/*
* QEMU VNC display driver
- *
+ *
* Copyright (C) 2006 Fabrice Bellard
- *
+ *
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* THE SOFTWARE.
*/
-#include "vl.h"
+#include "qemu-common.h"
+#include "console.h"
+#include "sysemu.h"
#include "qemu_socket.h"
+#include "qemu-timer.h"
#define VNC_REFRESH_INTERVAL (1000 / 30)
{
size_t capacity;
size_t offset;
- char *buffer;
+ uint8_t *buffer;
} Buffer;
typedef struct VncState VncState;
-typedef int VncReadEvent(VncState *vs, char *data, size_t len);
+typedef int VncReadEvent(VncState *vs, uint8_t *data, size_t len);
typedef void VncWritePixels(VncState *vs, void *data, int size);
typedef void VncSendHextileTile(VncState *vs,
int x, int y, int w, int h,
- uint32_t *last_bg,
+ uint32_t *last_bg,
uint32_t *last_fg,
int *has_bg, int *has_fg);
VNC_AUTH_VENCRYPT_X509VNC = 261,
VNC_AUTH_VENCRYPT_X509PLAIN = 262,
};
+
+#if CONFIG_VNC_TLS
+#define X509_CA_CERT_FILE "ca-cert.pem"
+#define X509_CA_CRL_FILE "ca-crl.pem"
+#define X509_SERVER_KEY_FILE "server-key.pem"
+#define X509_SERVER_CERT_FILE "server-cert.pem"
+#endif
+
#endif /* CONFIG_VNC_TLS */
struct VncState
int auth;
#if CONFIG_VNC_TLS
int subauth;
+ int x509verify;
+
+ char *x509cacert;
+ char *x509cacrl;
+ char *x509cert;
+ char *x509key;
#endif
char challenge[VNC_AUTH_CHALLENGE_SIZE];
d[j++] = -1;
n -= 32;
}
- if (n > 0)
+ if (n > 0)
d[j++] = (1 << n) - 1;
while (j < nb_words)
d[j++] = 0;
return (d[k >> 5] >> (k & 0x1f)) & 1;
}
-static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
+static inline int vnc_and_bits(const uint32_t *d1, const uint32_t *d2,
int nb_words)
{
int i;
h += y;
+ /* round x down to ensure the loop only spans one 16-pixel block per,
+ iteration. otherwise, if (x % 16) != 0, the last iteration may span
+ two 16-pixel blocks but we only mark the first as dirty
+ */
+ w += (x % 16);
+ x -= (x % 16);
+
+ x = MIN(x, vs->width);
+ y = MIN(y, vs->height);
+ w = MIN(x + w, vs->width) - x;
+ h = MIN(h, vs->height);
+
for (; y < h; y++)
for (i = 0; i < w; i += 16)
vnc_set_bit(vs->dirty_row[y], (x + i) / 16);
int size_changed;
VncState *vs = ds->opaque;
- ds->data = realloc(ds->data, w * h * vs->depth);
- vs->old_data = realloc(vs->old_data, w * h * vs->depth);
+ ds->data = qemu_realloc(ds->data, w * h * vs->depth);
+ vs->old_data = qemu_realloc(vs->old_data, w * h * vs->depth);
if (ds->data == NULL || vs->old_data == NULL) {
fprintf(stderr, "vnc: memory allocation failed\n");
exit(1);
}
- ds->depth = vs->depth * 8;
+ if (ds->depth != vs->depth * 8) {
+ ds->depth = vs->depth * 8;
+ console_color_init(ds);
+ }
size_changed = ds->width != w || ds->height != h;
ds->width = w;
ds->height = h;
ds->linesize = w * vs->depth;
- if (vs->csock != -1 && vs->has_resize && size_changed) {
- vnc_write_u8(vs, 0); /* msg id */
- vnc_write_u8(vs, 0);
- vnc_write_u16(vs, 1); /* number of rects */
- vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
- vnc_flush(vs);
- vs->width = ds->width;
- vs->height = ds->height;
+ if (size_changed) {
+ vs->width = ds->width;
+ vs->height = ds->height;
+ if (vs->csock != -1 && vs->has_resize) {
+ vnc_write_u8(vs, 0); /* msg id */
+ vnc_write_u8(vs, 0);
+ vnc_write_u16(vs, 1); /* number of rects */
+ vnc_framebuffer_update(vs, 0, 0, ds->width, ds->height, -223);
+ vnc_flush(vs);
+ }
}
+
+ memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
+ memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
}
/* fastest code */
r = (v >> vs->red_shift1) & vs->red_max;
g = (v >> vs->green_shift1) & vs->green_max;
b = (v >> vs->blue_shift1) & vs->blue_max;
- v = (r << vs->red_shift) |
