2 * QEMU VNC display driver
4 * Copyright (C) 2006 Anthony Liguori <anthony@codemonkey.ws>
5 * Copyright (C) 2006 Fabrice Bellard
7 * Permission is hereby granted, free of charge, to any person obtaining a copy
8 * of this software and associated documentation files (the "Software"), to deal
9 * in the Software without restriction, including without limitation the rights
10 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11 * copies of the Software, and to permit persons to whom the Software is
12 * furnished to do so, subject to the following conditions:
14 * The above copyright notice and this permission notice shall be included in
15 * all copies or substantial portions of the Software.
17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL
20 * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
26 #include "qemu-common.h"
29 #include "qemu_socket.h"
30 #include "qemu-timer.h"
31 #include "audio/audio.h"
33 #define VNC_REFRESH_INTERVAL (1000 / 30)
36 #include "vnc_keysym.h"
41 #include <gnutls/gnutls.h>
42 #include <gnutls/x509.h>
43 #endif /* CONFIG_VNC_TLS */
45 // #define _VNC_DEBUG 1
48 #define VNC_DEBUG(fmt, ...) do { fprintf(stderr, fmt, ## __VA_ARGS__); } while (0)
50 #if CONFIG_VNC_TLS && _VNC_DEBUG >= 2
51 /* Very verbose, so only enabled for _VNC_DEBUG >= 2 */
52 static void vnc_debug_gnutls_log(int level
, const char* str
) {
53 VNC_DEBUG("%d %s", level
, str
);
55 #endif /* CONFIG_VNC_TLS && _VNC_DEBUG */
57 #define VNC_DEBUG(fmt, ...) do { } while (0)
60 #define count_bits(c, v) { \
61 for (c = 0; v; v >>= 1) \
74 typedef struct VncState VncState
;
76 typedef int VncReadEvent(VncState
*vs
, uint8_t *data
, size_t len
);
78 typedef void VncWritePixels(VncState
*vs
, void *data
, int size
);
80 typedef void VncSendHextileTile(VncState
*vs
,
81 int x
, int y
, int w
, int h
,
84 int *has_bg
, int *has_fg
);
86 #define VNC_MAX_WIDTH 2048
87 #define VNC_MAX_HEIGHT 2048
88 #define VNC_DIRTY_WORDS (VNC_MAX_WIDTH / (16 * 32))
90 #define VNC_AUTH_CHALLENGE_SIZE 16
99 uint32_t dirty_row
[VNC_MAX_HEIGHT
][VNC_DIRTY_WORDS
];
103 int has_pointer_type_change
;
115 #ifdef CONFIG_VNC_TLS
124 char challenge
[VNC_AUTH_CHALLENGE_SIZE
];
126 #ifdef CONFIG_VNC_TLS
128 gnutls_session_t tls_session
;
133 kbd_layout_t
*kbd_layout
;
134 /* current output mode information */
135 VncWritePixels
*write_pixels
;
136 VncSendHextileTile
*send_hextile_tile
;
137 DisplaySurface clientds
, serverds
;
139 CaptureVoiceOut
*audio_cap
;
140 struct audsettings as
;
142 VncReadEvent
*read_handler
;
143 size_t read_handler_expect
;
145 uint8_t modifiers_state
[256];
148 static VncState
*vnc_state
; /* needed for info vnc */
149 static DisplayChangeListener
*dcl
;
151 void do_info_vnc(void)
153 if (vnc_state
== NULL
|| vnc_state
->display
== NULL
)
154 term_printf("VNC server disabled\n");
156 term_printf("VNC server active on: ");
157 term_print_filename(vnc_state
->display
);
160 if (vnc_state
->csock
== -1)
161 term_printf("No client connected\n");
163 term_printf("Client connected\n");
168 1) Get the queue working for IO.
169 2) there is some weirdness when using the -S option (the screen is grey
170 and not totally invalidated
171 3) resolutions > 1024
174 static void vnc_write(VncState
*vs
, const void *data
, size_t len
);
175 static void vnc_write_u32(VncState
*vs
, uint32_t value
);
176 static void vnc_write_s32(VncState
*vs
, int32_t value
);
177 static void vnc_write_u16(VncState
*vs
, uint16_t value
);
178 static void vnc_write_u8(VncState
*vs
, uint8_t value
);
179 static void vnc_flush(VncState
*vs
);
180 static void vnc_update_client(void *opaque
);
181 static void vnc_client_read(void *opaque
);
183 static void vnc_colordepth(DisplayState
*ds
);
185 static inline void vnc_set_bit(uint32_t *d
, int k
)
187 d
[k
>> 5] |= 1 << (k
& 0x1f);
190 static inline void vnc_clear_bit(uint32_t *d
, int k
)
192 d
[k
>> 5] &= ~(1 << (k
& 0x1f));
195 static inline void vnc_set_bits(uint32_t *d
, int n
, int nb_words
)
205 d
[j
++] = (1 << n
) - 1;
210 static inline int vnc_get_bit(const uint32_t *d
, int k
)
212 return (d
[k
>> 5] >> (k
& 0x1f)) & 1;
215 static inline int vnc_and_bits(const uint32_t *d1
, const uint32_t *d2
,
219 for(i
= 0; i
< nb_words
; i
++) {
220 if ((d1
[i
] & d2
[i
]) != 0)
226 static void vnc_dpy_update(DisplayState
*ds
, int x
, int y
, int w
, int h
)
228 VncState
*vs
= ds
->opaque
;
233 /* round x down to ensure the loop only spans one 16-pixel block per,
234 iteration. otherwise, if (x % 16) != 0, the last iteration may span
235 two 16-pixel blocks but we only mark the first as dirty
240 x
= MIN(x
, vs
->serverds
.width
);
241 y
= MIN(y
, vs
->serverds
.height
);
242 w
= MIN(x
+ w
, vs
->serverds
.width
) - x
;
243 h
= MIN(h
, vs
->serverds
.height
);
246 for (i
= 0; i
< w
; i
+= 16)
247 vnc_set_bit(vs
->dirty_row
[y
], (x
+ i
) / 16);
250 static void vnc_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
,
253 vnc_write_u16(vs
, x
);
254 vnc_write_u16(vs
, y
);
255 vnc_write_u16(vs
, w
);
256 vnc_write_u16(vs
, h
);
258 vnc_write_s32(vs
, encoding
);
261 static void vnc_dpy_resize(DisplayState
*ds
)
264 VncState
*vs
= ds
->opaque
;
266 vs
->old_data
= qemu_realloc(vs
->old_data
, ds_get_linesize(ds
) * ds_get_height(ds
));
268 if (vs
->old_data
== NULL
) {
269 fprintf(stderr
, "vnc: memory allocation failed\n");
273 if (ds_get_bytes_per_pixel(ds
) != vs
->serverds
.pf
.bytes_per_pixel
)
274 console_color_init(ds
);
276 size_changed
= ds_get_width(ds
) != vs
->serverds
.width
||
277 ds_get_height(ds
) != vs
->serverds
.height
;
278 vs
->serverds
= *(ds
->surface
);
280 if (vs
->csock
!= -1 && vs
->has_resize
) {
281 vnc_write_u8(vs
, 0); /* msg id */
283 vnc_write_u16(vs
, 1); /* number of rects */
284 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
), -223);
289 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
290 memset(vs
->old_data
, 42, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
294 static void vnc_write_pixels_copy(VncState
*vs
, void *pixels
, int size
)
296 vnc_write(vs
, pixels
, size
);
299 /* slowest but generic code. */
300 static void vnc_convert_pixel(VncState
*vs
, uint8_t *buf
, uint32_t v
)
304 r
= ((((v
& vs
->serverds
.pf
.rmask
) >> vs
->serverds
.pf
.rshift
) << vs
->clientds
.pf
.rbits
) >>
305 vs
->serverds
.pf
.rbits
);
306 g
= ((((v
& vs
->serverds
.pf
.gmask
) >> vs
->serverds
.pf
.gshift
) << vs
->clientds
.pf
.gbits
) >>
307 vs
->serverds
.pf
.gbits
);
308 b
= ((((v
& vs
->serverds
.pf
.bmask
) >> vs
->serverds
.pf
.bshift
) << vs
->clientds
.pf
.bbits
) >>
309 vs
->serverds
.pf
.bbits
);
310 v
= (r
<< vs
->clientds
.pf
.rshift
) |
311 (g
<< vs
->clientds
.pf
.gshift
) |
312 (b
<< vs
->clientds
.pf
.bshift
);
313 switch(vs
->clientds
.pf
.bytes_per_pixel
