]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
DisplayState interface change (Stefano Stabellini)
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "audio/audio.h"
32
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
34
35 #include "vnc_keysym.h"
36 #include "keymaps.c"
37 #include "d3des.h"
38
39 #ifdef CONFIG_VNC_TLS
40 #include <gnutls/gnutls.h>
41 #include <gnutls/x509.h>
42 #endif /* CONFIG_VNC_TLS */
43
44 // #define _VNC_DEBUG 1
45
46 #ifdef _VNC_DEBUG
47 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
48
49 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
50 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
51 static void vnc_debug_gnutls_log(int level, const char* str) {
52 VNC_DEBUG("%d %s", level, str);
53 }
54 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
55 #else
56 #define VNC_DEBUG(fmt, ...) do { } while (0)
57 #endif
58
59
60 typedef struct Buffer
61 {
62 size_t capacity;
63 size_t offset;
64 uint8_t *buffer;
65 } Buffer;
66
67 typedef struct VncState VncState;
68
69 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
70
71 typedef void VncWritePixels(VncState *vs, void *data, int size);
72
73 typedef void VncSendHextileTile(VncState *vs,
74 int x, int y, int w, int h,
75 void *last_bg,
76 void *last_fg,
77 int *has_bg, int *has_fg);
78
79 #define VNC_MAX_WIDTH 2048
80 #define VNC_MAX_HEIGHT 2048
81 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
82
83 #define VNC_AUTH_CHALLENGE_SIZE 16
84
85 enum {
86 VNC_AUTH_INVALID = 0,
87 VNC_AUTH_NONE = 1,
88 VNC_AUTH_VNC = 2,
89 VNC_AUTH_RA2 = 5,
90 VNC_AUTH_RA2NE = 6,
91 VNC_AUTH_TIGHT = 16,
92 VNC_AUTH_ULTRA = 17,
93 VNC_AUTH_TLS = 18,
94 VNC_AUTH_VENCRYPT = 19
95 };
96
97 #ifdef CONFIG_VNC_TLS
98 enum {
99 VNC_WIREMODE_CLEAR,
100 VNC_WIREMODE_TLS,
101 };
102
103 enum {
104 VNC_AUTH_VENCRYPT_PLAIN = 256,
105 VNC_AUTH_VENCRYPT_TLSNONE = 257,
106 VNC_AUTH_VENCRYPT_TLSVNC = 258,
107 VNC_AUTH_VENCRYPT_TLSPLAIN = 259,
108 VNC_AUTH_VENCRYPT_X509NONE = 260,
109 VNC_AUTH_VENCRYPT_X509VNC = 261,
110 VNC_AUTH_VENCRYPT_X509PLAIN = 262,
111 };
112
113 #define X509_CA_CERT_FILE "ca-cert.pem"
114 #define X509_CA_CRL_FILE "ca-crl.pem"
115 #define X509_SERVER_KEY_FILE "server-key.pem"
116 #define X509_SERVER_CERT_FILE "server-cert.pem"
117
118 #endif /* CONFIG_VNC_TLS */
119
120 struct VncState
121 {
122 QEMUTimer *timer;
123 int lsock;
124 int csock;
125 DisplayState *ds;
126 int need_update;
127 int width;
128 int height;
129 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
130 char *old_data;
131 int depth; /* internal VNC frame buffer byte per pixel */
132 int has_resize;
133 int has_hextile;
134 int has_pointer_type_change;
135 int has_WMVi;
136 int absolute;
137 int last_x;
138 int last_y;
139
140 int major;
141 int minor;
142
143 char *display;
144 char *password;
145 int auth;
146 #ifdef CONFIG_VNC_TLS
147 int subauth;
148 int x509verify;
149
150 char *x509cacert;
151 char *x509cacrl;
152 char *x509cert;
153 char *x509key;
154 #endif
155 char challenge[VNC_AUTH_CHALLENGE_SIZE];
156
157 #ifdef CONFIG_VNC_TLS
158 int wiremode;
159 gnutls_session_t tls_session;
160 #endif
161
162 Buffer output;
163 Buffer input;
164 kbd_layout_t *kbd_layout;
165 /* current output mode information */
166 VncWritePixels *write_pixels;
167 VncSendHextileTile *send_hextile_tile;
168 int pix_bpp, pix_big_endian;
169 int client_red_shift, client_red_max, server_red_shift, server_red_max;
170 int client_green_shift, client_green_max, server_green_shift, server_green_max;
171 int client_blue_shift, client_blue_max, server_blue_shift, server_blue_max;
172
173 CaptureVoiceOut *audio_cap;
174 struct audsettings as;
175
176 VncReadEvent *read_handler;
177 size_t read_handler_expect;
178 /* input */
179 uint8_t modifiers_state[256];
180 };
181
182 static VncState *vnc_state; /* needed for info vnc */
183 static DisplayChangeListener *dcl;
184
185 void do_info_vnc(void)
186 {
187 if (vnc_state == NULL || vnc_state->display == NULL)
188 term_printf("VNC server disabled\n");
189 else {
190 term_printf("VNC server active on: ");
191 term_print_filename(vnc_state->display);
192 term_printf("\n");
193
194 if (vnc_state->csock == -1)
195 term_printf("No client connected\n");
196 else
197 term_printf("Client connected\n");
198 }
199 }
200
201 /* TODO
202 1) Get the queue working for IO.
203 2) there is some weirdness when using the -S option (the screen is grey
204 and not totally invalidated
205 3) resolutions > 1024
206 */
207
208 static void vnc_write(VncState *vs, const void *data, size_t len);
209 static void vnc_write_u32(VncState *vs, uint32_t value);
210 static void vnc_write_s32(VncState *vs, int32_t value);
211 static void vnc_write_u16(VncState *vs, uint16_t value);
212 static void vnc_write_u8(VncState *vs, uint8_t value);
213 static void vnc_flush(VncState *vs);
214 static void vnc_update_client(void *opaque);
215 static void vnc_client_read(void *opaque);
216
217 static void vnc_colordepth(DisplayState *ds);
218
219 static inline void vnc_set_bit(uint32_t *d, int k)
220 {
221 d[k >> 5] |= 1 << (k & 0x1f);
222 }
223
224 static inline void vnc_clear_bit(uint32_t *d, int k)
225 {
226 d[k >> 5] &= ~(1 << (k & 0x1f));
227 }
228
229 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
230 {
231 int j;
232
233 j = 0;
234 while (n >= 32) {
235 d[j++] = -1;
236 n -= 32;
237 }
238 if (n > 0)
239 d[j++] = (1 << n) - 1;
240 while (j < nb_words)
241 d[j++] = 0;
242 }
243
244 static inline int vnc_get_bit(const uint32_t *d, int k)
245 {
246 return (d[k >> 5] >> (k & 0x1f)) & 1;
247 }
248
249 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
250 int nb_words)
251 {
252 int i;
253 for(i = 0; i < nb_words; i++) {
254 if ((d1[i] & d2[i]) != 0)
255 return 1;
256 }
257 return 0;
258 }
259
260 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
261 {
262 VncState *vs = ds->opaque;
263 int i;
264
265 h += y;
266
267 /* round x down to ensure the loop only spans one 16-pixel block per,
268 iteration. otherwise, if (x % 16) != 0, the last iteration may span
269 two 16-pixel blocks but we only mark the first as dirty
270 */
271 w += (x % 16);
272 x -= (x % 16);
273
274 x = MIN(x, vs->width);
275 y = MIN(y, vs->height);
276 w = MIN(x + w, vs->width) - x;
277 h = MIN(h, vs->height);
278
279 for (; y < h; y++)
280 for (i = 0; i < w; i += 16)
281 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
282 }
283
284 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
285 int32_t encoding)
286 {
287 vnc_write_u16(vs, x);
288 vnc_write_u16(vs, y);
289 vnc_write_u16(vs, w);
290 vnc_write_u16(vs, h);
291
292 vnc_write_s32(vs, encoding);
293 }
294
295 static void vnc_dpy_resize(DisplayState *ds)
296 {
297 int size_changed;
298 VncState *vs = ds->opaque;
299
300 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
301
302 if (vs->old_data == NULL) {
303 fprintf(stderr, "vnc: memory allocation failed\n");
304 exit(1);
305 }
306
307 if (ds_get_bytes_per_pixel(ds) != vs->depth)
308 console_color_init(ds);
309 vnc_colordepth(ds);
310 size_changed = ds_get_width(ds) != vs->width || ds_get_height(ds) != vs->height;
311 if (size_changed) {
312 vs->width = ds_get_width(ds);
313 vs->height = ds_get_height(ds);
314 if (vs->csock != -1 && vs->has_resize) {
315 vnc_write_u8(vs, 0); /* msg id */
316 vnc_write_u8(vs, 0);
317 vnc_write_u16(vs, 1); /* number of rects */
318 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), -223);
319 vnc_flush(vs);
320 }
321 }
322
323 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
324 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
325 }
326
327 /* fastest code */
328 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
329 {
330 vnc_write(vs, pixels, size);
331 }
332
333 /* slowest but generic code. */
334 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
335 {
336 uint8_t r, g, b;
337
338 r = ((v >> vs->server_red_shift) & vs->server_red_max) * (vs->client_red_max + 1) /
339 (vs->server_red_max + 1);
340 g = ((v >> vs->server_green_shift) & vs->server_green_max) * (vs->client_green_max + 1) /
341 (vs->server_green_max + 1);
342 b = ((v >> vs->server_blue_shift) & vs->server_blue_max) * (vs->client_blue_max + 1) /
343 (vs->server_blue_max + 1);
344 v = (r << vs->client_red_shift) |
345 (g << vs->client_green_shift) |