- (g << vs->green_shift) |
+ v = (r << vs->red_shift) |
+ (g << vs->green_shift) |
(b << vs->blue_shift);
switch(vs->pix_bpp) {
case 1:
static void send_framebuffer_update_raw(VncState *vs, int x, int y, int w, int h)
{
int i;
- char *row;
+ uint8_t *row;
vnc_framebuffer_update(vs, x, y, w, h, 0);
has_fg = has_bg = 0;
for (j = y; j < (y + h); j += 16) {
for (i = x; i < (x + w); i += 16) {
- vs->send_hextile_tile(vs, i, j,
+ vs->send_hextile_tile(vs, i, j,
MIN(16, x + w - i), MIN(16, y + h - j),
&last_bg32, &last_fg32, &has_bg, &has_fg);
}
static void vnc_copy(DisplayState *ds, int src_x, int src_y, int dst_x, int dst_y, int w, int h)
{
int src, dst;
- char *src_row;
- char *dst_row;
+ uint8_t *src_row;
+ uint8_t *dst_row;
char *old_row;
int y = 0;
int pitch = ds->linesize;
if (vs->need_update && vs->csock != -1) {
int y;
- char *row;
+ uint8_t *row;
char *old_row;
uint32_t width_mask[VNC_DIRTY_WORDS];
int n_rectangles;
int saved_offset;
int has_dirty = 0;
+ vga_hw_update();
+
vnc_set_bits(width_mask, (vs->width / 16), VNC_DIRTY_WORDS);
/* Walk through the dirty map and eliminate tiles that
for (y = 0; y < vs->height; y++) {
if (vnc_and_bits(vs->dirty_row[y], width_mask, VNC_DIRTY_WORDS)) {
int x;
- char *ptr, *old_ptr;
+ uint8_t *ptr;
+ char *old_ptr;
ptr = row;
- old_ptr = old_row;
+ old_ptr = (char*)old_row;
for (x = 0; x < vs->ds->width; x += 16) {
if (memcmp(old_ptr, ptr, 16 * vs->depth) == 0) {
vnc_flush(vs);
}
- qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
-}
-static void vnc_timer_init(VncState *vs)
-{
- if (vs->timer == NULL) {
- vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
- qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock));
+ if (vs->csock != -1) {
+ qemu_mod_timer(vs->timer, qemu_get_clock(rt_clock) + VNC_REFRESH_INTERVAL);
}
-}
-static void vnc_dpy_refresh(DisplayState *ds)
-{
- VncState *vs = ds->opaque;
- vnc_timer_init(vs);
- vga_hw_update();
}
static int vnc_listen_poll(void *opaque)
{
if ((buffer->capacity - buffer->offset) < len) {
buffer->capacity += (len + 1024);
- buffer->buffer = realloc(buffer->buffer, buffer->capacity);
+ buffer->buffer = qemu_realloc(buffer->buffer, buffer->capacity);
if (buffer->buffer == NULL) {
fprintf(stderr, "vnc: out of memory\n");
exit(1);
return buffer->offset == 0;
}
-static char *buffer_end(Buffer *buffer)
+static uint8_t *buffer_end(Buffer *buffer)
{
return buffer->buffer + buffer->offset;
}
static int vnc_client_io_error(VncState *vs, int ret, int last_errno)
{
if (ret == 0 || ret == -1) {
- if (ret == -1 && (last_errno == EINTR || last_errno == EAGAIN))
- return 0;
+ if (ret == -1) {
+ switch (last_errno) {
+ case EINTR:
+ case EAGAIN:
+#ifdef _WIN32
+ case WSAEWOULDBLOCK:
+#endif
+ return 0;
+ default:
+ break;
+ }
+ }
VNC_DEBUG("Closing down client sock %d %d\n", ret, ret < 0 ? last_errno : 0);
qemu_set_fd_handler2(vs->csock, NULL, NULL, NULL, NULL);
closesocket(vs->csock);
vs->csock = -1;
+ vs->ds->idle = 1;
buffer_reset(&vs->input);
buffer_reset(&vs->output);
vs->need_update = 0;
}
#if CONFIG_VNC_TLS
-ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
- const void *data,
- size_t len) {
+static ssize_t vnc_tls_push(gnutls_transport_ptr_t transport,
+ const void *data,
+ size_t len) {
struct VncState *vs = (struct VncState *)transport;
int ret;
}
-ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
- void *data,
- size_t len) {
+static ssize_t vnc_tls_pull(gnutls_transport_ptr_t transport,
+ void *data,
+ size_t len) {
struct VncState *vs = (struct VncState *)transport;
int ret;
}
#endif /* CONFIG_VNC_TLS */
