2 * SPDX-License-Identifier: BSD-2-Clause
4 * Copyright (c) 2015 Tycho Nightingale <tycho.nightingale@pluribusnetworks.com>
5 * Copyright (c) 2015 Leon Dang
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 #include <sys/param.h>
32 #ifndef WITHOUT_CAPSICUM
33 #include <sys/capsicum.h>
35 #include <sys/endian.h>
36 #include <sys/socket.h>
37 #include <sys/select.h>
39 #include <arpa/inet.h>
40 #include <stdatomic.h>
41 #include <machine/cpufunc.h>
42 #include <machine/specialreg.h>
43 #include <netinet/in.h>
47 #ifndef WITHOUT_CAPSICUM
48 #include <capsicum_helpers.h>
53 #include <pthread_np.h>
68 #include "sockstream.h"
71 #include <openssl/des.h>
74 /* Delays in microseconds */
75 #define CFD_SEL_DELAY 10000
76 #define SCREEN_REFRESH_DELAY 33300 /* 30Hz */
77 #define SCREEN_POLL_DELAY (SCREEN_REFRESH_DELAY / 2)
79 static int rfb_debug = 0;
80 #define DPRINTF(params) if (rfb_debug) PRINTLN params
81 #define WPRINTF(params) PRINTLN params
83 #define VERSION_LENGTH 12
84 #define AUTH_LENGTH 16
85 #define PASSWD_LENGTH 8
87 /* Protocol versions */
92 /* Client-to-server msg types */
93 #define CS_SET_PIXEL_FORMAT 0
94 #define CS_SET_ENCODINGS 2
95 #define CS_UPDATE_MSG 3
96 #define CS_KEY_EVENT 4
97 #define CS_POINTER_EVENT 5
99 #define CS_MSG_CLIENT_QEMU 255
101 #define SECURITY_TYPE_NONE 1
102 #define SECURITY_TYPE_VNC_AUTH 2
104 #define AUTH_FAILED_UNAUTH 1
105 #define AUTH_FAILED_ERROR 2
115 const char *password;
120 bool enc_extkeyevent_ok;
122 bool enc_extkeyevent_send;
133 atomic_bool update_all;
134 atomic_bool input_detected;
140 uint32_t *crc; /* WxH crc cells */
141 uint32_t *crc_tmp; /* buffer to store single crc row */
142 int crc_width, crc_height;
159 struct rfb_srvr_info {
162 struct rfb_pixfmt pixfmt;
166 struct rfb_pixfmt_msg {
169 struct rfb_pixfmt pixfmt;
172 #define RFB_ENCODING_RAW 0
173 #define RFB_ENCODING_ZLIB 6
174 #define RFB_ENCODING_RESIZE -223
175 #define RFB_ENCODING_EXT_KEYEVENT -258
177 #define RFB_CLIENTMSG_EXT_KEYEVENT 0
179 #define RFB_MAX_WIDTH 2000
180 #define RFB_MAX_HEIGHT 1200
181 #define RFB_ZLIB_BUFSZ RFB_MAX_WIDTH*RFB_MAX_HEIGHT*4
183 /* percentage changes to screen before sending the entire screen */
184 #define RFB_SEND_ALL_THRESH 25
192 struct rfb_updt_msg {
208 struct rfb_client_msg {
213 struct rfb_extended_key_msg {
228 struct rfb_srvr_updt_msg {
234 struct rfb_srvr_rect_hdr {
242 struct rfb_cuttext_msg {
249 rfb_send_server_init_msg(int cfd)
251 struct bhyvegc_image *gc_image;
252 struct rfb_srvr_info sinfo;
254 gc_image = console_get_image();
256 sinfo.width = htons(gc_image->width);
257 sinfo.height = htons(gc_image->height);
258 sinfo.pixfmt.bpp = 32;
259 sinfo.pixfmt.depth = 32;
260 sinfo.pixfmt.bigendian = 0;
261 sinfo.pixfmt.truecolor = 1;
262 sinfo.pixfmt.red_max = htons(255);
263 sinfo.pixfmt.green_max = htons(255);
264 sinfo.pixfmt.blue_max = htons(255);
265 sinfo.pixfmt.red_shift = 16;
266 sinfo.pixfmt.green_shift = 8;
267 sinfo.pixfmt.blue_shift = 0;