346 (b << vs->client_blue_shift);
347 switch(vs->pix_bpp) {
348 case 1:
349 buf[0] = v;
350 break;
351 case 2:
352 if (vs->pix_big_endian) {
353 buf[0] = v >> 8;
354 buf[1] = v;
355 } else {
356 buf[1] = v >> 8;
357 buf[0] = v;
358 }
359 break;
360 default:
361 case 4:
362 if (vs->pix_big_endian) {
363 buf[0] = v >> 24;
364 buf[1] = v >> 16;
365 buf[2] = v >> 8;
366 buf[3] = v;
367 } else {
368 buf[3] = v >> 24;
369 buf[2] = v >> 16;
370 buf[1] = v >> 8;
371 buf[0] = v;
372 }
373 break;
374 }
375 }
376
377 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
378 {
379 uint8_t buf[4];
380
381 if (vs->depth == 4) {
382 uint32_t *pixels = pixels1;
383 int n, i;
384 n = size >> 2;
385 for(i = 0; i < n; i++) {
386 vnc_convert_pixel(vs, buf, pixels[i]);
387 vnc_write(vs, buf, vs->pix_bpp);
388 }
389 } else if (vs->depth == 2) {
390 uint16_t *pixels = pixels1;
391 int n, i;
392 n = size >> 1;
393 for(i = 0; i < n; i++) {
394 vnc_convert_pixel(vs, buf, pixels[i]);
395 vnc_write(vs, buf, vs->pix_bpp);
396 }
397 } else if (vs->depth == 1) {
398 uint8_t *pixels = pixels1;
399 int n, i;
400 n = size;
401 for(i = 0; i < n; i++) {
402 vnc_convert_pixel(vs, buf, pixels[i]);
403 vnc_write(vs, buf, vs->pix_bpp);
404 }
405 } else {
406 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
407 }
408 }
409
410 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
411 {
412 int i;
413 uint8_t *row;
414
415 vnc_framebuffer_update(vs, x, y, w, h, 0);
416
417 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * vs->depth;
418 for (i = 0; i < h; i++) {
419 vs->write_pixels(vs, row, w * vs->depth);
420 row += ds_get_linesize(vs->ds);
421 }
422 }
423
424 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
425 {
426 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
427 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
428 }
429
430 #define BPP 8
431 #include "vnchextile.h"
432 #undef BPP
433
434 #define BPP 16
435 #include "vnchextile.h"
436 #undef BPP
437
438 #define BPP 32
439 #include "vnchextile.h"
440 #undef BPP
441
442 #define GENERIC
443 #define BPP 8
444 #include "vnchextile.h"
445 #undef BPP
446 #undef GENERIC
447
448 #define GENERIC
449 #define BPP 16
450 #include "vnchextile.h"
451 #undef BPP
452 #undef GENERIC
453
454 #define GENERIC
455 #define BPP 32
456 #include "vnchextile.h"
457 #undef BPP
458 #undef GENERIC
459
460 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
461 {
462 int i, j;
463 int has_fg, has_bg;
464 uint8_t *last_fg, *last_bg;
465
466 vnc_framebuffer_update(vs, x, y, w, h, 5);
467
468 last_fg = (uint8_t *) malloc(vs->depth);
469 last_bg = (uint8_t *) malloc(vs->depth);
470 has_fg = has_bg = 0;
471 for (j = y; j < (y + h); j += 16) {
472 for (i = x; i < (x + w); i += 16) {
473 vs->send_hextile_tile(vs, i, j,
474 MIN(16, x + w - i), MIN(16, y + h - j),
475 last_bg, last_fg, &has_bg, &has_fg);
476 }
477 }
478 free(last_fg);
479 free(last_bg);
480
481 }
482
483 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
484 {
485 if (vs->has_hextile)
486 send_framebuffer_update_hextile(vs, x, y, w, h);
487 else
488 send_framebuffer_update_raw(vs, x, y, w, h);
489 }
490
491 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
492 {
493 VncState *vs = ds->opaque;
494
495 vnc_update_client(vs);
496
497 vnc_write_u8(vs, 0); /* msg id */
498 vnc_write_u8(vs, 0);
499 vnc_write_u16(vs, 1); /* number of rects */
500 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
501 vnc_write_u16(vs, src_x);
502 vnc_write_u16(vs, src_y);
503 vnc_flush(vs);
504 }
505
506 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
507 {
508 int h;
509
510 for (h = 1; h < (vs->height - y); h++) {
511 int tmp_x;
512 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
513 break;
514 for (tmp_x = last_x; tmp_x < x; tmp_x++)
515 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
516 }
517
518 return h;
519 }
520
521 static void vnc_update_client(void *opaque)
522 {
523 VncState *vs = opaque;
524
525 if (vs->need_update && vs->csock != -1) {
526 int y;
527 uint8_t *row;
528 char *old_row;
529 uint32_t width_mask[VNC_DIRTY_WORDS];
530 int n_rectangles;
531 int saved_offset;
532 int has_dirty = 0;
533
534 vga_hw_update();
535
536 vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
537
538 /* Walk through the dirty map and eliminate tiles that
539 really aren't dirty */
540 row = ds_get_data(vs->ds);
541 old_row = vs->old_data;
542
543 for (y = 0; y < vs->height; y++) {
544 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
545 int x;
546 uint8_t *ptr;
547 char *old_ptr;
548
549 ptr = row;
550 old_ptr = (char*)old_row;
551
552 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
553 if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
554 vnc_clear_bit(vs->dirty_row[y], (x / 16));
555 } else {
556 has_dirty = 1;
557 memcpy(old_ptr, ptr, 16 * vs->depth);
558 }
559
560 ptr += 16 * vs->depth;
561 old_ptr += 16 * vs->depth;
562 }
563 }
564
565 row += ds_get_linesize(vs->ds);
566 old_row += ds_get_linesize(vs->ds);
567 }
568
569 if (!has_dirty && !vs->audio_cap) {
570 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
571 return;
572 }
573
574 /* Count rectangles */
575 n_rectangles = 0;
576 vnc_write_u8(vs, 0); /* msg id */
577 vnc_write_u8(vs, 0);
578 saved_offset = vs->output.offset;
579 vnc_write_u16(vs, 0);
580
581 for (y = 0; y < vs->height; y++) {
582 int x;
583 int last_x = -1;
584 for (x = 0; x < vs->width / 16; x++) {
585 if (vnc_get_bit(vs->dirty_row[y], x)) {
586 if (last_x == -1) {
587 last_x = x;
588 }
589 vnc_clear_bit(vs->dirty_row[y], x);
590 } else {
591 if (last_x != -1) {
592 int h = find_dirty_height(vs, y, last_x, x);
593 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
594 n_rectangles++;
595 }
596 last_x = -1;
597 }
598 }
599 if (last_x != -1) {
600 int h = find_dirty_height(vs, y, last_x, x);
601 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
602 n_rectangles++;
603 }
604 }
605 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
606 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
607 vnc_flush(vs);
608
609 }
610
611 if (vs->csock != -1) {
612 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
613 }
614
615 }
616
617 static int vnc_listen_poll(void *opaque)
618 {
619 VncState *vs = opaque;
620 if (vs->csock == -1)
621 return 1;
622 return 0;
623 }
624
625 static void buffer_reserve(Buffer *buffer, size_t len)
626 {
627 if ((buffer->capacity - buffer->offset) < len) {
628 buffer->capacity += (len + 1024);
629 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
630 if (buffer->buffer == NULL) {
631 fprintf(stderr, "vnc: out of memory\n");
632 exit(1);
633 }
634 }
635 }
636
637 static int buffer_empty(Buffer *buffer)
638 {
639 return buffer->offset == 0;
640 }
641
642 static uint8_t *buffer_end(Buffer *buffer)
643 {
644 return buffer->buffer + buffer->offset;
645 }
646
647 static void buffer_reset(Buffer *buffer)
648 {
649 buffer->offset = 0;
650 }
651
652 static void buffer_append(Buffer *buffer, const void *data, size_t len)
653 {
654 memcpy(buffer->buffer + buffer->offset, data, len);
655 buffer->offset += len;
656 }
657
658 /* audio */
659 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
660 {
661 VncState *vs = opaque;
662
663 switch (cmd) {
664 case AUD_CNOTIFY_DISABLE:
665 vnc_write_u8(vs, 255);
666 vnc_write_u8(vs, 1);
667 vnc_write_u16(vs, 0);
668 vnc_flush(vs);
669 break;
670
671 case AUD_CNOTIFY_ENABLE:
672 vnc_write_u8(vs, 255);
673 vnc_write_u8(vs, 1);
674 vnc_write_u16(vs, 1);
675 vnc_flush(vs);
676 break;
677 }
678 }
679
680 static void audio_capture_destroy(void *opaque)
681 {
682 }
683
684 static void audio_capture(void *opaque, void *buf, int size)
685 {
686 VncState *vs = opaque;
687
688 vnc_write_u8(vs, 255);
689 vnc_write_u8(vs, 1);
690 vnc_write_u16(vs, 2);
691 vnc_write_u32(vs, size);
692 vnc_write(vs, buf, size);
693 vnc_flush(vs);
694 }
695
696 static void audio_add(VncState *vs)
697 {
698 struct audio_capture_ops ops;
699
700 if (vs->audio_cap) {
701 term_printf ("audio already running\n");
702 return;
703 }
704
705 ops.notify = audio_capture_notify;
706 ops.destroy = audio_capture_destroy;
707 ops.capture = audio_capture;
708
709 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
710 if (!vs->audio_cap) {