-static void client_cut_text(VncState *vs, size_t len, char *text)
+static void client_cut_text(VncState *vs, size_t len, uint8_t *text)
{
}
dz = 1;
if (vs->absolute) {
- kbd_mouse_event(x * 0x7FFF / vs->ds->width,
- y * 0x7FFF / vs->ds->height,
+ kbd_mouse_event(x * 0x7FFF / (vs->ds->width - 1),
+ y * 0x7FFF / (vs->ds->height - 1),
dz, buttons);
} else if (vs->has_pointer_type_change) {
x -= 0x7FFF;
}
}
-static void do_key_event(VncState *vs, int down, uint32_t sym)
+static void press_key(VncState *vs, int keysym)
{
- int keycode;
+ kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) & 0x7f);
+ kbd_put_keycode(keysym2scancode(vs->kbd_layout, keysym) | 0x80);
+}
- keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
-
+static void do_key_event(VncState *vs, int down, int keycode, int sym)
+{
/* QEMU console switch */
switch(keycode) {
case 0x2a: /* Left Shift */
else
vs->modifiers_state[keycode] = 0;
break;
- case 0x02 ... 0x0a: /* '1' to '9' keys */
+ case 0x02 ... 0x0a: /* '1' to '9' keys */
if (down && vs->modifiers_state[0x1d] && vs->modifiers_state[0x38]) {
/* Reset the modifiers sent to the current console */
reset_keys(vs);
return;
}
break;
+ case 0x3a: /* CapsLock */
+ case 0x45: /* NumLock */
+ if (!down)
+ vs->modifiers_state[keycode] ^= 1;
+ break;
+ }
+
+ if (keycode_is_keypad(vs->kbd_layout, keycode)) {
+ /* If the numlock state needs to change then simulate an additional
+ keypress before sending this one. This will happen if the user
+ toggles numlock away from the VNC window.
+ */
+ if (keysym_is_numlock(vs->kbd_layout, sym & 0xFFFF)) {
+ if (!vs->modifiers_state[0x45]) {
+ vs->modifiers_state[0x45] = 1;
+ press_key(vs, 0xff7f);
+ }
+ } else {
+ if (vs->modifiers_state[0x45]) {
+ vs->modifiers_state[0x45] = 0;
+ press_key(vs, 0xff7f);
+ }
+ }
}
if (is_graphic_console()) {
static void key_event(VncState *vs, int down, uint32_t sym)
{
- if (sym >= 'A' && sym <= 'Z')
+ int keycode;
+
+ if (sym >= 'A' && sym <= 'Z' && is_graphic_console())
sym = sym - 'A' + 'a';
- do_key_event(vs, down, sym);
+
+ keycode = keysym2scancode(vs->kbd_layout, sym & 0xFFFF);
+ do_key_event(vs, down, keycode, sym);
+}
+
+static void ext_key_event(VncState *vs, int down,
+ uint32_t sym, uint16_t keycode)
+{
+ /* if the user specifies a keyboard layout, always use it */
+ if (keyboard_layout)
+ key_event(vs, down, sym);
+ else
+ do_key_event(vs, down, keycode, sym);
}
static void framebuffer_update_request(VncState *vs, int incremental,
char *old_row = vs->old_data + y_position * vs->ds->linesize;
for (i = 0; i < h; i++) {
- vnc_set_bits(vs->dirty_row[y_position + i],
+ vnc_set_bits(vs->dirty_row[y_position + i],
(vs->ds->width / 16), VNC_DIRTY_WORDS);
memset(old_row, 42, vs->ds->width * vs->depth);
old_row += vs->ds->linesize;
}
}
+static void send_ext_key_event_ack(VncState *vs)
+{
+ vnc_write_u8(vs, 0);
+ vnc_write_u8(vs, 0);
+ vnc_write_u16(vs, 1);
+ vnc_framebuffer_update(vs, 0, 0, vs->ds->width, vs->ds->height, -258);
+ vnc_flush(vs);
+}
+
static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings)
{
int i;
case -257:
vs->has_pointer_type_change = 1;
break;
+ case -258:
+ send_ext_key_event_ack(vs);
+ break;
default:
break;
}
vnc_client_error(vs);
return;
}
- if (bits_per_pixel == 32 &&
+ if (bits_per_pixel == 32 &&
host_big_endian_flag == big_endian_flag &&
red_max == 0xff && green_max == 0xff && blue_max == 0xff &&
red_shift == 16 && green_shift == 8 && blue_shift == 0) {
vs->depth = 4;
vs->write_pixels = vnc_write_pixels_copy;
vs->send_hextile_tile = send_hextile_tile_32;
- } else
- if (bits_per_pixel == 16 &&
+ } else
