2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 2015 Tycho Nightingale <tycho.nightingale@pluribusnetworks.com>
5 * Copyright (c) 2015 Leon Dang
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/param.h>
34 #ifndef WITHOUT_CAPSICUM
35 #include <sys/capsicum.h>
37 #include <sys/endian.h>
38 #include <sys/socket.h>
39 #include <sys/select.h>
41 #include <arpa/inet.h>
42 #include <stdatomic.h>
43 #include <machine/cpufunc.h>
44 #include <machine/specialreg.h>
45 #include <netinet/in.h>
49 #ifndef WITHOUT_CAPSICUM
50 #include <capsicum_helpers.h>
55 #include <pthread_np.h>
70 #include "sockstream.h"
73 #include <openssl/des.h>
76 /* Delays in microseconds */
77 #define CFD_SEL_DELAY 10000
78 #define SCREEN_REFRESH_DELAY 33300 /* 30Hz */
79 #define SCREEN_POLL_DELAY (SCREEN_REFRESH_DELAY / 2)
81 static int rfb_debug = 0;
82 #define DPRINTF(params) if (rfb_debug) PRINTLN params
83 #define WPRINTF(params) PRINTLN params
85 #define VERSION_LENGTH 12
86 #define AUTH_LENGTH 16
87 #define PASSWD_LENGTH 8
89 /* Protocol versions */
94 /* Client-to-server msg types */
95 #define CS_SET_PIXEL_FORMAT 0
96 #define CS_SET_ENCODINGS 2
97 #define CS_UPDATE_MSG 3
98 #define CS_KEY_EVENT 4
99 #define CS_POINTER_EVENT 5
100 #define CS_CUT_TEXT 6
101 #define CS_MSG_CLIENT_QEMU 255
103 #define SECURITY_TYPE_NONE 1
104 #define SECURITY_TYPE_VNC_AUTH 2
106 #define AUTH_FAILED_UNAUTH 1
107 #define AUTH_FAILED_ERROR 2
117 const char *password;
122 bool enc_extkeyevent_ok;
124 bool enc_extkeyevent_send;
135 atomic_bool update_all;
136 atomic_bool input_detected;
142 uint32_t *crc; /* WxH crc cells */
143 uint32_t *crc_tmp; /* buffer to store single crc row */
144 int crc_width, crc_height;
161 struct rfb_srvr_info {
164 struct rfb_pixfmt pixfmt;
168 struct rfb_pixfmt_msg {
171 struct rfb_pixfmt pixfmt;
174 #define RFB_ENCODING_RAW 0
175 #define RFB_ENCODING_ZLIB 6
176 #define RFB_ENCODING_RESIZE -223
177 #define RFB_ENCODING_EXT_KEYEVENT -258
179 #define RFB_CLIENTMSG_EXT_KEYEVENT 0
181 #define RFB_MAX_WIDTH 2000
182 #define RFB_MAX_HEIGHT 1200
183 #define RFB_ZLIB_BUFSZ RFB_MAX_WIDTH*RFB_MAX_HEIGHT*4
185 /* percentage changes to screen before sending the entire screen */
186 #define RFB_SEND_ALL_THRESH 25
194 struct rfb_updt_msg {
210 struct rfb_client_msg {
215 struct rfb_extended_key_msg {
230 struct rfb_srvr_updt_msg {
236 struct rfb_srvr_rect_hdr {
244 struct rfb_cuttext_msg {
251 rfb_send_server_init_msg(int cfd)
253 struct bhyvegc_image *gc_image;
254 struct rfb_srvr_info sinfo;
256 gc_image = console_get_image();
258 sinfo.width = htons(gc_image->width);
259 sinfo.height = htons(gc_image->height);
260 sinfo.pixfmt.bpp = 32;
261 sinfo.pixfmt.depth = 32;
262 sinfo.pixfmt.bigendian = 0;
263 sinfo.pixfmt.truecolor = 1;
264 sinfo.pixfmt.red_max = htons(255);
265 sinfo.pixfmt.green_max = htons(255);
266 sinfo.pixfmt.blue_max = htons(255);
267 sinfo.pixfmt.red_shift = 16;
268 sinfo.pixfmt.green_shift = 8;
269 sinfo.pixfmt.blue_shift = 0;