711 term_printf ("Failed to add audio capture\n");
712 }
713 }
714
715 static void audio_del(VncState *vs)
716 {
717 if (vs->audio_cap) {
718 AUD_del_capture(vs->audio_cap, vs);
719 vs->audio_cap = NULL;
720 }
721 }
722
723 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
724 {
725 if (ret == 0 || ret == -1) {
726 if (ret == -1) {
727 switch (last_errno) {
728 case EINTR:
729 case EAGAIN:
730 #ifdef _WIN32
731 case WSAEWOULDBLOCK:
732 #endif
733 return 0;
734 default:
735 break;
736 }
737 }
738
739 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
740 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
741 closesocket(vs->csock);
742 vs->csock = -1;
743 dcl->idle = 1;
744 buffer_reset(&vs->input);
745 buffer_reset(&vs->output);
746 vs->need_update = 0;
747 #ifdef CONFIG_VNC_TLS
748 if (vs->tls_session) {
749 gnutls_deinit(vs->tls_session);
750 vs->tls_session = NULL;
751 }
752 vs->wiremode = VNC_WIREMODE_CLEAR;
753 #endif /* CONFIG_VNC_TLS */
754 audio_del(vs);
755 return 0;
756 }
757 return ret;
758 }
759
760 static void vnc_client_error(VncState *vs)
761 {
762 vnc_client_io_error(vs, -1, EINVAL);
763 }
764
765 static void vnc_client_write(void *opaque)
766 {
767 long ret;
768 VncState *vs = opaque;
769
770 #ifdef CONFIG_VNC_TLS
771 if (vs->tls_session) {
772 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
773 if (ret < 0) {
774 if (ret == GNUTLS_E_AGAIN)
775 errno = EAGAIN;
776 else
777 errno = EIO;
778 ret = -1;
779 }
780 } else
781 #endif /* CONFIG_VNC_TLS */
782 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
783 ret = vnc_client_io_error(vs, ret, socket_error());
784 if (!ret)
785 return;
786
787 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
788 vs->output.offset -= ret;
789
790 if (vs->output.offset == 0) {
791 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
792 }
793 }
794
795 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
796 {
797 vs->read_handler = func;
798 vs->read_handler_expect = expecting;
799 }
800
801 static void vnc_client_read(void *opaque)
802 {
803 VncState *vs = opaque;
804 long ret;
805
806 buffer_reserve(&vs->input, 4096);
807
808 #ifdef CONFIG_VNC_TLS
809 if (vs->tls_session) {
810 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
811 if (ret < 0) {
812 if (ret == GNUTLS_E_AGAIN)
813 errno = EAGAIN;
814 else
815 errno = EIO;
816 ret = -1;
817 }
818 } else
819 #endif /* CONFIG_VNC_TLS */
820 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
821 ret = vnc_client_io_error(vs, ret, socket_error());
822 if (!ret)
823 return;
824
825 vs->input.offset += ret;
826
827 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
828 size_t len = vs->read_handler_expect;
829 int ret;
830
831 ret = vs->read_handler(vs, vs->input.buffer, len);
832 if (vs->csock == -1)
833 return;
834
835 if (!ret) {
836 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
837 vs->input.offset -= len;
838 } else {
839 vs->read_handler_expect = ret;
840 }
841 }
842 }
843
844 static void vnc_write(VncState *vs, const void *data, size_t len)
845 {
846 buffer_reserve(&vs->output, len);
847
848 if (buffer_empty(&vs->output)) {
849 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
850 }
851
852 buffer_append(&vs->output, data, len);
853 }
854
855 static void vnc_write_s32(VncState *vs, int32_t value)
856 {
857 vnc_write_u32(vs, *(uint32_t *)&value);
858 }
859
860 static void vnc_write_u32(VncState *vs, uint32_t value)
861 {
862 uint8_t buf[4];
863
864 buf[0] = (value >> 24) & 0xFF;
865 buf[1] = (value >> 16) & 0xFF;
866 buf[2] = (value >> 8) & 0xFF;
867 buf[3] = value & 0xFF;
868
869 vnc_write(vs, buf, 4);
870 }
871
872 static void vnc_write_u16(VncState *vs, uint16_t value)
873 {
874 uint8_t buf[2];
875
876 buf[0] = (value >> 8) & 0xFF;
877 buf[1] = value & 0xFF;
878
879 vnc_write(vs, buf, 2);
880 }
881
882 static void vnc_write_u8(VncState *vs, uint8_t value)
883 {
884 vnc_write(vs, (char *)&value, 1);
885 }
886
887 static void vnc_flush(VncState *vs)
888 {
889 if (vs->output.offset)
890 vnc_client_write(vs);
891 }
892
893 static uint8_t read_u8(uint8_t *data, size_t offset)
894 {
895 return data[offset];
896 }
897
898 static uint16_t read_u16(uint8_t *data, size_t offset)
899 {
900 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
901 }
902
903 static int32_t read_s32(uint8_t *data, size_t offset)
904 {
905 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
906 (data[offset + 2] << 8) | data[offset + 3]);
907 }
908
909 static uint32_t read_u32(uint8_t *data, size_t offset)
910 {
911 return ((data[offset] << 24) | (data[offset + 1] << 16) |
912 (data[offset + 2] << 8) | data[offset + 3]);
913 }
914
915 #ifdef CONFIG_VNC_TLS
916 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
917 const void *data,
918 size_t len) {
919 struct VncState *vs = (struct VncState *)transport;
920 int ret;
921
922 retry:
923 ret = send(vs->csock, data, len, 0);
924 if (ret < 0) {
925 if (errno == EINTR)
926 goto retry;
927 return -1;
928 }
929 return ret;
930 }
931
932
933 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
934 void *data,
935 size_t len) {
936 struct VncState *vs = (struct VncState *)transport;
937 int ret;
938
939 retry:
940 ret = recv(vs->csock, data, len, 0);
941 if (ret < 0) {
942 if (errno == EINTR)
943 goto retry;
944 return -1;
945 }
946 return ret;
947 }
948 #endif /* CONFIG_VNC_TLS */
949
950 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
951 {
952 }
953
954 static void check_pointer_type_change(VncState *vs, int absolute)
955 {
956 if (vs->has_pointer_type_change && vs->absolute != absolute) {
957 vnc_write_u8(vs, 0);
958 vnc_write_u8(vs, 0);
959 vnc_write_u16(vs, 1);
960 vnc_framebuffer_update(vs, absolute, 0,
961 ds_get_width(vs->ds), ds_get_height(vs->ds), -257);
962 vnc_flush(vs);
963 }
964 vs->absolute = absolute;
965 }
966
967 static void pointer_event(VncState *vs, int button_mask, int x, int y)
968 {
969 int buttons = 0;
970 int dz = 0;
971
972 if (button_mask & 0x01)
973 buttons |= MOUSE_EVENT_LBUTTON;
974 if (button_mask & 0x02)
975 buttons |= MOUSE_EVENT_MBUTTON;
976 if (button_mask & 0x04)
977 buttons |= MOUSE_EVENT_RBUTTON;
978 if (button_mask & 0x08)
979 dz = -1;
980 if (button_mask & 0x10)
981 dz = 1;
982
983 if (vs->absolute) {
984 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
985 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
986 dz, buttons);
987 } else if (vs->has_pointer_type_change) {
988 x -= 0x7FFF;
989 y -= 0x7FFF;
990
991 kbd_mouse_event(x, y, dz, buttons);
992 } else {
993 if (vs->last_x != -1)
994 kbd_mouse_event(x - vs->last_x,
995 y - vs->last_y,
996 dz, buttons);
997 vs->last_x = x;
998 vs->last_y = y;
999 }
1000
1001 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1002 }
1003
1004 static void reset_keys(VncState *vs)
1005 {
1006 int i;
1007 for(i = 0; i < 256; i++) {
1008 if (vs->modifiers_state[i]) {
1009 if (i & 0x80)
1010 kbd_put_keycode(0xe0);
1011 kbd_put_keycode(i | 0x80);
1012 vs->modifiers_state[i] = 0;
1013 }
1014 }
1015 }
1016
1017 static void press_key(VncState *vs, int keysym)
1018 {
1019 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
1020 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
1021 }
1022
1023 static void do_key_event(VncState *vs, int down, int keycode, int sym)
1024 {
1025 /* QEMU console switch */
1026 switch(keycode) {
1027 case 0x2a: /* Left Shift */
1028 case 0x36: /* Right Shift */
1029 case 0x1d: /* Left CTRL */
1030 case 0x9d: /* Right CTRL */
1031 case 0x38: /* Left ALT */
1032 case 0xb8: /* Right ALT */
1033 if (down)
1034 vs->modifiers_state[keycode] = 1;
1035 else
1036 vs->modifiers_state[keycode] = 0;
1037 break;
1038 case 0x02 ... 0x0a: /* '1' to '9' keys */
1039 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1040 /* Reset the modifiers sent to the current console */
1041 reset_keys(vs);
1042 console_select(keycode - 0x02);
1043 return;
1044 }
1045 break;
1046 case 0x3a: /* CapsLock */
1047 case 0x45: /* NumLock */
1048 if (!down)
1049 vs->modifiers_state[keycode] ^= 1;
1050 break;
1051 }
1052
1053 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1054 /* If the numlock state needs to change then simulate an additional
1055 keypress before sending this one. This will happen if the user
1056 toggles numlock away from the VNC window.