+ if (bits_per_pixel == 16 &&
host_big_endian_flag == big_endian_flag &&
red_max == 31 && green_max == 63 && blue_max == 31 &&
red_shift == 11 && green_shift == 5 && blue_shift == 0) {
vs->depth = 2;
vs->write_pixels = vnc_write_pixels_copy;
vs->send_hextile_tile = send_hextile_tile_16;
- } else
- if (bits_per_pixel == 8 &&
+ } else
+ if (bits_per_pixel == 8 &&
red_max == 7 && green_max == 7 && blue_max == 3 &&
red_shift == 5 && green_shift == 2 && blue_shift == 0) {
vs->depth = 1;
vs->write_pixels = vnc_write_pixels_copy;
vs->send_hextile_tile = send_hextile_tile_8;
- } else
+ } else
{
/* generic and slower case */
if (bits_per_pixel != 8 &&
}
vnc_dpy_resize(vs->ds, vs->ds->width, vs->ds->height);
- memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
- memset(vs->old_data, 42, vs->ds->linesize * vs->ds->height);
vga_hw_invalidate();
vga_hw_update();
}
-static int protocol_client_msg(VncState *vs, char *data, size_t len)
+static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len)
{
int i;
uint16_t limit;
if (len == 1)
return 8;
- if (len == 8)
- return 8 + read_u32(data, 4);
+ if (len == 8) {
+ uint32_t dlen = read_u32(data, 4);
+ if (dlen > 0)
+ return 8 + dlen;
+ }
client_cut_text(vs, read_u32(data, 4), data + 8);
break;
+ case 255:
+ if (len == 1)
+ return 2;
+
+ switch (read_u8(data, 1)) {
+ case 0:
+ if (len == 2)
+ return 12;
+
+ ext_key_event(vs, read_u16(data, 2),
+ read_u32(data, 4), read_u32(data, 8));
+ break;
+ default:
+ printf("Msg: %d\n", read_u16(data, 0));
+ vnc_client_error(vs);
+ break;
+ }
+ break;
default:
printf("Msg: %d\n", data[0]);
vnc_client_error(vs);
break;
}
-
+
vnc_read_when(vs, protocol_client_msg, 1);
return 0;
}
-static int protocol_client_init(VncState *vs, char *data, size_t len)
+static int protocol_client_init(VncState *vs, uint8_t *data, size_t len)
{
char pad[3] = { 0, 0, 0 };
char buf[1024];
vs->send_hextile_tile = send_hextile_tile_8;
}
vs->write_pixels = vnc_write_pixels_copy;
-
+
vnc_write(vs, pad, 3); /* padding */
if (qemu_name)
vs->challenge[i] = (int) (256.0*rand()/(RAND_MAX+1.0));
}
-static int protocol_client_auth_vnc(VncState *vs, char *data, size_t len)
+static int protocol_client_auth_vnc(VncState *vs, uint8_t *data, size_t len)
{
- char response[VNC_AUTH_CHALLENGE_SIZE];
+ unsigned char response[VNC_AUTH_CHALLENGE_SIZE];
int i, j, pwlen;
- char key[8];
+ unsigned char key[8];
if (!vs->password || !vs->password[0]) {
VNC_DEBUG("No password configured on server");
}
+static gnutls_certificate_credentials_t vnc_tls_initialize_x509_cred(VncState *vs)
+{
+ gnutls_certificate_credentials_t x509_cred;
+ int ret;
+
+ if (!vs->x509cacert) {
+ VNC_DEBUG("No CA x509 certificate specified\n");
+ return NULL;
+ }
+ if (!vs->x509cert) {
+ VNC_DEBUG("No server x509 certificate specified\n");
+ return NULL;
+ }
+ if (!vs->x509key) {
+ VNC_DEBUG("No server private key specified\n");
+ return NULL;
+ }
+
+ if ((ret = gnutls_certificate_allocate_credentials(&x509_cred)) < 0) {
+ VNC_DEBUG("Cannot allocate credentials %s\n", gnutls_strerror(ret));
+ return NULL;
+ }
+ if ((ret = gnutls_certificate_set_x509_trust_file(x509_cred,
+ vs->x509cacert,
+ GNUTLS_X509_FMT_PEM)) < 0) {
+ VNC_DEBUG("Cannot load CA certificate %s\n", gnutls_strerror(ret));
+ gnutls_certificate_free_credentials(x509_cred);
+ return NULL;
+ }
+
+ if ((ret = gnutls_certificate_set_x509_key_file (x509_cred,
+ vs->x509cert,
+ vs->x509key,
+ GNUTLS_X509_FMT_PEM)) < 0) {
+ VNC_DEBUG("Cannot load certificate & key %s\n", gnutls_strerror(ret));
+ gnutls_certificate_free_credentials(x509_cred);
+ return NULL;
+ }
+
+ if (vs->x509cacrl) {
