diff options
author | José Pekkarinen <jose.pekkarinen@nokia.com> | 2016-05-18 13:18:31 +0300 |
---|---|---|
committer | José Pekkarinen <jose.pekkarinen@nokia.com> | 2016-05-18 13:42:15 +0300 |
commit | 437fd90c0250dee670290f9b714253671a990160 (patch) | |
tree | b871786c360704244a07411c69fb58da9ead4a06 /qemu/ui/vnc-ws.c | |
parent | 5bbd6fe9b8bab2a93e548c5a53b032d1939eec05 (diff) |
These changes are the raw update to qemu-2.6.
Collission happened in the following patches:
migration: do cleanup operation after completion(738df5b9)
Bug fix.(1750c932f86)
kvmclock: add a new function to update env->tsc.(b52baab2)
The code provided by the patches was already in the upstreamed
version.
Change-Id: I3cc11841a6a76ae20887b2e245710199e1ea7f9a
Signed-off-by: José Pekkarinen <jose.pekkarinen@nokia.com>
Diffstat (limited to 'qemu/ui/vnc-ws.c')
-rw-r--r-- | qemu/ui/vnc-ws.c | 390 |
1 files changed, 67 insertions, 323 deletions
diff --git a/qemu/ui/vnc-ws.c b/qemu/ui/vnc-ws.c index b4cb6bde7..7c79a4c37 100644 --- a/qemu/ui/vnc-ws.c +++ b/qemu/ui/vnc-ws.c @@ -18,364 +18,108 @@ * along with this software; if not, see <http://www.gnu.org/licenses/>. */ +#include "qemu/osdep.h" +#include "qapi/error.h" #include "vnc.h" -#include "qemu/main-loop.h" -#include "crypto/hash.h" +#include "io/channel-websock.h" -#ifdef CONFIG_VNC_TLS -#include "qemu/sockets.h" - -static int vncws_start_tls_handshake(VncState *vs) +static void vncws_tls_handshake_done(Object *source, + Error *err, + gpointer user_data) { - int ret = gnutls_handshake(vs->tls.session); + VncState *vs = user_data; - if (ret < 0) { - if (!gnutls_error_is_fatal(ret)) { - VNC_DEBUG("Handshake interrupted (blocking)\n"); - if (!gnutls_record_get_direction(vs->tls.session)) { - qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io, - NULL, vs); - } else { - qemu_set_fd_handler(vs->csock, NULL, vncws_tls_handshake_io, - vs); - } - return 0; - } - VNC_DEBUG("Handshake failed %s\n", gnutls_strerror(ret)); + if (err) { + VNC_DEBUG("Handshake failed %s\n", error_get_pretty(err)); vnc_client_error(vs); - return -1; - } - - if (vs->vd->tls.x509verify) { - if (vnc_tls_validate_certificate(vs) < 0) { - VNC_DEBUG("Client verification failed\n"); - vnc_client_error(vs); - return -1; - } else { - VNC_DEBUG("Client verification passed\n"); - } + } else { + VNC_DEBUG("TLS handshake complete, starting websocket handshake\n"); + vs->ioc_tag = qio_channel_add_watch( + QIO_CHANNEL(vs->ioc), G_IO_IN, vncws_handshake_io, vs, NULL); } - - VNC_DEBUG("Handshake done, switching to TLS data mode\n"); - qemu_set_fd_handler(vs->csock, vncws_handshake_read, NULL, vs); - - return 0; } -void vncws_tls_handshake_io(void *opaque) -{ - VncState *vs = (VncState *)opaque; - if (!vs->tls.session) { - VNC_DEBUG("TLS Websocket setup\n"); - if (vnc_tls_client_setup(vs, vs->vd->tls.x509cert != NULL) < 0) { - return; - } - } - VNC_DEBUG("Handshake IO continue\n"); - vncws_start_tls_handshake(vs); -} -#endif /* CONFIG_VNC_TLS */ - -void vncws_handshake_read(void *opaque) +gboolean vncws_tls_handshake_io(QIOChannel *ioc G_GNUC_UNUSED, + GIOCondition condition G_GNUC_UNUSED, + void *opaque) { VncState *vs = opaque; - uint8_t *handshake_end; - long ret; - /* Typical HTTP headers from novnc are 512 bytes, so limiting - * total header size to 4096 is easily enough. */ - size_t want = 4096 - vs->ws_input.offset; - buffer_reserve(&vs->ws_input, want); - ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), want); + QIOChannelTLS *tls; + Error *err = NULL; - if (!ret) { - if (vs->csock == -1) { - vnc_disconnect_finish(vs); - } - return; + VNC_DEBUG("TLS Websocket connection required\n"); + if (vs->ioc_tag) { + g_source_remove(vs->ioc_tag); + vs->ioc_tag = 0; } - vs->ws_input.offset += ret; - handshake_end = (uint8_t *)g_strstr_len((char *)vs->ws_input.buffer, - vs->ws_input.offset, WS_HANDSHAKE_END); - if (handshake_end) { - qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); - vncws_process_handshake(vs, vs->ws_input.buffer, vs->ws_input.offset); - buffer_advance(&vs->ws_input, handshake_end - vs->ws_input.buffer + - strlen(WS_HANDSHAKE_END)); - } else if (vs->ws_input.offset >= 4096) { - VNC_DEBUG("End of