]> git.proxmox.com Git - qemu.git/blob - vnc.c
projects / qemu.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Split VNC defines to vnc.h (Alexander Graf)
[qemu.git] / vnc.c
1 /*
2 * QEMU VNC display driver
3 *
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
6 *
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
13 *
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
16 *
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23 * THE SOFTWARE.
24 */
25
26 #include "qemu-common.h"
27 #include "console.h"
28 #include "sysemu.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "audio/audio.h"
32
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
34
35 #include "vnc.h"
36 #include "vnc_keysym.h"
37 #include "keymaps.c"
38 #include "d3des.h"
39
40 #ifdef CONFIG_VNC_TLS
41 #include <gnutls/gnutls.h>
42 #include <gnutls/x509.h>
43 #endif /* CONFIG_VNC_TLS */
44
45 // #define _VNC_DEBUG 1
46
47 #ifdef _VNC_DEBUG
48 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
49
50 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
51 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
52 static void vnc_debug_gnutls_log(int level, const char* str) {
53 VNC_DEBUG("%d %s", level, str);
54 }
55 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
56 #else
57 #define VNC_DEBUG(fmt, ...) do { } while (0)
58 #endif
59
60 #define count_bits(c, v) { \
61 for (c = 0; v; v >>= 1) \
62 { \
63 c += v & 1; \
64 } \
65 }
66
67 typedef struct Buffer
68 {
69 size_t capacity;
70 size_t offset;
71 uint8_t *buffer;
72 } Buffer;
73
74 typedef struct VncState VncState;
75
76 typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
77
78 typedef void VncWritePixels(VncState *vs, void *data, int size);
79
80 typedef void VncSendHextileTile(VncState *vs,
81 int x, int y, int w, int h,
82 void *last_bg,
83 void *last_fg,
84 int *has_bg, int *has_fg);
85
86 #define VNC_MAX_WIDTH 2048
87 #define VNC_MAX_HEIGHT 2048
88 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
89
90 #define VNC_AUTH_CHALLENGE_SIZE 16
91
92 struct VncState
93 {
94 QEMUTimer *timer;
95 int lsock;
96 int csock;
97 DisplayState *ds;
98 int need_update;
99 uint32_t dirty_row[VNC_MAX_HEIGHT][VNC_DIRTY_WORDS];
100 char *old_data;
101 int has_resize;
102 int has_hextile;
103 int has_pointer_type_change;
104 int has_WMVi;
105 int absolute;
106 int last_x;
107 int last_y;
108
109 int major;
110 int minor;
111
112 char *display;
113 char *password;
114 int auth;
115 #ifdef CONFIG_VNC_TLS
116 int subauth;
117 int x509verify;
118
119 char *x509cacert;
120 char *x509cacrl;
121 char *x509cert;
122 char *x509key;
123 #endif
124 char challenge[VNC_AUTH_CHALLENGE_SIZE];
125
126 #ifdef CONFIG_VNC_TLS
127 int wiremode;
128 gnutls_session_t tls_session;
129 #endif
130
131 Buffer output;
132 Buffer input;
133 kbd_layout_t *kbd_layout;
134 /* current output mode information */
135 VncWritePixels *write_pixels;
136 VncSendHextileTile *send_hextile_tile;
137 DisplaySurface clientds, serverds;
138
139 CaptureVoiceOut *audio_cap;
140 struct audsettings as;
141
142 VncReadEvent *read_handler;
143 size_t read_handler_expect;
144 /* input */
145 uint8_t modifiers_state[256];
146 };
147
148 static VncState *vnc_state; /* needed for info vnc */
149 static DisplayChangeListener *dcl;
150
151 void do_info_vnc(void)
152 {
153 if (vnc_state == NULL || vnc_state->display == NULL)
154 term_printf("VNC server disabled\n");
155 else {
156 term_printf("VNC server active on: ");
157 term_print_filename(vnc_state->display);
158 term_printf("\n");
159
160 if (vnc_state->csock == -1)
161 term_printf("No client connected\n");
162 else
163 term_printf("Client connected\n");
164 }
165 }
166
167 /* TODO
168 1) Get the queue working for IO.
169 2) there is some weirdness when using the -S option (the screen is grey
170 and not totally invalidated
171 3) resolutions > 1024
172 */
173
174 static void vnc_write(VncState *vs, const void *data, size_t len);
175 static void vnc_write_u32(VncState *vs, uint32_t value);
176 static void vnc_write_s32(VncState *vs, int32_t value);
177 static void vnc_write_u16(VncState *vs, uint16_t value);
178 static void vnc_write_u8(VncState *vs, uint8_t value);
179 static void vnc_flush(VncState *vs);
180 static void vnc_update_client(void *opaque);
181 static void vnc_client_read(void *opaque);
182
183 static void vnc_colordepth(DisplayState *ds);
184
185 static inline void vnc_set_bit(uint32_t *d, int k)
186 {
187 d[k >> 5] |= 1 << (k & 0x1f);
188 }
189
190 static inline void vnc_clear_bit(uint32_t *d, int k)
191 {
192 d[k >> 5] &= ~(1 << (k & 0x1f));
193 }
194
195 static inline void vnc_set_bits(uint32_t *d, int n, int nb_words)
196 {
197 int j;
198
199 j = 0;
200 while (n >= 32) {
201 d[j++] = -1;
202 n -= 32;
203 }
204 if (n > 0)
205 d[j++] = (1 << n) - 1;
206 while (j < nb_words)
207 d[j++] = 0;
208 }
209
210 static inline int vnc_get_bit(const uint32_t *d, int k)
211 {
212 return (d[k >> 5] >> (k & 0x1f)) & 1;
213 }
214
215 static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
216 int nb_words)
217 {
218 int i;
219 for(i = 0; i < nb_words; i++) {
220 if ((d1[i] & d2[i]) != 0)
221 return 1;
222 }
223 return 0;
224 }
225
226 static void vnc_dpy_update(DisplayState *ds, int x, int y, int w, int h)
227 {
228 VncState *vs = ds->opaque;
229 int i;
230
231 h += y;
232
233 /* round x down to ensure the loop only spans one 16-pixel block per,
234 iteration. otherwise, if (x % 16) != 0, the last iteration may span
235 two 16-pixel blocks but we only mark the first as dirty
236 */
237 w += (x % 16);
238 x -= (x % 16);
239
240 x = MIN(x, vs->serverds.width);
241 y = MIN(y, vs->serverds.height);
242 w = MIN(x + w, vs->serverds.width) - x;
243 h = MIN(h, vs->serverds.height);
244
245 for (; y < h; y++)
246 for (i = 0; i < w; i += 16)
247 vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
248 }
249
250 static void vnc_framebuffer_update(VncState *vs, int x, int y, int w, int h,
251 int32_t encoding)
252 {
253 vnc_write_u16(vs, x);
254 vnc_write_u16(vs, y);
255 vnc_write_u16(vs, w);
256 vnc_write_u16(vs, h);
257
258 vnc_write_s32(vs, encoding);
259 }
260
261 static void vnc_dpy_resize(DisplayState *ds)
262 {
263 int size_changed;
264 VncState *vs = ds->opaque;
265
266 vs->old_data = qemu_realloc(vs->old_data, ds_get_linesize(ds) * ds_get_height(ds));
267
268 if (vs->old_data == NULL) {
269 fprintf(stderr, "vnc: memory allocation failed\n");
270 exit(1);
271 }
272
273 if (ds_get_bytes_per_pixel(ds) != vs->serverds.pf.bytes_per_pixel)
274 console_color_init(ds);
275 vnc_colordepth(ds);
276 size_changed = ds_get_width(ds) != vs->serverds.width ||
277 ds_get_height(ds) != vs->serverds.height;
278 vs->serverds = *(ds->surface);
279 if (size_changed) {
280 if (vs->csock != -1 && vs->has_resize) {
281 vnc_write_u8(vs, 0); /* msg id */
282 vnc_write_u8(vs, 0);
283 vnc_write_u16(vs, 1); /* number of rects */
284 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), -223);
285 vnc_flush(vs);
286 }
287 }
288
289 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
290 memset(vs->old_data, 42, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
291 }
292
293 /* fastest code */
294 static void vnc_write_pixels_copy(VncState *vs, void *pixels, int size)
295 {
296 vnc_write(vs, pixels, size);
297 }
298
299 /* slowest but generic code. */
300 static void vnc_convert_pixel(VncState *vs, uint8_t *buf, uint32_t v)
301 {
302 uint8_t r, g, b;
303
304 r = ((((v & vs->serverds.pf.rmask) >> vs->serverds.pf.rshift) << vs->clientds.pf.rbits) >>
305 vs->serverds.pf.rbits);
306 g = ((((v & vs->serverds.pf.gmask) >> vs->serverds.pf.gshift) << vs->clientds.pf.gbits) >>
307 vs->serverds.pf.gbits);
308 b = ((((v & vs->serverds.pf.bmask) >> vs->serverds.pf.bshift) << vs->clientds.pf.bbits) >>
309 vs->serverds.pf.bbits);
310 v = (r << vs->clientds.pf.rshift) |
311 (g << vs->clientds.pf.gshift) |
312 (b << vs->clientds.pf.bshift);
313 switch(vs->clientds.pf.bytes_per_pixel) {
314 case 1:
315 buf[0] = v;
316 break;
317 case 2:
318 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
319 buf[0] = v >> 8;
320 buf[1] = v;
321 } else {
322 buf[1] = v >> 8;
323 buf[0] = v;
324 }
325 break;
326 default:
327 case 4:
328 if (vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) {
329 buf[0] = v >> 24;
330 buf[1] = v >> 16;
331 buf[2] = v >> 8;
332 buf[3] = v;
333 } else {
334 buf[3] = v >> 24;
335 buf[2] = v >> 16;