268 sinfo.pixfmt.pad[0] = 0;
269 sinfo.pixfmt.pad[1] = 0;
270 sinfo.pixfmt.pad[2] = 0;
271 sinfo.namelen = htonl(strlen("bhyve"));
272 (void)stream_write(cfd, &sinfo, sizeof(sinfo));
273 (void)stream_write(cfd, "bhyve", strlen("bhyve"));
277 rfb_send_resize_update_msg(struct rfb_softc *rc, int cfd)
279 struct rfb_srvr_updt_msg supdt_msg;
280 struct rfb_srvr_rect_hdr srect_hdr;
282 /* Number of rectangles: 1 */
285 supdt_msg.numrects = htons(1);
286 stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg));
288 /* Rectangle header */
289 srect_hdr.x = htons(0);
290 srect_hdr.y = htons(0);
291 srect_hdr.width = htons(rc->width);
292 srect_hdr.height = htons(rc->height);
293 srect_hdr.encoding = htonl(RFB_ENCODING_RESIZE);
294 stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr));
298 rfb_send_extended_keyevent_update_msg(struct rfb_softc *rc, int cfd)
300 struct rfb_srvr_updt_msg supdt_msg;
301 struct rfb_srvr_rect_hdr srect_hdr;
303 /* Number of rectangles: 1 */
306 supdt_msg.numrects = htons(1);
307 stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg));
309 /* Rectangle header */
310 srect_hdr.x = htons(0);
311 srect_hdr.y = htons(0);
312 srect_hdr.width = htons(rc->width);
313 srect_hdr.height = htons(rc->height);
314 srect_hdr.encoding = htonl(RFB_ENCODING_EXT_KEYEVENT);
315 stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr));
319 rfb_recv_set_pixfmt_msg(struct rfb_softc *rc __unused, int cfd)
321 struct rfb_pixfmt_msg pixfmt_msg;
323 (void)stream_read(cfd, (uint8_t *)&pixfmt_msg + 1,
324 sizeof(pixfmt_msg) - 1);
328 rfb_recv_set_encodings_msg(struct rfb_softc *rc, int cfd)
330 struct rfb_enc_msg enc_msg;
334 (void)stream_read(cfd, (uint8_t *)&enc_msg + 1, sizeof(enc_msg) - 1);
336 for (i = 0; i < htons(enc_msg.numencs); i++) {
337 (void)stream_read(cfd, &encoding, sizeof(encoding));
338 switch (htonl(encoding)) {
339 case RFB_ENCODING_RAW:
340 rc->enc_raw_ok = true;
342 case RFB_ENCODING_ZLIB:
343 if (!rc->enc_zlib_ok) {
344 deflateInit(&rc->zstream, Z_BEST_SPEED);
345 rc->enc_zlib_ok = true;
348 case RFB_ENCODING_RESIZE:
349 rc->enc_resize_ok = true;
351 case RFB_ENCODING_EXT_KEYEVENT:
352 rc->enc_extkeyevent_ok = true;
359 * Calculate CRC32 using SSE4.2; Intel or AMD Bulldozer+ CPUs only
361 static __inline uint32_t
362 fast_crc32(void *buf, int len, uint32_t crcval)
364 uint32_t q = len / sizeof(uint32_t);
365 uint32_t *p = (uint32_t *)buf;
369 ".byte 0xf2, 0xf, 0x38, 0xf1, 0xf1;"
371 :"0" (crcval), "c" (*p)
380 rfb_send_update_header(struct rfb_softc *rc __unused, int cfd, int numrects)
382 struct rfb_srvr_updt_msg supdt_msg;
386 supdt_msg.numrects = htons(numrects);
388 return stream_write(cfd, &supdt_msg,
389 sizeof(struct rfb_srvr_updt_msg));
393 rfb_send_rect(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc,
394 int x, int y, int w, int h)
396 struct rfb_srvr_rect_hdr srect_hdr;
398 ssize_t nwrite, total;
404 * Send a single rectangle of the given x, y, w h dimensions.