) {
318 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
328 if (vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) {
343 static void vnc_write_pixels_generic(VncState
*vs
, void *pixels1
, int size
)
347 if (vs
->serverds
.pf
.bytes_per_pixel
== 4) {
348 uint32_t *pixels
= pixels1
;
351 for(i
= 0; i
< n
; i
++) {
352 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
353 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
355 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 2) {
356 uint16_t *pixels
= pixels1
;
359 for(i
= 0; i
< n
; i
++) {
360 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
361 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
363 } else if (vs
->serverds
.pf
.bytes_per_pixel
== 1) {
364 uint8_t *pixels
= pixels1
;
367 for(i
= 0; i
< n
; i
++) {
368 vnc_convert_pixel(vs
, buf
, pixels
[i
]);
369 vnc_write(vs
, buf
, vs
->clientds
.pf
.bytes_per_pixel
);
372 fprintf(stderr
, "vnc_write_pixels_generic: VncState color depth not supported\n");
376 static void send_framebuffer_update_raw(VncState
*vs
, int x
, int y
, int w
, int h
)
381 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 0);
383 row
= ds_get_data(vs
->ds
) + y
* ds_get_linesize(vs
->ds
) + x
* ds_get_bytes_per_pixel(vs
->ds
);
384 for (i
= 0; i
< h
; i
++) {
385 vs
->write_pixels(vs
, row
, w
* ds_get_bytes_per_pixel(vs
->ds
));
386 row
+= ds_get_linesize(vs
->ds
);
390 static void hextile_enc_cord(uint8_t *ptr
, int x
, int y
, int w
, int h
)
392 ptr
[0] = ((x
& 0x0F) << 4) | (y
& 0x0F);
393 ptr
[1] = (((w
- 1) & 0x0F) << 4) | ((h
- 1) & 0x0F);
397 #include "vnchextile.h"
401 #include "vnchextile.h"
405 #include "vnchextile.h"
410 #include "vnchextile.h"
416 #include "vnchextile.h"
422 #include "vnchextile.h"
426 static void send_framebuffer_update_hextile(VncState
*vs
, int x
, int y
, int w
, int h
)
430 uint8_t *last_fg
, *last_bg
;
432 vnc_framebuffer_update(vs
, x
, y
, w
, h
, 5);
434 last_fg
= (uint8_t *) malloc(vs
->serverds
.pf
.bytes_per_pixel
);
435 last_bg
= (uint8_t *) malloc(vs
->serverds
.pf
.bytes_per_pixel
);
437 for (j
= y
; j
< (y
+ h
); j
+= 16) {
438 for (i
= x
; i
< (x
+ w
); i
+= 16) {
439 vs
->send_hextile_tile(vs
, i
, j
,
440 MIN(16, x
+ w
- i
), MIN(16, y
+ h
- j
),
441 last_bg
, last_fg
, &has_bg
, &has_fg
);
449 static void send_framebuffer_update(VncState
*vs
, int x
, int y
, int w
, int h
)
452 send_framebuffer_update_hextile(vs
, x
, y
, w
, h
);
454 send_framebuffer_update_raw(vs
, x
, y
, w
, h
);
457 static void vnc_copy(DisplayState
*ds
, int src_x
, int src_y
, int dst_x
, int dst_y
, int w
, int h
)
459 VncState
*vs
= ds
->opaque
;
461 vnc_update_client(vs
);
463 vnc_write_u8(vs
, 0); /* msg id */
465 vnc_write_u16(vs
, 1); /* number of rects */
466 vnc_framebuffer_update(vs
, dst_x
, dst_y
, w
, h
, 1);
467 vnc_write_u16(vs
, src_x
);
468 vnc_write_u16(vs
, src_y
);
472 static int find_dirty_height(VncState
*vs
, int y
, int last_x
, int x
)
476 for (h
= 1; h
< (vs
->serverds
.height
- y
); h
++) {
478 if (!vnc_get_bit(vs
->dirty_row
[y
+ h
], last_x
))
480 for (tmp_x
= last_x
; tmp_x
< x
; tmp_x
++)
481 vnc_clear_bit(vs
->dirty_row
[y
+ h
], tmp_x
);
487 static void vnc_update_client(void *opaque
)
489 VncState
*vs
= opaque
;
491 if (vs
->need_update
&& vs
->csock
!= -1) {
495 uint32_t width_mask
[VNC_DIRTY_WORDS
];
502 vnc_set_bits(width_mask
, (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
504 /* Walk through the dirty map and eliminate tiles that
505 really aren't dirty */
506 row
= ds_get_data(vs
->ds
);
507 old_row
= vs
->old_data
;
509 for (y
= 0; y
< ds_get_height(vs
->ds
); y
++) {
510 if (vnc_and_bits(vs
->dirty_row
[y
], width_mask
, VNC_DIRTY_WORDS
)) {
516 old_ptr
= (char*)old_row
;
518 for (x
= 0; x
< ds_get_width(vs
->ds
); x
+= 16) {
519 if (memcmp(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
)) == 0) {
520 vnc_clear_bit(vs
->dirty_row
[y
], (x
/ 16));
523 memcpy(old_ptr
, ptr
, 16 * ds_get_bytes_per_pixel(vs
->ds
));
526 ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
527 old_ptr
+= 16 * ds_get_bytes_per_pixel(vs
->ds
);
531 row
+= ds_get_linesize(vs
->ds
);
532 old_row
+= ds_get_linesize(vs
->ds
);
535 if (!has_dirty
&& !vs
->audio_cap
) {
536 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
540 /* Count rectangles */
542 vnc_write_u8(vs
, 0); /* msg id */
544 saved_offset
= vs
->output
.offset
;
545 vnc_write_u16(vs
, 0);
547 for (y
= 0; y
< vs
->serverds
.height
; y
++) {
550 for (x
= 0; x
< vs
->serverds
.width
/ 16; x
++) {
551 if (vnc_get_bit(vs
->dirty_row
[y
], x
)) {
555 vnc_clear_bit(vs
->dirty_row
[y
], x
);
558 int h
= find_dirty_height(vs
, y
, last_x
, x
);
559 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
566 int h
= find_dirty_height(vs
, y
, last_x
, x
);
567 send_framebuffer_update(vs
, last_x
* 16, y
, (x
- last_x
) * 16, h
);
571 vs
->output
.buffer
[saved_offset
] = (n_rectangles
>> 8) & 0xFF;
572 vs
->output
.buffer
[saved_offset
+ 1] = n_rectangles
& 0xFF;
577 if (vs
->csock
!= -1) {
578 qemu_mod_timer(vs
->timer
, qemu_get_clock(rt_clock
) + VNC_REFRESH_INTERVAL
);
583 static int vnc_listen_poll(void *opaque
)
585 VncState
*vs
= opaque
;
591 static void buffer_reserve(Buffer
*buffer
, size_t len
)
593 if ((buffer
->capacity
- buffer
->offset
) < len
) {
594 buffer
->capacity
+= (len
+ 1024);
595 buffer
->buffer
= qemu_realloc(buffer
->buffer
, buffer
->capacity
);
596 if (buffer
->buffer
== NULL
) {
597 fprintf(stderr
, "vnc: out of memory\n");
603 static int buffer_empty(Buffer
*buffer
)
605 return buffer
->offset
== 0;
608 static uint8_t *buffer_end(Buffer
*buffer
)
610 return buffer
->buffer
+ buffer
->offset
;
613 static void buffer_reset(Buffer
*buffer
)
618 static void buffer_append(Buffer
*buffer
, const void *data
, size_t len
)
620 memcpy(buffer
->buffer
+ buffer
->offset
, data
, len
);
621 buffer
->offset
+= len
;
625 static void audio_capture_notify(void *opaque
, audcnotification_e cmd
)
627 VncState
*vs
= opaque
;
630 case AUD_CNOTIFY_DISABLE
:
631 vnc_write_u8(vs
, 255);
633 vnc_write_u16(vs
, 0);
637 case AUD_CNOTIFY_ENABLE
:
638 vnc_write_u8(vs
, 255);
640 vnc_write_u16(vs
, 1);
646 static void audio_capture_destroy(void *opaque
)
650 static void audio_capture(void *opaque
, void *buf
, int size
)
652 VncState
*vs
= opaque
;
654 vnc_write_u8(vs
, 255);
656 vnc_write_u16(vs
, 2);
657 vnc_write_u32(vs
, size
);
658 vnc_write(vs
, buf
, size
);
662 static void audio_add(VncState
*vs
)
664 struct audio_capture_ops ops
;
667 term_printf ("audio already running\n");
671 ops
.notify
= audio_capture_notify
;
672 ops
.destroy
= audio_capture_destroy
;
673 ops
.capture
= audio_capture
;
675 vs
->audio_cap
= AUD_add_capture(NULL
, &vs
->as
, &ops
, vs
);
676 if (!vs
->audio_cap