336 buf[1] = v >> 8;
337 buf[0] = v;
338 }
339 break;
340 }
341 }
342
343 static void vnc_write_pixels_generic(VncState *vs, void *pixels1, int size)
344 {
345 uint8_t buf[4];
346
347 if (vs->serverds.pf.bytes_per_pixel == 4) {
348 uint32_t *pixels = pixels1;
349 int n, i;
350 n = size >> 2;
351 for(i = 0; i < n; i++) {
352 vnc_convert_pixel(vs, buf, pixels[i]);
353 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
354 }
355 } else if (vs->serverds.pf.bytes_per_pixel == 2) {
356 uint16_t *pixels = pixels1;
357 int n, i;
358 n = size >> 1;
359 for(i = 0; i < n; i++) {
360 vnc_convert_pixel(vs, buf, pixels[i]);
361 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
362 }
363 } else if (vs->serverds.pf.bytes_per_pixel == 1) {
364 uint8_t *pixels = pixels1;
365 int n, i;
366 n = size;
367 for(i = 0; i < n; i++) {
368 vnc_convert_pixel(vs, buf, pixels[i]);
369 vnc_write(vs, buf, vs->clientds.pf.bytes_per_pixel);
370 }
371 } else {
372 fprintf(stderr, "vnc_write_pixels_generic: VncState color depth not supported\n");
373 }
374 }
375
376 static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
377 {
378 int i;
379 uint8_t *row;
380
381 vnc_framebuffer_update(vs, x, y, w, h, 0);
382
383 row = ds_get_data(vs->ds) + y * ds_get_linesize(vs->ds) + x * ds_get_bytes_per_pixel(vs->ds);
384 for (i = 0; i < h; i++) {
385 vs->write_pixels(vs, row, w * ds_get_bytes_per_pixel(vs->ds));
386 row += ds_get_linesize(vs->ds);
387 }
388 }
389
390 static void hextile_enc_cord(uint8_t *ptr, int x, int y, int w, int h)
391 {
392 ptr[0] = ((x & 0x0F) << 4) | (y & 0x0F);
393 ptr[1] = (((w - 1) & 0x0F) << 4) | ((h - 1) & 0x0F);
394 }
395
396 #define BPP 8
397 #include "vnchextile.h"
398 #undef BPP
399
400 #define BPP 16
401 #include "vnchextile.h"
402 #undef BPP
403
404 #define BPP 32
405 #include "vnchextile.h"
406 #undef BPP
407
408 #define GENERIC
409 #define BPP 8
410 #include "vnchextile.h"
411 #undef BPP
412 #undef GENERIC
413
414 #define GENERIC
415 #define BPP 16
416 #include "vnchextile.h"
417 #undef BPP
418 #undef GENERIC
419
420 #define GENERIC
421 #define BPP 32
422 #include "vnchextile.h"
423 #undef BPP
424 #undef GENERIC
425
426 static void send_framebuffer_update_hextile(VncState *vs, int x, int y, int w, int h)
427 {
428 int i, j;
429 int has_fg, has_bg;
430 uint8_t *last_fg, *last_bg;
431
432 vnc_framebuffer_update(vs, x, y, w, h, 5);
433
434 last_fg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
435 last_bg = (uint8_t *) malloc(vs->serverds.pf.bytes_per_pixel);
436 has_fg = has_bg = 0;
437 for (j = y; j < (y + h); j += 16) {
438 for (i = x; i < (x + w); i += 16) {
439 vs->send_hextile_tile(vs, i, j,
440 MIN(16, x + w - i), MIN(16, y + h - j),
441 last_bg, last_fg, &has_bg, &has_fg);
442 }
443 }
444 free(last_fg);
445 free(last_bg);
446
447 }
448
449 static void send_framebuffer_update(VncState *vs, int x, int y, int w, int h)
450 {
451 if (vs->has_hextile)
452 send_framebuffer_update_hextile(vs, x, y, w, h);
453 else
454 send_framebuffer_update_raw(vs, x, y, w, h);
455 }
456
457 static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
458 {
459 VncState *vs = ds->opaque;
460
461 vnc_update_client(vs);
462
463 vnc_write_u8(vs, 0); /* msg id */
464 vnc_write_u8(vs, 0);
465 vnc_write_u16(vs, 1); /* number of rects */
466 vnc_framebuffer_update(vs, dst_x, dst_y, w, h, 1);
467 vnc_write_u16(vs, src_x);
468 vnc_write_u16(vs, src_y);
469 vnc_flush(vs);
470 }
471
472 static int find_dirty_height(VncState *vs, int y, int last_x, int x)
473 {
474 int h;
475
476 for (h = 1; h < (vs->serverds.height - y); h++) {
477 int tmp_x;
478 if (!vnc_get_bit(vs->dirty_row[y + h], last_x))
479 break;
480 for (tmp_x = last_x; tmp_x < x; tmp_x++)
481 vnc_clear_bit(vs->dirty_row[y + h], tmp_x);
482 }
483
484 return h;
485 }
486
487 static void vnc_update_client(void *opaque)
488 {
489 VncState *vs = opaque;
490
491 if (vs->need_update && vs->csock != -1) {
492 int y;
493 uint8_t *row;
494 char *old_row;
495 uint32_t width_mask[VNC_DIRTY_WORDS];
496 int n_rectangles;
497 int saved_offset;
498 int has_dirty = 0;
499
500 vga_hw_update();
501
502 vnc_set_bits(width_mask, (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
503
504 /* Walk through the dirty map and eliminate tiles that
505 really aren't dirty */
506 row = ds_get_data(vs->ds);
507 old_row = vs->old_data;
508
509 for (y = 0; y < ds_get_height(vs->ds); y++) {
510 if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
511 int x;
512 uint8_t *ptr;
513 char *old_ptr;
514
515 ptr = row;
516 old_ptr = (char*)old_row;
517
518 for (x = 0; x < ds_get_width(vs->ds); x += 16) {
519 if (memcmp(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds)) == 0) {
520 vnc_clear_bit(vs->dirty_row[y], (x / 16));
521 } else {
522 has_dirty = 1;
523 memcpy(old_ptr, ptr, 16 * ds_get_bytes_per_pixel(vs->ds));
524 }
525
526 ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
527 old_ptr += 16 * ds_get_bytes_per_pixel(vs->ds);
528 }
529 }
530
531 row += ds_get_linesize(vs->ds);
532 old_row += ds_get_linesize(vs->ds);
533 }
534
535 if (!has_dirty && !vs->audio_cap) {
536 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
537 return;
538 }
539
540 /* Count rectangles */
541 n_rectangles = 0;
542 vnc_write_u8(vs, 0); /* msg id */
543 vnc_write_u8(vs, 0);
544 saved_offset = vs->output.offset;
545 vnc_write_u16(vs, 0);
546
547 for (y = 0; y < vs->serverds.height; y++) {
548 int x;
549 int last_x = -1;
550 for (x = 0; x < vs->serverds.width / 16; x++) {
551 if (vnc_get_bit(vs->dirty_row[y], x)) {
552 if (last_x == -1) {
553 last_x = x;
554 }
555 vnc_clear_bit(vs->dirty_row[y], x);
556 } else {
557 if (last_x != -1) {
558 int h = find_dirty_height(vs, y, last_x, x);
559 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
560 n_rectangles++;
561 }
562 last_x = -1;
563 }
564 }
565 if (last_x != -1) {
566 int h = find_dirty_height(vs, y, last_x, x);
567 send_framebuffer_update(vs, last_x * 16, y, (x - last_x) * 16, h);
568 n_rectangles++;
569 }
570 }
571 vs->output.buffer[saved_offset] = (n_rectangles >> 8) & 0xFF;
572 vs->output.buffer[saved_offset + 1] = n_rectangles & 0xFF;
573 vnc_flush(vs);
574
575 }
576
577 if (vs->csock != -1) {
578 qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
579 }
580
581 }
582
583 static int vnc_listen_poll(void *opaque)
584 {
585 VncState *vs = opaque;
586 if (vs->csock == -1)
587 return 1;
588 return 0;
589 }
590
591 static void buffer_reserve(Buffer *buffer, size_t len)
592 {
593 if ((buffer->capacity - buffer->offset) < len) {
594 buffer->capacity += (len + 1024);
595 buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
596 if (buffer->buffer == NULL) {
597 fprintf(stderr, "vnc: out of memory\n");
598 exit(1);
599 }
600 }
601 }
602
603 static int buffer_empty(Buffer *buffer)
604 {
605 return buffer->offset == 0;
606 }
607
608 static uint8_t *buffer_end(Buffer *buffer)
609 {
610 return buffer->buffer + buffer->offset;
611 }
612
613 static void buffer_reset(Buffer *buffer)
614 {
615 buffer->offset = 0;
616 }
617
618 static void buffer_append(Buffer *buffer, const void *data, size_t len)
619 {
620 memcpy(buffer->buffer + buffer->offset, data, len);
621 buffer->offset += len;
622 }
623
624 /* audio */
625 static void audio_capture_notify(void *opaque, audcnotification_e cmd)
626 {
627 VncState *vs = opaque;
628
629 switch (cmd) {
630 case AUD_CNOTIFY_DISABLE:
631 vnc_write_u8(vs, 255);
632 vnc_write_u8(vs, 1);
633 vnc_write_u16(vs, 0);
634 vnc_flush(vs);
635 break;
636
637 case AUD_CNOTIFY_ENABLE:
638 vnc_write_u8(vs, 255);
639 vnc_write_u8(vs, 1);
640 vnc_write_u16(vs, 1);
641 vnc_flush(vs);
642 break;
643 }
644 }
645
646 static void audio_capture_destroy(void *opaque)
647 {
648 }
649
650 static void audio_capture(void *opaque, void *buf, int size)
651 {
652 VncState *vs = opaque;
653
654 vnc_write_u8(vs, 255);
655 vnc_write_u8(vs, 1);
656 vnc_write_u16(vs, 2);
657 vnc_write_u32(vs, size);
658 vnc_write(vs, buf, size);
659 vnc_flush(vs);
660 }
661
662 static void audio_add(VncState *vs)
663 {
664 struct audio_capture_ops ops;
665
666 if (vs->audio_cap) {
667 term_printf ("audio already running\n");
668 return;
669 }
670
671 ops.notify = audio_capture_notify;
672 ops.destroy = audio_capture_destroy;
673 ops.capture = audio_capture;
674
675 vs->audio_cap = AUD_add_capture(NULL, &vs->as, &ops, vs);
676 if (!vs->audio_cap) {
677 term_printf ("Failed to add audio capture\n");