270 sinfo.pixfmt.pad[0] = 0;
271 sinfo.pixfmt.pad[1] = 0;
272 sinfo.pixfmt.pad[2] = 0;
273 sinfo.namelen = htonl(strlen("bhyve"));
274 (void)stream_write(cfd, &sinfo, sizeof(sinfo));
275 (void)stream_write(cfd, "bhyve", strlen("bhyve"));
279 rfb_send_resize_update_msg(struct rfb_softc *rc, int cfd)
281 struct rfb_srvr_updt_msg supdt_msg;
282 struct rfb_srvr_rect_hdr srect_hdr;
284 /* Number of rectangles: 1 */
287 supdt_msg.numrects = htons(1);
288 stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg));
290 /* Rectangle header */
291 srect_hdr.x = htons(0);
292 srect_hdr.y = htons(0);
293 srect_hdr.width = htons(rc->width);
294 srect_hdr.height = htons(rc->height);
295 srect_hdr.encoding = htonl(RFB_ENCODING_RESIZE);
296 stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr));
300 rfb_send_extended_keyevent_update_msg(struct rfb_softc *rc, int cfd)
302 struct rfb_srvr_updt_msg supdt_msg;
303 struct rfb_srvr_rect_hdr srect_hdr;
305 /* Number of rectangles: 1 */
308 supdt_msg.numrects = htons(1);
309 stream_write(cfd, &supdt_msg, sizeof(struct rfb_srvr_updt_msg));
311 /* Rectangle header */
312 srect_hdr.x = htons(0);
313 srect_hdr.y = htons(0);
314 srect_hdr.width = htons(rc->width);
315 srect_hdr.height = htons(rc->height);
316 srect_hdr.encoding = htonl(RFB_ENCODING_EXT_KEYEVENT);
317 stream_write(cfd, &srect_hdr, sizeof(struct rfb_srvr_rect_hdr));
321 rfb_recv_set_pixfmt_msg(struct rfb_softc *rc __unused, int cfd)
323 struct rfb_pixfmt_msg pixfmt_msg;
325 (void)stream_read(cfd, (uint8_t *)&pixfmt_msg + 1,
326 sizeof(pixfmt_msg) - 1);
330 rfb_recv_set_encodings_msg(struct rfb_softc *rc, int cfd)
332 struct rfb_enc_msg enc_msg;
336 (void)stream_read(cfd, (uint8_t *)&enc_msg + 1, sizeof(enc_msg) - 1);
338 for (i = 0; i < htons(enc_msg.numencs); i++) {
339 (void)stream_read(cfd, &encoding, sizeof(encoding));
340 switch (htonl(encoding)) {
341 case RFB_ENCODING_RAW:
342 rc->enc_raw_ok = true;
344 case RFB_ENCODING_ZLIB:
345 if (!rc->enc_zlib_ok) {
346 deflateInit(&rc->zstream, Z_BEST_SPEED);
347 rc->enc_zlib_ok = true;
350 case RFB_ENCODING_RESIZE:
351 rc->enc_resize_ok = true;
353 case RFB_ENCODING_EXT_KEYEVENT:
354 rc->enc_extkeyevent_ok = true;
361 * Calculate CRC32 using SSE4.2; Intel or AMD Bulldozer+ CPUs only
363 static __inline uint32_t
364 fast_crc32(void *buf, int len, uint32_t crcval)
366 uint32_t q = len / sizeof(uint32_t);
367 uint32_t *p = (uint32_t *)buf;
371 ".byte 0xf2, 0xf, 0x38, 0xf1, 0xf1;"
373 :"0" (crcval), "c" (*p)
382 rfb_send_update_header(struct rfb_softc *rc __unused, int cfd, int numrects)
384 struct rfb_srvr_updt_msg supdt_msg;
388 supdt_msg.numrects = htons(numrects);
390 return stream_write(cfd, &supdt_msg,
391 sizeof(struct rfb_srvr_updt_msg));
395 rfb_send_rect(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc,
396 int x, int y, int w, int h)
398 struct rfb_srvr_rect_hdr srect_hdr;
400 ssize_t nwrite, total;
406 * Send a single rectangle of the given x, y, w h dimensions.