407 /* Rectangle header */
408 srect_hdr.x = htons(x);
409 srect_hdr.y = htons(y);
410 srect_hdr.width = htons(w);
411 srect_hdr.height = htons(h);
414 w *= sizeof(uint32_t);
415 if (rc->enc_zlib_ok) {
417 rc->zstream.total_in = 0;
418 rc->zstream.total_out = 0;
419 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
420 rc->zstream.next_in = (Bytef *)p;
421 rc->zstream.avail_in = w;
422 rc->zstream.next_out = (Bytef *)zbufp;
423 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16 -
424 rc->zstream.total_out;
425 rc->zstream.data_type = Z_BINARY;
427 /* Compress with zlib */
428 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
430 WPRINTF(("zlib[rect] deflate err: %d", err));
431 rc->enc_zlib_ok = false;
432 deflateEnd(&rc->zstream);
435 zbufp = rc->zbuf + rc->zstream.total_out;
438 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
439 nwrite = stream_write(cfd, &srect_hdr,
440 sizeof(struct rfb_srvr_rect_hdr));
444 zlen = htonl(rc->zstream.total_out);
445 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
448 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
455 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
462 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
463 nwrite = stream_write(cfd, &srect_hdr,
464 sizeof(struct rfb_srvr_rect_hdr));
468 total = stream_write(cfd, rc->zbuf, total);
474 rfb_send_all(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc)
476 struct rfb_srvr_updt_msg supdt_msg;
477 struct rfb_srvr_rect_hdr srect_hdr;
483 * Send the whole thing
486 /* Number of rectangles: 1 */
489 supdt_msg.numrects = htons(1);
490 nwrite = stream_write(cfd, &supdt_msg,
491 sizeof(struct rfb_srvr_updt_msg));
495 /* Rectangle header */
498 srect_hdr.width = htons(gc->width);
499 srect_hdr.height = htons(gc->height);
500 if (rc->enc_zlib_ok) {
501 rc->zstream.next_in = (Bytef *)gc->data;
502 rc->zstream.avail_in = gc->width * gc->height *
504 rc->zstream.next_out = (Bytef *)rc->zbuf;
505 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16;
506 rc->zstream.data_type = Z_BINARY;
508 rc->zstream.total_in = 0;
509 rc->zstream.total_out = 0;
511 /* Compress with zlib */
512 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
514 WPRINTF(("zlib deflate err: %d", err));
515 rc->enc_zlib_ok = false;
516 deflateEnd(&rc->zstream);
520 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
521 nwrite = stream_write(cfd, &srect_hdr,
522 sizeof(struct rfb_srvr_rect_hdr));
526 zlen = htonl(rc->zstream.total_out);
527 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
530 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
534 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
535 nwrite = stream_write(cfd, &srect_hdr,
536 sizeof(struct rfb_srvr_rect_hdr));
540 nwrite = stream_write(cfd, gc->data,
541 gc->width * gc->height * sizeof(uint32_t));
546 #define PIX_PER_CELL 32
547 #define PIXCELL_SHIFT 5
548 #define PIXCELL_MASK 0x1F
551 rfb_send_screen(struct rfb_softc *rc, int cfd)
553 struct bhyvegc_image *gc_image;
556 int celly, cellwidth;
560 int rem_x, rem_y; /* remainder for resolutions not x32 pixels ratio */
562 uint32_t *crc_p, *orig_crc;
566 /* Return if another thread sending */
568 if (atomic_compare_exchange_strong(&rc->sending, &expected, true) == false)
573 /* Updates require a preceding update request */
574 if (atomic_exchange(&rc->pending, false) == false)
578 gc_image = console_get_image();
580 /* Clear old CRC values when the size changes */
581 if (rc->crc_width != gc_image->width ||
582 rc->crc_height != gc_image->height) {
583 memset(rc->crc, 0, sizeof(uint32_t) *
584 howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
585 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL));
586 rc->crc_width = gc_image->width;
587 rc->crc_height = gc_image->height;
590 /* A size update counts as an update in itself */
591 if (rc->width != gc_image->width ||
592 rc->height != gc_image->height) {
593 rc->width = gc_image->width;
594 rc->height = gc_image->height;
595 if (rc->enc_resize_ok) {
596 rfb_send_resize_update_msg(rc, cfd);
597 rc->update_all = true;
602 if (atomic_exchange(&rc->update_all, false) == true) {
603 retval = rfb_send_all(rc, cfd, gc_image);
608 * Calculate the checksum for each 32x32 cell. Send each that
609 * has changed since the last scan.