678 }
679 }
680
681 static void audio_del(VncState *vs)
682 {
683 if (vs->audio_cap) {
684 AUD_del_capture(vs->audio_cap, vs);
685 vs->audio_cap = NULL;
686 }
687 }
688
689 static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
690 {
691 if (ret == 0 || ret == -1) {
692 if (ret == -1) {
693 switch (last_errno) {
694 case EINTR:
695 case EAGAIN:
696 #ifdef _WIN32
697 case WSAEWOULDBLOCK:
698 #endif
699 return 0;
700 default:
701 break;
702 }
703 }
704
705 VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
706 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
707 closesocket(vs->csock);
708 vs->csock = -1;
709 dcl->idle = 1;
710 buffer_reset(&vs->input);
711 buffer_reset(&vs->output);
712 vs->need_update = 0;
713 #ifdef CONFIG_VNC_TLS
714 if (vs->tls_session) {
715 gnutls_deinit(vs->tls_session);
716 vs->tls_session = NULL;
717 }
718 vs->wiremode = VNC_WIREMODE_CLEAR;
719 #endif /* CONFIG_VNC_TLS */
720 audio_del(vs);
721 return 0;
722 }
723 return ret;
724 }
725
726 static void vnc_client_error(VncState *vs)
727 {
728 vnc_client_io_error(vs, -1, EINVAL);
729 }
730
731 static void vnc_client_write(void *opaque)
732 {
733 long ret;
734 VncState *vs = opaque;
735
736 #ifdef CONFIG_VNC_TLS
737 if (vs->tls_session) {
738 ret = gnutls_write(vs->tls_session, vs->output.buffer, vs->output.offset);
739 if (ret < 0) {
740 if (ret == GNUTLS_E_AGAIN)
741 errno = EAGAIN;
742 else
743 errno = EIO;
744 ret = -1;
745 }
746 } else
747 #endif /* CONFIG_VNC_TLS */
748 ret = send(vs->csock, vs->output.buffer, vs->output.offset, 0);
749 ret = vnc_client_io_error(vs, ret, socket_error());
750 if (!ret)
751 return;
752
753 memmove(vs->output.buffer, vs->output.buffer + ret, (vs->output.offset - ret));
754 vs->output.offset -= ret;
755
756 if (vs->output.offset == 0) {
757 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
758 }
759 }
760
761 static void vnc_read_when(VncState *vs, VncReadEvent *func, size_t expecting)
762 {
763 vs->read_handler = func;
764 vs->read_handler_expect = expecting;
765 }
766
767 static void vnc_client_read(void *opaque)
768 {
769 VncState *vs = opaque;
770 long ret;
771
772 buffer_reserve(&vs->input, 4096);
773
774 #ifdef CONFIG_VNC_TLS
775 if (vs->tls_session) {
776 ret = gnutls_read(vs->tls_session, buffer_end(&vs->input), 4096);
777 if (ret < 0) {
778 if (ret == GNUTLS_E_AGAIN)
779 errno = EAGAIN;
780 else
781 errno = EIO;
782 ret = -1;
783 }
784 } else
785 #endif /* CONFIG_VNC_TLS */
786 ret = recv(vs->csock, buffer_end(&vs->input), 4096, 0);
787 ret = vnc_client_io_error(vs, ret, socket_error());
788 if (!ret)
789 return;
790
791 vs->input.offset += ret;
792
793 while (vs->read_handler && vs->input.offset >= vs->read_handler_expect) {
794 size_t len = vs->read_handler_expect;
795 int ret;
796
797 ret = vs->read_handler(vs, vs->input.buffer, len);
798 if (vs->csock == -1)
799 return;
800
801 if (!ret) {
802 memmove(vs->input.buffer, vs->input.buffer + len, (vs->input.offset - len));
803 vs->input.offset -= len;
804 } else {
805 vs->read_handler_expect = ret;
806 }
807 }
808 }
809
810 static void vnc_write(VncState *vs, const void *data, size_t len)
811 {
812 buffer_reserve(&vs->output, len);
813
814 if (buffer_empty(&vs->output)) {
815 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
816 }
817
818 buffer_append(&vs->output, data, len);
819 }
820
821 static void vnc_write_s32(VncState *vs, int32_t value)
822 {
823 vnc_write_u32(vs, *(uint32_t *)&value);
824 }
825
826 static void vnc_write_u32(VncState *vs, uint32_t value)
827 {
828 uint8_t buf[4];
829
830 buf[0] = (value >> 24) & 0xFF;
831 buf[1] = (value >> 16) & 0xFF;
832 buf[2] = (value >> 8) & 0xFF;
833 buf[3] = value & 0xFF;
834
835 vnc_write(vs, buf, 4);
836 }
837
838 static void vnc_write_u16(VncState *vs, uint16_t value)
839 {
840 uint8_t buf[2];
841
842 buf[0] = (value >> 8) & 0xFF;
843 buf[1] = value & 0xFF;
844
845 vnc_write(vs, buf, 2);
846 }
847
848 static void vnc_write_u8(VncState *vs, uint8_t value)
849 {
850 vnc_write(vs, (char *)&value, 1);
851 }
852
853 static void vnc_flush(VncState *vs)
854 {
855 if (vs->output.offset)
856 vnc_client_write(vs);
857 }
858
859 static uint8_t read_u8(uint8_t *data, size_t offset)
860 {
861 return data[offset];
862 }
863
864 static uint16_t read_u16(uint8_t *data, size_t offset)
865 {
866 return ((data[offset] & 0xFF) << 8) | (data[offset + 1] & 0xFF);
867 }
868
869 static int32_t read_s32(uint8_t *data, size_t offset)
870 {
871 return (int32_t)((data[offset] << 24) | (data[offset + 1] << 16) |
872 (data[offset + 2] << 8) | data[offset + 3]);
873 }
874
875 static uint32_t read_u32(uint8_t *data, size_t offset)
876 {
877 return ((data[offset] << 24) | (data[offset + 1] << 16) |
878 (data[offset + 2] << 8) | data[offset + 3]);
879 }
880
881 #ifdef CONFIG_VNC_TLS
882 static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
883 const void *data,
884 size_t len) {
885 struct VncState *vs = (struct VncState *)transport;
886 int ret;
887
888 retry:
889 ret = send(vs->csock, data, len, 0);
890 if (ret < 0) {
891 if (errno == EINTR)
892 goto retry;
893 return -1;
894 }
895 return ret;
896 }
897
898
899 static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
900 void *data,
901 size_t len) {
902 struct VncState *vs = (struct VncState *)transport;
903 int ret;
904
905 retry:
906 ret = recv(vs->csock, data, len, 0);
907 if (ret < 0) {
908 if (errno == EINTR)
909 goto retry;
910 return -1;
911 }
912 return ret;
913 }
914 #endif /* CONFIG_VNC_TLS */
915
916 static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
917 {
918 }
919
920 static void check_pointer_type_change(VncState *vs, int absolute)
921 {
922 if (vs->has_pointer_type_change && vs->absolute != absolute) {
923 vnc_write_u8(vs, 0);
924 vnc_write_u8(vs, 0);
925 vnc_write_u16(vs, 1);
926 vnc_framebuffer_update(vs, absolute, 0,
927 ds_get_width(vs->ds), ds_get_height(vs->ds), -257);
928 vnc_flush(vs);
929 }
930 vs->absolute = absolute;
931 }
932
933 static void pointer_event(VncState *vs, int button_mask, int x, int y)
934 {
935 int buttons = 0;
936 int dz = 0;
937
938 if (button_mask & 0x01)
939 buttons |= MOUSE_EVENT_LBUTTON;
940 if (button_mask & 0x02)
941 buttons |= MOUSE_EVENT_MBUTTON;
942 if (button_mask & 0x04)
943 buttons |= MOUSE_EVENT_RBUTTON;
944 if (button_mask & 0x08)
945 dz = -1;
946 if (button_mask & 0x10)
947 dz = 1;
948
949 if (vs->absolute) {
950 kbd_mouse_event(x * 0x7FFF / (ds_get_width(vs->ds) - 1),
951 y * 0x7FFF / (ds_get_height(vs->ds) - 1),
952 dz, buttons);
953 } else if (vs->has_pointer_type_change) {
954 x -= 0x7FFF;
955 y -= 0x7FFF;
956
957 kbd_mouse_event(x, y, dz, buttons);
958 } else {
959 if (vs->last_x != -1)
960 kbd_mouse_event(x - vs->last_x,
961 y - vs->last_y,
962 dz, buttons);
963 vs->last_x = x;
964 vs->last_y = y;
965 }
966
967 check_pointer_type_change(vs, kbd_mouse_is_absolute());
968 }
969
970 static void reset_keys(VncState *vs)
971 {
972 int i;
973 for(i = 0; i < 256; i++) {
974 if (vs->modifiers_state[i]) {
975 if (i & 0x80)
976 kbd_put_keycode(0xe0);
977 kbd_put_keycode(i | 0x80);
978 vs->modifiers_state[i] = 0;
979 }
980 }
981 }
982
983 static void press_key(VncState *vs, int keysym)
984 {
985 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
986 kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
987 }
988
989 static void do_key_event(VncState *vs, int down, int keycode, int sym)
990 {
991 /* QEMU console switch */
992 switch(keycode) {
993 case 0x2a: /* Left Shift */
994 case 0x36: /* Right Shift */
995 case 0x1d: /* Left CTRL */
996 case 0x9d: /* Right CTRL */
997 case 0x38: /* Left ALT */
998 case 0xb8: /* Right ALT */
999 if (down)
1000 vs->modifiers_state[keycode] = 1;
1001 else
1002 vs->modifiers_state[keycode] = 0;
1003 break;
1004 case 0x02 ... 0x0a: /* '1' to '9' keys */
1005 if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
1006 /* Reset the modifiers sent to the current console */
1007 reset_keys(vs);
1008 console_select(keycode - 0x02);
1009 return;
1010 }
1011 break;
1012 case 0x3a: /* CapsLock */
1013 case 0x45: /* NumLock */
1014 if (!down)
1015 vs->modifiers_state[keycode] ^= 1;
1016 break;
1017 }
1018
1019 if (keycode_is_keypad(vs->kbd_layout, keycode)) {
1020 /* If the numlock state needs to change then simulate an additional
1021 keypress before sending this one. This will happen if the user
1022 toggles numlock away from the VNC window.