) {
677 term_printf ("Failed to add audio capture\n");
681 static void audio_del(VncState
*vs
)
684 AUD_del_capture(vs
->audio_cap
, vs
);
685 vs
->audio_cap
= NULL
;
689 static int vnc_client_io_error(VncState
*vs
, int ret
, int last_errno
)
691 if (ret
== 0 || ret
== -1) {
693 switch (last_errno
) {
705 VNC_DEBUG("Closing down client sock %d %d\n", ret
, ret
< 0 ? last_errno
: 0);
706 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
707 closesocket(vs
->csock
);
710 buffer_reset(&vs
->input
);
711 buffer_reset(&vs
->output
);
713 #ifdef CONFIG_VNC_TLS
714 if (vs
->tls_session
) {
715 gnutls_deinit(vs
->tls_session
);
716 vs
->tls_session
= NULL
;
718 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
719 #endif /* CONFIG_VNC_TLS */
726 static void vnc_client_error(VncState
*vs
)
728 vnc_client_io_error(vs
, -1, EINVAL
);
731 static void vnc_client_write(void *opaque
)
734 VncState
*vs
= opaque
;
736 #ifdef CONFIG_VNC_TLS
737 if (vs
->tls_session
) {
738 ret
= gnutls_write(vs
->tls_session
, vs
->output
.buffer
, vs
->output
.offset
);
740 if (ret
== GNUTLS_E_AGAIN
)
747 #endif /* CONFIG_VNC_TLS */
748 ret
= send(vs
->csock
, vs
->output
.buffer
, vs
->output
.offset
, 0);
749 ret
= vnc_client_io_error(vs
, ret
, socket_error());
753 memmove(vs
->output
.buffer
, vs
->output
.buffer
+ ret
, (vs
->output
.offset
- ret
));
754 vs
->output
.offset
-= ret
;
756 if (vs
->output
.offset
== 0) {
757 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
761 static void vnc_read_when(VncState
*vs
, VncReadEvent
*func
, size_t expecting
)
763 vs
->read_handler
= func
;
764 vs
->read_handler_expect
= expecting
;
767 static void vnc_client_read(void *opaque
)
769 VncState
*vs
= opaque
;
772 buffer_reserve(&vs
->input
, 4096);
774 #ifdef CONFIG_VNC_TLS
775 if (vs
->tls_session
) {
776 ret
= gnutls_read(vs
->tls_session
, buffer_end(&vs
->input
), 4096);
778 if (ret
== GNUTLS_E_AGAIN
)
785 #endif /* CONFIG_VNC_TLS */
786 ret
= recv(vs
->csock
, buffer_end(&vs
->input
), 4096, 0);
787 ret
= vnc_client_io_error(vs
, ret
, socket_error());
791 vs
->input
.offset
+= ret
;
793 while (vs
->read_handler
&& vs
->input
.offset
>= vs
->read_handler_expect
) {
794 size_t len
= vs
->read_handler_expect
;
797 ret
= vs
->read_handler(vs
, vs
->input
.buffer
, len
);
802 memmove(vs
->input
.buffer
, vs
->input
.buffer
+ len
, (vs
->input
.offset
- len
));
803 vs
->input
.offset
-= len
;
805 vs
->read_handler_expect
= ret
;
810 static void vnc_write(VncState
*vs
, const void *data
, size_t len
)
812 buffer_reserve(&vs
->output
, len
);
814 if (buffer_empty(&vs
->output
)) {
815 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
818 buffer_append(&vs
->output
, data
, len
);
821 static void vnc_write_s32(VncState
*vs
, int32_t value
)
823 vnc_write_u32(vs
, *(uint32_t *)&value
);
826 static void vnc_write_u32(VncState
*vs
, uint32_t value
)
830 buf
[0] = (value
>> 24) & 0xFF;
831 buf
[1] = (value
>> 16) & 0xFF;
832 buf
[2] = (value
>> 8) & 0xFF;
833 buf
[3] = value
& 0xFF;
835 vnc_write(vs
, buf
, 4);
838 static void vnc_write_u16(VncState
*vs
, uint16_t value
)
842 buf
[0] = (value
>> 8) & 0xFF;
843 buf
[1] = value
& 0xFF;
845 vnc_write(vs
, buf
, 2);
848 static void vnc_write_u8(VncState
*vs
, uint8_t value
)
850 vnc_write(vs
, (char *)&value
, 1);
853 static void vnc_flush(VncState
*vs
)
855 if (vs
->output
.offset
)
856 vnc_client_write(vs
);
859 static uint8_t read_u8(uint8_t *data
, size_t offset
)
864 static uint16_t read_u16(uint8_t *data
, size_t offset
)
866 return ((data
[offset
] & 0xFF) << 8) | (data
[offset
+ 1] & 0xFF);
869 static int32_t read_s32(uint8_t *data
, size_t offset
)
871 return (int32_t)((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
872 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
875 static uint32_t read_u32(uint8_t *data
, size_t offset
)
877 return ((data
[offset
] << 24) | (data
[offset
+ 1] << 16) |
878 (data
[offset
+ 2] << 8) | data
[offset
+ 3]);
881 #ifdef CONFIG_VNC_TLS
882 static ssize_t
vnc_tls_push(gnutls_transport_ptr_t transport
,
885 struct VncState
*vs
= (struct VncState
*)transport
;
889 ret
= send(vs
->csock
, data
, len
, 0);
899 static ssize_t
vnc_tls_pull(gnutls_transport_ptr_t transport
,
902 struct VncState
*vs
= (struct VncState
*)transport
;
906 ret
= recv(vs
->csock
, data
, len
, 0);
914 #endif /* CONFIG_VNC_TLS */
916 static void client_cut_text(VncState
*vs
, size_t len
, uint8_t *text
)
920 static void check_pointer_type_change(VncState
*vs
, int absolute
)
922 if (vs
->has_pointer_type_change
&& vs
->absolute
!= absolute
) {
925 vnc_write_u16(vs
, 1);
926 vnc_framebuffer_update(vs
, absolute
, 0,
927 ds_get_width(vs
->ds
), ds_get_height(vs
->ds
), -257);
930 vs
->absolute
= absolute
;
933 static void pointer_event(VncState
*vs
, int button_mask
, int x
, int y
)
938 if (button_mask
& 0x01)
939 buttons
|= MOUSE_EVENT_LBUTTON
;
940 if (button_mask
& 0x02)
941 buttons
|= MOUSE_EVENT_MBUTTON
;
942 if (button_mask
& 0x04)
943 buttons
|= MOUSE_EVENT_RBUTTON
;
944 if (button_mask
& 0x08)
946 if (button_mask
& 0x10)
950 kbd_mouse_event(x
* 0x7FFF / (ds_get_width(vs
->ds
) - 1),
951 y
* 0x7FFF / (ds_get_height(vs
->ds
) - 1),
953 } else if (vs
->has_pointer_type_change
) {
957 kbd_mouse_event(x
, y
, dz
, buttons
);
959 if (vs
->last_x
!= -1)
960 kbd_mouse_event(x
- vs
->last_x
,
967 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
970 static void reset_keys(VncState
*vs
)
973 for(i
= 0; i
< 256; i
++) {
974 if (vs
->modifiers_state
[i
]) {
976 kbd_put_keycode(0xe0);
977 kbd_put_keycode(i
| 0x80);
978 vs
->modifiers_state
[i
] = 0;
983 static void press_key(VncState
*vs
, int keysym
)
985 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) & 0x7f);
986 kbd_put_keycode(keysym2scancode(vs
->kbd_layout
, keysym
) | 0x80);
989 static void do_key_event(VncState
*vs
, int down
, int keycode
, int sym
)
991 /* QEMU console switch */
993 case 0x2a: /* Left Shift */
994 case 0x36: /* Right Shift */
995 case 0x1d: /* Left CTRL */
996 case 0x9d: /* Right CTRL */
997 case 0x38: /* Left ALT */
998 case 0xb8: /* Right ALT */
1000 vs
->modifiers_state
[keycode
] = 1;
1002 vs
->modifiers_state
[keycode
] = 0;
1004 case 0x02 ... 0x0a: /* '1' to '9' keys */
1005 if (down
&& vs
->modifiers_state
[0x1d] && vs
->modifiers_state
[0x38]) {
1006 /* Reset the modifiers sent to the current console */
1008 console_select(keycode
- 0x02);
1012 case 0x3a: /* CapsLock */
1013 case 0x45: /* NumLock */
1015 vs
->modifiers_state
[keycode
] ^= 1;
1019 if (keycode_is_keypad(vs
->kbd_layout
, keycode
)) {
1020 /* If the numlock state needs to change then simulate an additional
1021 keypress before sending this one. This will happen if the user
1022 toggles numlock away from the VNC window.