614 xcells = howmany(rc->crc_width, PIX_PER_CELL);
615 ycells = howmany(rc->crc_height, PIX_PER_CELL);
617 rem_x = w & PIXCELL_MASK;
619 rem_y = h & PIXCELL_MASK;
621 rem_y = PIX_PER_CELL;
626 * Go through all cells and calculate crc. If significant number
627 * of changes, then send entire screen.
628 * crc_tmp is dual purpose: to store the new crc and to flag as
629 * a cell that has changed.
631 crc_p = rc->crc_tmp - xcells;
632 orig_crc = rc->crc - xcells;
634 memset(rc->crc_tmp, 0, sizeof(uint32_t) * xcells * ycells);
635 for (y = 0; y < h; y++) {
636 if ((y & PIXCELL_MASK) == 0) {
641 for (x = 0; x < xcells; x++) {
642 if (x == (xcells - 1) && rem_x > 0)
645 cellwidth = PIX_PER_CELL;
648 crc_p[x] = fast_crc32(p,
649 cellwidth * sizeof(uint32_t),
652 crc_p[x] = (uint32_t)crc32(crc_p[x],
654 cellwidth * sizeof(uint32_t));
658 /* check for crc delta if last row in cell */
659 if ((y & PIXCELL_MASK) == PIXCELL_MASK || y == (h-1)) {
660 if (orig_crc[x] != crc_p[x]) {
661 orig_crc[x] = crc_p[x];
672 * We only send the update if there are changes.
673 * Restore the pending flag since it was unconditionally cleared
681 /* If number of changes is > THRESH percent, send the whole screen */
682 if (((changes * 100) / (xcells * ycells)) >= RFB_SEND_ALL_THRESH) {
683 retval = rfb_send_all(rc, cfd, gc_image);
687 rfb_send_update_header(rc, cfd, changes);
689 /* Go through all cells, and send only changed ones */
691 for (y = 0; y < h; y += PIX_PER_CELL) {
692 /* previous cell's row */
693 celly = (y >> PIXCELL_SHIFT);
695 /* Delta check crc to previous set */
696 for (x = 0; x < xcells; x++) {
700 if (x == (xcells - 1) && rem_x > 0)
703 cellwidth = PIX_PER_CELL;
704 nwrite = rfb_send_rect(rc, cfd,
707 celly * PIX_PER_CELL,
709 y + PIX_PER_CELL >= h ? rem_y : PIX_PER_CELL);
725 rfb_recv_update_msg(struct rfb_softc *rc, int cfd)
727 struct rfb_updt_msg updt_msg;
729 (void)stream_read(cfd, (uint8_t *)&updt_msg + 1 , sizeof(updt_msg) - 1);
731 if (rc->enc_extkeyevent_ok && (!rc->enc_extkeyevent_send)) {
732 rfb_send_extended_keyevent_update_msg(rc, cfd);
733 rc->enc_extkeyevent_send = true;
737 if (!updt_msg.incremental)
738 rc->update_all = true;
742 rfb_recv_key_msg(struct rfb_softc *rc, int cfd)
744 struct rfb_key_msg key_msg;
746 (void)stream_read(cfd, (uint8_t *)&key_msg + 1, sizeof(key_msg) - 1);
748 console_key_event(key_msg.down, htonl(key_msg.sym), htonl(0));
749 rc->input_detected = true;
753 rfb_recv_client_msg(struct rfb_softc *rc, int cfd)
755 struct rfb_client_msg client_msg;
756 struct rfb_extended_key_msg extkey_msg;
758 (void)stream_read(cfd, (uint8_t *)&client_msg + 1,
759 sizeof(client_msg) - 1);
761 if (client_msg.subtype == RFB_CLIENTMSG_EXT_KEYEVENT) {
762 (void)stream_read(cfd, (uint8_t *)&extkey_msg + 2,
763 sizeof(extkey_msg) - 2);
764 console_key_event((int)extkey_msg.down, htonl(extkey_msg.sym), htonl(extkey_msg.code));
765 rc->input_detected = true;
770 rfb_recv_ptr_msg(struct rfb_softc *rc, int cfd)