1057 */
1058 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1059 if (!vs->modifiers_state[0x45]) {
1060 vs->modifiers_state[0x45] = 1;
1061 press_key(vs, 0xff7f);
1062 }
1063 } else {
1064 if (vs->modifiers_state[0x45]) {
1065 vs->modifiers_state[0x45] = 0;
1066 press_key(vs, 0xff7f);
1067 }
1068 }
1069 }
1070
1071 if (is_graphic_console()) {
1072 if (keycode & 0x80)
1073 kbd_put_keycode(0xe0);
1074 if (down)
1075 kbd_put_keycode(keycode & 0x7f);
1076 else
1077 kbd_put_keycode(keycode | 0x80);
1078 } else {
1079 /* QEMU console emulation */
1080 if (down) {
1081 switch (keycode) {
1082 case 0x2a: /* Left Shift */
1083 case 0x36: /* Right Shift */
1084 case 0x1d: /* Left CTRL */
1085 case 0x9d: /* Right CTRL */
1086 case 0x38: /* Left ALT */
1087 case 0xb8: /* Right ALT */
1088 break;
1089 case 0xc8:
1090 kbd_put_keysym(QEMU_KEY_UP);
1091 break;
1092 case 0xd0:
1093 kbd_put_keysym(QEMU_KEY_DOWN);
1094 break;
1095 case 0xcb:
1096 kbd_put_keysym(QEMU_KEY_LEFT);
1097 break;
1098 case 0xcd:
1099 kbd_put_keysym(QEMU_KEY_RIGHT);
1100 break;
1101 case 0xd3:
1102 kbd_put_keysym(QEMU_KEY_DELETE);
1103 break;
1104 case 0xc7:
1105 kbd_put_keysym(QEMU_KEY_HOME);
1106 break;
1107 case 0xcf:
1108 kbd_put_keysym(QEMU_KEY_END);
1109 break;
1110 case 0xc9:
1111 kbd_put_keysym(QEMU_KEY_PAGEUP);
1112 break;
1113 case 0xd1:
1114 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1115 break;
1116 default:
1117 kbd_put_keysym(sym);
1118 break;
1119 }
1120 }
1121 }
1122 }
1123
1124 static void key_event(VncState *vs, int down, uint32_t sym)
1125 {
1126 int keycode;
1127
1128 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1129 sym = sym - 'A' + 'a';
1130
1131 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1132 do_key_event(vs, down, keycode, sym);
1133 }
1134
1135 static void ext_key_event(VncState *vs, int down,
1136 uint32_t sym, uint16_t keycode)
1137 {
1138 /* if the user specifies a keyboard layout, always use it */
1139 if (keyboard_layout)
1140 key_event(vs, down, sym);
1141 else
1142 do_key_event(vs, down, keycode, sym);
1143 }
1144
1145 static void framebuffer_update_request(VncState *vs, int incremental,
1146 int x_position, int y_position,
1147 int w, int h)
1148 {
1149 if (x_position > ds_get_width(vs->ds))
1150 x_position = ds_get_width(vs->ds);
1151 if (y_position > ds_get_height(vs->ds))
1152 y_position = ds_get_height(vs->ds);
1153 if (x_position + w >= ds_get_width(vs->ds))
1154 w = ds_get_width(vs->ds) - x_position;
1155 if (y_position + h >= ds_get_height(vs->ds))
1156 h = ds_get_height(vs->ds) - y_position;
1157
1158 int i;
1159 vs->need_update = 1;
1160 if (!incremental) {
1161 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1162
1163 for (i = 0; i < h; i++) {
1164 vnc_set_bits(vs->dirty_row[y_position + i],
1165 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1166 memset(old_row, 42, ds_get_width(vs->ds) * vs->depth);
1167 old_row += ds_get_linesize(vs->ds);
1168 }
1169 }
1170 }
1171
1172 static void send_ext_key_event_ack(VncState *vs)
1173 {
1174 vnc_write_u8(vs, 0);
1175 vnc_write_u8(vs, 0);
1176 vnc_write_u16(vs, 1);
1177 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -258);
1178 vnc_flush(vs);
1179 }
1180
1181 static void send_ext_audio_ack(VncState *vs)
1182 {
1183 vnc_write_u8(vs, 0);
1184 vnc_write_u8(vs, 0);
1185 vnc_write_u16(vs, 1);
1186 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -259);
1187 vnc_flush(vs);
1188 }
1189
1190 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1191 {
1192 int i;
1193
1194 vs->has_hextile = 0;
1195 vs->has_resize = 0;
1196 vs->has_pointer_type_change = 0;
1197 vs->has_WMVi = 0;
1198 vs->absolute = -1;
1199 dcl->dpy_copy = NULL;
1200
1201 for (i = n_encodings - 1; i >= 0; i--) {
1202 switch (encodings[i]) {
1203 case 0: /* Raw */
1204 vs->has_hextile = 0;
1205 break;
1206 case 1: /* CopyRect */
1207 dcl->dpy_copy = vnc_copy;
1208 break;
1209 case 5: /* Hextile */
1210 vs->has_hextile = 1;
1211 break;
1212 case -223: /* DesktopResize */
1213 vs->has_resize = 1;
1214 break;
1215 case -257:
1216 vs->has_pointer_type_change = 1;
1217 break;
1218 case -258:
1219 send_ext_key_event_ack(vs);
1220 break;
1221 case -259:
1222 send_ext_audio_ack(vs);
1223 break;
1224 case 0x574D5669:
1225 vs->has_WMVi = 1;
1226 break;
1227 default:
1228 break;
1229 }
1230 }
1231
1232 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1233 }
1234
1235 static void set_pixel_format(VncState *vs,
1236 int bits_per_pixel, int depth,
1237 int big_endian_flag, int true_color_flag,
1238 int red_max, int green_max, int blue_max,
1239 int red_shift, int green_shift, int blue_shift)
1240 {
1241 int host_big_endian_flag;
1242
1243 #ifdef WORDS_BIGENDIAN
1244 host_big_endian_flag = 1;
1245 #else
1246 host_big_endian_flag = 0;
1247 #endif
1248 if (!true_color_flag) {
1249 fail:
1250 vnc_client_error(vs);
1251 return;
1252 }
1253 if (bits_per_pixel == 32 &&
1254 bits_per_pixel == vs->depth * 8 &&
1255 host_big_endian_flag == big_endian_flag &&
1256 red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
1257 red_shift == 16 && green_shift == 8 && blue_shift == 0) {
1258 vs->depth = 4;
1259 vs->write_pixels = vnc_write_pixels_copy;
1260 vs->send_hextile_tile = send_hextile_tile_32;
1261 } else
1262 if (bits_per_pixel == 16 &&
1263 bits_per_pixel == vs->depth * 8 &&
1264 host_big_endian_flag == big_endian_flag &&
1265 red_max == 31 && green_max == 63 && blue_max == 31 &&
1266 red_shift == 11 && green_shift == 5 && blue_shift == 0) {
1267 vs->depth = 2;
1268 vs->write_pixels = vnc_write_pixels_copy;
1269 vs->send_hextile_tile = send_hextile_tile_16;
1270 } else
1271 if (bits_per_pixel == 8 &&
1272 bits_per_pixel == vs->depth * 8 &&
1273 red_max == 7 && green_max == 7 && blue_max == 3 &&
1274 red_shift == 5 && green_shift == 2 && blue_shift == 0) {
1275 vs->depth = 1;
1276 vs->write_pixels = vnc_write_pixels_copy;
1277 vs->send_hextile_tile = send_hextile_tile_8;
1278 } else
1279 {
1280 /* generic and slower case */
1281 if (bits_per_pixel != 8 &&
1282 bits_per_pixel != 16 &&
1283 bits_per_pixel != 32)
1284 goto fail;
1285 if (vs->depth == 4) {
1286 vs->send_hextile_tile = send_hextile_tile_generic_32;
1287 } else if (vs->depth == 2) {
1288 vs->send_hextile_tile = send_hextile_tile_generic_16;
1289 } else {
1290 vs->send_hextile_tile = send_hextile_tile_generic_8;
1291 }
1292
1293 vs->pix_big_endian = big_endian_flag;
1294 vs->write_pixels = vnc_write_pixels_generic;
1295 }
1296
1297 vs->client_red_shift = red_shift;
1298 vs->client_red_max = red_max;
1299 vs->client_green_shift = green_shift;
1300 vs->client_green_max = green_max;
1301 vs->client_blue_shift = blue_shift;
1302 vs->client_blue_max = blue_max;
1303 vs->pix_bpp = bits_per_pixel / 8;
1304
1305 vga_hw_invalidate();
1306 vga_hw_update();
1307 }
1308
1309 static void pixel_format_message (VncState *vs) {
1310 char pad[3] = { 0, 0, 0 };
1311
1312 vnc_write_u8(vs, vs->depth * 8); /* bits-per-pixel */
1313 if (vs->depth == 4) vnc_write_u8(vs, 24); /* depth */
1314 else vnc_write_u8(vs, vs->depth * 8); /* depth */
1315
1316 #ifdef WORDS_BIGENDIAN
1317 vnc_write_u8(vs, 1); /* big-endian-flag */
1318 #else
1319 vnc_write_u8(vs, 0); /* big-endian-flag */
1320 #endif
1321 vnc_write_u8(vs, 1); /* true-color-flag */
1322 if (vs->depth == 4) {
1323 vnc_write_u16(vs, 0xFF); /* red-max */
1324 vnc_write_u16(vs, 0xFF); /* green-max */
1325 vnc_write_u16(vs, 0xFF); /* blue-max */
1326 vnc_write_u8(vs, 16); /* red-shift */
1327 vnc_write_u8(vs, 8); /* green-shift */
1328 vnc_write_u8(vs, 0); /* blue-shift */
1329 vs->send_hextile_tile = send_hextile_tile_32;
1330 } else if (vs->depth == 2) {
1331 vnc_write_u16(vs, 31); /* red-max */
1332 vnc_write_u16(vs, 63); /* green-max */
1333 vnc_write_u16(vs, 31); /* blue-max */
1334 vnc_write_u8(vs, 11); /* red-shift */
1335 vnc_write_u8(vs, 5); /* green-shift */
1336 vnc_write_u8(vs, 0); /* blue-shift */
1337 vs->send_hextile_tile = send_hextile_tile_16;
1338 } else if (vs->depth == 1) {
1339 /* XXX: change QEMU pixel 8 bit pixel format to match the VNC one ? */
1340 vnc_write_u16(vs, 7); /* red-max */
1341 vnc_write_u16(vs, 7); /* green-max */
1342 vnc_write_u16(vs, 3); /* blue-max */