1024 if (keysym_is_numlock(vs
->kbd_layout
, sym
& 0xFFFF)) {
1025 if (!vs
->modifiers_state
[0x45]) {
1026 vs
->modifiers_state
[0x45] = 1;
1027 press_key(vs
, 0xff7f);
1030 if (vs
->modifiers_state
[0x45]) {
1031 vs
->modifiers_state
[0x45] = 0;
1032 press_key(vs
, 0xff7f);
1037 if (is_graphic_console()) {
1039 kbd_put_keycode(0xe0);
1041 kbd_put_keycode(keycode
& 0x7f);
1043 kbd_put_keycode(keycode
| 0x80);
1045 /* QEMU console emulation */
1048 case 0x2a: /* Left Shift */
1049 case 0x36: /* Right Shift */
1050 case 0x1d: /* Left CTRL */
1051 case 0x9d: /* Right CTRL */
1052 case 0x38: /* Left ALT */
1053 case 0xb8: /* Right ALT */
1056 kbd_put_keysym(QEMU_KEY_UP
);
1059 kbd_put_keysym(QEMU_KEY_DOWN
);
1062 kbd_put_keysym(QEMU_KEY_LEFT
);
1065 kbd_put_keysym(QEMU_KEY_RIGHT
);
1068 kbd_put_keysym(QEMU_KEY_DELETE
);
1071 kbd_put_keysym(QEMU_KEY_HOME
);
1074 kbd_put_keysym(QEMU_KEY_END
);
1077 kbd_put_keysym(QEMU_KEY_PAGEUP
);
1080 kbd_put_keysym(QEMU_KEY_PAGEDOWN
);
1083 kbd_put_keysym(sym
);
1090 static void key_event(VncState
*vs
, int down
, uint32_t sym
)
1094 if (sym
>= 'A' && sym
<= 'Z' && is_graphic_console())
1095 sym
= sym
- 'A' + 'a';
1097 keycode
= keysym2scancode(vs
->kbd_layout
, sym
& 0xFFFF);
1098 do_key_event(vs
, down
, keycode
, sym
);
1101 static void ext_key_event(VncState
*vs
, int down
,
1102 uint32_t sym
, uint16_t keycode
)
1104 /* if the user specifies a keyboard layout, always use it */
1105 if (keyboard_layout
)
1106 key_event(vs
, down
, sym
);
1108 do_key_event(vs
, down
, keycode
, sym
);
1111 static void framebuffer_update_request(VncState
*vs
, int incremental
,
1112 int x_position
, int y_position
,
1115 if (x_position
> ds_get_width(vs
->ds
))
1116 x_position
= ds_get_width(vs
->ds
);
1117 if (y_position
> ds_get_height(vs
->ds
))
1118 y_position
= ds_get_height(vs
->ds
);
1119 if (x_position
+ w
>= ds_get_width(vs
->ds
))
1120 w
= ds_get_width(vs
->ds
) - x_position
;
1121 if (y_position
+ h
>= ds_get_height(vs
->ds
))
1122 h
= ds_get_height(vs
->ds
) - y_position
;
1125 vs
->need_update
= 1;
1127 char *old_row
= vs
->old_data
+ y_position
* ds_get_linesize(vs
->ds
);
1129 for (i
= 0; i
< h
; i
++) {
1130 vnc_set_bits(vs
->dirty_row
[y_position
+ i
],
1131 (ds_get_width(vs
->ds
) / 16), VNC_DIRTY_WORDS
);
1132 memset(old_row
, 42, ds_get_width(vs
->ds
) * ds_get_bytes_per_pixel(vs
->ds
));
1133 old_row
+= ds_get_linesize(vs
->ds
);
1138 static void send_ext_key_event_ack(VncState
*vs
)
1140 vnc_write_u8(vs
, 0);
1141 vnc_write_u8(vs
, 0);
1142 vnc_write_u16(vs
, 1);
1143 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
), -258);
1147 static void send_ext_audio_ack(VncState
*vs
)
1149 vnc_write_u8(vs
, 0);
1150 vnc_write_u8(vs
, 0);
1151 vnc_write_u16(vs
, 1);
1152 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(vs
->ds
), ds_get_height(vs
->ds
), -259);
1156 static void set_encodings(VncState
*vs
, int32_t *encodings
, size_t n_encodings
)
1160 vs
->has_hextile
= 0;
1162 vs
->has_pointer_type_change
= 0;
1165 dcl
->dpy_copy
= NULL
;
1167 for (i
= n_encodings
- 1; i
>= 0; i
--) {
1168 switch (encodings
[i
]) {
1170 vs
->has_hextile
= 0;
1172 case 1: /* CopyRect */
1173 dcl
->dpy_copy
= vnc_copy
;
1175 case 5: /* Hextile */
1176 vs
->has_hextile
= 1;
1178 case -223: /* DesktopResize */
1182 vs
->has_pointer_type_change
= 1;
1185 send_ext_key_event_ack(vs
);
1188 send_ext_audio_ack(vs
);
1198 check_pointer_type_change(vs
, kbd_mouse_is_absolute());
1201 static void set_pixel_conversion(VncState
*vs
)
1203 if ((vs
->clientds
.flags
& QEMU_BIG_ENDIAN_FLAG
) ==
1204 (vs
->ds
->surface
->flags
& QEMU_BIG_ENDIAN_FLAG
) &&
1205 !memcmp(&(vs
->clientds
.pf
), &(vs
->ds
->surface
->pf
), sizeof(PixelFormat
))) {
1206 vs
->write_pixels
= vnc_write_pixels_copy
;
1207 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1209 vs
->send_hextile_tile
= send_hextile_tile_8
;
1212 vs
->send_hextile_tile
= send_hextile_tile_16
;
1215 vs
->send_hextile_tile
= send_hextile_tile_32
;
1219 vs
->write_pixels
= vnc_write_pixels_generic
;
1220 switch (vs
->ds
->surface
->pf
.bits_per_pixel
) {
1222 vs
->send_hextile_tile
= send_hextile_tile_generic_8
;
1225 vs
->send_hextile_tile
= send_hextile_tile_generic_16
;
1228 vs
->send_hextile_tile
= send_hextile_tile_generic_32
;
1234 static void set_pixel_format(VncState
*vs
,
1235 int bits_per_pixel
, int depth
,
1236 int big_endian_flag
, int true_color_flag
,
1237 int red_max
, int green_max
, int blue_max
,
1238 int red_shift
, int green_shift
, int blue_shift
)
1240 if (!true_color_flag
) {
1241 vnc_client_error(vs
);
1245 vs
->clientds
= vs
->serverds
;
1246 vs
->clientds
.pf
.rmax
= red_max
;
1247 count_bits(vs
->clientds
.pf
.rbits
, red_max
);
1248 vs
->clientds
.pf
.rshift
= red_shift
;
1249 vs
->clientds
.pf
.rmask
= red_max
<< red_shift
;
1250 vs
->clientds
.pf
.gmax
= green_max
;
1251 count_bits(vs
->clientds
.pf
.gbits
, green_max
);
1252 vs
->clientds
.pf
.gshift
= green_shift
;
1253 vs
->clientds
.pf
.gmask
= green_max
<< green_shift
;
1254 vs
->clientds
.pf
.bmax
= blue_max
;
1255 count_bits(vs
->clientds
.pf
.bbits
, blue_max
);
1256 vs
->clientds
.pf
.bshift
= blue_shift
;
1257 vs
->clientds
.pf
.bmask
= blue_max
<< blue_shift
;
1258 vs
->clientds
.pf
.bits_per_pixel
= bits_per_pixel
;
1259 vs
->clientds
.pf
.bytes_per_pixel
= bits_per_pixel
/ 8;
1260 vs
->clientds
.pf
.depth
= bits_per_pixel
== 32 ? 24 : bits_per_pixel
;
1261 vs
->clientds
.flags
= big_endian_flag
? QEMU_BIG_ENDIAN_FLAG
: 0x00;
1263 set_pixel_conversion(vs
);
1265 vga_hw_invalidate();
1269 static void pixel_format_message (VncState
*vs
) {
1270 char pad
[3] = { 0, 0, 0 };
1272 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bits_per_pixel
); /* bits-per-pixel */
1273 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.depth
); /* depth */
1275 #ifdef WORDS_BIGENDIAN
1276 vnc_write_u8(vs
, 1); /* big-endian-flag */
1278 vnc_write_u8(vs
, 0); /* big-endian-flag */
1280 vnc_write_u8(vs
, 1); /* true-color-flag */
1281 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.rmax
); /* red-max */
1282 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.gmax
); /* green-max */
1283 vnc_write_u16(vs
, vs
->ds
->surface
->pf
.bmax
); /* blue-max */
1284 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.rshift
); /* red-shift */
1285 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.gshift