772 struct rfb_ptr_msg ptr_msg;
774 (void)stream_read(cfd, (uint8_t *)&ptr_msg + 1, sizeof(ptr_msg) - 1);
776 console_ptr_event(ptr_msg.button, htons(ptr_msg.x), htons(ptr_msg.y));
777 rc->input_detected = true;
781 rfb_recv_cuttext_msg(struct rfb_softc *rc __unused, int cfd)
783 struct rfb_cuttext_msg ct_msg;
784 unsigned char buf[32];
787 len = stream_read(cfd, (uint8_t *)&ct_msg + 1, sizeof(ct_msg) - 1);
788 ct_msg.length = htonl(ct_msg.length);
789 while (ct_msg.length > 0) {
790 len = stream_read(cfd, buf, ct_msg.length > sizeof(buf) ?
791 sizeof(buf) : ct_msg.length);
792 ct_msg.length -= len;
797 timeval_delta(struct timeval *prev, struct timeval *now)
800 n1 = now->tv_sec * 1000000 + now->tv_usec;
801 n2 = prev->tv_sec * 1000000 + prev->tv_usec;
806 rfb_wr_thr(void *arg)
808 struct rfb_softc *rc;
811 struct timeval prev_tv;
821 while (rc->cfd >= 0) {
825 tv.tv_usec = CFD_SEL_DELAY;
827 err = select(cfd+1, &rfds, NULL, NULL, &tv);
831 /* Determine if its time to push screen; ~24hz */
832 gettimeofday(&tv, NULL);
833 tdiff = timeval_delta(&prev_tv, &tv);
834 if (tdiff >= SCREEN_POLL_DELAY) {
836 prev_tv.tv_sec = tv.tv_sec;
837 prev_tv.tv_usec = tv.tv_usec;
838 input = atomic_exchange(&rc->input_detected, false);
840 * Refresh the screen on every second trip through the loop,
841 * or if keyboard/mouse input has been detected.
843 if ((++rc->wrcount & 1) || input) {
844 if (rfb_send_screen(rc, cfd) <= 0) {
850 usleep(SCREEN_POLL_DELAY - tdiff);
858 rfb_handle(struct rfb_softc *rc, int cfd)
860 const char *vbuf = "RFB 003.008\n";
861 unsigned char buf[80];
862 unsigned const char *message;
865 unsigned char challenge[AUTH_LENGTH];
866 unsigned char keystr[PASSWD_LENGTH];
867 unsigned char crypt_expected[AUTH_LENGTH];
881 /* 1a. Send server version */
882 stream_write(cfd, vbuf, strlen(vbuf));
884 /* 1b. Read client version */
885 len = stream_read(cfd, buf, VERSION_LENGTH);
886 if (len != VERSION_LENGTH ||
887 strncmp(vbuf, buf, VERSION_LENGTH - 2) != 0) {
891 client_ver = buf[VERSION_LENGTH - 2];
892 if (client_ver != CVERS_3_8 && client_ver != CVERS_3_7) {
893 /* only recognize 3.3, 3.7 & 3.8. Others dflt to 3.3 */
894 client_ver = CVERS_3_3;
897 /* 2a. Send security type */
900 /* In versions 3.7 & 3.8, it's 2-way handshake */
901 /* For version 3.3, server says what the authentication type must be */
904 auth_type = SECURITY_TYPE_VNC_AUTH;
906 auth_type = SECURITY_TYPE_NONE;
909 auth_type = SECURITY_TYPE_NONE;
912 switch (client_ver) {
917 stream_write(cfd, buf, 2);
919 /* 2b. Read agreed security type */
920 len = stream_read(cfd, buf, 1);
921 if (buf[0] != auth_type) {
924 message = "Auth failed: authentication type mismatch";
925 goto report_and_done;
930 be32enc(buf, auth_type);
931 stream_write(cfd, buf, 4);
935 /* 2c. Do VNC authentication */
937 case SECURITY_TYPE_NONE:
939 case SECURITY_TYPE_VNC_AUTH:
941 * The client encrypts the challenge with DES, using a password
942 * supplied by the user as the key.
