1/* 2 * Copyright (c) 2010, 2015 ARM Limited 3 * All rights reserved 4 * 5 * The license below extends only to copyright in the software and shall 6 * not be construed as granting a license to any other intellectual 7 * property including but not limited to intellectual property relating 8 * to a hardware implementation of the functionality of the software 9 * licensed hereunder. You may use the software subject to the license 10 * terms below provided that you ensure that this notice is replicated 11 * unmodified and in its entirety in all distributions of the software, 12 * modified or unmodified, in source code or in binary form. 13 * 14 * Redistribution and use in source and binary forms, with or without 15 * modification, are permitted provided that the following conditions are 16 * met: redistributions of source code must retain the above copyright 17 * notice, this list of conditions and the following disclaimer; 18 * redistributions in binary form must reproduce the above copyright 19 * notice, this list of conditions and the following disclaimer in the 20 * documentation and/or other materials provided with the distribution; 21 * neither the name of the copyright holders nor the names of its 22 * contributors may be used to endorse or promote products derived from 23 * this software without specific prior written permission. 24 * 25 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 26 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 27 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 28 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 29 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 30 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 31 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 32 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 33 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 34 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 35 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 36 * 37 * Authors: Ali Saidi 38 * William Wang 39 */ 40 41/** @file 42 * Implementiation of a VNC server 43 */ 44 45#include <sys/ioctl.h> 46#include <sys/stat.h> 47 48#if defined(__FreeBSD__) 49#include <termios.h> 50 51#else 52#include <sys/termios.h> 53 54#endif 55#include "base/vnc/vncserver.hh" 56 57#include <fcntl.h> 58#include <poll.h> 59#include <sys/types.h> 60#include <unistd.h> 61 62#include <cerrno> 63#include <cstddef> 64#include <cstdio> 65 66#include "base/atomicio.hh" 67#include "base/logging.hh" 68#include "base/output.hh" 69#include "base/socket.hh" 70#include "base/trace.hh" 71#include "debug/VNC.hh" 72#include "sim/byteswap.hh" 73#include "sim/core.hh" 74 75using namespace std; 76 77const PixelConverter VncServer::pixelConverter( 78 4, // 4 bytes / pixel 79 16, 8, 0, // R in [23, 16], G in [15, 8], B in [7, 0] 80 8, 8, 8, // 8 bits / channel 81 LittleEndianByteOrder); 82 83/** @file 84 * Implementiation of a VNC server 85 */ 86 87/** 88 * Poll event for the listen socket 89 */ 90VncServer::ListenEvent::ListenEvent(VncServer *vs, int fd, int e) 91 : PollEvent(fd, e), vncserver(vs) 92{ 93} 94 95void 96VncServer::ListenEvent::process(int revent) 97{ 98 vncserver->accept(); 99} 100 101/** 102 * Poll event for the data socket 103 */ 104VncServer::DataEvent::DataEvent(VncServer *vs, int fd, int e) 105 : PollEvent(fd, e), vncserver(vs) 106{ 107} 108 109void 110VncServer::DataEvent::process(int revent) 111{ 112 if (revent & POLLIN) 113 vncserver->data(); 114 else if (revent & POLLNVAL) 115 vncserver->detach(); 116} 117 118/** 119 * VncServer 120 */ 121VncServer::VncServer(const Params *p) 122 : VncInput(p), listenEvent(NULL), dataEvent(NULL), number(p->number), 123 dataFd(-1), sendUpdate(false), 124 supportsRawEnc(false), supportsResizeEnc(false) 125{ 126 if (p->port) 127 listen(p->port); 128 129 curState = WaitForProtocolVersion; 130 131 // We currently only support one pixel format. Extract the pixel 132 // representation from our PixelConverter instance and keep it 133 // around for telling the client and making sure it cooperates 134 pixelFormat.bpp = 8 * pixelConverter.length; 135 pixelFormat.depth = pixelConverter.depth; 136 pixelFormat.bigendian = pixelConverter.byte_order == BigEndianByteOrder; 137 pixelFormat.truecolor = 1; 138 pixelFormat.redmax = pixelConverter.ch_r.mask; 139 pixelFormat.greenmax = pixelConverter.ch_g.mask; 140 pixelFormat.bluemax = pixelConverter.ch_b.mask; 141 pixelFormat.redshift = pixelConverter.ch_r.offset; 142 pixelFormat.greenshift = pixelConverter.ch_g.offset; 143 pixelFormat.blueshift = pixelConverter.ch_b.offset; 144 145 DPRINTF(VNC, "Vnc server created at port %d\n", p->port); 146} 147 148VncServer::~VncServer() 149{ 150 if (dataFd != -1) 151 ::close(dataFd); 152 153 if (listenEvent) 154 delete listenEvent; 155 156 if (dataEvent) 157 delete dataEvent; 158} 159 160 161//socket creation and vnc client attach 162void 163VncServer::listen(int port) 164{ 165 if (ListenSocket::allDisabled()) { 166 warn_once("Sockets disabled, not accepting vnc client connections"); 167 return; 168 } 169 170 while (!listener.listen(port, true)) { 171 DPRINTF(VNC, 172 "can't bind address vnc server port %d in use PID %d\n", 173 port, getpid()); 174 port++; 175 } 176 177 ccprintf(cerr, "%s: Listening for connections on port %d\n", 178 name(), port); 179 180 listenEvent = new ListenEvent(this, listener.getfd(), POLLIN); 181 pollQueue.schedule(listenEvent); 182} 183 184// attach a vnc client 185void 186VncServer::accept() 187{ 188 // As a consequence of being called from the PollQueue, we might 189 // have been called from a different thread. Migrate to "our" 190 // thread. 191 EventQueue::ScopedMigration migrate(eventQueue()); 192 193 if (!listener.islistening()) 194 panic("%s: cannot accept a connection if not listening!", name()); 195 196 int fd = listener.accept(true); 197 if (fd < 0) { 198 warn("%s: failed to accept VNC connection!", name()); 199 return; 200 } 201 202 if (dataFd != -1) { 203 char message[] = "vnc server already attached!\n"; 204 atomic_write(fd, message, sizeof(message)); 205 ::close(fd); 206 return; 207 } 208 209 dataFd = fd; 210 211 // Send our version number to the client 212 write((uint8_t *)vncVersion(), strlen(vncVersion())); 213 214 // read the client response 215 dataEvent = new DataEvent(this, dataFd, POLLIN); 216 pollQueue.schedule(dataEvent); 217 218 inform("VNC client attached\n"); 219} 220 221// data called by data event 222void 223VncServer::data() 224{ 225 // We have new data, see if we can handle it 226 DPRINTF(VNC, "Vnc client message recieved\n"); 227 228 switch (curState) { 229 case WaitForProtocolVersion: 230 checkProtocolVersion(); 231 break; 232 case WaitForSecurityResponse: 233 checkSecurity(); 234 break; 235 case WaitForClientInit: 236 // Don't care about shared, just need to read it out of the socket 237 uint8_t shared; 238 if (!read(&shared)) 239 return; 240 241 // Send our idea of the frame buffer 242 sendServerInit(); 243 244 break; 245 case NormalPhase: 246 uint8_t message_type; 247 if (!read(&message_type)) 248 return; 249 250 switch (message_type) { 251 case ClientSetPixelFormat: 252 setPixelFormat(); 253 break; 254 case ClientSetEncodings: 255 setEncodings(); 256 break; 257 case ClientFrameBufferUpdate: 258 requestFbUpdate(); 259 break; 260 case ClientKeyEvent: 261 recvKeyboardInput(); 262 break; 263 case ClientPointerEvent: 264 recvPointerInput(); 265 break; 266 case ClientCutText: 267 recvCutText(); 268 break; 269 default: 270 warn("Unimplemented message type recv from client: %d\n", 271 message_type); 272 detach(); 273 break; 274 } 275 break; 276 default: 277 panic("Unknown vnc server state\n"); 278 } 279} 280 281 282// read from socket 283bool 284VncServer::read(uint8_t *buf, size_t len) 285{ 286 if (dataFd < 0) 287 panic("vnc not properly attached.