1023 */
1024 if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
1025 if (!vs->modifiers_state[0x45]) {
1026 vs->modifiers_state[0x45] = 1;
1027 press_key(vs, 0xff7f);
1028 }
1029 } else {
1030 if (vs->modifiers_state[0x45]) {
1031 vs->modifiers_state[0x45] = 0;
1032 press_key(vs, 0xff7f);
1033 }
1034 }
1035 }
1036
1037 if (is_graphic_console()) {
1038 if (keycode & 0x80)
1039 kbd_put_keycode(0xe0);
1040 if (down)
1041 kbd_put_keycode(keycode & 0x7f);
1042 else
1043 kbd_put_keycode(keycode | 0x80);
1044 } else {
1045 /* QEMU console emulation */
1046 if (down) {
1047 switch (keycode) {
1048 case 0x2a: /* Left Shift */
1049 case 0x36: /* Right Shift */
1050 case 0x1d: /* Left CTRL */
1051 case 0x9d: /* Right CTRL */
1052 case 0x38: /* Left ALT */
1053 case 0xb8: /* Right ALT */
1054 break;
1055 case 0xc8:
1056 kbd_put_keysym(QEMU_KEY_UP);
1057 break;
1058 case 0xd0:
1059 kbd_put_keysym(QEMU_KEY_DOWN);
1060 break;
1061 case 0xcb:
1062 kbd_put_keysym(QEMU_KEY_LEFT);
1063 break;
1064 case 0xcd:
1065 kbd_put_keysym(QEMU_KEY_RIGHT);
1066 break;
1067 case 0xd3:
1068 kbd_put_keysym(QEMU_KEY_DELETE);
1069 break;
1070 case 0xc7:
1071 kbd_put_keysym(QEMU_KEY_HOME);
1072 break;
1073 case 0xcf:
1074 kbd_put_keysym(QEMU_KEY_END);
1075 break;
1076 case 0xc9:
1077 kbd_put_keysym(QEMU_KEY_PAGEUP);
1078 break;
1079 case 0xd1:
1080 kbd_put_keysym(QEMU_KEY_PAGEDOWN);
1081 break;
1082 default:
1083 kbd_put_keysym(sym);
1084 break;
1085 }
1086 }
1087 }
1088 }
1089
1090 static void key_event(VncState *vs, int down, uint32_t sym)
1091 {
1092 int keycode;
1093
1094 if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
1095 sym = sym - 'A' + 'a';
1096
1097 keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
1098 do_key_event(vs, down, keycode, sym);
1099 }
1100
1101 static void ext_key_event(VncState *vs, int down,
1102 uint32_t sym, uint16_t keycode)
1103 {
1104 /* if the user specifies a keyboard layout, always use it */
1105 if (keyboard_layout)
1106 key_event(vs, down, sym);
1107 else
1108 do_key_event(vs, down, keycode, sym);
1109 }
1110
1111 static void framebuffer_update_request(VncState *vs, int incremental,
1112 int x_position, int y_position,
1113 int w, int h)
1114 {
1115 if (x_position > ds_get_width(vs->ds))
1116 x_position = ds_get_width(vs->ds);
1117 if (y_position > ds_get_height(vs->ds))
1118 y_position = ds_get_height(vs->ds);
1119 if (x_position + w >= ds_get_width(vs->ds))
1120 w = ds_get_width(vs->ds) - x_position;
1121 if (y_position + h >= ds_get_height(vs->ds))
1122 h = ds_get_height(vs->ds) - y_position;
1123
1124 int i;
1125 vs->need_update = 1;
1126 if (!incremental) {
1127 char *old_row = vs->old_data + y_position * ds_get_linesize(vs->ds);
1128
1129 for (i = 0; i < h; i++) {
1130 vnc_set_bits(vs->dirty_row[y_position + i],
1131 (ds_get_width(vs->ds) / 16), VNC_DIRTY_WORDS);
1132 memset(old_row, 42, ds_get_width(vs->ds) * ds_get_bytes_per_pixel(vs->ds));
1133 old_row += ds_get_linesize(vs->ds);
1134 }
1135 }
1136 }
1137
1138 static void send_ext_key_event_ack(VncState *vs)
1139 {
1140 vnc_write_u8(vs, 0);
1141 vnc_write_u8(vs, 0);
1142 vnc_write_u16(vs, 1);
1143 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -258);
1144 vnc_flush(vs);
1145 }
1146
1147 static void send_ext_audio_ack(VncState *vs)
1148 {
1149 vnc_write_u8(vs, 0);
1150 vnc_write_u8(vs, 0);
1151 vnc_write_u16(vs, 1);
1152 vnc_framebuffer_update(vs, 0, 0, ds_get_width(vs->ds), ds_get_height(vs->ds), -259);
1153 vnc_flush(vs);
1154 }
1155
1156 static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
1157 {
1158 int i;
1159
1160 vs->has_hextile = 0;
1161 vs->has_resize = 0;
1162 vs->has_pointer_type_change = 0;
1163 vs->has_WMVi = 0;
1164 vs->absolute = -1;
1165 dcl->dpy_copy = NULL;
1166
1167 for (i = n_encodings - 1; i >= 0; i--) {
1168 switch (encodings[i]) {
1169 case 0: /* Raw */
1170 vs->has_hextile = 0;
1171 break;
1172 case 1: /* CopyRect */
1173 dcl->dpy_copy = vnc_copy;
1174 break;
1175 case 5: /* Hextile */
1176 vs->has_hextile = 1;
1177 break;
1178 case -223: /* DesktopResize */
1179 vs->has_resize = 1;
1180 break;
1181 case -257:
1182 vs->has_pointer_type_change = 1;
1183 break;
1184 case -258:
1185 send_ext_key_event_ack(vs);
1186 break;
1187 case -259:
1188 send_ext_audio_ack(vs);
1189 break;
1190 case 0x574D5669:
1191 vs->has_WMVi = 1;
1192 break;
1193 default:
1194 break;
1195 }
1196 }
1197
1198 check_pointer_type_change(vs, kbd_mouse_is_absolute());
1199 }
1200
1201 static void set_pixel_conversion(VncState *vs)
1202 {
1203 if ((vs->clientds.flags & QEMU_BIG_ENDIAN_FLAG) ==
1204 (vs->ds->surface->flags & QEMU_BIG_ENDIAN_FLAG) &&
1205 !memcmp(&(vs->clientds.pf), &(vs->ds->surface->pf), sizeof(PixelFormat))) {
1206 vs->write_pixels = vnc_write_pixels_copy;
1207 switch (vs->ds->surface->pf.bits_per_pixel) {
1208 case 8:
1209 vs->send_hextile_tile = send_hextile_tile_8;
1210 break;
1211 case 16:
1212 vs->send_hextile_tile = send_hextile_tile_16;
1213 break;
1214 case 32:
1215 vs->send_hextile_tile = send_hextile_tile_32;
1216 break;
1217 }
1218 } else {
1219 vs->write_pixels = vnc_write_pixels_generic;
1220 switch (vs->ds->surface->pf.bits_per_pixel) {
1221 case 8:
1222 vs->send_hextile_tile = send_hextile_tile_generic_8;
1223 break;
1224 case 16:
1225 vs->send_hextile_tile = send_hextile_tile_generic_16;
1226 break;
1227 case 32:
1228 vs->send_hextile_tile = send_hextile_tile_generic_32;
1229 break;
1230 }
1231 }
1232 }
1233
1234 static void set_pixel_format(VncState *vs,
1235 int bits_per_pixel, int depth,
1236 int big_endian_flag, int true_color_flag,
1237 int red_max, int green_max, int blue_max,
1238 int red_shift, int green_shift, int blue_shift)
1239 {
1240 if (!true_color_flag) {
1241 vnc_client_error(vs);
1242 return;
1243 }
1244
1245 vs->clientds = vs->serverds;
1246 vs->clientds.pf.rmax = red_max;
1247 count_bits(vs->clientds.pf.rbits, red_max);
1248 vs->clientds.pf.rshift = red_shift;
1249 vs->clientds.pf.rmask = red_max << red_shift;
1250 vs->clientds.pf.gmax = green_max;
1251 count_bits(vs->clientds.pf.gbits, green_max);
1252 vs->clientds.pf.gshift = green_shift;
1253 vs->clientds.pf.gmask = green_max << green_shift;
1254 vs->clientds.pf.bmax = blue_max;
1255 count_bits(vs->clientds.pf.bbits, blue_max);
1256 vs->clientds.pf.bshift = blue_shift;
1257 vs->clientds.pf.bmask = blue_max << blue_shift;
1258 vs->clientds.pf.bits_per_pixel = bits_per_pixel;
1259 vs->clientds.pf.bytes_per_pixel = bits_per_pixel / 8;
1260 vs->clientds.pf.depth = bits_per_pixel == 32 ? 24 : bits_per_pixel;
1261 vs->clientds.flags = big_endian_flag ? QEMU_BIG_ENDIAN_FLAG : 0x00;
1262
1263 set_pixel_conversion(vs);
1264
1265 vga_hw_invalidate();
1266 vga_hw_update();
1267 }
1268
1269 static void pixel_format_message (VncState *vs) {
1270 char pad[3] = { 0, 0, 0 };
1271
1272 vnc_write_u8(vs, vs->ds->surface->pf.bits_per_pixel); /* bits-per-pixel */
1273 vnc_write_u8(vs, vs->ds->surface->pf.depth); /* depth */
1274
1275 #ifdef WORDS_BIGENDIAN
1276 vnc_write_u8(vs, 1); /* big-endian-flag */
1277 #else
1278 vnc_write_u8(vs, 0); /* big-endian-flag */
1279 #endif
1280 vnc_write_u8(vs, 1); /* true-color-flag */
1281 vnc_write_u16(vs, vs->ds->surface->pf.rmax); /* red-max */
1282 vnc_write_u16(vs, vs->ds->surface->pf.gmax); /* green-max */
1283 vnc_write_u16(vs, vs->ds->surface->pf.bmax); /* blue-max */
1284 vnc_write_u8(vs, vs->ds->surface->pf.rshift); /* red-shift */
1285 vnc_write_u8(vs, vs->ds->surface->pf.gshift); /* green-shift */
1286 vnc_write_u8(vs, vs->ds->surface->pf.bshift); /* blue-shift */
1287 if (vs->ds->surface->pf.bits_per_pixel == 32)
1288 vs->send_hextile_tile = send_hextile_tile_32;