943 * To form the key, the password is truncated to
944 * eight characters, or padded with null bytes on the right.
945 * The client then sends the resulting 16-bytes response.
948 strncpy(keystr, rc->password, PASSWD_LENGTH);
950 /* VNC clients encrypts the challenge with all the bit fields
951 * in each byte of the password mirrored.
952 * Here we flip each byte of the keystr.
954 for (i = 0; i < PASSWD_LENGTH; i++) {
955 keystr[i] = (keystr[i] & 0xF0) >> 4
956 | (keystr[i] & 0x0F) << 4;
957 keystr[i] = (keystr[i] & 0xCC) >> 2
958 | (keystr[i] & 0x33) << 2;
959 keystr[i] = (keystr[i] & 0xAA) >> 1
960 | (keystr[i] & 0x55) << 1;
963 /* Initialize a 16-byte random challenge */
964 arc4random_buf(challenge, sizeof(challenge));
965 stream_write(cfd, challenge, AUTH_LENGTH);
967 /* Receive the 16-byte challenge response */
968 stream_read(cfd, buf, AUTH_LENGTH);
970 memcpy(crypt_expected, challenge, AUTH_LENGTH);
972 /* Encrypt the Challenge with DES */
973 DES_set_key((const_DES_cblock *)keystr, &ks);
974 DES_ecb_encrypt((const_DES_cblock *)challenge,
975 (const_DES_cblock *)crypt_expected,
977 DES_ecb_encrypt((const_DES_cblock *)(challenge + PASSWD_LENGTH),
978 (const_DES_cblock *)(crypt_expected +
982 if (memcmp(crypt_expected, buf, AUTH_LENGTH) != 0) {
983 message = "Auth Failed: Invalid Password.";
990 WPRINTF(("Auth not supported, no OpenSSL in your system"));
996 switch (client_ver) {
1000 /* 2d. Write back a status */
1001 stream_write(cfd, &sres, 4);
1004 /* 3.7 does not want string explaining cause */
1005 if (client_ver == CVERS_3_8) {
1006 be32enc(buf, strlen(message));
1007 stream_write(cfd, buf, 4);
1008 stream_write(cfd, message, strlen(message));
1015 /* for VNC auth case send status */
1016 if (auth_type == SECURITY_TYPE_VNC_AUTH) {
1017 /* 2d. Write back a status */
1018 stream_write(cfd, &sres, 4);
1025 /* 3a. Read client shared-flag byte */
1026 len = stream_read(cfd, buf, 1);
1028 /* 4a. Write server-init info */
1029 rfb_send_server_init_msg(cfd);
1032 rc->zbuf = malloc(RFB_ZLIB_BUFSZ + 16);
1033 assert(rc->zbuf != NULL);
1036 perror = pthread_create(&tid, NULL, rfb_wr_thr, rc);
1038 pthread_set_name_np(tid, "rfbout");
1040 /* Now read in client requests. 1st byte identifies type */
1042 len = read(cfd, buf, 1);
1044 DPRINTF(("rfb client exiting"));
1049 case CS_SET_PIXEL_FORMAT:
1050 rfb_recv_set_pixfmt_msg(rc, cfd);
1052 case CS_SET_ENCODINGS:
1053 rfb_recv_set_encodings_msg(rc, cfd);
1056 rfb_recv_update_msg(rc, cfd);
1059 rfb_recv_key_msg(rc, cfd);
1061 case CS_POINTER_EVENT:
1062 rfb_recv_ptr_msg(rc, cfd);
1065 rfb_recv_cuttext_msg(rc, cfd);
1067 case CS_MSG_CLIENT_QEMU:
1068 rfb_recv_client_msg(rc, cfd);
1071 WPRINTF(("rfb unknown cli-code %d!", buf[0] & 0xff));