409 /* Rectangle header */
410 srect_hdr.x = htons(x);
411 srect_hdr.y = htons(y);
412 srect_hdr.width = htons(w);
413 srect_hdr.height = htons(h);
416 w *= sizeof(uint32_t);
417 if (rc->enc_zlib_ok) {
419 rc->zstream.total_in = 0;
420 rc->zstream.total_out = 0;
421 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
422 rc->zstream.next_in = (Bytef *)p;
423 rc->zstream.avail_in = w;
424 rc->zstream.next_out = (Bytef *)zbufp;
425 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16 -
426 rc->zstream.total_out;
427 rc->zstream.data_type = Z_BINARY;
429 /* Compress with zlib */
430 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
432 WPRINTF(("zlib[rect] deflate err: %d", err));
433 rc->enc_zlib_ok = false;
434 deflateEnd(&rc->zstream);
437 zbufp = rc->zbuf + rc->zstream.total_out;
440 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
441 nwrite = stream_write(cfd, &srect_hdr,
442 sizeof(struct rfb_srvr_rect_hdr));
446 zlen = htonl(rc->zstream.total_out);
447 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
450 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
457 for (p = &gc->data[y * gc->width + x]; y < h; y++) {
464 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
465 nwrite = stream_write(cfd, &srect_hdr,
466 sizeof(struct rfb_srvr_rect_hdr));
470 total = stream_write(cfd, rc->zbuf, total);
476 rfb_send_all(struct rfb_softc *rc, int cfd, struct bhyvegc_image *gc)
478 struct rfb_srvr_updt_msg supdt_msg;
479 struct rfb_srvr_rect_hdr srect_hdr;
485 * Send the whole thing
488 /* Number of rectangles: 1 */
491 supdt_msg.numrects = htons(1);
492 nwrite = stream_write(cfd, &supdt_msg,
493 sizeof(struct rfb_srvr_updt_msg));
497 /* Rectangle header */
500 srect_hdr.width = htons(gc->width);
501 srect_hdr.height = htons(gc->height);
502 if (rc->enc_zlib_ok) {
503 rc->zstream.next_in = (Bytef *)gc->data;
504 rc->zstream.avail_in = gc->width * gc->height *
506 rc->zstream.next_out = (Bytef *)rc->zbuf;
507 rc->zstream.avail_out = RFB_ZLIB_BUFSZ + 16;
508 rc->zstream.data_type = Z_BINARY;
510 rc->zstream.total_in = 0;
511 rc->zstream.total_out = 0;
513 /* Compress with zlib */
514 err = deflate(&rc->zstream, Z_SYNC_FLUSH);
516 WPRINTF(("zlib deflate err: %d", err));
517 rc->enc_zlib_ok = false;
518 deflateEnd(&rc->zstream);
522 srect_hdr.encoding = htonl(RFB_ENCODING_ZLIB);
523 nwrite = stream_write(cfd, &srect_hdr,
524 sizeof(struct rfb_srvr_rect_hdr));
528 zlen = htonl(rc->zstream.total_out);
529 nwrite = stream_write(cfd, &zlen, sizeof(uint32_t));
532 return (stream_write(cfd, rc->zbuf, rc->zstream.total_out));
536 srect_hdr.encoding = htonl(RFB_ENCODING_RAW);
537 nwrite = stream_write(cfd, &srect_hdr,
538 sizeof(struct rfb_srvr_rect_hdr));
542 nwrite = stream_write(cfd, gc->data,
543 gc->width * gc->height * sizeof(uint32_t));
548 #define PIX_PER_CELL 32
549 #define PIXCELL_SHIFT 5
550 #define PIXCELL_MASK 0x1F
553 rfb_send_screen(struct rfb_softc *rc, int cfd)
555 struct bhyvegc_image *gc_image;
558 int celly, cellwidth;
562 int rem_x, rem_y; /* remainder for resolutions not x32 pixels ratio */
564 uint32_t *crc_p, *orig_crc;
568 /* Return if another thread sending */
570 if (atomic_compare_exchange_strong(&rc->sending, &expected, true) == false)
575 /* Updates require a preceding update request */
576 if (atomic_exchange(&rc->pending, false) == false)
580 gc_image = console_get_image();
582 /* Clear old CRC values when the size changes */
583 if (rc->crc_width != gc_image->width ||
584 rc->crc_height != gc_image->height) {
585 memset(rc->crc, 0, sizeof(uint32_t) *
586 howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
587 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL));
588 rc->crc_width = gc_image->width;
589 rc->crc_height = gc_image->height;
592 /* A size update counts as an update in itself */
593 if (rc->width != gc_image->width ||
594 rc->height != gc_image->height) {
595 rc->width = gc_image->width;
596 rc->height = gc_image->height;
597 if (rc->enc_resize_ok) {
598 rfb_send_resize_update_msg(rc, cfd);
599 rc->update_all = true;
604 if (atomic_exchange(&rc->update_all, false) == true) {
605 retval = rfb_send_all(rc, cfd, gc_image);
610 * Calculate the checksum for each 32x32 cell. Send each that
611 * has changed since the last scan.