); /* green-shift */
1286 vnc_write_u8(vs
, vs
->ds
->surface
->pf
.bshift
); /* blue-shift */
1287 if (vs
->ds
->surface
->pf
.bits_per_pixel
== 32)
1288 vs
->send_hextile_tile
= send_hextile_tile_32
;
1289 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 16)
1290 vs
->send_hextile_tile
= send_hextile_tile_16
;
1291 else if (vs
->ds
->surface
->pf
.bits_per_pixel
== 8)
1292 vs
->send_hextile_tile
= send_hextile_tile_8
;
1293 vs
->clientds
= *(vs
->ds
->surface
);
1294 vs
->clientds
.flags
|= ~QEMU_ALLOCATED_FLAG
;
1295 vs
->write_pixels
= vnc_write_pixels_copy
;
1297 vnc_write(vs
, pad
, 3); /* padding */
1300 static void vnc_dpy_setdata(DisplayState
*ds
)
1302 /* We don't have to do anything */
1305 static void vnc_colordepth(DisplayState
*ds
)
1307 struct VncState
*vs
= ds
->opaque
;
1309 if (vs
->csock
!= -1 && vs
->has_WMVi
) {
1310 /* Sending a WMVi message to notify the client*/
1311 vnc_write_u8(vs
, 0); /* msg id */
1312 vnc_write_u8(vs
, 0);
1313 vnc_write_u16(vs
, 1); /* number of rects */
1314 vnc_framebuffer_update(vs
, 0, 0, ds_get_width(ds
), ds_get_height(ds
), 0x574D5669);
1315 pixel_format_message(vs
);
1318 set_pixel_conversion(vs
);
1322 static int protocol_client_msg(VncState
*vs
, uint8_t *data
, size_t len
)
1332 set_pixel_format(vs
, read_u8(data
, 4), read_u8(data
, 5),
1333 read_u8(data
, 6), read_u8(data
, 7),
1334 read_u16(data
, 8), read_u16(data
, 10),
1335 read_u16(data
, 12), read_u8(data
, 14),
1336 read_u8(data
, 15), read_u8(data
, 16));
1343 limit
= read_u16(data
, 2);
1345 return 4 + (limit
* 4);
1347 limit
= read_u16(data
, 2);
1349 for (i
= 0; i
< limit
; i
++) {
1350 int32_t val
= read_s32(data
, 4 + (i
* 4));
1351 memcpy(data
+ 4 + (i
* 4), &val
, sizeof(val
));
1354 set_encodings(vs
, (int32_t *)(data
+ 4), limit
);
1360 framebuffer_update_request(vs
,
1361 read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4),
1362 read_u16(data
, 6), read_u16(data
, 8));
1368 key_event(vs
, read_u8(data
, 1), read_u32(data
, 4));
1374 pointer_event(vs
, read_u8(data
, 1), read_u16(data
, 2), read_u16(data
, 4));
1381 uint32_t dlen
= read_u32(data
, 4);
1386 client_cut_text(vs
, read_u32(data
, 4), data
+ 8);
1392 switch (read_u8(data
, 1)) {
1397 ext_key_event(vs
, read_u16(data
, 2),
1398 read_u32(data
, 4), read_u32(data
, 8));
1404 switch (read_u16 (data
, 2)) {
1414 switch (read_u8(data
, 4)) {
1415 case 0: vs
->as
.fmt
= AUD_FMT_U8
; break;
1416 case 1: vs
->as
.fmt
= AUD_FMT_S8
; break;
1417 case 2: vs
->as
.fmt
= AUD_FMT_U16
; break;
1418 case 3: vs
->as
.fmt
= AUD_FMT_S16
; break;
1419 case 4: vs
->as
.fmt
= AUD_FMT_U32
; break;
1420 case 5: vs
->as
.fmt
= AUD_FMT_S32
; break;
1422 printf("Invalid audio format %d\n", read_u8(data
, 4));
1423 vnc_client_error(vs
);
1426 vs
->as
.nchannels
= read_u8(data
, 5);
1427 if (vs
->as
.nchannels
!= 1 && vs
->as
.nchannels
!= 2) {
1428 printf("Invalid audio channel coount %d\n",
1430 vnc_client_error(vs
);
1433 vs
->as
.freq
= read_u32(data
, 6);
1436 printf ("Invalid audio message %d\n", read_u8(data
, 4));
1437 vnc_client_error(vs
);
1443 printf("Msg: %d\n", read_u16(data
, 0));
1444 vnc_client_error(vs
);
1449 printf("Msg: %d\n", data
[0]);
1450 vnc_client_error(vs
);
1454 vnc_read_when(vs
, protocol_client_msg
, 1);
1458 static int protocol_client_init(VncState
*vs
, uint8_t *data
, size_t len
)
1463 vnc_write_u16(vs
, ds_get_width(vs
->ds
));
1464 vnc_write_u16(vs
, ds_get_height(vs
->ds
));
1466 pixel_format_message(vs
);
1469 size
= snprintf(buf
, sizeof(buf
), "QEMU (%s)", qemu_name
);
1471 size
= snprintf(buf
, sizeof(buf
), "QEMU");
1473 vnc_write_u32(vs
, size
);
1474 vnc_write(vs
, buf
, size
);
1477 vnc_read_when(vs
, protocol_client_msg
, 1);
1482 static void make_challenge(VncState
*vs
)
1486 srand(time(NULL
)+getpid()+getpid()*987654+rand());
1488 for (i
= 0 ; i
< sizeof(vs
->challenge
) ; i
++)
1489 vs
->challenge
[i
] = (int) (256.0*rand()/(RAND_MAX
+1.0));
1492 static int protocol_client_auth_vnc(VncState
*vs
, uint8_t *data
, size_t len
)
1494 unsigned char response
[VNC_AUTH_CHALLENGE_SIZE
];
1496 unsigned char key
[8];
1498 if (!vs
->password
|| !vs
->password
[0]) {
1499 VNC_DEBUG("No password configured on server");
1500 vnc_write_u32(vs
, 1); /* Reject auth */
1501 if (vs
->minor
>= 8) {
1502 static const char err
[] = "Authentication failed";
1503 vnc_write_u32(vs
, sizeof(err
));
1504 vnc_write(vs
, err
, sizeof(err
));
1507 vnc_client_error(vs
);
1511 memcpy(response
, vs
->challenge
, VNC_AUTH_CHALLENGE_SIZE
);
1513 /* Calculate the expected challenge response */
1514 pwlen
= strlen(vs
->password
);
1515 for (i
=0; i
<sizeof(key
); i
++)
1516 key
[i
] = i
<pwlen
? vs
->password
[i
] : 0;
1518 for (j
= 0; j
< VNC_AUTH_CHALLENGE_SIZE
; j
+= 8)
1519 des(response
+j
, response
+j
);
1521 /* Compare expected vs actual challenge response */
1522 if (memcmp(response
, data
, VNC_AUTH_CHALLENGE_SIZE
) != 0) {
1523 VNC_DEBUG("Client challenge reponse did not match\n");
1524 vnc_write_u32(vs
, 1); /* Reject auth */
1525 if (vs
->minor
>= 8) {
1526 static const char err
[] = "Authentication failed";
1527 vnc_write_u32(vs
, sizeof(err
));
1528 vnc_write(vs
, err
, sizeof(err
));
1531 vnc_client_error(vs
);
1533 VNC_DEBUG("Accepting VNC challenge response\n");
1534 vnc_write_u32(vs
, 0); /* Accept auth */
1537 vnc_read_when(vs
, protocol_client_init
, 1);
1542 static int start_auth_vnc(VncState
*vs
)
1545 /* Send client a 'random' challenge */
1546 vnc_write(vs
, vs
->challenge
, sizeof(vs
->challenge
));
1549 vnc_read_when(vs
, protocol_client_auth_vnc
, sizeof(vs
->challenge
));
1554 #ifdef CONFIG_VNC_TLS
1555 #define DH_BITS 1024
1556 static gnutls_dh_params_t dh_params
;
1558 static int vnc_tls_initialize(void)
1560 static int tlsinitialized
= 0;
1565 if (gnutls_global_init () < 0)
1568 /* XXX ought to re-generate diffie-hellmen params periodically */
1569 if (gnutls_dh_params_init (&dh_params
) < 0)
1571 if (gnutls_dh_params_generate2 (dh_params
, DH_BITS
) < 0)
1574 #if defined(_VNC_DEBUG) && _VNC_DEBUG >= 2
1575 gnutls_global_set_log_level(10);
1576 gnutls_global_set_log_function(vnc_debug_gnutls_log
);
1584 static gnutls_anon_server_credentials
vnc_tls_initialize_anon_cred(void)
1586 gnutls_anon_server_credentials anon_cred
;
1589 if ((ret
= gnutls_anon_allocate_server_credentials(&anon_cred
)) < 0) {