\n"); 288 289 size_t ret; 290 do { 291 ret = ::read(dataFd, buf, len); 292 } while (ret == -1 && errno == EINTR); 293 294 295 if (ret != len) { 296 DPRINTF(VNC, "Read failed %d.\n", ret); 297 detach(); 298 return false; 299 } 300 301 return true; 302} 303 304bool 305VncServer::read1(uint8_t *buf, size_t len) 306{ 307 return read(buf + 1, len - 1); 308} 309 310 311template<typename T> 312bool 313VncServer::read(T* val) 314{ 315 return read((uint8_t *)val, sizeof(T)); 316} 317 318// write to socket 319bool 320VncServer::write(const uint8_t *buf, size_t len) 321{ 322 if (dataFd < 0) 323 panic("Vnc client not properly attached.\n"); 324 325 ssize_t ret = atomic_write(dataFd, buf, len); 326 327 if (ret != len) { 328 DPRINTF(VNC, "Write failed.\n"); 329 detach(); 330 return false; 331 } 332 333 return true; 334} 335 336template<typename T> 337bool 338VncServer::write(T* val) 339{ 340 return write((uint8_t *)val, sizeof(T)); 341} 342 343bool 344VncServer::write(const char* str) 345{ 346 return write((uint8_t *)str, strlen(str)); 347} 348 349// detach a vnc client 350void 351VncServer::detach() 352{ 353 if (dataFd != -1) { 354 ::close(dataFd); 355 dataFd = -1; 356 } 357 358 if (!dataEvent || !dataEvent->queued()) 359 return; 360 361 pollQueue.remove(dataEvent); 362 delete dataEvent; 363 dataEvent = NULL; 364 curState = WaitForProtocolVersion; 365 366 inform("VNC client detached\n"); 367 DPRINTF(VNC, "detach vnc client %d\n", number); 368} 369 370void 371VncServer::sendError(const char* error_msg) 372{ 373 uint32_t len = strlen(error_msg); 374 if (!write(&len)) 375 return; 376 write(error_msg); 377} 378 379void 380VncServer::checkProtocolVersion() 381{ 382 assert(curState == WaitForProtocolVersion); 383 384 size_t len M5_VAR_USED; 385 char version_string[13]; 386 387 // Null terminate the message so it's easier to work with 388 version_string[12] = 0; 389 390 if (!read((uint8_t *)version_string, sizeof(version_string) - 1)) { 391 warn("Failed to read protocol version."); 392 return; 393 } 394 395 uint32_t major, minor; 396 397 // Figure out the major/minor numbers 398 if (sscanf(version_string, "RFB %03d.%03d\n", &major, &minor) != 2) { 399 warn(" Malformed protocol version %s\n", version_string); 400 sendError("Malformed protocol version\n"); 401 detach(); 402 return; 403 } 404 405 DPRINTF(VNC, "Client request protocol version %d.%d\n", major, minor); 406 407 // If it's not 3.X we don't support it 408 if (major != 3 || minor < 2) { 409 warn("Unsupported VNC client version... disconnecting\n"); 410 uint8_t err = AuthInvalid; 411 write(&err); 412 detach(); 413 return; 414 } 415 // Auth is different based on version number 416 if (minor < 7) { 417 uint32_t sec_type = htobe((uint32_t)AuthNone); 418 if (!write(&sec_type)) 419 return; 420 } else { 421 uint8_t sec_cnt = 1; 422 uint8_t sec_type = htobe((uint8_t)AuthNone); 423 if (!write(&sec_cnt) || !write(&sec_type)) 424 return; 425 } 426 427 // Wait for client to respond 428 curState = WaitForSecurityResponse; 429} 430 431void 432VncServer::checkSecurity() 433{ 434 assert(curState == WaitForSecurityResponse); 435 436 uint8_t security_type; 437 if (!read(&security_type)) 438 return; 439 440 if (security_type != AuthNone) { 441 warn("Unknown VNC security type\n"); 442 sendError("Unknown security type\n"); 443 } 444 445 DPRINTF(VNC, "Sending security auth OK\n"); 446 447 uint32_t success = htobe(VncOK); 448 if (!write(&success)) 449 return; 450 curState = WaitForClientInit; 451} 452 453void 454VncServer::sendServerInit() 455{ 456 ServerInitMsg