616 xcells = howmany(rc->crc_width, PIX_PER_CELL);
617 ycells = howmany(rc->crc_height, PIX_PER_CELL);
619 rem_x = w & PIXCELL_MASK;
621 rem_y = h & PIXCELL_MASK;
623 rem_y = PIX_PER_CELL;
628 * Go through all cells and calculate crc. If significant number
629 * of changes, then send entire screen.
630 * crc_tmp is dual purpose: to store the new crc and to flag as
631 * a cell that has changed.
633 crc_p = rc->crc_tmp - xcells;
634 orig_crc = rc->crc - xcells;
636 memset(rc->crc_tmp, 0, sizeof(uint32_t) * xcells * ycells);
637 for (y = 0; y < h; y++) {
638 if ((y & PIXCELL_MASK) == 0) {
643 for (x = 0; x < xcells; x++) {
644 if (x == (xcells - 1) && rem_x > 0)
647 cellwidth = PIX_PER_CELL;
650 crc_p[x] = fast_crc32(p,
651 cellwidth * sizeof(uint32_t),
654 crc_p[x] = (uint32_t)crc32(crc_p[x],
656 cellwidth * sizeof(uint32_t));
660 /* check for crc delta if last row in cell */
661 if ((y & PIXCELL_MASK) == PIXCELL_MASK || y == (h-1)) {
662 if (orig_crc[x] != crc_p[x]) {
663 orig_crc[x] = crc_p[x];
674 * We only send the update if there are changes.
675 * Restore the pending flag since it was unconditionally cleared
683 /* If number of changes is > THRESH percent, send the whole screen */
684 if (((changes * 100) / (xcells * ycells)) >= RFB_SEND_ALL_THRESH) {
685 retval = rfb_send_all(rc, cfd, gc_image);
689 rfb_send_update_header(rc, cfd, changes);
691 /* Go through all cells, and send only changed ones */
693 for (y = 0; y < h; y += PIX_PER_CELL) {
694 /* previous cell's row */
695 celly = (y >> PIXCELL_SHIFT);
697 /* Delta check crc to previous set */
698 for (x = 0; x < xcells; x++) {
702 if (x == (xcells - 1) && rem_x > 0)
705 cellwidth = PIX_PER_CELL;
706 nwrite = rfb_send_rect(rc, cfd,
709 celly * PIX_PER_CELL,
711 y + PIX_PER_CELL >= h ? rem_y : PIX_PER_CELL);
727 rfb_recv_update_msg(struct rfb_softc *rc, int cfd)
729 struct rfb_updt_msg updt_msg;
731 (void)stream_read(cfd, (uint8_t *)&updt_msg + 1 , sizeof(updt_msg) - 1);
733 if (rc->enc_extkeyevent_ok && (!rc->enc_extkeyevent_send)) {
734 rfb_send_extended_keyevent_update_msg(rc, cfd);
735 rc->enc_extkeyevent_send = true;
739 if (!updt_msg.incremental)
740 rc->update_all = true;
744 rfb_recv_key_msg(struct rfb_softc *rc, int cfd)
746 struct rfb_key_msg key_msg;
748 (void)stream_read(cfd, (uint8_t *)&key_msg + 1, sizeof(key_msg) - 1);
750 console_key_event(key_msg.down, htonl(key_msg.sym), htonl(0));
751 rc->input_detected = true;
755 rfb_recv_client_msg(struct rfb_softc *rc, int cfd)
757 struct rfb_client_msg client_msg;
758 struct rfb_extended_key_msg extkey_msg;
760 (void)stream_read(cfd, (uint8_t *)&client_msg + 1,
761 sizeof(client_msg) - 1);
763 if (client_msg.subtype == RFB_CLIENTMSG_EXT_KEYEVENT) {
764 (void)stream_read(cfd, (uint8_t *)&extkey_msg + 2,
765 sizeof(extkey_msg) - 2);
766 console_key_event((int)extkey_msg.down, htonl(extkey_msg.sym), htonl(extkey_msg.code));
767 rc->input_detected = true;
772 rfb_recv_ptr_msg(struct rfb_softc *rc, int cfd)