+ if ((ret = gnutls_certificate_set_x509_crl_file(x509_cred,
+ vs->x509cacrl,
+ GNUTLS_X509_FMT_PEM)) < 0) {
+ VNC_DEBUG("Cannot load CRL %s\n", gnutls_strerror(ret));
+ gnutls_certificate_free_credentials(x509_cred);
+ return NULL;
+ }
+ }
+
+ gnutls_certificate_set_dh_params (x509_cred, dh_params);
+
+ return x509_cred;
+}
+
+static int vnc_validate_certificate(struct VncState *vs)
+{
+ int ret;
+ unsigned int status;
+ const gnutls_datum_t *certs;
+ unsigned int nCerts, i;
+ time_t now;
+
+ VNC_DEBUG("Validating client certificate\n");
+ if ((ret = gnutls_certificate_verify_peers2 (vs->tls_session, &status)) < 0) {
+ VNC_DEBUG("Verify failed %s\n", gnutls_strerror(ret));
+ return -1;
+ }
+
+ if ((now = time(NULL)) == ((time_t)-1)) {
+ return -1;
+ }
+
+ if (status != 0) {
+ if (status & GNUTLS_CERT_INVALID)
+ VNC_DEBUG("The certificate is not trusted.\n");
+
+ if (status & GNUTLS_CERT_SIGNER_NOT_FOUND)
+ VNC_DEBUG("The certificate hasn't got a known issuer.\n");
+
+ if (status & GNUTLS_CERT_REVOKED)
+ VNC_DEBUG("The certificate has been revoked.\n");
+
+ if (status & GNUTLS_CERT_INSECURE_ALGORITHM)
+ VNC_DEBUG("The certificate uses an insecure algorithm\n");
+
+ return -1;
+ } else {
+ VNC_DEBUG("Certificate is valid!\n");
+ }
+
+ /* Only support x509 for now */
+ if (gnutls_certificate_type_get(vs->tls_session) != GNUTLS_CRT_X509)
+ return -1;
+
+ if (!(certs = gnutls_certificate_get_peers(vs->tls_session, &nCerts)))
+ return -1;
+
+ for (i = 0 ; i < nCerts ; i++) {
+ gnutls_x509_crt_t cert;
+ VNC_DEBUG ("Checking certificate chain %d\n", i);
+ if (gnutls_x509_crt_init (&cert) < 0)
+ return -1;
+
+ if (gnutls_x509_crt_import(cert, &certs[i], GNUTLS_X509_FMT_DER) < 0) {
+ gnutls_x509_crt_deinit (cert);
+ return -1;
+ }
+
+ if (gnutls_x509_crt_get_expiration_time (cert) < now) {
+ VNC_DEBUG("The certificate has expired\n");
+ gnutls_x509_crt_deinit (cert);
+ return -1;
+ }
+
+ if (gnutls_x509_crt_get_activation_time (cert) > now) {
+ VNC_DEBUG("The certificate is not yet activated\n");
+ gnutls_x509_crt_deinit (cert);
+ return -1;
+ }
+
+ if (gnutls_x509_crt_get_activation_time (cert) > now) {
+ VNC_DEBUG("The certificate is not yet activated\n");
+ gnutls_x509_crt_deinit (cert);
+ return -1;
+ }
+
+ gnutls_x509_crt_deinit (cert);
+ }
+
+ return 0;
+}
+
+
static int start_auth_vencrypt_subauth(VncState *vs)
{
switch (vs->subauth) {
case VNC_AUTH_VENCRYPT_TLSNONE:
+ case VNC_AUTH_VENCRYPT_X509NONE:
VNC_DEBUG("Accept TLS auth none\n");
vnc_write_u32(vs, 0); /* Accept auth completion */
vnc_read_when(vs, protocol_client_init, 1);
break;
case VNC_AUTH_VENCRYPT_TLSVNC:
+ case VNC_AUTH_VENCRYPT_X509VNC:
VNC_DEBUG("Start TLS auth VNC\n");
return start_auth_vnc(vs);
return -1;
}
+ if (vs->x509verify) {
+ if (vnc_validate_certificate(vs) < 0) {
+ VNC_DEBUG("Client verification failed\n");
+ vnc_client_error(vs);
+ return -1;
+ } else {
+ VNC_DEBUG("Client verification passed\n");
+ }
+ }
+
VNC_DEBUG("Handshake done, switching to TLS data mode\n");
vs->wiremode = VNC_WIREMODE_TLS;
qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, vnc_client_write, vs);
vnc_continue_handshake(vs);
}
+#define NEED_X509_AUTH(vs) \
+ ((vs)->subauth == VNC_AUTH_VENCRYPT_X509NONE || \
+ (vs)->subauth == VNC_AUTH_VENCRYPT_X509VNC || \
+ (vs)->subauth == VNC_AUTH_VENCRYPT_X509PLAIN)
+
+
static int vnc_start_tls(struct VncState *vs) {
static const int cert_type_priority[] = { GNUTLS_CRT_X509, 0 };
static const int protocol_priority[]= { GNUTLS_TLS1_1, GNUTLS_TLS1_0, GNUTLS_SSL3, 0 };
static const int kx_anon[] = {GNUTLS_KX_ANON_DH, 0};