1343 vnc_write_u8(vs, 5); /* red-shift */
1344 vnc_write_u8(vs, 2); /* green-shift */
1345 vnc_write_u8(vs, 0); /* blue-shift */
1346 vs->send_hextile_tile = send_hextile_tile_8;
1347 }
1348 vs->client_red_max = vs->server_red_max;
1349 vs->client_green_max = vs->server_green_max;
1350 vs->client_blue_max = vs->server_blue_max;
1351 vs->client_red_shift = vs->server_red_shift;
1352 vs->client_green_shift = vs->server_green_shift;
1353 vs->client_blue_shift = vs->server_blue_shift;
1354 vs->pix_bpp = vs->depth * 8;
1355 vs->write_pixels = vnc_write_pixels_copy;
1356
1357 vnc_write(vs, pad, 3); /* padding */
1358 }
1359
1360 static void vnc_dpy_setdata(DisplayState *ds)
1361 {
1362 /* We don't have to do anything */
1363 }
1364
1365 static void vnc_colordepth(DisplayState *ds)
1366 {
1367 int host_big_endian_flag;
1368 struct VncState *vs = ds->opaque;
1369
1370 #ifdef WORDS_BIGENDIAN
1371 host_big_endian_flag = 1;
1372 #else
1373 host_big_endian_flag = 0;
1374 #endif
1375
1376 switch (ds_get_bits_per_pixel(ds)) {
1377 case 8:
1378 vs->depth = 1;
1379 vs->server_red_max = 7;
1380 vs->server_green_max = 7;
1381 vs->server_blue_max = 3;
1382 vs->server_red_shift = 5;
1383 vs->server_green_shift = 2;
1384 vs->server_blue_shift = 0;
1385 break;
1386 case 16:
1387 vs->depth = 2;
1388 vs->server_red_max = 31;
1389 vs->server_green_max = 63;
1390 vs->server_blue_max = 31;
1391 vs->server_red_shift = 11;
1392 vs->server_green_shift = 5;
1393 vs->server_blue_shift = 0;
1394 break;
1395 case 32:
1396 vs->depth = 4;
1397 vs->server_red_max = 255;
1398 vs->server_green_max = 255;
1399 vs->server_blue_max = 255;
1400 vs->server_red_shift = 16;
1401 vs->server_green_shift = 8;
1402 vs->server_blue_shift = 0;
1403 break;
1404 default:
1405 return;
1406 }
1407
1408 if (vs->csock != -1 && vs->has_WMVi) {
1409 /* Sending a WMVi message to notify the client*/
1410 vnc_write_u8(vs, 0); /* msg id */
1411 vnc_write_u8(vs, 0);
1412 vnc_write_u16(vs, 1); /* number of rects */
1413 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), 0x574D5669);
1414 pixel_format_message(vs);
1415 vnc_flush(vs);
1416 } else {
1417 if (vs->pix_bpp == 4 && vs->depth == 4 &&
1418 host_big_endian_flag == vs->pix_big_endian &&
1419 vs->client_red_max == 0xff && vs->client_green_max == 0xff && vs->client_blue_max == 0xff &&
1420 vs->client_red_shift == 16 && vs->client_green_shift == 8 && vs->client_blue_shift == 0) {
1421 vs->write_pixels = vnc_write_pixels_copy;
1422 vs->send_hextile_tile = send_hextile_tile_32;
1423 } else if (vs->pix_bpp == 2 && vs->depth == 2 &&
1424 host_big_endian_flag == vs->pix_big_endian &&
1425 vs->client_red_max == 31 && vs->client_green_max == 63 && vs->client_blue_max == 31 &&
1426 vs->client_red_shift == 11 && vs->client_green_shift == 5 && vs->client_blue_shift == 0) {
1427 vs->write_pixels = vnc_write_pixels_copy;
1428 vs->send_hextile_tile = send_hextile_tile_16;
1429 } else if (vs->pix_bpp == 1 && vs->depth == 1 &&
1430 host_big_endian_flag == vs->pix_big_endian &&
1431 vs->client_red_max == 7 && vs->client_green_max == 7 && vs->client_blue_max == 3 &&
1432 vs->client_red_shift == 5 && vs->client_green_shift == 2 && vs->client_blue_shift == 0) {
1433 vs->write_pixels = vnc_write_pixels_copy;
1434 vs->send_hextile_tile = send_hextile_tile_8;
1435 } else {
1436 if (vs->depth == 4) {
1437 vs->send_hextile_tile = send_hextile_tile_generic_32;
1438 } else if (vs->depth == 2) {
1439 vs->send_hextile_tile = send_hextile_tile_generic_16;
1440 } else {
1441 vs->send_hextile_tile = send_hextile_tile_generic_8;
1442 }
1443 vs->write_pixels = vnc_write_pixels_generic;
1444 }
1445 }
1446 }
1447
1448 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1449 {
1450 int i;
1451 uint16_t limit;
1452
1453 switch (data[0]) {
1454 case 0:
1455 if (len == 1)
1456 return 20;
1457
1458 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1459 read_u8(data, 6), read_u8(data, 7),
1460 read_u16(data, 8), read_u16(data, 10),
1461 read_u16(data, 12), read_u8(data, 14),
1462 read_u8(data, 15), read_u8(data, 16));
1463 break;
1464 case 2:
1465 if (len == 1)
1466 return 4;
1467
1468 if (len == 4) {
1469 limit = read_u16(data, 2);
1470 if (limit > 0)
1471 return 4 + (limit * 4);
1472 } else
1473 limit = read_u16(data, 2);
1474
1475 for (i = 0; i < limit; i++) {
1476 int32_t val = read_s32(data, 4 + (i * 4));
1477 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1478 }
1479
1480 set_encodings(vs, (int32_t *)(data + 4), limit);
1481 break;
1482 case 3:
1483 if (len == 1)
1484 return 10;
1485
1486 framebuffer_update_request(vs,
1487 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1488 read_u16(data, 6), read_u16(data, 8));
1489 break;
1490 case 4:
1491 if (len == 1)
1492 return 8;
1493
1494 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1495 break;
1496 case 5:
1497 if (len == 1)
1498 return 6;
1499
1500 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1501 break;
1502 case 6:
1503 if (len == 1)
1504 return 8;
1505
1506 if (len == 8) {
1507 uint32_t dlen = read_u32(data, 4);
1508 if (dlen > 0)
1509 return 8 + dlen;
1510 }
1511
1512 client_cut_text(vs, read_u32(data, 4), data + 8);
1513 break;
1514 case 255:
1515 if (len == 1)
1516 return 2;
1517
1518 switch (read_u8(data, 1)) {
1519 case 0:
1520 if (len == 2)
1521 return 12;
1522
1523 ext_key_event(vs, read_u16(data, 2),
1524 read_u32(data, 4), read_u32(data, 8));
1525 break;
1526 case 1:
1527 if (len == 2)
1528 return 4;
1529
1530 switch (read_u16 (data, 2)) {
1531 case 0:
1532 audio_add(vs);
1533 break;
1534 case 1:
1535 audio_del(vs);
1536 break;
1537 case 2:
1538 if (len == 4)
1539 return 10;
1540 switch (read_u8(data, 4)) {
1541 case 0: vs->as.fmt = AUD_FMT_U8; break;
1542 case 1: vs->as.fmt = AUD_FMT_S8; break;
1543 case 2: vs->as.fmt = AUD_FMT_U16; break;
1544 case 3: vs->as.fmt = AUD_FMT_S16; break;
1545 case 4: vs->as.fmt = AUD_FMT_U32; break;
1546 case 5: vs->as.fmt = AUD_FMT_S32; break;
1547 default:
1548 printf("Invalid audio format %d\n", read_u8(data, 4));
1549 vnc_client_error(vs);
1550 break;
1551 }
1552 vs->as.nchannels = read_u8(data, 5);
1553 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1554 printf("Invalid audio channel coount %d\n",
1555 read_u8(data, 5));
1556 vnc_client_error(vs);
1557 break;
1558 }
1559 vs->as.freq = read_u32(data, 6);
1560 break;
1561 default:
1562 printf ("Invalid audio message %d\n", read_u8(data, 4));
1563 vnc_client_error(vs);
1564 break;
1565 }
1566 break;
1567
1568 default:
1569 printf("Msg: %d\n", read_u16(data, 0));
1570 vnc_client_error(vs);
1571 break;
1572 }
1573 break;
1574 default:
1575 printf("Msg: %d\n", data[0]);
1576 vnc_client_error(vs);
1577 break;
1578 }
1579
1580 vnc_read_when(vs, protocol_client_msg, 1);
1581 return 0;
1582 }
1583
1584 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1585 {
1586 char buf[1024];
1587 int size;
1588
1589 vs->width = ds_get_width(vs->ds);
1590 vs->height = ds_get_height(vs->ds);
1591 vnc_write_u16(vs, ds_get_width(vs->ds));
1592 vnc_write_u16(vs, ds_get_height(vs->ds));
1593
1594 pixel_format_message(vs);
1595
1596 if (qemu_name)
1597 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1598 else
1599 size = snprintf(buf, sizeof(buf), "QEMU");
1600
1601 vnc_write_u32(vs, size);
1602 vnc_write(vs, buf, size);
1603 vnc_flush(vs);
1604
1605 vnc_read_when(vs, protocol_client_msg, 1);
1606
1607 return 0;
1608 }
1609
1610 static void make_challenge(VncState *vs)
1611 {
1612 int i;
1613
1614 srand(time(NULL)+getpid()+getpid()*987654+rand());
1615
1616 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1617 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1618 }
1619
1620 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1621 {
1622 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1623 int i, j, pwlen;
1624 unsigned char key[8];
1625
1626 if (!vs->password || !vs->password[0]) {
1627 VNC_DEBUG("No password configured on server");
1628 vnc_write_u32(vs, 1); /* Reject auth */
1629 if (vs->minor >= 8) {
1630 static const char err[] = "Authentication failed";
1631 vnc_write_u32(vs, sizeof(err));
1632 vnc_write(vs, err, sizeof(err));
1633 }
1634 vnc_flush(vs);
1635 vnc_client_error(vs);