headers not found in first 4096 bytes\n"); + tls = qio_channel_tls_new_server( + vs->ioc, + vs->vd->tlscreds, + vs->vd->tlsaclname, + &err); + if (!tls) { + VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err)); + error_free(err); vnc_client_error(vs); + return TRUE; } -} - - -long vnc_client_read_ws(VncState *vs) -{ - int ret, err; - uint8_t *payload; - size_t payload_size, header_size; - VNC_DEBUG("Read websocket %p size %zd offset %zd\n", vs->ws_input.buffer, - vs->ws_input.capacity, vs->ws_input.offset); - buffer_reserve(&vs->ws_input, 4096); - ret = vnc_client_read_buf(vs, buffer_end(&vs->ws_input), 4096); - if (!ret) { - return 0; - } - vs->ws_input.offset += ret; - ret = 0; - /* consume as much of ws_input buffer as possible */ - do { - if (vs->ws_payload_remain == 0) { - err = vncws_decode_frame_header(&vs->ws_input, - &header_size, - &vs->ws_payload_remain, - &vs->ws_payload_mask); - if (err <= 0) { - return err; - } + VNC_DEBUG("Start TLS WS handshake process\n"); + object_unref(OBJECT(vs->ioc)); + vs->ioc = QIO_CHANNEL(tls); + vs->tls = qio_channel_tls_get_session(tls); - buffer_advance(&vs->ws_input, header_size); - } - if (vs->ws_payload_remain != 0) { - err = vncws_decode_frame_payload(&vs->ws_input, - &vs->ws_payload_remain, - &vs->ws_payload_mask, - &payload, - &payload_size); - if (err < 0) { - return err; - } - if (err == 0) { - return ret; - } - ret += err; + qio_channel_tls_handshake(tls, + vncws_tls_handshake_done, + vs, + NULL); - buffer_reserve(&vs->input, payload_size); - buffer_append(&vs->input, payload, payload_size); - - buffer_advance(&vs->ws_input, payload_size); - } - } while (vs->ws_input.offset > 0); - - return ret; + return TRUE; } -long vnc_client_write_ws(VncState *vs) -{ - long ret; - VNC_DEBUG("Write WS: Pending output %p size %zd offset %zd\n", - vs->output.buffer, vs->output.capacity, vs->output.offset); - vncws_encode_frame(&vs->ws_output, vs->output.buffer, vs->output.offset); - buffer_reset(&vs->output); - ret = vnc_client_write_buf(vs, vs->ws_output.buffer, vs->ws_output.offset); - if (!ret) { - return 0; - } - - buffer_advance(&vs->ws_output, ret); - - if (vs->ws_output.offset == 0) { - qemu_set_fd_handler(vs->csock, vnc_client_read, NULL, vs); - } - - return ret; -} -static char *vncws_extract_handshake_entry(const char *handshake, - size_t handshake_len, const char *name) +static void vncws_handshake_done(Object *source, + Error *err, + gpointer user_data) { - char *begin, *end, *ret = NULL; - char *line = g_strdup_printf("%s%s: ", WS_HANDSHAKE_DELIM, name); - begin = g_strstr_len(handshake, handshake_len, line); - if (begin != NULL) { - begin += strlen(line); - end = g_strstr_len(begin, handshake_len - (begin - handshake), - WS_HANDSHAKE_DELIM); - if (end != NULL) { - ret = g_strndup(begin, end - begin); - } - } - g_free(line); - return ret; -} - -static void vncws_send_handshake_response(VncState *vs, const char* key) -{ - char combined_key[WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1]; - char *accept = NULL, *response = NULL; - Error *err = NULL; - - g_strlcpy(combined_key, key, WS_CLIENT_KEY_LEN + 1); - g_strlcat(combined_key, WS_GUID, WS_CLIENT_KEY_LEN + WS_GUID_LEN + 1); + VncState *vs = user_data; - /* hash and encode it */ - if (qcrypto_hash_base64(QCRYPTO_HASH_ALG_SHA1, - combined_key, - WS_CLIENT_KEY_LEN + WS_GUID_LEN, - &accept, - &err) < 0) { - VNC_DEBUG("Hashing Websocket combined key failed %s\n", - error_get_pretty(err)); - error_free(err); + if (err) { + VNC_DEBUG("Websock handshake failed %s\n", error_get_pretty(err)); vnc_client_error(vs); - return; - } - - response = g_strdup_printf(WS_HANDSHAKE, accept); - vnc_client_write_buf(vs, (const uint8_t *)response, strlen(response)); - - g_free(accept); - g_free(response); - - vs->encode_ws = 1; - vnc_init_state(vs); -} - -void vncws_process_handshake(VncState *vs, uint8_t *line, size_t size) -{ - char *protocols = vncws_extract_handshake_entry((const char *)line, size, - "Sec-WebSocket-Protocol"); - char *version = vncws_extract_handshake_entry((const char *)line, size, - "Sec-WebSocket-Version"); - char *key = vncws_extract_handshake_entry((const char *)line, size, - "Sec-WebSocket-Key"); - - if (protocols && version && key - && g_strrstr(protocols, "binary") - && !strcmp(version, WS_SUPPORTED_VERSION) - && strlen(key) == WS_CLIENT_KEY_LEN) { - vncws_send_handshake_response(vs, key); } else { - VNC_DEBUG("Defective Websockets header or unsupported protocol\n"); - vnc_client_error(vs); + VNC_DEBUG("Websock handshake complete, starting VNC protocol\n"); + vnc_init_state(vs); + vs->ioc_tag = qio_channel_add_watch( + vs->ioc, G_IO_IN, vnc_client_io, vs, NULL); } - - g_free(protocols); - g_free(version); - g_free(key); } -void vncws_encode_frame(Buffer *output, const void *payload, - const size_t payload_size) -{ - size_t header_size = 0; - unsigned char opcode = WS_OPCODE_BINARY_FRAME; - union { - char buf[WS_HEAD_MAX_LEN]; - WsHeader ws; - } header; - - if (!payload_size) { - return; - } - - header.ws.b0 = 0x80 | (opcode & 0x0f); - if (payload_size <= 125) { - header.ws.b1 = (uint8_t)payload_size; - header_size = 2; - } else if (payload_size < 65536) { - header.ws.b1 = 0x7e; - header.ws.u.s16.l16 = cpu_to_be16((uint16_t)payload_size); - header_size = 4; - } else { - header.ws.b1 = 0x7f; - header.ws.u.s64.l64 = cpu_to_be64(payload_size); - header_size = 10; - } - - buffer_reserve(output, header_size + payload_size); - buffer_append(output, header.buf, header_size); - buffer_append(output, payload, payload_size); -} -int vncws_decode_frame_header(Buffer *input, - size_t *header_size, - size_t *payload_remain, - WsMask *payload_mask) +gboolean vncws_handshake_io(QIOChannel *ioc G_GNUC_UNUSED, + GIOCondition condition G_GNUC_UNUSED, + void *opaque) { - unsigned char opcode = 0, fin = 0, has_mask = 0; - size_t payload_len; - WsHeader *header = (WsHeader *)input->buffer; - - if (input->offset < WS_HEAD_MIN_LEN + 4) { - /* header not complete */ - return 0; - } - - fin = (header->b0 & 0x80) >> 7; - opcode = header->b0 & 0x0f; - has_mask = (header->b1 & 0x80) >> 7; - payload_len = header->b1 & 0x7f; - - if (opcode == WS_OPCODE_CLOSE) { - /* disconnect */ - return -1; - } + VncState *vs = opaque; + QIOChannelWebsock *wioc; - /* Websocket frame sanity check: - * * Websocket fragmentation is not supported. - * * All websockets frames sent by a client have to be masked. - * * Only binary encoding is supported. - */ - if (!fin || !has_mask || opcode != WS_OPCODE_BINARY_FRAME) { - VNC_DEBUG("Received faulty/unsupported Websocket frame\n"); - return -2; + VNC_DEBUG("Websocket negotiate starting\n"); + if (vs->ioc_tag) { + g_source_remove(vs->ioc_tag); + vs->ioc_tag = 0; } - if (payload_len < 126) { - *payload_remain = payload_len; - *header_size = 6; - *payload_mask = header->u.m; - } else if (payload_len == 126 && input->offset >= 8) { - *payload_remain = be16_to_cpu(header->u.s16.l16); - *header_size = 8; - *payload_mask = header->u.s16.m16; - } else if (payload_len == 127 && input->offset >= 14) { - *payload_remain = be64_to_cpu(header->u.s64.l64); - *header_size = 14; - *payload_mask = header->u.s64.m64; - } else { - /* header not complete */ - return 0; - } + wioc = qio_channel_websock_new_server(vs->ioc); - return 1; -} + object_unref(OBJECT(vs->ioc)); + vs->ioc = QIO_CHANNEL(wioc); -int vncws_decode_frame_payload(Buffer *input, - size_t *payload_remain, WsMask *payload_mask, - uint8_t **payload, size_t *payload_size) -{ - size_t i; - uint32_t *payload32; - - *payload = input->buffer; - /* If we aren't at the end of the payload, then drop - * off the last bytes, so we're always multiple of 4 - * for purpose of unmasking, except at end of payload - */ - if (input->offset < *payload_remain) { - *payload_size = input->offset - (input->offset % 4); - } else { - *payload_size = *payload_remain; - } - if (*payload_size == 0) { - return 0; - } - *payload_remain -= *payload_size; - - /* unmask frame */ - /* process 1 frame (32 bit op) */ - payload32 = (uint32_t *)(*payload); - for (i = 0; i < *payload_size / 4; i++) { - payload32[i] ^= payload_mask->u; - } - /* process the remaining bytes (if any) */ - for (i *= 4; i < *payload_size; i++) { - (*payload)[i] ^= payload_mask->c[i % 4]; - } + qio_channel_websock_handshake(wioc, + vncws_handshake_done, + vs, + NULL); - return 1; + return TRUE; } |