- gnutls_anon_server_credentials anon_cred = NULL;
+ static const int kx_x509[] = {GNUTLS_KX_DHE_DSS, GNUTLS_KX_RSA, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, 0};
VNC_DEBUG("Do TLS setup\n");
if (vnc_tls_initialize() < 0) {
return -1;
}
- if (gnutls_kx_set_priority(vs->tls_session, kx_anon) < 0) {
+ if (gnutls_kx_set_priority(vs->tls_session, NEED_X509_AUTH(vs) ? kx_x509 : kx_anon) < 0) {
gnutls_deinit(vs->tls_session);
vs->tls_session = NULL;
vnc_client_error(vs);
return -1;
}
- anon_cred = vnc_tls_initialize_anon_cred();
- if (!anon_cred) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- vnc_client_error(vs);
- return -1;
- }
- if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
- gnutls_deinit(vs->tls_session);
- vs->tls_session = NULL;
- gnutls_anon_free_server_credentials(anon_cred);
- vnc_client_error(vs);
- return -1;
+ if (NEED_X509_AUTH(vs)) {
+ gnutls_certificate_server_credentials x509_cred = vnc_tls_initialize_x509_cred(vs);
+ if (!x509_cred) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ vnc_client_error(vs);
+ return -1;
+ }
+ if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_CERTIFICATE, x509_cred) < 0) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ gnutls_certificate_free_credentials(x509_cred);
+ vnc_client_error(vs);
+ return -1;
+ }
+ if (vs->x509verify) {
+ VNC_DEBUG("Requesting a client certificate\n");
+ gnutls_certificate_server_set_request (vs->tls_session, GNUTLS_CERT_REQUEST);
+ }
+
+ } else {
+ gnutls_anon_server_credentials anon_cred = vnc_tls_initialize_anon_cred();
+ if (!anon_cred) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ vnc_client_error(vs);
+ return -1;
+ }
+ if (gnutls_credentials_set(vs->tls_session, GNUTLS_CRD_ANON, anon_cred) < 0) {
+ gnutls_deinit(vs->tls_session);
+ vs->tls_session = NULL;
+ gnutls_anon_free_server_credentials(anon_cred);
+ vnc_client_error(vs);
+ return -1;
+ }
}
gnutls_transport_set_ptr(vs->tls_session, (gnutls_transport_ptr_t)vs);
return vnc_continue_handshake(vs);
}
-static int protocol_client_vencrypt_auth(VncState *vs, char *data, size_t len)
+static int protocol_client_vencrypt_auth(VncState *vs, uint8_t *data, size_t len)
{
int auth = read_u32(data, 0);
return 0;
}
-static int protocol_client_vencrypt_init(VncState *vs, char *data, size_t len)
+static int protocol_client_vencrypt_init(VncState *vs, uint8_t *data, size_t len)
{
if (data[0] != 0 ||
data[1] != 2) {
}
#endif /* CONFIG_VNC_TLS */
-static int protocol_client_auth(VncState *vs, char *data, size_t len)
+static int protocol_client_auth(VncState *vs, uint8_t *data, size_t len)
{
/* We only advertise 1 auth scheme at a time, so client
* must pick the one we sent. Verify this */
switch (vs->auth) {
case VNC_AUTH_NONE:
VNC_DEBUG("Accept auth none\n");
- vnc_write_u32(vs, 0); /* Accept auth completion */
+ if (vs->minor >= 8) {
+ vnc_write_u32(vs, 0); /* Accept auth completion */
+ vnc_flush(vs);
+ }
vnc_read_when(vs, protocol_client_init, 1);
break;
return 0;
}
-static int protocol_version(VncState *vs, char *version, size_t len)
+static int protocol_version(VncState *vs, uint8_t *version, size_t len)
{
char local[13];
VNC_DEBUG("Client request protocol version %d.%d\n", vs->major, vs->minor);
if (vs->major != 3 ||
(vs->minor != 3 &&
+ vs->minor != 4 &&
vs->minor != 5 &&
vs->minor != 7 &&
vs->minor != 8)) {
vnc_client_error(vs);
return 0;
}
- /* Some broken client report v3.5 which spec requires to be treated
+ /* Some broken clients report v3.4 or v3.5, which spec requires to be treated
* as equivalent to v3.3 by servers
*/
- if (vs->minor == 5)