1289 else if (vs->ds->surface->pf.bits_per_pixel == 16)
1290 vs->send_hextile_tile = send_hextile_tile_16;
1291 else if (vs->ds->surface->pf.bits_per_pixel == 8)
1292 vs->send_hextile_tile = send_hextile_tile_8;
1293 vs->clientds = *(vs->ds->surface);
1294 vs->clientds.flags |= ~QEMU_ALLOCATED_FLAG;
1295 vs->write_pixels = vnc_write_pixels_copy;
1296
1297 vnc_write(vs, pad, 3); /* padding */
1298 }
1299
1300 static void vnc_dpy_setdata(DisplayState *ds)
1301 {
1302 /* We don't have to do anything */
1303 }
1304
1305 static void vnc_colordepth(DisplayState *ds)
1306 {
1307 struct VncState *vs = ds->opaque;
1308
1309 if (vs->csock != -1 && vs->has_WMVi) {
1310 /* Sending a WMVi message to notify the client*/
1311 vnc_write_u8(vs, 0); /* msg id */
1312 vnc_write_u8(vs, 0);
1313 vnc_write_u16(vs, 1); /* number of rects */
1314 vnc_framebuffer_update(vs, 0, 0, ds_get_width(ds), ds_get_height(ds), 0x574D5669);
1315 pixel_format_message(vs);
1316 vnc_flush(vs);
1317 } else {
1318 set_pixel_conversion(vs);
1319 }
1320 }
1321
1322 static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
1323 {
1324 int i;
1325 uint16_t limit;
1326
1327 switch (data[0]) {
1328 case 0:
1329 if (len == 1)
1330 return 20;
1331
1332 set_pixel_format(vs, read_u8(data, 4), read_u8(data, 5),
1333 read_u8(data, 6), read_u8(data, 7),
1334 read_u16(data, 8), read_u16(data, 10),
1335 read_u16(data, 12), read_u8(data, 14),
1336 read_u8(data, 15), read_u8(data, 16));
1337 break;
1338 case 2:
1339 if (len == 1)
1340 return 4;
1341
1342 if (len == 4) {
1343 limit = read_u16(data, 2);
1344 if (limit > 0)
1345 return 4 + (limit * 4);
1346 } else
1347 limit = read_u16(data, 2);
1348
1349 for (i = 0; i < limit; i++) {
1350 int32_t val = read_s32(data, 4 + (i * 4));
1351 memcpy(data + 4 + (i * 4), &val, sizeof(val));
1352 }
1353
1354 set_encodings(vs, (int32_t *)(data + 4), limit);
1355 break;
1356 case 3:
1357 if (len == 1)
1358 return 10;
1359
1360 framebuffer_update_request(vs,
1361 read_u8(data, 1), read_u16(data, 2), read_u16(data, 4),
1362 read_u16(data, 6), read_u16(data, 8));
1363 break;
1364 case 4:
1365 if (len == 1)
1366 return 8;
1367
1368 key_event(vs, read_u8(data, 1), read_u32(data, 4));
1369 break;
1370 case 5:
1371 if (len == 1)
1372 return 6;
1373
1374 pointer_event(vs, read_u8(data, 1), read_u16(data, 2), read_u16(data, 4));
1375 break;
1376 case 6:
1377 if (len == 1)
1378 return 8;
1379
1380 if (len == 8) {
1381 uint32_t dlen = read_u32(data, 4);
1382 if (dlen > 0)
1383 return 8 + dlen;
1384 }
1385
1386 client_cut_text(vs, read_u32(data, 4), data + 8);
1387 break;
1388 case 255:
1389 if (len == 1)
1390 return 2;
1391
1392 switch (read_u8(data, 1)) {
1393 case 0:
1394 if (len == 2)
1395 return 12;
1396
1397 ext_key_event(vs, read_u16(data, 2),
1398 read_u32(data, 4), read_u32(data, 8));
1399 break;
1400 case 1:
1401 if (len == 2)
1402 return 4;
1403
1404 switch (read_u16 (data, 2)) {
1405 case 0:
1406 audio_add(vs);
1407 break;
1408 case 1:
1409 audio_del(vs);
1410 break;
1411 case 2:
1412 if (len == 4)
1413 return 10;
1414 switch (read_u8(data, 4)) {
1415 case 0: vs->as.fmt = AUD_FMT_U8; break;
1416 case 1: vs->as.fmt = AUD_FMT_S8; break;
1417 case 2: vs->as.fmt = AUD_FMT_U16; break;
1418 case 3: vs->as.fmt = AUD_FMT_S16; break;
1419 case 4: vs->as.fmt = AUD_FMT_U32; break;
1420 case 5: vs->as.fmt = AUD_FMT_S32; break;
1421 default:
1422 printf("Invalid audio format %d\n", read_u8(data, 4));
1423 vnc_client_error(vs);
1424 break;
1425 }
1426 vs->as.nchannels = read_u8(data, 5);
1427 if (vs->as.nchannels != 1 && vs->as.nchannels != 2) {
1428 printf("Invalid audio channel coount %d\n",
1429 read_u8(data, 5));
1430 vnc_client_error(vs);
1431 break;
1432 }
1433 vs->as.freq = read_u32(data, 6);
1434 break;
1435 default:
1436 printf ("Invalid audio message %d\n", read_u8(data, 4));
1437 vnc_client_error(vs);
1438 break;
1439 }
1440 break;
1441
1442 default:
1443 printf("Msg: %d\n", read_u16(data, 0));
1444 vnc_client_error(vs);
1445 break;
1446 }
1447 break;
1448 default:
1449 printf("Msg: %d\n", data[0]);
1450 vnc_client_error(vs);
1451 break;
1452 }
1453
1454 vnc_read_when(vs, protocol_client_msg, 1);
1455 return 0;
1456 }
1457
1458 static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
1459 {
1460 char buf[1024];
1461 int size;
1462
1463 vnc_write_u16(vs, ds_get_width(vs->ds));
1464 vnc_write_u16(vs, ds_get_height(vs->ds));
1465
1466 pixel_format_message(vs);
1467
1468 if (qemu_name)
1469 size = snprintf(buf, sizeof(buf), "QEMU (%s)", qemu_name);
1470 else
1471 size = snprintf(buf, sizeof(buf), "QEMU");
1472
1473 vnc_write_u32(vs, size);
1474 vnc_write(vs, buf, size);
1475 vnc_flush(vs);
1476
1477 vnc_read_when(vs, protocol_client_msg, 1);
1478
1479 return 0;
1480 }
1481
1482 static void make_challenge(VncState *vs)
1483 {
1484 int i;
1485
1486 srand(time(NULL)+getpid()+getpid()*987654+rand());
1487
1488 for (i = 0 ; i < sizeof(vs->challenge) ; i++)
1489 vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
1490 }
1491
1492 static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
1493 {
1494 unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
1495 int i, j, pwlen;
1496 unsigned char key[8];
1497
1498 if (!vs->password || !vs->password[0]) {
1499 VNC_DEBUG("No password configured on server");
1500 vnc_write_u32(vs, 1); /* Reject auth */
1501 if (vs->minor >= 8) {
1502 static const char err[] = "Authentication failed";
1503 vnc_write_u32(vs, sizeof(err));
1504 vnc_write(vs, err, sizeof(err));
1505 }
1506 vnc_flush(vs);
1507 vnc_client_error(vs);
1508 return 0;
1509 }
1510
1511 memcpy(response, vs->challenge, VNC_AUTH_CHALLENGE_SIZE);
1512
1513 /* Calculate the expected challenge response */
1514 pwlen = strlen(vs->password);
1515 for (i=0; i<sizeof(key); i++)
1516 key[i] = i<pwlen ? vs->password[i] : 0;
1517 deskey(key, EN0);
1518 for (j = 0; j < VNC_AUTH_CHALLENGE_SIZE; j += 8)
1519 des(response+j, response+j);
1520
1521 /* Compare expected vs actual challenge response */
1522 if (memcmp(response, data, VNC_AUTH_CHALLENGE_SIZE) != 0) {
1523 VNC_DEBUG("Client challenge reponse did not match\n");
1524 vnc_write_u32(vs, 1); /* Reject auth */
1525 if (vs->minor >= 8) {
1526 static const char err[] = "Authentication failed";
1527 vnc_write_u32(vs, sizeof(err));
1528 vnc_write(vs, err, sizeof(err));
1529 }
1530 vnc_flush(vs);
1531 vnc_client_error(vs);
1532 } else {
1533 VNC_DEBUG("Accepting VNC challenge response\n");
1534 vnc_write_u32(vs, 0); /* Accept auth */
1535 vnc_flush(vs);
1536
1537 vnc_read_when(vs, protocol_client_init, 1);
1538 }
1539 return 0;
1540 }
1541
1542 static int start_auth_vnc(VncState *vs)
1543 {
1544 make_challenge(vs);
1545 /* Send client a 'random' challenge */
1546 vnc_write(vs, vs->challenge, sizeof(vs->challenge));
1547 vnc_flush(vs);
1548
1549 vnc_read_when(vs, protocol_client_auth_vnc, sizeof(vs->challenge));
1550 return 0;
1551 }
1552
1553
1554 #ifdef CONFIG_VNC_TLS
1555 #define DH_BITS 1024
1556 static gnutls_dh_params_t dh_params;
1557
1558 static int vnc_tls_initialize(void)
1559 {
1560 static int tlsinitialized = 0;
1561
1562 if (tlsinitialized)
1563 return 1;
1564
1565 if (gnutls_global_init () < 0)
1566 return 0;
1567
1568 /* XXX ought to re-generate diffie-hellmen params periodically */
1569 if (gnutls_dh_params_init (&dh_params) < 0)
1570 return 0;
1571 if (gnutls_dh_params_generate2 (dh_params, DH_BITS) < 0)
1572 return 0;
1573
1574 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1575 gnutls_global_set_log_level(10);
1576 gnutls_global_set_log_function(vnc_debug_gnutls_log);
1577 #endif
1578
1579 tlsinitialized = 1;
1580
1581 return 1;
1582 }
1583