774 struct rfb_ptr_msg ptr_msg;
776 (void)stream_read(cfd, (uint8_t *)&ptr_msg + 1, sizeof(ptr_msg) - 1);
778 console_ptr_event(ptr_msg.button, htons(ptr_msg.x), htons(ptr_msg.y));
779 rc->input_detected = true;
783 rfb_recv_cuttext_msg(struct rfb_softc *rc __unused, int cfd)
785 struct rfb_cuttext_msg ct_msg;
786 unsigned char buf[32];
789 len = stream_read(cfd, (uint8_t *)&ct_msg + 1, sizeof(ct_msg) - 1);
790 ct_msg.length = htonl(ct_msg.length);
791 while (ct_msg.length > 0) {
792 len = stream_read(cfd, buf, ct_msg.length > sizeof(buf) ?
793 sizeof(buf) : ct_msg.length);
794 ct_msg.length -= len;
799 timeval_delta(struct timeval *prev, struct timeval *now)
802 n1 = now->tv_sec * 1000000 + now->tv_usec;
803 n2 = prev->tv_sec * 1000000 + prev->tv_usec;
808 rfb_wr_thr(void *arg)
810 struct rfb_softc *rc;
813 struct timeval prev_tv;
823 while (rc->cfd >= 0) {
827 tv.tv_usec = CFD_SEL_DELAY;
829 err = select(cfd+1, &rfds, NULL, NULL, &tv);
833 /* Determine if its time to push screen; ~24hz */
834 gettimeofday(&tv, NULL);
835 tdiff = timeval_delta(&prev_tv, &tv);
836 if (tdiff >= SCREEN_POLL_DELAY) {
838 prev_tv.tv_sec = tv.tv_sec;
839 prev_tv.tv_usec = tv.tv_usec;
840 input = atomic_exchange(&rc->input_detected, false);
842 * Refresh the screen on every second trip through the loop,
843 * or if keyboard/mouse input has been detected.
845 if ((++rc->wrcount & 1) || input) {
846 if (rfb_send_screen(rc, cfd) <= 0) {
852 usleep(SCREEN_POLL_DELAY - tdiff);
860 rfb_handle(struct rfb_softc *rc, int cfd)
862 const char *vbuf = "RFB 003.008\n";
863 unsigned char buf[80];
864 unsigned const char *message;
867 unsigned char challenge[AUTH_LENGTH];
868 unsigned char keystr[PASSWD_LENGTH];
869 unsigned char crypt_expected[AUTH_LENGTH];
883 /* 1a. Send server version */
884 stream_write(cfd, vbuf, strlen(vbuf));
886 /* 1b. Read client version */
887 len = stream_read(cfd, buf, VERSION_LENGTH);
888 if (len != VERSION_LENGTH ||
889 strncmp(vbuf, buf, VERSION_LENGTH - 2) != 0) {
893 client_ver = buf[VERSION_LENGTH - 2];
894 if (client_ver != CVERS_3_8 && client_ver != CVERS_3_7) {
895 /* only recognize 3.3, 3.7 & 3.8. Others dflt to 3.3 */
896 client_ver = CVERS_3_3;
899 /* 2a. Send security type */
902 /* In versions 3.7 & 3.8, it's 2-way handshake */
903 /* For version 3.3, server says what the authentication type must be */
906 auth_type = SECURITY_TYPE_VNC_AUTH;
908 auth_type = SECURITY_TYPE_NONE;
911 auth_type = SECURITY_TYPE_NONE;
914 switch (client_ver) {
919 stream_write(cfd, buf, 2);
921 /* 2b. Read agreed security type */
922 len = stream_read(cfd, buf, 1);
923 if (buf[0] != auth_type) {
926 message = "Auth failed: authentication type mismatch";
927 goto report_and_done;
932 be32enc(buf, auth_type);
933 stream_write(cfd, buf, 4);
937 /* 2c. Do VNC authentication */
939 case SECURITY_TYPE_NONE:
941 case SECURITY_TYPE_VNC_AUTH:
943 * The client encrypts the challenge with DES, using a password
944 * supplied by the user as the key.