+ if (vs->minor == 4 || vs->minor == 5)
vs->minor = 3;
if (vs->minor == 3) {
return 0;
}
+static void vnc_connect(VncState *vs)
+{
+ VNC_DEBUG("New client on socket %d\n", vs->csock);
+ vs->ds->idle = 0;
+ socket_set_nonblock(vs->csock);
+ qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, vs);
+ vnc_write(vs, "RFB 003.008\n", 12);
+ vnc_flush(vs);
+ vnc_read_when(vs, protocol_version, 12);
+ memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
+ memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
+ vs->has_resize = 0;
+ vs->has_hextile = 0;
+ vs->ds->dpy_copy = NULL;
+ vnc_update_client(vs);
+}
+
static void vnc_listen_read(void *opaque)
{
VncState *vs = opaque;
struct sockaddr_in addr;
socklen_t addrlen = sizeof(addr);
+ /* Catch-up */
+ vga_hw_update();
+
vs->csock = accept(vs->lsock, (struct sockaddr *)&addr, &addrlen);
if (vs->csock != -1) {
- VNC_DEBUG("New client on socket %d\n", vs->csock);
- socket_set_nonblock(vs->csock);
- qemu_set_fd_handler2(vs->csock, NULL, vnc_client_read, NULL, opaque);
- vnc_write(vs, "RFB 003.008\n", 12);
- vnc_flush(vs);
- vnc_read_when(vs, protocol_version, 12);
- memset(vs->old_data, 0, vs->ds->linesize * vs->ds->height);
- memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
- vs->has_resize = 0;
- vs->has_hextile = 0;
- vs->ds->dpy_copy = NULL;
+ vnc_connect(vs);
}
}
exit(1);
ds->opaque = vs;
+ ds->idle = 1;
vnc_state = vs;
vs->display = NULL;
vs->password = NULL;
vs->ds = ds;
- if (!keyboard_layout)
- keyboard_layout = "en-us";
+ if (keyboard_layout)
+ vs->kbd_layout = init_keyboard_layout(keyboard_layout);
+ else
+ vs->kbd_layout = init_keyboard_layout("en-us");
- vs->kbd_layout = init_keyboard_layout(keyboard_layout);
if (!vs->kbd_layout)
exit(1);
+ vs->timer = qemu_new_timer(rt_clock, vnc_update_client, vs);
+
vs->ds->data = NULL;
vs->ds->dpy_update = vnc_dpy_update;
vs->ds->dpy_resize = vnc_dpy_resize;
- vs->ds->dpy_refresh = vnc_dpy_refresh;
-
- memset(vs->dirty_row, 0xFF, sizeof(vs->dirty_row));
+ vs->ds->dpy_refresh = NULL;
vnc_dpy_resize(vs->ds, 640, 400);
}
+#if CONFIG_VNC_TLS
+static int vnc_set_x509_credential(VncState *vs,
+ const char *certdir,
+ const char *filename,
+ char **cred,
+ int ignoreMissing)
+{
+ struct stat sb;
+
+ if (*cred) {
+ qemu_free(*cred);
+ *cred = NULL;
+ }
+
+ if (!(*cred = qemu_malloc(strlen(certdir) + strlen(filename) + 2)))
+ return -1;
+
+ strcpy(*cred, certdir);
+ strcat(*cred, "/");
+ strcat(*cred, filename);
+
+ VNC_DEBUG("Check %s\n", *cred);
+ if (stat(*cred, &sb) < 0) {
+ qemu_free(*cred);
+ *cred = NULL;
+ if (ignoreMissing && errno == ENOENT)
+ return 0;
+ return -1;
+ }
+
+ return 0;
+}
+
+static int vnc_set_x509_credential_dir(VncState *vs,
+ const char *certdir)
+{
+ if (vnc_set_x509_credential(vs, certdir, X509_CA_CERT_FILE, &vs->x509cacert, 0) < 0)
+ goto cleanup;
+ if (vnc_set_x509_credential(vs, certdir, X509_CA_CRL_FILE, &vs->x509cacrl, 1) < 0)
+ goto cleanup;
+ if (vnc_set_x509_credential(vs, certdir, X509_SERVER_CERT_FILE, &vs->x509cert, 0) < 0)
+ goto cleanup;
+ if (vnc_set_x509_credential(vs, certdir, X509_SERVER_KEY_FILE, &vs->x509key, 0) < 0)
+ goto cleanup;
+
+ return 0;
+
+ cleanup:
+ qemu_free(vs->x509cacert);
+ qemu_free(vs->x509cacrl);
+ qemu_free(vs->x509cert);
+ qemu_free(vs->x509key);
+ vs->x509cacert = vs->x509cacrl = vs->x509cert = vs->x509key = NULL;
+ return -1;
+}
+#endif /* CONFIG_VNC_TLS */
+
void vnc_display_close(DisplayState *ds)
{
VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
vs->auth = VNC_AUTH_INVALID;
#if CONFIG_VNC_TLS
vs->subauth = VNC_AUTH_INVALID;
+ vs->x509verify = 0;
#endif