1584 static gnutls_anon_server_credentials vnc_tls_initialize_anon_cred(void)
1585 {
1586 gnutls_anon_server_credentials anon_cred;
1587 int ret;
1588
1589 if ((ret = gnutls_anon_allocate_server_credentials(&anon_cred)) < 0) {
1590 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1591 return NULL;
1592 }
1593
1594 gnutls_anon_set_server_dh_params(anon_cred, dh_params);
1595
1596 return anon_cred;
1597 }
1598
1599
1600 static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
1601 {
1602 gnutls_certificate_credentials_t x509_cred;
1603 int ret;
1604
1605 if (!vs->x509cacert) {
1606 VNC_DEBUG("No CA x509 certificate specified\n");
1607 return NULL;
1608 }
1609 if (!vs->x509cert) {
1610 VNC_DEBUG("No server x509 certificate specified\n");
1611 return NULL;
1612 }
1613 if (!vs->x509key) {
1614 VNC_DEBUG("No server private key specified\n");
1615 return NULL;
1616 }
1617
1618 if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
1619 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
1620 return NULL;
1621 }
1622 if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
1623 vs->x509cacert,
1624 GNUTLS_X509_FMT_PEM)) < 0) {
1625 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
1626 gnutls_certificate_free_credentials(x509_cred);
1627 return NULL;
1628 }
1629
1630 if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
1631 vs->x509cert,
1632 vs->x509key,
1633 GNUTLS_X509_FMT_PEM)) < 0) {
1634 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
1635 gnutls_certificate_free_credentials(x509_cred);
1636 return NULL;
1637 }
1638
1639 if (vs->x509cacrl) {
1640 if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
1641 vs->x509cacrl,
1642 GNUTLS_X509_FMT_PEM)) < 0) {
1643 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
1644 gnutls_certificate_free_credentials(x509_cred);
1645 return NULL;
1646 }
1647 }
1648
1649 gnutls_certificate_set_dh_params (x509_cred, dh_params);
1650
1651 return x509_cred;
1652 }
1653
1654 static int vnc_validate_certificate(struct VncState *vs)
1655 {
1656 int ret;
1657 unsigned int status;
1658 const gnutls_datum_t *certs;
1659 unsigned int nCerts, i;
1660 time_t now;
1661
1662 VNC_DEBUG("Validating client certificate\n");
1663 if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
1664 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
1665 return -1;
1666 }
1667
1668 if ((now = time(NULL)) == ((time_t)-1)) {
1669 return -1;
1670 }
1671
1672 if (status != 0) {
1673 if (status & GNUTLS_CERT_INVALID)
1674 VNC_DEBUG("The certificate is not trusted.\n");
1675
1676 if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
1677 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1678
1679 if (status & GNUTLS_CERT_REVOKED)
1680 VNC_DEBUG("The certificate has been revoked.\n");
1681
1682 if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
1683 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1684
1685 return -1;
1686 } else {
1687 VNC_DEBUG("Certificate is valid!\n");
1688 }
1689
1690 /* Only support x509 for now */
1691 if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
1692 return -1;
1693
1694 if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
1695 return -1;
1696
1697 for (i = 0 ; i < nCerts ; i++) {
1698 gnutls_x509_crt_t cert;
1699 VNC_DEBUG ("Checking certificate chain %d\n", i);
1700 if (gnutls_x509_crt_init (&cert) < 0)
1701 return -1;
1702
1703 if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
1704 gnutls_x509_crt_deinit (cert);
1705 return -1;
1706 }
1707
1708 if (gnutls_x509_crt_get_expiration_time (cert) < now) {
1709 VNC_DEBUG("The certificate has expired\n");
1710 gnutls_x509_crt_deinit (cert);
1711 return -1;
1712 }
1713
1714 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1715 VNC_DEBUG("The certificate is not yet activated\n");
1716 gnutls_x509_crt_deinit (cert);
1717 return -1;
1718 }
1719
1720 if (gnutls_x509_crt_get_activation_time (cert) > now) {
1721 VNC_DEBUG("The certificate is not yet activated\n");
1722 gnutls_x509_crt_deinit (cert);
1723 return -1;
1724 }
1725
1726 gnutls_x509_crt_deinit (cert);
1727 }
1728
1729 return 0;
1730 }
1731
1732
1733 static int start_auth_vencrypt_subauth(VncState *vs)
1734 {
1735 switch (vs->subauth) {
1736 case VNC_AUTH_VENCRYPT_TLSNONE:
1737 case VNC_AUTH_VENCRYPT_X509NONE:
1738 VNC_DEBUG("Accept TLS auth none\n");
1739 vnc_write_u32(vs, 0); /* Accept auth completion */
1740 vnc_read_when(vs, protocol_client_init, 1);
1741 break;
1742
1743 case VNC_AUTH_VENCRYPT_TLSVNC:
1744 case VNC_AUTH_VENCRYPT_X509VNC:
1745 VNC_DEBUG("Start TLS auth VNC\n");
1746 return start_auth_vnc(vs);
1747
1748 default: /* Should not be possible, but just in case */
1749 VNC_DEBUG("Reject auth %d\n", vs->auth);
1750 vnc_write_u8(vs, 1);
1751 if (vs->minor >= 8) {
1752 static const char err[] = "Unsupported authentication type";
1753 vnc_write_u32(vs, sizeof(err));
1754 vnc_write(vs, err, sizeof(err));
1755 }
1756 vnc_client_error(vs);
1757 }
1758
1759 return 0;
1760 }
1761
1762 static void vnc_handshake_io(void *opaque);
1763
1764 static int vnc_continue_handshake(struct VncState *vs) {
1765 int ret;
1766
1767 if ((ret = gnutls_handshake(vs->tls_session)) < 0) {
1768 if (!gnutls_error_is_fatal(ret)) {
1769 VNC_DEBUG("Handshake interrupted (blocking)\n");
1770 if (!gnutls_record_get_direction(vs->tls_session))
1771 qemu_set_fd_handler(vs->csock, vnc_handshake_io, NULL, vs);
1772 else
1773 qemu_set_fd_handler(vs->csock, NULL, vnc_handshake_io, vs);
1774 return 0;
1775 }
1776 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret));
1777 vnc_client_error(vs);
1778 return -1;
1779 }
1780
1781 if (vs->x509verify) {
1782 if (vnc_validate_certificate(vs) < 0) {
1783 VNC_DEBUG("Client verification failed\n");
1784 vnc_client_error(vs);
1785 return -1;
1786 } else {
1787 VNC_DEBUG("Client verification passed\n");
1788 }
1789 }
1790
1791 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1792 vs->wiremode = VNC_WIREMODE_TLS;
1793 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
1794
1795 return start_auth_vencrypt_subauth(vs);
1796 }
1797
1798 static void vnc_handshake_io(void *opaque) {
1799 struct VncState *vs = (struct VncState *)opaque;
1800
1801 VNC_DEBUG("Handshake IO continue\n");
1802 vnc_continue_handshake(vs);
1803 }
1804
1805 #define NEED_X509_AUTH(vs) \
1806 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1807 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1808 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1809
1810
1811 static int vnc_start_tls(struct VncState *vs) {
1812 static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
1813 static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
1814 static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
1815 static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
1816
1817 VNC_DEBUG("Do TLS setup\n");
1818 if (vnc_tls_initialize() < 0) {
1819 VNC_DEBUG("Failed to init TLS\n");
1820 vnc_client_error(vs);
1821 return -1;
1822 }
1823 if (vs->tls_session == NULL) {
1824 if (gnutls_init(&vs->tls_session, GNUTLS_SERVER) < 0) {
1825 vnc_client_error(vs);
1826 return -1;
1827 }
1828
1829 if (gnutls_set_default_priority(vs->tls_session) < 0) {
1830 gnutls_deinit(vs->tls_session);
1831 vs->tls_session = NULL;
1832 vnc_client_error(vs);
1833 return -1;
1834 }
1835
1836 if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
1837 gnutls_deinit(vs->tls_session);
1838 vs->tls_session = NULL;
1839 vnc_client_error(vs);
1840 return -1;
1841 }
1842
1843 if (gnutls_certificate_type_set_priority(vs->tls_session, cert_type_priority) < 0) {
1844 gnutls_deinit(vs->tls_session);
1845 vs->tls_session = NULL;
1846 vnc_client_error(vs);