945 * To form the key, the password is truncated to
946 * eight characters, or padded with null bytes on the right.
947 * The client then sends the resulting 16-bytes response.
950 strncpy(keystr, rc->password, PASSWD_LENGTH);
952 /* VNC clients encrypts the challenge with all the bit fields
953 * in each byte of the password mirrored.
954 * Here we flip each byte of the keystr.
956 for (i = 0; i < PASSWD_LENGTH; i++) {
957 keystr[i] = (keystr[i] & 0xF0) >> 4
958 | (keystr[i] & 0x0F) << 4;
959 keystr[i] = (keystr[i] & 0xCC) >> 2
960 | (keystr[i] & 0x33) << 2;
961 keystr[i] = (keystr[i] & 0xAA) >> 1
962 | (keystr[i] & 0x55) << 1;
965 /* Initialize a 16-byte random challenge */
966 arc4random_buf(challenge, sizeof(challenge));
967 stream_write(cfd, challenge, AUTH_LENGTH);
969 /* Receive the 16-byte challenge response */
970 stream_read(cfd, buf, AUTH_LENGTH);
972 memcpy(crypt_expected, challenge, AUTH_LENGTH);
974 /* Encrypt the Challenge with DES */
975 DES_set_key((const_DES_cblock *)keystr, &ks);
976 DES_ecb_encrypt((const_DES_cblock *)challenge,
977 (const_DES_cblock *)crypt_expected,
979 DES_ecb_encrypt((const_DES_cblock *)(challenge + PASSWD_LENGTH),
980 (const_DES_cblock *)(crypt_expected +
984 if (memcmp(crypt_expected, buf, AUTH_LENGTH) != 0) {
985 message = "Auth Failed: Invalid Password.";
992 WPRINTF(("Auth not supported, no OpenSSL in your system"));
998 switch (client_ver) {
1002 /* 2d. Write back a status */
1003 stream_write(cfd, &sres, 4);
1006 /* 3.7 does not want string explaining cause */
1007 if (client_ver == CVERS_3_8) {
1008 be32enc(buf, strlen(message));
1009 stream_write(cfd, buf, 4);
1010 stream_write(cfd, message, strlen(message));
1017 /* for VNC auth case send status */
1018 if (auth_type == SECURITY_TYPE_VNC_AUTH) {
1019 /* 2d. Write back a status */
1020 stream_write(cfd, &sres, 4);
1027 /* 3a. Read client shared-flag byte */
1028 len = stream_read(cfd, buf, 1);
1030 /* 4a. Write server-init info */
1031 rfb_send_server_init_msg(cfd);
1034 rc->zbuf = malloc(RFB_ZLIB_BUFSZ + 16);
1035 assert(rc->zbuf != NULL);
1038 perror = pthread_create(&tid, NULL, rfb_wr_thr, rc);
1040 pthread_set_name_np(tid, "rfbout");
1042 /* Now read in client requests. 1st byte identifies type */
1044 len = read(cfd, buf, 1);
1046 DPRINTF(("rfb client exiting"));
1051 case CS_SET_PIXEL_FORMAT:
1052 rfb_recv_set_pixfmt_msg(rc, cfd);
1054 case CS_SET_ENCODINGS:
1055 rfb_recv_set_encodings_msg(rc, cfd);
1058 rfb_recv_update_msg(rc, cfd);
1061 rfb_recv_key_msg(rc, cfd);
1063 case CS_POINTER_EVENT:
1064 rfb_recv_ptr_msg(rc, cfd);
1067 rfb_recv_cuttext_msg(rc, cfd);
1069 case CS_MSG_CLIENT_QEMU:
1070 rfb_recv_client_msg(rc, cfd);
