337 VNC_DEBUG("Initializing VNC server with password auth\n");
2338 vs->auth = VNC_AUTH_VNC;
2339#ifdef CONFIG_VNC_TLS
2340 vs->subauth = VNC_AUTH_INVALID;
2341 }
2342#endif
2343 } else {
2344#ifdef CONFIG_VNC_TLS
2345 if (tls) {
2346 vs->auth = VNC_AUTH_VENCRYPT;
2347 if (x509) {
2348 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2349 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2350 } else {
2351 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2352 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2353 }
2354 } else {
2355#endif
2356 VNC_DEBUG("Initializing VNC server with no auth\n");
2357 vs->auth = VNC_AUTH_NONE;
2358#ifdef CONFIG_VNC_TLS
2359 vs->subauth = VNC_AUTH_INVALID;
2360 }
2361#endif
2362 }
2363
2364 if (reverse) {
2365 /* connect to viewer */
2366 if (strncmp(display, "unix:", 5) == 0)
2367 vs->lsock = unix_connect(display+5);
2368 else
2369 vs->lsock = inet_connect(display, SOCK_STREAM);
2370 if (-1 == vs->lsock) {
2371 free(vs->display);
2372 vs->display = NULL;
2373 return -1;
2374 } else {
2375 vs->csock = vs->lsock;
2376 vs->lsock = -1;
2377 vnc_connect(vs);
2378 }
2379 return 0;
2380
2381 } else {
2382 /* listen for connects */
2383 char *dpy;
2384 dpy = qemu_malloc(256);
2385 if (strncmp(display, "unix:", 5) == 0) {
2386 pstrcpy(dpy, 256, "unix:");
2387 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2388 } else {
2389 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2390 }
2391 if (-1 == vs->lsock) {
2392 free(dpy);
2393 return -1;
2394 } else {
2395 free(vs->display);
2396 vs->display = dpy;
2397 }
2398 }
2399
2400 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2401}
QEMU mirror