msg; 457 458 DPRINTF(VNC, "Sending server init message to client\n"); 459 460 msg.fbWidth = htobe(videoWidth()); 461 msg.fbHeight = htobe(videoHeight()); 462 463 msg.px.bpp = htobe(pixelFormat.bpp); 464 msg.px.depth = htobe(pixelFormat.depth); 465 msg.px.bigendian = htobe(pixelFormat.bigendian); 466 msg.px.truecolor = htobe(pixelFormat.truecolor); 467 msg.px.redmax = htobe(pixelFormat.redmax); 468 msg.px.greenmax = htobe(pixelFormat.greenmax); 469 msg.px.bluemax = htobe(pixelFormat.bluemax); 470 msg.px.redshift = htobe(pixelFormat.redshift); 471 msg.px.greenshift = htobe(pixelFormat.greenshift); 472 msg.px.blueshift = htobe(pixelFormat.blueshift); 473 memset(msg.px.padding, 0, 3); 474 msg.namelen = 2; 475 msg.namelen = htobe(msg.namelen); 476 memcpy(msg.name, "M5", 2); 477 478 if (!write(&msg)) 479 return; 480 curState = NormalPhase; 481} 482 483void 484VncServer::setPixelFormat() 485{ 486 DPRINTF(VNC, "Received pixel format from client message\n"); 487 488 PixelFormatMessage pfm; 489 if (!read1((uint8_t *)&pfm, sizeof(PixelFormatMessage))) 490 return; 491 492 DPRINTF(VNC, " -- bpp = %d; depth = %d; be = %d\n", pfm.px.bpp, 493 pfm.px.depth, pfm.px.bigendian); 494 DPRINTF(VNC, " -- true color = %d red,green,blue max = %d,%d,%d\n", 495 pfm.px.truecolor, betoh(pfm.px.redmax), betoh(pfm.px.greenmax), 496 betoh(pfm.px.bluemax)); 497 DPRINTF(VNC, " -- red,green,blue shift = %d,%d,%d\n", pfm.px.redshift, 498 pfm.px.greenshift, pfm.px.blueshift); 499 500 if (betoh(pfm.px.bpp) != pixelFormat.bpp || 501 betoh(pfm.px.depth) != pixelFormat.depth || 502 betoh(pfm.px.bigendian) != pixelFormat.bigendian || 503 betoh(pfm.px.truecolor) != pixelFormat.truecolor || 504 betoh(pfm.px.redmax) != pixelFormat.redmax || 505 betoh(pfm.px.greenmax) != pixelFormat.greenmax || 506 betoh(pfm.px.bluemax) != pixelFormat.bluemax || 507 betoh(pfm.px.redshift) != pixelFormat.redshift || 508 betoh(pfm.px.greenshift) != pixelFormat.greenshift || 509 betoh(pfm.px.blueshift) != pixelFormat.blueshift) { 510 warn("VNC client doesn't support true color raw encoding\n"); 511 detach(); 512 } 513} 514 515void 516VncServer::setEncodings() 517{ 518 DPRINTF(VNC, "Received supported encodings from client\n"); 519 520 PixelEncodingsMessage pem; 521 if (!read1((uint8_t *)&pem, sizeof(PixelEncodingsMessage))) 522 return; 523 524 pem.num_encodings = betoh(pem.num_encodings); 525 526 DPRINTF(VNC, " -- %d encoding present\n", pem.num_encodings); 527 supportsRawEnc = supportsResizeEnc = false; 528 529 for (int x = 0; x < pem.num_encodings; x++) { 530 int32_t encoding; 531 if (!read(&encoding)) 532 return; 533 DPRINTF(VNC, " -- supports %d\n", betoh(encoding)); 534 535 switch (betoh(encoding)) { 536 case EncodingRaw: 537 supportsRawEnc = true; 538 break; 539 case EncodingDesktopSize: 540 supportsResizeEnc = true; 541 break; 542 } 543 } 544 545 if (!supportsRawEnc) { 546 warn("VNC clients must always support raw encoding\n"); 547 detach(); 548 } 549} 550 551void 552VncServer::requestFbUpdate() 553{ 554 DPRINTF(VNC, "Received frame buffer update request from client\n"); 555 556 FrameBufferUpdateReq fbr; 557 if (!read1((uint8_t *)&fbr, sizeof(FrameBufferUpdateReq))) 558 return; 559 560 fbr.x = betoh(fbr.x); 561 fbr.y = betoh(fbr.y); 562 fbr.width = betoh(fbr.width); 563 fbr.height = betoh(fbr.height); 564 565 DPRINTF(VNC, " -- x = %d y = %d w = %d h = %d\n", fbr.x, fbr.y, fbr.width, 566 fbr.height); 567 568 sendFrameBufferUpdate(); 569} 570 571void 572VncServer::recvKeyboardInput() 573{ 574 DPRINTF(VNC, "Received keyboard input from client\n"); 575 KeyEventMessage kem; 576 if (!read1((uint8_t *)&kem, sizeof(KeyEventMessage))) 577 return; 578 579 kem.key = betoh(kem.key); 580 DPRINTF(VNC, " -- received key code %d (%s)\n", kem.key, kem.down_flag ? 