1590 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1594 gnutls_anon_set_server_dh_params(anon_cred
, dh_params
);
1600 static gnutls_certificate_credentials_t
vnc_tls_initialize_x509_cred(VncState
*vs
)
1602 gnutls_certificate_credentials_t x509_cred
;
1605 if (!vs
->x509cacert
) {
1606 VNC_DEBUG("No CA x509 certificate specified\n");
1609 if (!vs
->x509cert
) {
1610 VNC_DEBUG("No server x509 certificate specified\n");
1614 VNC_DEBUG("No server private key specified\n");
1618 if ((ret
= gnutls_certificate_allocate_credentials(&x509_cred
)) < 0) {
1619 VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret
));
1622 if ((ret
= gnutls_certificate_set_x509_trust_file(x509_cred
,
1624 GNUTLS_X509_FMT_PEM
)) < 0) {
1625 VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret
));
1626 gnutls_certificate_free_credentials(x509_cred
);
1630 if ((ret
= gnutls_certificate_set_x509_key_file (x509_cred
,
1633 GNUTLS_X509_FMT_PEM
)) < 0) {
1634 VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret
));
1635 gnutls_certificate_free_credentials(x509_cred
);
1639 if (vs
->x509cacrl
) {
1640 if ((ret
= gnutls_certificate_set_x509_crl_file(x509_cred
,
1642 GNUTLS_X509_FMT_PEM
)) < 0) {
1643 VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret
));
1644 gnutls_certificate_free_credentials(x509_cred
);
1649 gnutls_certificate_set_dh_params (x509_cred
, dh_params
);
1654 static int vnc_validate_certificate(struct VncState
*vs
)
1657 unsigned int status
;
1658 const gnutls_datum_t
*certs
;
1659 unsigned int nCerts
, i
;
1662 VNC_DEBUG("Validating client certificate\n");
1663 if ((ret
= gnutls_certificate_verify_peers2 (vs
->tls_session
, &status
)) < 0) {
1664 VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret
));
1668 if ((now
= time(NULL
)) == ((time_t)-1)) {
1673 if (status
& GNUTLS_CERT_INVALID
)
1674 VNC_DEBUG("The certificate is not trusted.\n");
1676 if (status
& GNUTLS_CERT_SIGNER_NOT_FOUND
)
1677 VNC_DEBUG("The certificate hasn't got a known issuer.\n");
1679 if (status
& GNUTLS_CERT_REVOKED
)
1680 VNC_DEBUG("The certificate has been revoked.\n");
1682 if (status
& GNUTLS_CERT_INSECURE_ALGORITHM
)
1683 VNC_DEBUG("The certificate uses an insecure algorithm\n");
1687 VNC_DEBUG("Certificate is valid!\n");
1690 /* Only support x509 for now */
1691 if (gnutls_certificate_type_get(vs
->tls_session
) != GNUTLS_CRT_X509
)
1694 if (!(certs
= gnutls_certificate_get_peers(vs
->tls_session
, &nCerts
)))
1697 for (i
= 0 ; i
< nCerts
; i
++) {
1698 gnutls_x509_crt_t cert
;
1699 VNC_DEBUG ("Checking certificate chain %d\n", i
);
1700 if (gnutls_x509_crt_init (&cert
) < 0)
1703 if (gnutls_x509_crt_import(cert
, &certs
[i
], GNUTLS_X509_FMT_DER
) < 0) {
1704 gnutls_x509_crt_deinit (cert
);
1708 if (gnutls_x509_crt_get_expiration_time (cert
) < now
) {
1709 VNC_DEBUG("The certificate has expired\n");
1710 gnutls_x509_crt_deinit (cert
);
1714 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1715 VNC_DEBUG("The certificate is not yet activated\n");
1716 gnutls_x509_crt_deinit (cert
);
1720 if (gnutls_x509_crt_get_activation_time (cert
) > now
) {
1721 VNC_DEBUG("The certificate is not yet activated\n");
1722 gnutls_x509_crt_deinit (cert
);
1726 gnutls_x509_crt_deinit (cert
);
1733 static int start_auth_vencrypt_subauth(VncState
*vs
)
1735 switch (vs
->subauth
) {
1736 case VNC_AUTH_VENCRYPT_TLSNONE
:
1737 case VNC_AUTH_VENCRYPT_X509NONE
:
1738 VNC_DEBUG("Accept TLS auth none\n");
1739 vnc_write_u32(vs
, 0); /* Accept auth completion */
1740 vnc_read_when(vs
, protocol_client_init
, 1);
1743 case VNC_AUTH_VENCRYPT_TLSVNC
:
1744 case VNC_AUTH_VENCRYPT_X509VNC
:
1745 VNC_DEBUG("Start TLS auth VNC\n");
1746 return start_auth_vnc(vs
);
1748 default: /* Should not be possible, but just in case */
1749 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
1750 vnc_write_u8(vs
, 1);
1751 if (vs
->minor
>= 8) {
1752 static const char err
[] = "Unsupported authentication type";
1753 vnc_write_u32(vs
, sizeof(err
));
1754 vnc_write(vs
, err
, sizeof(err
));
1756 vnc_client_error(vs
);
1762 static void vnc_handshake_io(void *opaque
);
1764 static int vnc_continue_handshake(struct VncState
*vs
) {
1767 if ((ret
= gnutls_handshake(vs
->tls_session
)) < 0) {
1768 if (!gnutls_error_is_fatal(ret
)) {
1769 VNC_DEBUG("Handshake interrupted (blocking)\n");
1770 if (!gnutls_record_get_direction(vs
->tls_session
))
1771 qemu_set_fd_handler(vs
->csock
, vnc_handshake_io
, NULL
, vs
);
1773 qemu_set_fd_handler(vs
->csock
, NULL
, vnc_handshake_io
, vs
);
1776 VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret
));
1777 vnc_client_error(vs
);
1781 if (vs
->x509verify
) {
1782 if (vnc_validate_certificate(vs
) < 0) {
1783 VNC_DEBUG("Client verification failed\n");
1784 vnc_client_error(vs
);
1787 VNC_DEBUG("Client verification passed\n");
1791 VNC_DEBUG("Handshake done, switching to TLS data mode\n");
1792 vs
->wiremode
= VNC_WIREMODE_TLS
;
1793 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, vnc_client_write
, vs
);
1795 return start_auth_vencrypt_subauth(vs
);
1798 static void vnc_handshake_io(void *opaque
) {
1799 struct VncState
*vs
= (struct VncState
*)opaque
;
1801 VNC_DEBUG("Handshake IO continue\n");
1802 vnc_continue_handshake(vs
);
1805 #define NEED_X509_AUTH(vs) \
1806 ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
1807 (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
1808 (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
1811 static int vnc_start_tls(struct VncState
*vs
) {
1812 static const int cert_type_priority
[] = { GNUTLS_CRT_X509
, 0 };
1813 static const int protocol_priority
[]= { GNUTLS_TLS1_1
, GNUTLS_TLS1_0
, GNUTLS_SSL3
, 0 };
1814 static const int kx_anon
[] = {GNUTLS_KX_ANON_DH
, 0};
1815 static const int kx_x509
[] = {GNUTLS_KX_DHE_DSS
, GNUTLS_KX_RSA
, GNUTLS_KX_DHE_RSA
, GNUTLS_KX_SRP
, 0};
1817 VNC_DEBUG("Do TLS setup\n");
1818 if (vnc_tls_initialize() < 0) {
1819 VNC_DEBUG("Failed to init TLS\n");
1820 vnc_client_error(vs
);
1823 if (vs
->tls_session
== NULL
) {
1824 if (gnutls_init(&vs
->tls_session
, GNUTLS_SERVER
) < 0) {
1825 vnc_client_error(vs
);
1829 if (gnutls_set_default_priority(vs
->tls_session
) < 0) {
1830 gnutls_deinit(vs
->tls_session
);
1831 vs
->tls_session
= NULL
;
1832 vnc_client_error(vs
);
1836 if (gnutls_kx_set_priority(vs
->tls_session
, NEED_X509_AUTH(vs
) ? kx_x509
: kx_anon
) < 0) {
1837 gnutls_deinit(vs
->tls_session
);