1073 WPRINTF(("rfb unknown cli-code %d!", buf[0] & 0xff));
1080 pthread_join(tid, NULL);
1081 if (rc->enc_zlib_ok)
1082 deflateEnd(&rc->zstream);
1088 struct rfb_softc *rc;
1096 sigaddset(&set, SIGPIPE);
1097 if (pthread_sigmask(SIG_BLOCK, &set, NULL) != 0) {
1098 perror("pthread_sigmask");
1103 rc->enc_raw_ok = false;
1104 rc->enc_zlib_ok = false;
1105 rc->enc_resize_ok = false;
1106 rc->enc_extkeyevent_ok = false;
1108 rc->enc_extkeyevent_send = false;
1110 cfd = accept(rc->sfd, NULL, NULL);
1111 if (rc->conn_wait) {
1112 pthread_mutex_lock(&rc->mtx);
1113 pthread_cond_signal(&rc->cond);
1114 pthread_mutex_unlock(&rc->mtx);
1117 rfb_handle(rc, cfd);
1126 sse42_supported(void)
1128 u_int cpu_registers[4], ecx;
1130 do_cpuid(1, cpu_registers);
1132 ecx = cpu_registers[2];
1134 return ((ecx & CPUID2_SSE42) != 0);
1138 rfb_init(const char *hostname, int port, int wait, const char *password)
1142 struct rfb_softc *rc;
1143 struct addrinfo *ai = NULL;
1144 struct addrinfo hints;
1147 #ifndef WITHOUT_CAPSICUM
1148 cap_rights_t rights;
1151 rc = calloc(1, sizeof(struct rfb_softc));
1153 cnt = howmany(RFB_MAX_WIDTH, PIX_PER_CELL) *
1154 howmany(RFB_MAX_HEIGHT, PIX_PER_CELL);
1155 rc->crc = calloc(cnt, sizeof(uint32_t));
1156 rc->crc_tmp = calloc(cnt, sizeof(uint32_t));
1157 rc->crc_width = RFB_MAX_WIDTH;
1158 rc->crc_height = RFB_MAX_HEIGHT;
1161 rc->password = password;
1163 snprintf(servname, sizeof(servname), "%d", port ? port : 5900);
1165 if (!hostname || strlen(hostname) == 0)
1167 hostname = "127.0.0.1";
1168 #elif defined(INET6)
1172 memset(&hints, 0, sizeof(hints));
1173 hints.ai_family = AF_UNSPEC;
1174 hints.ai_socktype = SOCK_STREAM;
1175 hints.ai_flags = AI_NUMERICHOST | AI_NUMERICSERV | AI_PASSIVE;
1177 if ((e = getaddrinfo(hostname, servname, &hints, &ai)) != 0) {
1178 EPRINTLN("getaddrinfo: %s", gai_strerror(e));
1182 rc->sfd = socket(ai->ai_family, ai->ai_socktype, 0);
1188 setsockopt(rc->sfd, SOL_SOCKET, SO_REUSEADDR, &on, sizeof(on));
1190 if (bind(rc->sfd, ai->ai_addr, ai->ai_addrlen) < 0) {
1195 if (listen(rc->sfd, 1) < 0) {
1200 #ifndef WITHOUT_CAPSICUM
1201 cap_rights_init(&rights, CAP_ACCEPT, CAP_EVENT, CAP_READ, CAP_WRITE);
1202 if (caph_rights_limit(rc->sfd, &rights) == -1)
1203 errx(EX_OSERR, "Unable to apply rights for sandbox");
1206 rc->hw_crc = sse42_supported();
1208 rc->conn_wait = wait;
1210 pthread_mutex_init(&rc->mtx, NULL);
1211 pthread_cond_init(&rc->cond, NULL);
1214 pthread_create(&rc->tid, NULL, rfb_thr, rc);
1215 pthread_set_name_np(rc->tid, "rfb");
1218 DPRINTF(("Waiting for rfb client..."));
1219 pthread_mutex_lock(&rc->mtx);
1220 pthread_cond_wait(&rc->cond, &rc->mtx);
1221 pthread_mutex_unlock(&rc->mtx);
1222 DPRINTF(("rfb client connected"));