1847 return -1;
1848 }
1849
1850 if (gnutls_protocol_set_priority(vs->tls_session, protocol_priority) < 0) {
1851 gnutls_deinit(vs->tls_session);
1852 vs->tls_session = NULL;
1853 vnc_client_error(vs);
1854 return -1;
1855 }
1856
1857 if (NEED_X509_AUTH(vs)) {
1858 gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
1859 if (!x509_cred) {
1860 gnutls_deinit(vs->tls_session);
1861 vs->tls_session = NULL;
1862 vnc_client_error(vs);
1863 return -1;
1864 }
1865 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
1866 gnutls_deinit(vs->tls_session);
1867 vs->tls_session = NULL;
1868 gnutls_certificate_free_credentials(x509_cred);
1869 vnc_client_error(vs);
1870 return -1;
1871 }
1872 if (vs->x509verify) {
1873 VNC_DEBUG("Requesting a client certificate\n");
1874 gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
1875 }
1876
1877 } else {
1878 gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
1879 if (!anon_cred) {
1880 gnutls_deinit(vs->tls_session);
1881 vs->tls_session = NULL;
1882 vnc_client_error(vs);
1883 return -1;
1884 }
1885 if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
1886 gnutls_deinit(vs->tls_session);
1887 vs->tls_session = NULL;
1888 gnutls_anon_free_server_credentials(anon_cred);
1889 vnc_client_error(vs);
1890 return -1;
1891 }
1892 }
1893
1894 gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
1895 gnutls_transport_set_push_function(vs->tls_session, vnc_tls_push);
1896 gnutls_transport_set_pull_function(vs->tls_session, vnc_tls_pull);
1897 }
1898
1899 VNC_DEBUG("Start TLS handshake process\n");
1900 return vnc_continue_handshake(vs);
1901 }
1902
1903 static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
1904 {
1905 int auth = read_u32(data, 0);
1906
1907 if (auth != vs->subauth) {
1908 VNC_DEBUG("Rejecting auth %d\n", auth);
1909 vnc_write_u8(vs, 0); /* Reject auth */
1910 vnc_flush(vs);
1911 vnc_client_error(vs);
1912 } else {
1913 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth);
1914 vnc_write_u8(vs, 1); /* Accept auth */
1915 vnc_flush(vs);
1916
1917 if (vnc_start_tls(vs) < 0) {
1918 VNC_DEBUG("Failed to complete TLS\n");
1919 return 0;
1920 }
1921
1922 if (vs->wiremode == VNC_WIREMODE_TLS) {
1923 VNC_DEBUG("Starting VeNCrypt subauth\n");
1924 return start_auth_vencrypt_subauth(vs);
1925 } else {
1926 VNC_DEBUG("TLS handshake blocked\n");
1927 return 0;
1928 }
1929 }
1930 return 0;
1931 }
1932
1933 static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
1934 {
1935 if (data[0] != 0 ||
1936 data[1] != 2) {
1937 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data[0], (int)data[1]);
1938 vnc_write_u8(vs, 1); /* Reject version */
1939 vnc_flush(vs);
1940 vnc_client_error(vs);
1941 } else {
1942 VNC_DEBUG("Sending allowed auth %d\n", vs->subauth);
1943 vnc_write_u8(vs, 0); /* Accept version */
1944 vnc_write_u8(vs, 1); /* Number of sub-auths */
1945 vnc_write_u32(vs, vs->subauth); /* The supported auth */
1946 vnc_flush(vs);
1947 vnc_read_when(vs, protocol_client_vencrypt_auth, 4);
1948 }
1949 return 0;
1950 }
1951
1952 static int start_auth_vencrypt(VncState *vs)
1953 {
1954 /* Send VeNCrypt version 0.2 */
1955 vnc_write_u8(vs, 0);
1956 vnc_write_u8(vs, 2);
1957
1958 vnc_read_when(vs, protocol_client_vencrypt_init, 2);
1959 return 0;
1960 }
1961 #endif /* CONFIG_VNC_TLS */
1962
1963 static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
1964 {
1965 /* We only advertise 1 auth scheme at a time, so client
1966 * must pick the one we sent. Verify this */
1967 if (data[0] != vs->auth) { /* Reject auth */
1968 VNC_DEBUG("Reject auth %d\n", (int)data[0]);
1969 vnc_write_u32(vs, 1);
1970 if (vs->minor >= 8) {
1971 static const char err[] = "Authentication failed";
1972 vnc_write_u32(vs, sizeof(err));
1973 vnc_write(vs, err, sizeof(err));
1974 }
1975 vnc_client_error(vs);
1976 } else { /* Accept requested auth */
1977 VNC_DEBUG("Client requested auth %d\n", (int)data[0]);
1978 switch (vs->auth) {
1979 case VNC_AUTH_NONE:
1980 VNC_DEBUG("Accept auth none\n");
1981 if (vs->minor >= 8) {
1982 vnc_write_u32(vs, 0); /* Accept auth completion */
1983 vnc_flush(vs);
1984 }
1985 vnc_read_when(vs, protocol_client_init, 1);
1986 break;
1987
1988 case VNC_AUTH_VNC:
1989 VNC_DEBUG("Start VNC auth\n");
1990 return start_auth_vnc(vs);
1991
1992 #ifdef CONFIG_VNC_TLS
1993 case VNC_AUTH_VENCRYPT:
1994 VNC_DEBUG("Accept VeNCrypt auth\n");;
1995 return start_auth_vencrypt(vs);
1996 #endif /* CONFIG_VNC_TLS */
1997
1998 default: /* Should not be possible, but just in case */
1999 VNC_DEBUG("Reject auth %d\n", vs->auth);
2000 vnc_write_u8(vs, 1);
2001 if (vs->minor >= 8) {
2002 static const char err[] = "Authentication failed";
2003 vnc_write_u32(vs, sizeof(err));
2004 vnc_write(vs, err, sizeof(err));
2005 }
2006 vnc_client_error(vs);
2007 }
2008 }
2009 return 0;
2010 }
2011
2012 static int protocol_version(VncState *vs, uint8_t *version, size_t len)
2013 {
2014 char local[13];
2015
2016 memcpy(local, version, 12);
2017 local[12] = 0;
2018
2019 if (sscanf(local, "RFB %03d.%03d\n", &vs->major, &vs->minor) != 2) {
2020 VNC_DEBUG("Malformed protocol version %s\n", local);
2021 vnc_client_error(vs);
2022 return 0;
2023 }
2024 VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
2025 if (vs->major != 3 ||
2026 (vs->minor != 3 &&
2027 vs->minor != 4 &&
2028 vs->minor != 5 &&
2029 vs->minor != 7 &&
2030 vs->minor != 8)) {
2031 VNC_DEBUG("Unsupported client version\n");
2032 vnc_write_u32(vs, VNC_AUTH_INVALID);
2033 vnc_flush(vs);
2034 vnc_client_error(vs);
2035 return 0;
2036 }
2037 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2038 * as equivalent to v3.3 by servers
2039 */
2040 if (vs->minor == 4 || vs->minor == 5)
2041 vs->minor = 3;
2042
2043 if (vs->minor == 3) {
2044 if (vs->auth == VNC_AUTH_NONE) {
2045 VNC_DEBUG("Tell client auth none\n");
2046 vnc_write_u32(vs, vs->auth);
2047 vnc_flush(vs);
2048 vnc_read_when(vs, protocol_client_init, 1);
2049 } else if (vs->auth == VNC_AUTH_VNC) {
2050 VNC_DEBUG("Tell client VNC auth\n");
2051 vnc_write_u32(vs, vs->auth);
2052 vnc_flush(vs);
2053 start_auth_vnc(vs);
2054 } else {
2055 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs->auth);
2056 vnc_write_u32(vs, VNC_AUTH_INVALID);
2057 vnc_flush(vs);
2058 vnc_client_error(vs);
2059 }
2060 } else {
2061 VNC_DEBUG("Telling client we support auth %d\n", vs->auth);
2062 vnc_write_u8(vs, 1); /* num auth */
2063 vnc_write_u8(vs, vs->auth);
2064 vnc_read_when(vs, protocol_client_auth, 1);
2065 vnc_flush(vs);
2066 }
2067
2068 return 0;
2069 }
2070
2071 static void vnc_connect(VncState *vs)
2072 {
2073 VNC_DEBUG("New client on socket %d\n", vs->csock);
2074 dcl->idle = 0;
2075 socket_set_nonblock(vs->csock);
2076 qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
2077 vnc_write(vs, "RFB 003.008\n", 12);
2078 vnc_flush(vs);
2079 vnc_read_when(vs, protocol_version, 12);
2080 memset(vs->old_data, 0, ds_get_linesize(vs->ds) * ds_get_height(vs->ds));
2081 memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
2082 vs->has_resize = 0;
2083 vs->has_hextile = 0;
2084 vs->has_WMVi = 0;
2085 dcl->dpy_copy = NULL;
2086 vnc_update_client(vs);
2087 reset_keys(vs);
2088 }
2089
2090 static void vnc_listen_read(void *opaque)
2091 {
2092 VncState *vs = opaque;
2093 struct sockaddr_in addr;
2094 socklen_t addrlen = sizeof(addr);
2095
2096 /* Catch-up */
2097 vga_hw_update();
2098
2099 vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
2100 if (vs->csock != -1) {
2101 vnc_connect(vs);
2102 }
2103 }
2104
2105 void vnc_display_init(DisplayState *ds)
2106 {
2107 VncState *vs;
2108
2109 vs = qemu_mallocz(sizeof(VncState));
2110 dcl = qemu_mallocz(sizeof(DisplayChangeListener));