1838 vs
->tls_session
= NULL
;
1839 vnc_client_error(vs
);
1843 if (gnutls_certificate_type_set_priority(vs
->tls_session
, cert_type_priority
) < 0) {
1844 gnutls_deinit(vs
->tls_session
);
1845 vs
->tls_session
= NULL
;
1846 vnc_client_error(vs
);
1850 if (gnutls_protocol_set_priority(vs
->tls_session
, protocol_priority
) < 0) {
1851 gnutls_deinit(vs
->tls_session
);
1852 vs
->tls_session
= NULL
;
1853 vnc_client_error(vs
);
1857 if (NEED_X509_AUTH(vs
)) {
1858 gnutls_certificate_server_credentials x509_cred
= vnc_tls_initialize_x509_cred(vs
);
1860 gnutls_deinit(vs
->tls_session
);
1861 vs
->tls_session
= NULL
;
1862 vnc_client_error(vs
);
1865 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_CERTIFICATE
, x509_cred
) < 0) {
1866 gnutls_deinit(vs
->tls_session
);
1867 vs
->tls_session
= NULL
;
1868 gnutls_certificate_free_credentials(x509_cred
);
1869 vnc_client_error(vs
);
1872 if (vs
->x509verify
) {
1873 VNC_DEBUG("Requesting a client certificate\n");
1874 gnutls_certificate_server_set_request (vs
->tls_session
, GNUTLS_CERT_REQUEST
);
1878 gnutls_anon_server_credentials anon_cred
= vnc_tls_initialize_anon_cred();
1880 gnutls_deinit(vs
->tls_session
);
1881 vs
->tls_session
= NULL
;
1882 vnc_client_error(vs
);
1885 if (gnutls_credentials_set(vs
->tls_session
, GNUTLS_CRD_ANON
, anon_cred
) < 0) {
1886 gnutls_deinit(vs
->tls_session
);
1887 vs
->tls_session
= NULL
;
1888 gnutls_anon_free_server_credentials(anon_cred
);
1889 vnc_client_error(vs
);
1894 gnutls_transport_set_ptr(vs
->tls_session
, (gnutls_transport_ptr_t
)vs
);
1895 gnutls_transport_set_push_function(vs
->tls_session
, vnc_tls_push
);
1896 gnutls_transport_set_pull_function(vs
->tls_session
, vnc_tls_pull
);
1899 VNC_DEBUG("Start TLS handshake process\n");
1900 return vnc_continue_handshake(vs
);
1903 static int protocol_client_vencrypt_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1905 int auth
= read_u32(data
, 0);
1907 if (auth
!= vs
->subauth
) {
1908 VNC_DEBUG("Rejecting auth %d\n", auth
);
1909 vnc_write_u8(vs
, 0); /* Reject auth */
1911 vnc_client_error(vs
);
1913 VNC_DEBUG("Accepting auth %d, starting handshake\n", auth
);
1914 vnc_write_u8(vs
, 1); /* Accept auth */
1917 if (vnc_start_tls(vs
) < 0) {
1918 VNC_DEBUG("Failed to complete TLS\n");
1922 if (vs
->wiremode
== VNC_WIREMODE_TLS
) {
1923 VNC_DEBUG("Starting VeNCrypt subauth\n");
1924 return start_auth_vencrypt_subauth(vs
);
1926 VNC_DEBUG("TLS handshake blocked\n");
1933 static int protocol_client_vencrypt_init(VncState
*vs
, uint8_t *data
, size_t len
)
1937 VNC_DEBUG("Unsupported VeNCrypt protocol %d.%d\n", (int)data
[0], (int)data
[1]);
1938 vnc_write_u8(vs
, 1); /* Reject version */
1940 vnc_client_error(vs
);
1942 VNC_DEBUG("Sending allowed auth %d\n", vs
->subauth
);
1943 vnc_write_u8(vs
, 0); /* Accept version */
1944 vnc_write_u8(vs
, 1); /* Number of sub-auths */
1945 vnc_write_u32(vs
, vs
->subauth
); /* The supported auth */
1947 vnc_read_when(vs
, protocol_client_vencrypt_auth
, 4);
1952 static int start_auth_vencrypt(VncState
*vs
)
1954 /* Send VeNCrypt version 0.2 */
1955 vnc_write_u8(vs
, 0);
1956 vnc_write_u8(vs
, 2);
1958 vnc_read_when(vs
, protocol_client_vencrypt_init
, 2);
1961 #endif /* CONFIG_VNC_TLS */
1963 static int protocol_client_auth(VncState
*vs
, uint8_t *data
, size_t len
)
1965 /* We only advertise 1 auth scheme at a time, so client
1966 * must pick the one we sent. Verify this */
1967 if (data
[0] != vs
->auth
) { /* Reject auth */
1968 VNC_DEBUG("Reject auth %d\n", (int)data
[0]);
1969 vnc_write_u32(vs
, 1);
1970 if (vs
->minor
>= 8) {
1971 static const char err
[] = "Authentication failed";
1972 vnc_write_u32(vs
, sizeof(err
));
1973 vnc_write(vs
, err
, sizeof(err
));
1975 vnc_client_error(vs
);
1976 } else { /* Accept requested auth */
1977 VNC_DEBUG("Client requested auth %d\n", (int)data
[0]);
1980 VNC_DEBUG("Accept auth none\n");
1981 if (vs
->minor
>= 8) {
1982 vnc_write_u32(vs
, 0); /* Accept auth completion */
1985 vnc_read_when(vs
, protocol_client_init
, 1);
1989 VNC_DEBUG("Start VNC auth\n");
1990 return start_auth_vnc(vs
);
1992 #ifdef CONFIG_VNC_TLS
1993 case VNC_AUTH_VENCRYPT
:
1994 VNC_DEBUG("Accept VeNCrypt auth\n");;
1995 return start_auth_vencrypt(vs
);
1996 #endif /* CONFIG_VNC_TLS */
1998 default: /* Should not be possible, but just in case */
1999 VNC_DEBUG("Reject auth %d\n", vs
->auth
);
2000 vnc_write_u8(vs
, 1);
2001 if (vs
->minor
>= 8) {
2002 static const char err
[] = "Authentication failed";
2003 vnc_write_u32(vs
, sizeof(err
));
2004 vnc_write(vs
, err
, sizeof(err
));
2006 vnc_client_error(vs
);
2012 static int protocol_version(VncState
*vs
, uint8_t *version
, size_t len
)
2016 memcpy(local
, version
, 12);
2019 if (sscanf(local
, "RFB %03d.%03d\n", &vs
->major
, &vs
->minor
) != 2) {
2020 VNC_DEBUG("Malformed protocol version %s\n", local
);
2021 vnc_client_error(vs
);
2024 VNC_DEBUG("Client request protocol version %d.%d\n", vs
->major
, vs
->minor
);
2025 if (vs
->major
!= 3 ||
2031 VNC_DEBUG("Unsupported client version\n");
2032 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2034 vnc_client_error(vs
);
2037 /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
2038 * as equivalent to v3.3 by servers
2040 if (vs
->minor
== 4 || vs
->minor
== 5)
2043 if (vs
->minor
== 3) {
2044 if (vs
->auth
== VNC_AUTH_NONE
) {
2045 VNC_DEBUG("Tell client auth none\n");
2046 vnc_write_u32(vs
, vs
->auth
);
2048 vnc_read_when(vs
, protocol_client_init
, 1);
2049 } else if (vs
->auth
== VNC_AUTH_VNC
) {
2050 VNC_DEBUG("Tell client VNC auth\n");
2051 vnc_write_u32(vs
, vs
->auth
);
2055 VNC_DEBUG("Unsupported auth %d for protocol 3.3\n", vs
->auth
);
2056 vnc_write_u32(vs
, VNC_AUTH_INVALID
);
2058 vnc_client_error(vs
);
2061 VNC_DEBUG("Telling client we support auth %d\n", vs
->auth
);
2062 vnc_write_u8(vs
, 1); /* num auth */
2063 vnc_write_u8(vs
, vs
->auth
);
2064 vnc_read_when(vs
, protocol_client_auth
, 1);
2071 static void vnc_connect(VncState
*vs
)
2073 VNC_DEBUG("New client on socket %d\n", vs
->csock
);
2075 socket_set_nonblock(vs
->csock
);
2076 qemu_set_fd_handler2(vs
->csock
, NULL
, vnc_client_read
, NULL
, vs
);
2077 vnc_write(vs
, "RFB 003.008\n", 12);
2079 vnc_read_when(vs
, protocol_version
, 12);
2080 memset(vs
->old_data
, 0, ds_get_linesize(vs
->ds
) * ds_get_height(vs
->ds
));
2081 memset(vs
->dirty_row
, 0xFF, sizeof(vs