581 "down" : "up"); 582 583 if (keyboard) 584 keyboard->keyPress(kem.key, kem.down_flag); 585} 586 587void 588VncServer::recvPointerInput() 589{ 590 DPRINTF(VNC, "Received pointer input from client\n"); 591 PointerEventMessage pem; 592 593 if (!read1((uint8_t *)&pem, sizeof(PointerEventMessage))) 594 return; 595 596 pem.x = betoh(pem.x); 597 pem.y = betoh(pem.y); 598 DPRINTF(VNC, " -- pointer at x = %d y = %d buttons = %#x\n", pem.x, pem.y, 599 pem.button_mask); 600 601 if (mouse) 602 mouse->mouseAt(pem.x, pem.y, pem.button_mask); 603} 604 605void 606VncServer::recvCutText() 607{ 608 DPRINTF(VNC, "Received client copy buffer message\n"); 609 610 ClientCutTextMessage cct; 611 if (!read1((uint8_t *)&cct, sizeof(ClientCutTextMessage))) 612 return; 613 614 char str[1025]; 615 size_t data_len = betoh(cct.length); 616 DPRINTF(VNC, "String length %d\n", data_len); 617 while (data_len > 0) { 618 size_t bytes_to_read = data_len > 1024 ? 1024 : data_len; 619 if (!read((uint8_t *)&str, bytes_to_read)) 620 return; 621 str[bytes_to_read] = 0; 622 data_len -= bytes_to_read; 623 DPRINTF(VNC, "Buffer: %s\n", str); 624 } 625 626} 627 628 629void 630VncServer::sendFrameBufferUpdate() 631{ 632 633 if (dataFd <= 0 || curState != NormalPhase || !sendUpdate) { 634 DPRINTF(VNC, "NOT sending framebuffer update\n"); 635 return; 636 } 637 638 // The client will request data constantly, unless we throttle it 639 sendUpdate = false; 640 641 DPRINTF(VNC, "Sending framebuffer update\n"); 642 643 FrameBufferUpdate fbu; 644 FrameBufferRect fbr; 645 646 fbu.type = ServerFrameBufferUpdate; 647 fbu.num_rects = 1; 648 fbr.x = 0; 649 fbr.y = 0; 650 fbr.width = videoWidth(); 651 fbr.height = videoHeight(); 652 fbr.encoding = EncodingRaw; 653 654 // fix up endian 655 fbu.num_rects = htobe(fbu.num_rects); 656 fbr.x = htobe(fbr.x); 657 fbr.y = htobe(fbr.y); 658 fbr.width = htobe(fbr.width); 659 fbr.height = htobe(fbr.height); 660 fbr.encoding = htobe(fbr.encoding); 661 662 // send headers to client 663 if (!write(&fbu) || !write(&fbr)) 664 return; 665 666 assert(fb); 667 668 std::vector<uint8_t> line_buffer(pixelConverter.length * fb->width()); 669 for (int y = 0; y < fb->height(); ++y) { 670 // Convert and send a line at a time 671 uint8_t *raw_pixel(line_buffer.data()); 672 for (unsigned x = 0; x < fb->width(); ++x) { 673 pixelConverter.fromPixel(raw_pixel, fb->pixel(x, y)); 674 raw_pixel += pixelConverter.length; 675 } 676 677 if (!write(line_buffer.data(), line_buffer.size())) 678 return; 679 } 680} 681 682void 683VncServer::sendFrameBufferResized() 684{ 685 assert(fb && dataFd > 0 && curState == NormalPhase); 686 DPRINTF(VNC, "Sending framebuffer resize\n"); 687 688 FrameBufferUpdate fbu; 689 FrameBufferRect fbr; 690 691 fbu.type = ServerFrameBufferUpdate; 692 fbu.num_rects = 1; 693 fbr.x = 0; 694 fbr.y = 0; 695 fbr.width = videoWidth(); 696 fbr.height = videoHeight(); 697 fbr.encoding = EncodingDesktopSize; 698 699 // fix up endian 700 fbu.num_rects = htobe(fbu.num_rects); 701 fbr.x = htobe(fbr.x); 702 fbr.y = htobe(fbr.y); 703 fbr.width = htobe(fbr.width); 704 fbr.height = htobe(fbr.height); 705 fbr.encoding = htobe(fbr.encoding); 706 707 // send headers to client 708 if (!write(&fbu)) 709 return; 710 write(&fbr); 711 712 // No actual data is sent in this message 713} 714 715void 716VncServer::setDirty() 717{ 718 VncInput::setDirty(); 719 720 sendUpdate = true; 721 sendFrameBufferUpdate(); 722} 723 724void 725VncServer::frameBufferResized() 726{ 727 if (dataFd > 0 && curState == NormalPhase) { 728 if (supportsResizeEnc) 729 sendFrameBufferResized(); 730 else 731 // The frame buffer changed size and we can't update the client 732 detach(); 733 } 734} 735 736// create the VNC server object 737VncServer * 738VncServerParams::create() 739{ 740 return new VncServer(this); 741} 742 743