2111 if (!vs || !dcl)
2112 exit(1);
2113
2114 ds->opaque = vs;
2115 dcl->idle = 1;
2116 vnc_state = vs;
2117 vs->display = NULL;
2118 vs->password = NULL;
2119
2120 vs->lsock = -1;
2121 vs->csock = -1;
2122 vs->last_x = -1;
2123 vs->last_y = -1;
2124
2125 vs->ds = ds;
2126
2127 if (keyboard_layout)
2128 vs->kbd_layout = init_keyboard_layout(keyboard_layout);
2129 else
2130 vs->kbd_layout = init_keyboard_layout("en-us");
2131
2132 if (!vs->kbd_layout)
2133 exit(1);
2134
2135 vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
2136
2137 dcl->dpy_update = vnc_dpy_update;
2138 dcl->dpy_resize = vnc_dpy_resize;
2139 dcl->dpy_setdata = vnc_dpy_setdata;
2140 dcl->dpy_refresh = NULL;
2141 register_displaychangelistener(ds, dcl);
2142
2143 vs->as.freq = 44100;
2144 vs->as.nchannels = 2;
2145 vs->as.fmt = AUD_FMT_S16;
2146 vs->as.endianness = 0;
2147 }
2148
2149 #ifdef CONFIG_VNC_TLS
2150 static int vnc_set_x509_credential(VncState *vs,
2151 const char *certdir,
2152 const char *filename,
2153 char **cred,
2154 int ignoreMissing)
2155 {
2156 struct stat sb;
2157
2158 if (*cred) {
2159 qemu_free(*cred);
2160 *cred = NULL;
2161 }
2162
2163 if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
2164 return -1;
2165
2166 strcpy(*cred, certdir);
2167 strcat(*cred, "/");
2168 strcat(*cred, filename);
2169
2170 VNC_DEBUG("Check %s\n", *cred);
2171 if (stat(*cred, &sb) < 0) {
2172 qemu_free(*cred);
2173 *cred = NULL;
2174 if (ignoreMissing && errno == ENOENT)
2175 return 0;
2176 return -1;
2177 }
2178
2179 return 0;
2180 }
2181
2182 static int vnc_set_x509_credential_dir(VncState *vs,
2183 const char *certdir)
2184 {
2185 if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
2186 goto cleanup;
2187 if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
2188 goto cleanup;
2189 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
2190 goto cleanup;
2191 if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
2192 goto cleanup;
2193
2194 return 0;
2195
2196 cleanup:
2197 qemu_free(vs->x509cacert);
2198 qemu_free(vs->x509cacrl);
2199 qemu_free(vs->x509cert);
2200 qemu_free(vs->x509key);
2201 vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
2202 return -1;
2203 }
2204 #endif /* CONFIG_VNC_TLS */
2205
2206 void vnc_display_close(DisplayState *ds)
2207 {
2208 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2209
2210 if (vs->display) {
2211 qemu_free(vs->display);
2212 vs->display = NULL;
2213 }
2214 if (vs->lsock != -1) {
2215 qemu_set_fd_handler2(vs->lsock, NULL, NULL, NULL, NULL);
2216 close(vs->lsock);
2217 vs->lsock = -1;
2218 }
2219 if (vs->csock != -1) {
2220 qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
2221 closesocket(vs->csock);
2222 vs->csock = -1;
2223 buffer_reset(&vs->input);
2224 buffer_reset(&vs->output);
2225 vs->need_update = 0;
2226 #ifdef CONFIG_VNC_TLS
2227 if (vs->tls_session) {
2228 gnutls_deinit(vs->tls_session);
2229 vs->tls_session = NULL;
2230 }
2231 vs->wiremode = VNC_WIREMODE_CLEAR;
2232 #endif /* CONFIG_VNC_TLS */
2233 }
2234 vs->auth = VNC_AUTH_INVALID;
2235 #ifdef CONFIG_VNC_TLS
2236 vs->subauth = VNC_AUTH_INVALID;
2237 vs->x509verify = 0;
2238 #endif
2239 audio_del(vs);
2240 }
2241
2242 int vnc_display_password(DisplayState *ds, const char *password)
2243 {
2244 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2245
2246 if (vs->password) {
2247 qemu_free(vs->password);
2248 vs->password = NULL;
2249 }
2250 if (password && password[0]) {
2251 if (!(vs->password = qemu_strdup(password)))
2252 return -1;
2253 }
2254
2255 return 0;
2256 }
2257
2258 int vnc_display_open(DisplayState *ds, const char *display)
2259 {
2260 VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
2261 const char *options;
2262 int password = 0;
2263 int reverse = 0;
2264 int to_port = 0;
2265 #ifdef CONFIG_VNC_TLS
2266 int tls = 0, x509 = 0;
2267 #endif
2268
2269 vnc_display_close(ds);
2270 if (strcmp(display, "none") == 0)
2271 return 0;
2272
2273 if (!(vs->display = strdup(display)))
2274 return -1;
2275
2276 options = display;
2277 while ((options = strchr(options, ','))) {
2278 options++;
2279 if (strncmp(options, "password", 8) == 0) {
2280 password = 1; /* Require password auth */
2281 } else if (strncmp(options, "reverse", 7) == 0) {
2282 reverse = 1;
2283 } else if (strncmp(options, "to=", 3) == 0) {
2284 to_port = atoi(options+3) + 5900;
2285 #ifdef CONFIG_VNC_TLS
2286 } else if (strncmp(options, "tls", 3) == 0) {
2287 tls = 1; /* Require TLS */
2288 } else if (strncmp(options, "x509", 4) == 0) {
2289 char *start, *end;
2290 x509 = 1; /* Require x509 certificates */
2291 if (strncmp(options, "x509verify", 10) == 0)
2292 vs->x509verify = 1; /* ...and verify client certs */
2293
2294 /* Now check for 'x509=/some/path' postfix
2295 * and use that to setup x509 certificate/key paths */
2296 start = strchr(options, '=');
2297 end = strchr(options, ',');
2298 if (start && (!end || (start < end))) {
2299 int len = end ? end-(start+1) : strlen(start+1);
2300 char *path = qemu_strndup(start + 1, len);
2301
2302 VNC_DEBUG("Trying certificate path '%s'\n", path);
2303 if (vnc_set_x509_credential_dir(vs, path) < 0) {
2304 fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
2305 qemu_free(path);
2306 qemu_free(vs->display);
2307 vs->display = NULL;
2308 return -1;
2309 }
2310 qemu_free(path);
2311 } else {
2312 fprintf(stderr, "No certificate path provided\n");
2313 qemu_free(vs->display);
2314 vs->display = NULL;
2315 return -1;
2316 }
2317 #endif
2318 }
2319 }
2320
2321 if (password) {
2322 #ifdef CONFIG_VNC_TLS
2323 if (tls) {
2324 vs->auth = VNC_AUTH_VENCRYPT;
2325 if (x509) {
2326 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2327 vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
2328 } else {
2329 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2330 vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
2331 }
2332 } else {
2333 #endif
2334 VNC_DEBUG("Initializing VNC server with password auth\n");
2335 vs->auth = VNC_AUTH_VNC;
2336 #ifdef CONFIG_VNC_TLS
2337 vs->subauth = VNC_AUTH_INVALID;
2338 }
2339 #endif
2340 } else {
2341 #ifdef CONFIG_VNC_TLS
2342 if (tls) {
2343 vs->auth = VNC_AUTH_VENCRYPT;
2344 if (x509) {
2345 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2346 vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
2347 } else {
2348 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2349 vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
2350 }
2351 } else {
2352 #endif
2353 VNC_DEBUG("Initializing VNC server with no auth\n");
2354 vs->auth = VNC_AUTH_NONE;
2355 #ifdef CONFIG_VNC_TLS
2356 vs->subauth = VNC_AUTH_INVALID;
2357 }
2358 #endif
2359 }
2360
2361 if (reverse) {
2362 /* connect to viewer */
2363 if (strncmp(display, "unix:", 5) == 0)
2364 vs->lsock = unix_connect(display+5);
2365 else
2366 vs->lsock = inet_connect(display, SOCK_STREAM);
2367 if (-1 == vs->lsock) {
2368 free(vs->display);
2369 vs->display = NULL;
2370 return -1;
2371 } else {
2372 vs->csock = vs->lsock;
2373 vs->lsock = -1;
2374 vnc_connect(vs);
2375 }
2376 return 0;
2377
2378 } else {
2379 /* listen for connects */
2380 char *dpy;
2381 dpy = qemu_malloc(256);
2382 if (strncmp(display, "unix:", 5) == 0) {
2383 pstrcpy(dpy, 256, "unix:");
2384 vs->lsock = unix_listen(display+5, dpy+5, 256-5);
2385 } else {
2386 vs->lsock = inet_listen(display, dpy, 256, SOCK_STREAM, 5900);
2387 }
2388 if (-1 == vs->lsock) {
2389 free(dpy);
2390 return -1;
2391 } else {
2392 free(vs->display);
2393 vs->display = dpy;
2394 }
2395 }
2396
2397 return qemu_set_fd_handler2(vs->lsock, vnc_listen_poll, vnc_listen_read, NULL, vs);
2398 }
Qemu copy for testing