1636 return 0;
1637 }
1638
1639 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1640
1641 /* Calculate the expected challenge response */
1642 pwlen = strlen(vs->password);
1643 for (i=0; i<sizeof(key); i++)
1644 key[i] = i<pwlen ? vs->password[i] : 0;
1645 deskey(key, EN0);
1646 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1647 des(response+j, response+j);
1648
1649 /* Compare expected vs actual challenge response */
1650 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1651 VNC_DEBUG("Client challenge reponse did not match\n");
1652 vnc_write_u32(vs, 1); /* Reject auth */
1653 if (vs->minor >= 8) {
1654 static const char err[] = "Authentication failed";
1655 vnc_write_u32(vs, sizeof(err));
1656 vnc_write(vs, err, sizeof(err));
1657 }
1658 vnc_flush(vs);
1659 vnc_client_error(vs);
1660 } else {
1661 VNC_DEBUG("Accepting VNC challenge response\n");
1662 vnc_write_u32(vs, 0); /* Accept auth */
1663 vnc_flush(vs);
1664
1665 vnc_read_when(vs, protocol_client_init, 1);
1666 }
1667 return 0;
1668 }
1669
1670 static int start_auth_vnc(VncState *vs)
1671 {
1672 make_challenge(vs);
1673 /* Send client a 'random' challenge */
1674 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1675 vnc_flush(vs);
1676
1677 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1678 return 0;
1679 }
1680
1681
1682 #ifdef CONFIG_VNC_TLS
1683 #define DH_BITS 1024
1684 static gnutls_dh_params_t dh_params;
1685
1686 static int vnc_tls_initialize(void)
1687 {
1688 static int tlsinitialized = 0;
1689
1690 if (tlsinitialized)
1691 return 1;
1692
1693 if (gnutls_global_init () < 0)
1694 return 0;
1695
1696 /* XXX ought to re-generate diffie-hellmen params periodically */
1697 if (gnutls_dh_params_init (&dh_params) < 0)
1698 return 0;
1699 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1700 return 0;
1701
1702 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1703 gnutls_global_set_log_level(10);
1704 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1705 #endif
1706
1707 tlsinitialized = 1;
1708
1709 return 1;
1710 }
1711
1712 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1713 {
1714 gnutls_anon_server_credentials anon_cred;
1715 int ret;
1716
1717 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1718 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1719 return NULL;
1720 }
1721
1722 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1723
1724 return anon_cred;
1725 }
1726
1727
1728 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1729 {
1730 gnutls_certificate_credentials_t x509_cred;
1731 int ret;
1732
1733 if (!vs->x509cacert) {
1734 VNC_DEBUG("No CA x509 certificate specified\n");
1735 return NULL;
1736 }
1737 if (!vs->x509cert) {
1738 VNC_DEBUG("No server x509 certificate specified\n");
1739 return NULL;
1740 }
1741 if (!vs->x509key) {
1742 VNC_DEBUG("No server private key specified\n");
1743 return NULL;
1744 }
1745
1746 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1747 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1748 return NULL;
1749 }
1750 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1751 vs->x509cacert,
1752 GNUTLS_X509_FMT_PEM)) < 0) {
1753 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1754 gnutls_certificate_free_credentials(x509_cred);
1755 return NULL;
1756 }
1757
1758 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1759 vs->x509cert,
1760 vs->x509key,
1761 GNUTLS_X509_FMT_PEM)) < 0) {
1762 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1763 gnutls_certificate_free_credentials(x509_cred);
1764 return NULL;
1765 }
1766
1767 if (vs->x509cacrl) {
1768 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1769 vs->x509cacrl,
1770 GNUTLS_X509_FMT_PEM)) < 0) {
1771 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1772 gnutls_certificate_free_credentials(x509_cred);
1773 return NULL;
1774 }
1775 }
1776
1777 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1778
1779 return x509_cred;
1780 }
1781
1782 static int vnc_validate_certificate(struct VncState *vs)
1783 {
1784 int ret;
1785 unsigned int status;
1786 const gnutls_datum_t *certs;
1787 unsigned int nCerts, i;
1788 time_t now;
1789
1790 VNC_DEBUG("Validating client certificate\n");
1791 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1792 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1793 return -1;
1794 }
1795
1796 if ((now = time(NULL)) == ((time_t)-1)) {
1797 return -1;
1798 }
1799
1800 if (status != 0) {
1801 if (status & GNUTLS_CERT_INVALID)
1802 VNC_DEBUG("The certificate is not trusted.\n");
1803
1804 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1805 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1806
1807 if (status & GNUTLS_CERT_REVOKED)
1808 VNC_DEBUG("The certificate has been revoked.\n");
1809
1810 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1811 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1812
1813 return -1;
1814 } else {
1815 VNC_DEBUG("Certificate is valid!\n");
1816 }
1817
1818 /* Only support x509 for now */
1819 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1820 return -1;
1821
1822 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1823 return -1;
1824
1825 for (i = 0 ; i < nCerts ; i++) {
1826 gnutls_x509_crt_t cert;
1827 VNC_DEBUG ("Checking certificate chain %d\n", i);
1828 if (gnutls_x509_crt_init (&cert) < 0)
1829 return -1;
1830
1831 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1832 gnutls_x509_crt_deinit (cert);
1833 return -1;
1834 }
1835
1836 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1837 VNC_DEBUG("The certificate has expired\n");
1838 gnutls_x509_crt_deinit (cert);
1839 return -1;
1840 }
1841
1842 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1843 VNC_DEBUG("The certificate is not yet activated\n");
1844 gnutls_x509_crt_deinit (cert);
1845 return -1;
1846 }
1847
1848 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1849 VNC_DEBUG("The certificate is not yet activated\n");
1850 gnutls_x509_crt_deinit (cert);
1851 return -1;
1852 }
1853
1854 gnutls_x509_crt_deinit (cert);
1855 }
1856
1857 return 0;
1858 }
1859
1860
1861 static int start_auth_vencrypt_subauth(VncState *vs)
1862 {
1863 switch (vs->subauth) {
1864 case VNC_AUTH_VENCRYPT_TLSNONE:
1865 case VNC_AUTH_VENCRYPT_X509NONE:
1866 VNC_DEBUG("Accept TLS auth none\n");
1867 vnc_write_u32(vs, 0); /* Accept auth completion */
1868 vnc_read_when(vs, protocol_client_init, 1);
1869 break;
1870
1871 case VNC_AUTH_VENCRYPT_TLSVNC:
1872 case VNC_AUTH_VENCRYPT_X509VNC:
1873 VNC_DEBUG("Start TLS auth VNC\n");
1874 return start_auth_vnc(vs);
1875
1876 default: /* Should not be possible, but just in case */
1877 VNC_DEBUG("Reject auth %d\n", vs->auth);
1878 vnc_write_u8(vs, 1);
1879 if (vs->minor >= 8) {
1880 static const char err[] = "Unsupported authentication type";
1881 vnc_write_u32(vs, sizeof(err));
1882 vnc_write(vs, err, sizeof(err));
1883 }
1884 vnc_client_error(vs);
1885 }
1886
1887 return 0;
1888 }
1889
1890 static void vnc_handshake_io(void *opaque);
1891
1892 static int vnc_continue_handshake(struct VncState *vs) {
1893 int ret;
1894
1895 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1896 if (!gnutls_error_is_fatal(ret)) {
1897 VNC_DEBUG("Handshake interrupted (blocking)\n");
1898 if (!gnutls_record_get_direction(vs->tls_session))
1899 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1900 else
1901 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1902 return 0;
1903 }
1904 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1905 vnc_client_error(vs);
1906 return -1;
1907 }
1908
1909 if (vs->x509verify) {
1910 if (vnc_validate_certificate(vs) < 0) {
1911 VNC_DEBUG("Client verification failed\n");
1912 vnc_client_error(vs);
1913 return -1;
1914 } else {
1915 VNC_DEBUG("Client verification passed\n");
1916 }
1917 }
1918
1919 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1920 vs->wiremode = VNC_WIREMODE_TLS;
1921 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1922
1923 return start_auth_vencrypt_subauth(vs);
1924 }
1925
1926 static void vnc_handshake_io(void *opaque) {
1927 struct VncState *vs = (struct VncState *)opaque;
1928
1929 VNC_DEBUG("Handshake IO continue\n");
1930 vnc_continue_handshake(vs);