1078 pthread_join(tid, NULL);
1079 if (rc->enc_zlib_ok)
1080 deflateEnd(&rc->zstream);
1086 struct rfb_softc *rc;
1094 sigaddset(&set, SIGPIPE);
1095 if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0) {
1096 perror("pthread_sigmask");
1101 rc->enc_raw_ok = false;
1102 rc->enc_zlib_ok = false;
1103 rc->enc_resize_ok = false;
1104 rc->enc_extkeyevent_ok = false;
1106 rc->enc_extkeyevent_send = false;
1108 cfd = accept(rc->sfd, NULL, NULL);
1109 if (rc->conn_wait) {
1110 pthread_mutex_lock(&rc->mtx);
1111 pthread_cond_signal(&rc->cond);
1112 pthread_mutex_unlock(&rc->mtx);
1115 rfb_handle(rc, cfd);
1124 sse42_supported(void)
1126 u_int cpu_registers[4], ecx;
1128 do_cpuid(1, cpu_registers);
1130 ecx = cpu_registers[2];
1132 return ((ecx & CPUID2_SSE42) != 0);
1136 rfb_init(const char *hostname, int port, int wait, const char *password)
1140 struct rfb_softc *rc;
1141 struct addrinfo *ai = NULL;
1142 struct addrinfo hints;
1145 #ifndef WITHOUT_CAPSICUM
1146 cap_rights_t rights;
1149 rc = calloc(1, sizeof(struct rfb_softc));
1151 cnt = howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
1152 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL);
1153 rc->crc = calloc(cnt, sizeof(uint32_t));
1154 rc->crc_tmp = calloc(cnt, sizeof(uint32_t));
1155 rc->crc_width = RFB_MAX_WIDTH;
1156 rc->crc_height = RFB_MAX_HEIGHT;
1159 rc->password = password;
1161 snprintf(servname, sizeof(servname), "%d", port ? port : 5900);
1163 if (!hostname || strlen(hostname) == 0)
1165 hostname = "127.0.0.1";
1166 #elif defined(INET6)
1170 memset(&hints, 0, sizeof(hints));
1171 hints.ai_family = AF_UNSPEC;
1172 hints.ai_socktype = SOCK_STREAM;
1173 hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV | AI_PASSIVE;
1175 if ((e = getaddrinfo(hostname, servname, &hints, &ai)) != 0) {
1176 EPRINTLN("getaddrinfo: %s", gai_strerror(e));
1180 rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0);
1186 setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
1188 if (bind(rc->sfd, ai->ai_addr, ai->ai_addrlen) < 0) {
1193 if (listen(rc->sfd, 1) < 0) {
1198 #ifndef WITHOUT_CAPSICUM
1199 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
1200 if (caph_rights_limit(rc->sfd, &rights) == -1)
1201 errx(EX_OSERR, "Unable to apply rights for sandbox");
1204 rc->hw_crc = sse42_supported();
1206 rc->conn_wait = wait;
1208 pthread_mutex_init(&rc->mtx, NULL);
1209 pthread_cond_init(&rc->cond, NULL);
1212 pthread_create(&rc->tid, NULL, rfb_thr, rc);
1213 pthread_set_name_np(rc->tid, "rfb");
1216 DPRINTF(("Waiting for rfb client..."));
1217 pthread_mutex_lock(&rc->mtx);
1218 pthread_cond_wait(&rc->cond, &rc->mtx);
1219 pthread_mutex_unlock(&rc->mtx);
1220 DPRINTF(("rfb client connected"));