}
struct sockaddr_in iaddr;
#ifndef _WIN32
struct sockaddr_un uaddr;
+ const char *p;
#endif
int reuse_addr, ret;
socklen_t addrlen;
- const char *p;
VncState *vs = ds ? (VncState *)ds->opaque : vnc_state;
const char *options;
int password = 0;
+ int reverse = 0;
#if CONFIG_VNC_TLS
- int tls = 0;
+ int tls = 0, x509 = 0;
#endif
vnc_display_close(ds);
options = display;
while ((options = strchr(options, ','))) {
options++;
- if (strncmp(options, "password", 8) == 0)
+ if (strncmp(options, "password", 8) == 0) {
password = 1; /* Require password auth */
+ } else if (strncmp(options, "reverse", 7) == 0) {
+ reverse = 1;
#if CONFIG_VNC_TLS
- else if (strncmp(options, "tls", 3) == 0)
+ } else if (strncmp(options, "tls", 3) == 0) {
tls = 1; /* Require TLS */
+ } else if (strncmp(options, "x509", 4) == 0) {
+ char *start, *end;
+ x509 = 1; /* Require x509 certificates */
+ if (strncmp(options, "x509verify", 10) == 0)
+ vs->x509verify = 1; /* ...and verify client certs */
+
+ /* Now check for 'x509=/some/path' postfix
+ * and use that to setup x509 certificate/key paths */
+ start = strchr(options, '=');
+ end = strchr(options, ',');
+ if (start && (!end || (start < end))) {
+ int len = end ? end-(start+1) : strlen(start+1);
+ char *path = qemu_malloc(len+1);
+ strncpy(path, start+1, len);
+ path[len] = '\0';
+ VNC_DEBUG("Trying certificate path '%s'\n", path);
+ if (vnc_set_x509_credential_dir(vs, path) < 0) {
+ fprintf(stderr, "Failed to find x509 certificates/keys in %s\n", path);
+ qemu_free(path);
+ qemu_free(vs->display);
+ vs->display = NULL;
+ return -1;
+ }
+ qemu_free(path);
+ } else {
+ fprintf(stderr, "No certificate path provided\n");
+ qemu_free(vs->display);
+ vs->display = NULL;
+ return -1;
+ }
#endif
+ }
}
if (password) {
#if CONFIG_VNC_TLS
if (tls) {
- VNC_DEBUG("Initializing VNC server with TLS password auth\n");
vs->auth = VNC_AUTH_VENCRYPT;
- vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ if (x509) {
+ VNC_DEBUG("Initializing VNC server with x509 password auth\n");
+ vs->subauth = VNC_AUTH_VENCRYPT_X509VNC;
+ } else {
+ VNC_DEBUG("Initializing VNC server with TLS password auth\n");
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSVNC;
+ }
} else {
#endif
VNC_DEBUG("Initializing VNC server with password auth\n");
} else {
#if CONFIG_VNC_TLS
if (tls) {
- VNC_DEBUG("Initializing VNC server with TLS no auth\n");
vs->auth = VNC_AUTH_VENCRYPT;
- vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
+ if (x509) {
+ VNC_DEBUG("Initializing VNC server with x509 no auth\n");
+ vs->subauth = VNC_AUTH_VENCRYPT_X509NONE;
+ } else {
+ VNC_DEBUG("Initializing VNC server with TLS no auth\n");
+ vs->subauth = VNC_AUTH_VENCRYPT_TLSNONE;
+ }
} else {
#endif
VNC_DEBUG("Initializing VNC server with no auth\n");
memset(uaddr.sun_path, 0, 108);
snprintf(uaddr.sun_path, 108, "%s", p);
- unlink(uaddr.sun_path);
+ if (!reverse) {
+ unlink(uaddr.sun_path);
+ }
} else
#endif
{
return -1;
}
- iaddr.sin_port = htons(ntohs(iaddr.sin_port) + 5900);
+ iaddr.sin_port = htons(ntohs(iaddr.sin_port) + (reverse ? 0 : 5900));
vs->lsock = socket(PF_INET, SOCK_STREAM, 0);
if (vs->lsock == -1) {
}
}
+ if (reverse) {
+ if (connect(vs->lsock, addr, addrlen) == -1) {
+ fprintf(stderr, "Connection to VNC client failed\n");
+ close(vs->lsock);
+ vs->lsock = -1;
+ free(vs->display);
+ vs->display = NULL;
+ return -1;
+ } else {
+ vs->csock = vs->lsock;
+ vs->lsock = -1;
+ vnc_connect(vs);
+ return 0;
+ }
+ }
+
if (bind(vs->lsock, addr, addrlen) == -1) {
fprintf(stderr, "bind() failed\n");
close(vs->lsock);
projects / qemu.git / blobdiff