->dirty_row
));
2083 vs
->has_hextile
= 0;
2085 dcl
->dpy_copy
= NULL
;
2086 vnc_update_client(vs
);
2090 static void vnc_listen_read(void *opaque
)
2092 VncState
*vs
= opaque
;
2093 struct sockaddr_in addr
;
2094 socklen_t addrlen
= sizeof(addr
);
2099 vs
->csock
= accept(vs
->lsock
, (struct sockaddr
*)&addr
, &addrlen
);
2100 if (vs
->csock
!= -1) {
2105 void vnc_display_init(DisplayState
*ds
)
2109 vs
= qemu_mallocz(sizeof(VncState
));
2110 dcl
= qemu_mallocz(sizeof(DisplayChangeListener
));
2118 vs
->password
= NULL
;
2127 if (keyboard_layout
)
2128 vs
->kbd_layout
= init_keyboard_layout(keyboard_layout
);
2130 vs
->kbd_layout
= init_keyboard_layout("en-us");
2132 if (!vs
->kbd_layout
)
2135 vs
->timer
= qemu_new_timer(rt_clock
, vnc_update_client
, vs
);
2137 dcl
->dpy_update
= vnc_dpy_update
;
2138 dcl
->dpy_resize
= vnc_dpy_resize
;
2139 dcl
->dpy_setdata
= vnc_dpy_setdata
;
2140 dcl
->dpy_refresh
= NULL
;
2141 register_displaychangelistener(ds
, dcl
);
2143 vs
->as
.freq
= 44100;
2144 vs
->as
.nchannels
= 2;
2145 vs
->as
.fmt
= AUD_FMT_S16
;
2146 vs
->as
.endianness
= 0;
2149 #ifdef CONFIG_VNC_TLS
2150 static int vnc_set_x509_credential(VncState
*vs
,
2151 const char *certdir
,
2152 const char *filename
,
2163 if (!(*cred
= qemu_malloc(strlen(certdir
) + strlen(filename
) + 2)))
2166 strcpy(*cred
, certdir
);
2168 strcat(*cred
, filename
);
2170 VNC_DEBUG("Check %s\n", *cred
);
2171 if (stat(*cred
, &sb
) < 0) {
2174 if (ignoreMissing
&& errno
== ENOENT
)
2182 static int vnc_set_x509_credential_dir(VncState
*vs
,
2183 const char *certdir
)
2185 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CERT_FILE
, &vs
->x509cacert
, 0) < 0)
2187 if (vnc_set_x509_credential(vs
, certdir
, X509_CA_CRL_FILE
, &vs
->x509cacrl
, 1) < 0)
2189 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_CERT_FILE
, &vs
->x509cert
, 0) < 0)
2191 if (vnc_set_x509_credential(vs
, certdir
, X509_SERVER_KEY_FILE
, &vs
->x509key
, 0) < 0)
2197 qemu_free(vs
->x509cacert
);
2198 qemu_free(vs
->x509cacrl
);
2199 qemu_free(vs
->x509cert
);
2200 qemu_free(vs
->x509key
);
2201 vs
->x509cacert
= vs
->x509cacrl
= vs
->x509cert
= vs
->x509key
= NULL
;
2204 #endif /* CONFIG_VNC_TLS */
2206 void vnc_display_close(DisplayState
*ds
)
2208 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2211 qemu_free(vs
->display
);
2214 if (vs
->lsock
!= -1) {
2215 qemu_set_fd_handler2(vs
->lsock
, NULL
, NULL
, NULL
, NULL
);
2219 if (vs
->csock
!= -1) {
2220 qemu_set_fd_handler2(vs
->csock
, NULL
, NULL
, NULL
, NULL
);
2221 closesocket(vs
->csock
);
2223 buffer_reset(&vs
->input
);
2224 buffer_reset(&vs
->output
);
2225 vs
->need_update
= 0;
2226 #ifdef CONFIG_VNC_TLS
2227 if (vs
->tls_session
) {
2228 gnutls_deinit(vs
->tls_session
);
2229 vs
->tls_session
= NULL
;
2231 vs
->wiremode
= VNC_WIREMODE_CLEAR
;
2232 #endif /* CONFIG_VNC_TLS */
2234 vs
->auth
= VNC_AUTH_INVALID
;
2235 #ifdef CONFIG_VNC_TLS
2236 vs
->subauth
= VNC_AUTH_INVALID
;
2242 int vnc_display_password(DisplayState
*ds
, const char *password
)
2244 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2247 qemu_free(vs
->password
);
2248 vs
->password
= NULL
;
2250 if (password
&& password
[0]) {
2251 if (!(vs
->password
= qemu_strdup(password
)))
2258 int vnc_display_open(DisplayState
*ds
, const char *display
)
2260 VncState
*vs
= ds
? (VncState
*)ds
->opaque
: vnc_state
;
2261 const char *options
;
2265 #ifdef CONFIG_VNC_TLS
2266 int tls
= 0, x509
= 0;
2269 vnc_display_close(ds
);
2270 if (strcmp(display
, "none") == 0)
2273 if (!(vs
->display
= strdup(display
)))
2277 while ((options
= strchr(options
, ','))) {
2279 if (strncmp(options
, "password", 8) == 0) {
2280 password
= 1; /* Require password auth */
2281 } else if (strncmp(options
, "reverse", 7) == 0) {
2283 } else if (strncmp(options
, "to=", 3) == 0) {
2284 to_port
= atoi(options
+3) + 5900;
2285 #ifdef CONFIG_VNC_TLS
2286 } else if (strncmp(options
, "tls", 3) == 0) {
2287 tls
= 1; /* Require TLS */
2288 } else if (strncmp(options
, "x509", 4) == 0) {
2290 x509
= 1; /* Require x509 certificates */
2291 if (strncmp(options
, "x509verify", 10) == 0)
2292 vs
->x509verify
= 1; /* ...and verify client certs */
2294 /* Now check for 'x509=/some/path' postfix
2295 * and use that to setup x509 certificate/key paths */
2296 start
= strchr(options
, '=');
2297 end
= strchr(options
, ',');
2298 if (start
&& (!end
|| (start
< end
))) {
2299 int len
= end
? end
-(start
+1) : strlen(start
+1);
2300 char *path
= qemu_strndup(start
+ 1, len
);
2302 VNC_DEBUG("Trying certificate path '%s'\n", path
);
2303 if (vnc_set_x509_credential_dir(vs
, path
) < 0) {
2304 fprintf(stderr
, "Failed to find x509 certificates/keys in %s\n", path
);
2306 qemu_free(vs
->display
);
2312 fprintf(stderr
, "No certificate path provided\n");
2313 qemu_free(vs
->display
);
2322 #ifdef CONFIG_VNC_TLS
2324 vs
->auth
= VNC_AUTH_VENCRYPT
;
2326 VNC_DEBUG("Initializing VNC server with x509 password auth\n");
2327 vs
->subauth
= VNC_AUTH_VENCRYPT_X509VNC
;
2329 VNC_DEBUG("Initializing VNC server with TLS password auth\n");
2330 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSVNC
;
2334 VNC_DEBUG("Initializing VNC server with password auth\n");
2335 vs
->auth
= VNC_AUTH_VNC
;
2336 #ifdef CONFIG_VNC_TLS
2337 vs
->subauth
= VNC_AUTH_INVALID
;
2341 #ifdef CONFIG_VNC_TLS
2343 vs
->auth
= VNC_AUTH_VENCRYPT
;
2345 VNC_DEBUG("Initializing VNC server with x509 no auth\n");
2346 vs
->subauth
= VNC_AUTH_VENCRYPT_X509NONE
;
2348 VNC_DEBUG("Initializing VNC server with TLS no auth\n");
2349 vs
->subauth
= VNC_AUTH_VENCRYPT_TLSNONE
;
2353 VNC_DEBUG("Initializing VNC server with no auth\n");
2354 vs
->auth
= VNC_AUTH_NONE
;
2355 #ifdef CONFIG_VNC_TLS
2356 vs
->subauth
= VNC_AUTH_INVALID
;
2362 /* connect to viewer */
2363 if (strncmp(display
, "unix:", 5) == 0)
2364 vs
->lsock
= unix_connect(display
+5);
2366 vs
->lsock
= inet_connect(display
, SOCK_STREAM
);
2367 if (-1 == vs
->lsock
) {
2372 vs
->csock
= vs
->lsock
;
2379 /* listen for connects */
2381 dpy
= qemu_malloc(256);
2382 if (strncmp(display
, "unix:", 5) == 0) {
2383 pstrcpy(dpy
, 256, "unix:");
2384 vs
->lsock
= unix_listen(display
+5, dpy
+5, 256-5);
2386 vs
->lsock
= inet_listen(display
, dpy
, 256, SOCK_STREAM
, 5900);
2388 if (-1 == vs
->lsock
) {
2397 return qemu_set_fd_handler2(vs
->lsock
, vnc_listen_poll
, vnc_listen_read
, NULL
, vs
);