1931 }
1932
1933 #define NEED_X509_AUTH(vs) \
1934 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1935 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1936 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1937
1938
1939 static int vnc_start_tls(struct VncState *vs) {
1940 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1941 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1942 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1943 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1944
1945 VNC_DEBUG("Do TLS setup\n");
1946 if (vnc_tls_initialize() < 0) {
1947 VNC_DEBUG("Failed to init TLS\n");
1948 vnc_client_error(vs);
1949 return -1;
1950 }
1951 if (vs->tls_session == NULL) {
1952 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1953 vnc_client_error(vs);
1954 return -1;
1955 }
1956
1957 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1958 gnutls_deinit(vs->tls_session);
1959 vs->tls_session = NULL;
1960 vnc_client_error(vs);
1961 return -1;
1962 }
1963
1964 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1965 gnutls_deinit(vs->tls_session);
1966 vs->tls_session = NULL;
1967 vnc_client_error(vs);
1968 return -1;
1969 }
1970
1971 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1972 gnutls_deinit(vs->tls_session);
1973 vs->tls_session = NULL;
1974 vnc_client_error(vs);
1975 return -1;
1976 }
1977
1978 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1979 gnutls_deinit(vs->tls_session);
1980 vs->tls_session = NULL;
1981 vnc_client_error(vs);
1982 return -1;
1983 }
1984
1985 if (NEED_X509_AUTH(vs)) {
1986 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1987 if (!x509_cred) {
1988 gnutls_deinit(vs->tls_session);
1989 vs->tls_session = NULL;
1990 vnc_client_error(vs);
1991 return -1;
1992 }
1993 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1994 gnutls_deinit(vs->tls_session);
1995 vs->tls_session = NULL;
1996 gnutls_certificate_free_credentials(x509_cred);
1997 vnc_client_error(vs);
1998 return -1;
1999 }
2000 if (vs->x509verify) {
2001 VNC_DEBUG("Requesting a client certificate\n");
2002 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
2003 }
2004
2005 } else {
2006 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
2007 if (!anon_cred) {
2008 gnutls_deinit(vs->tls_session);
2009 vs->tls_session = NULL;
2010 vnc_client_error(vs);
2011 return -1;
2012 }
2013 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
2014 gnutls_deinit(vs->tls_session);
2015 vs->tls_session = NULL;
2016 gnutls_anon_free_server_credentials(anon_cred);
2017 vnc_client_error(vs);
2018 return -1;
2019 }
2020 }
2021
2022 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
2023 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
2024 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
2025 }
2026
2027 VNC_DEBUG("Start TLS handshake process\n");
2028 return vnc_continue_handshake(vs);
2029 }
2030
2031 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
2032 {
2033 int auth = read_u32(data, 0);
2034
2035 if (auth != vs->subauth) {
2036 VNC_DEBUG("Rejecting auth %d\n", auth);
2037 vnc_write_u8(vs, 0); /* Reject auth */
2038 vnc_flush(vs);
2039 vnc_client_error(vs);
2040 } else {
2041 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
2042 vnc_write_u8(vs, 1); /* Accept auth */
2043 vnc_flush(vs);
2044
2045 if (vnc_start_tls(vs) < 0) {
2046 VNC_DEBUG("Failed to complete TLS\n");
2047 return 0;
2048 }
2049
2050 if (vs->wiremode == VNC_WIREMODE_TLS) {
2051 VNC_DEBUG("Starting VeNCrypt subauth\n");
2052 return start_auth_vencrypt_subauth(vs);
2053 } else {
2054 VNC_DEBUG("TLS handshake blocked\n");
2055 return 0;
2056 }
2057 }
2058 return 0;
2059 }
2060
2061 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
2062 {
2063 if (data[0] != 0 ||
2064 data[1] != 2) {
2065 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
2066 vnc_write_u8(vs, 1); /* Reject version */
2067 vnc_flush(vs);
2068 vnc_client_error(vs);
2069 } else {
2070 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
2071 vnc_write_u8(vs, 0); /* Accept version */
2072 vnc_write_u8(vs, 1); /* Number of sub-auths */
2073 vnc_write_u32(vs, vs->subauth); /* The supported auth */
2074 vnc_flush(vs);
2075 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
2076 }
2077 return 0;
2078 }
2079
2080 static int start_auth_vencrypt(VncState *vs)
2081 {
2082 /* Send VeNCrypt version 0.2 */
2083 vnc_write_u8(vs, 0);
2084 vnc_write_u8(vs, 2);
2085
2086 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
2087 return 0;
2088 }
2089 #endif /* CONFIG_VNC_TLS */
2090
2091 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
2092 {
2093 /* We only advertise 1 auth scheme at a time, so client
2094 * must pick the one we sent. Verify this */
2095 if (data[0] != vs->auth) { /* Reject auth */
2096 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
2097 vnc_write_u32(vs, 1);
2098 if (vs->minor >= 8) {
2099 static const char err[] = "Authentication failed";
2100 vnc_write_u32(vs, sizeof(err));
2101 vnc_write(vs, err, sizeof(err));
2102 }
2103 vnc_client_error(vs);
2104 } else { /* Accept requested auth */
2105 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
2106 switch (vs->auth) {
2107 case VNC_AUTH_NONE:
2108 VNC_DEBUG("Accept auth none\n");
2109 if (vs->minor >= 8) {
2110 vnc_write_u32(vs, 0); /* Accept auth completion */
2111 vnc_flush(vs);
2112 }
2113 vnc_read_when(vs, protocol_client_init, 1);
2114 break;
2115
2116 case VNC_AUTH_VNC:
2117 VNC_DEBUG("Start VNC auth\n");
2118 return start_auth_vnc(vs);
2119
2120 #ifdef CONFIG_VNC_TLS
2121 case VNC_AUTH_VENCRYPT:
2122 VNC_DEBUG("Accept VeNCrypt auth\n");;
2123 return start_auth_vencrypt(vs);
2124 #endif /* CONFIG_VNC_TLS */
2125
2126 default: /* Should not be possible, but just in case */
2127 VNC_DEBUG("Reject auth %d\n", vs->auth);
2128 vnc_write_u8(vs, 1);
2129 if (vs->minor >= 8) {
2130 static const char err[] = "Authentication failed";
2131 vnc_write_u32(vs, sizeof(err));
2132 vnc_write(vs, err, sizeof(err));
2133 }
2134 vnc_client_error(vs);
2135 }
2136 }
2137 return 0;
2138 }
2139
2140 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2141 {
2142 char local[13];
2143
2144 memcpy(local, version, 12);
2145 local[12] = 0;
2146
2147 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2148 VNC_DEBUG("Malformed protocol version %s\n", local);
2149 vnc_client_error(vs);
2150 return 0;
2151 }
2152 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2153 if (vs->major != 3 ||
2154 (vs->minor != 3 &&
2155 vs->minor != 4 &&
2156 vs->minor != 5 &&
2157 vs->minor != 7 &&
2158 vs->minor != 8)) {
2159 VNC_DEBUG("Unsupported client version\n");
2160 vnc_write_u32(vs, VNC_AUTH_INVALID);
2161 vnc_flush(vs);
2162 vnc_client_error(vs);
2163 return 0;
2164 }
2165 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2166 * as equivalent to v3.3 by servers
2167 */
2168 if (vs->minor == 4 || vs->minor == 5)
2169 vs->minor = 3;
2170
2171 if (vs->minor == 3) {
2172 if (vs->auth == VNC_AUTH_NONE) {
2173 VNC_DEBUG("Tell client auth none\n");
2174 vnc_write_u32(vs, vs->auth);
2175 vnc_flush(vs);
2176 vnc_read_when(vs, protocol_client_init, 1);
2177 } else if (vs->auth == VNC_AUTH_VNC) {
2178 VNC_DEBUG("Tell client VNC auth\n");
2179 vnc_write_u32(vs, vs->auth);
2180 vnc_flush(vs);
2181 start_auth_vnc(vs);
2182 } else {
2183 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2184 vnc_write_u32(vs, VNC_AUTH_INVALID);
2185 vnc_flush(vs);
2186 vnc_client_error(vs);
2187 }
2188 } else {
2189 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2190 vnc_write_u8(vs, 1); /* num auth */
2191 vnc_write_u8(vs, vs->auth);
2192 vnc_read_when(vs, protocol_client_auth, 1);
2193 vnc_flush(vs);
2194 }
2195
2196 return 0;
2197 }
2198
2199 static void vnc_connect(VncState *vs)
2200 {
2201 VNC_DEBUG("New client on socket %d\n", vs->csock);
2202 dcl->idle = 0;
2203 socket_set_nonblock(vs->csock);
2204 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2205 vnc_write(vs, "RFB 003.008\n", 12);
2206 vnc_flush(vs);
2207 vnc_read_when(vs, protocol_version, 12);
2208 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2209 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2210 vs->has_resize = 0;
2211 vs->has_hextile = 0;
2212 dcl->dpy_copy = NULL;
2213 vnc_update_client(vs);
2214 reset_keys(vs);
2215 }
2216
2217 static void vnc_listen_read(void *opaque)
2218 {
2219 VncState *vs = opaque;
2220 struct sockaddr_in addr;
2221 socklen_t addrlen = sizeof(addr);
2222
2223 /* Catch-up */
2224 vga_hw_update();
2225
2226 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2227 if (vs->csock != -1) {
2228 vnc_connect(vs);
2229 }
2230 }
2231
2232 void vnc_display_init(DisplayState *ds)
2233 {
2234 VncState *vs;
2235
2236 vs = qemu_mallocz(sizeof(VncState));
2237 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2238 if (!vs || !dcl)
2239 exit(1);
2240
2241 ds->opaque = vs;
2242 dcl->idle = 1;
2243 vnc_state = vs;
2244 vs->display = NULL;
2245 vs->password = NULL;
2246
2247 vs->lsock = -1;
2248 vs->csock = -1;
2249 vs->last_x = -1;
2250 vs->last_y = -1;
2251
2252 vs->ds = ds;
2253
2254 if (keyboard_layout)
2255 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2256 else
2257 vs->kbd_layout = init_keyboard_layout("en-us");
2258
2259 if (!vs->kbd_layout)
2260 exit(1);
2261
2262 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2263
2264 dcl->dpy_update = vnc_dpy_update;
2265 dcl->dpy_resize = vnc_dpy_resize;
2266 dcl->dpy_setdata = vnc_dpy_setdata;
2267 dcl->dpy_refresh = NULL;
2268 register_displaychangelistener(ds, dcl);
2269
2270 vs->as.freq = 44100;
2271 vs->as.nchannels = 2;
2272 vs->as.fmt = AUD_FMT_S16;
2273 vs->as.endianness = 0;
2274 }
2275
2276 #ifdef CONFIG_VNC_TLS
2277 static int vnc_set_x509_credential(VncState *vs,
2278 const char *certdir,
2279 const char *filename,
2280 char **cred,
2281 int ignoreMissing)
2282 {
2283 struct stat sb;
2284
2285 if (*cred) {
2286 qemu_free(*cred);
2287 *cred = NULL;
2288 }
2289
2290 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2291 return -1;
2292
2293 strcpy(*cred, certdir);
2294 strcat(*cred, "/");
2295 strcat(*cred, filename);
2296
2297 VNC_DEBUG("Check %s\n", *cred);
2298 if (stat(*cred, &sb) < 0) {
2299 qemu_free(*cred);
2300 *cred = NULL;
2301 if (ignoreMissing && errno == ENOENT)
2302 return 0;
2303 return -1;
2304 }
2305
2306 return 0;
2307 }
2308
2309 static int vnc_set_x509_credential_dir(VncState *vs,
2310 const char *certdir)
2311 {
2312 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2313 goto cleanup;
2314 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2315 goto cleanup;
2316 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2317 goto cleanup;
2318 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2319 goto cleanup;
2320
2321 return 0;
2322
2323 cleanup:
2324 qemu_free(vs->x509cacert);
2325 qemu_free(vs->x509cacrl);
2326 qemu_free(vs->x509cert);
2327 qemu_free(vs->x509key);
2328 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2329 return -1;
2330 }
2331 #endif /* CONFIG_VNC_TLS */
2332
2333 void vnc_display_close(DisplayState *ds)
2334 {
2335 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2336
2337 if (vs->display) {
2338 qemu_free(vs->display);
2339 vs->display = NULL;
2340 }
2341 if (vs->lsock != -1) {
2342 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2343 close(vs->lsock);
2344 vs->lsock = -1;
2345 }
2346 if (vs->csock != -1) {
2347 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2348 closesocket(vs->csock);
2349 vs->csock = -1;
2350 buffer_reset(&vs->input);
2351 buffer_reset(&vs->output);
2352 vs->need_update = 0;
2353 #ifdef CONFIG_VNC_TLS
2354 if (vs->tls_session) {
2355 gnutls_deinit(vs->tls_session);
2356 vs->tls_session = NULL;
2357 }
2358 vs->wiremode = VNC_WIREMODE_CLEAR;
2359 #endif /* CONFIG_VNC_TLS */
2360 }
2361 vs->auth = VNC_AUTH_INVALID;
2362 #ifdef CONFIG_VNC_TLS
2363 vs->subauth = VNC_AUTH_INVALID;
2364 vs->x509verify = 0;
2365 #endif
2366 audio_del(vs);
2367 }
2368
2369 int vnc_display_password(DisplayState *ds, const char *password)
2370 {
2371 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2372
2373 if (vs->password) {
2374 qemu_free(vs->password);
2375 vs->password = NULL;
2376 }
2377 if (password && password[0]) {
2378 if (!(vs->password = qemu_strdup(password)))
2379 return -1;
2380 }
2381
2382 return 0;
2383 }
2384
2385 int vnc_display_open(DisplayState *ds, const char *display)
2386 {
2387 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2388 const char *options;
2389 int password = 0;
2390 int reverse = 0;
2391 int to_port = 0;
2392 #ifdef CONFIG_VNC_TLS
2393 int tls = 0, x509 = 0;
2394 #endif
2395
2396 vnc_display_close(ds);
2397 if (strcmp(display, "none") == 0)
2398 return 0;
2399
2400 if (!(vs->display = strdup(display)))
2401 return -1;
2402
2403 options = display;
2404 while ((options = strchr(options, ','))) {
2405 options++;
2406 if (strncmp(options, "password", 8) == 0) {
2407 password = 1; /* Require password auth */
2408 } else if (strncmp(options, "reverse", 7) == 0) {
2409 reverse = 1;
2410 } else if (strncmp(options, "to=", 3) == 0) {
2411 to_port = atoi(options+3) + 5900;
2412 #ifdef CONFIG_VNC_TLS
2413 } else if (strncmp(options, "tls", 3) == 0) {
2414 tls = 1; /* Require TLS */
2415 } else if (strncmp(options, "x509", 4) == 0) {
2416 char *start, *end;
2417 x509 = 1; /* Require x509 certificates */
2418 if (strncmp(options, "x509verify", 10) == 0)
2419 vs->x509verify = 1; /* ...and verify client certs */
2420
2421 /* Now check for 'x509=/some/path' postfix
2422 * and use that to setup x509 certificate/key paths */
2423 start = strchr(options, '=');
2424 end = strchr(options, ',');
2425 if (start && (!end || (start < end))) {
2426 int len = end ? end-(start+1) : strlen(start+1);
2427 char *path = qemu_strndup(start + 1, len);
2428
2429 VNC_DEBUG("Trying certificate path '%s'\n", path);
2430 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2431 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2432 qemu_free(path);
2433 qemu_free(vs->display);
2434 vs->display = NULL;
2435 return -1;
2436 }
2437 qemu_free(path);
2438 } else {
2439 fprintf(stderr, "No certificate path provided\n");
2440 qemu_free(vs->display);
2441 vs->display = NULL;
2442 return -1;
2443 }
2444 #endif
2445 }
2446 }
2447
2448 if (password) {
2449 #ifdef CONFIG_VNC_TLS
2450 if (tls) {
2451 vs->auth = VNC_AUTH_VENCRYPT;
2452 if (x509) {
2453 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2454 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2455 } else {
2456 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2457 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2458 }
2459 } else {
2460 #endif
2461 VNC_DEBUG("Initializing VNC server with password auth\n");
2462 vs->auth = VNC_AUTH_VNC;
2463 #ifdef CONFIG_VNC_TLS
2464 vs->subauth = VNC_AUTH_INVALID;
2465 }
2466 #endif
2467 } else {
2468 #ifdef CONFIG_VNC_TLS
2469 if (tls) {
2470 vs->auth = VNC_AUTH_VENCRYPT;
2471 if (x509) {
2472 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2473 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2474 } else {
2475 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2476 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2477 }
2478 } else {
2479 #endif
2480 VNC_DEBUG("Initializing VNC server with no auth\n");
2481 vs->auth = VNC_AUTH_NONE;
2482 #ifdef CONFIG_VNC_TLS
2483 vs->subauth = VNC_AUTH_INVALID;
2484 }
2485 #endif
2486 }
2487
2488 if (reverse) {
2489 /* connect to viewer */
2490 if (strncmp(display, "unix:", 5) == 0)
2491 vs->lsock = unix_connect(display+5);
2492 else
2493 vs->lsock = inet_connect(display, SOCK_STREAM);
2494 if (-1 == vs->lsock) {
2495 free(vs->display);
2496 vs->display = NULL;
2497 return -1;
2498 } else {
2499 vs->csock = vs->lsock;
2500 vs->lsock = -1;
2501 vnc_connect(vs);
2502 }
2503 return 0;
2504
2505 } else {
2506 /* listen for connects */
2507 char *dpy;
2508 dpy = qemu_malloc(256);
2509 if (strncmp(display, "unix:", 5) == 0) {
2510 pstrcpy(dpy, 256, "unix:");
2511 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2512 } else {
2513 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2514 }
2515 if (-1 == vs->lsock) {
2516 free(dpy);
2517 return -1;
2518 } else {
2519 free(vs->display);
2520 vs->display = dpy;
2521 }
2522 }
2523
2524 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2525 }
Qemu copy for testing