From 77286f0831bbff0a3828f1987aa279ae9178619c Mon Sep 17 00:00:00 2001 From: Christian Beier Date: Sun, 15 Apr 2012 16:50:40 +0200 Subject: [PATCH] LibVNCClient: Remove all those WITH_CLIENT_TLS #ifdefs and move GnuTLS specific functionality into tls_gnutls.c. --- libvncclient/rfbproto.c | 13 +--------- libvncclient/sockets.c | 11 +-------- libvncclient/tls_gnutls.c | 52 +++++++++------------------------------ libvncclient/vncviewer.c | 5 +--- rfb/rfbclient.h | 7 +----- 5 files changed, 16 insertions(+), 72 deletions(-) diff --git a/libvncclient/rfbproto.c b/libvncclient/rfbproto.c index a7faab1..3dfd0c5 100644 --- a/libvncclient/rfbproto.c +++ b/libvncclient/rfbproto.c @@ -1040,9 +1040,7 @@ InitialiseRFBConnection(rfbClient* client) rfbProtocolVersionMsg pv; int major,minor; uint32_t authScheme; -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS uint32_t subAuthScheme; -#endif rfbClientInitMsg ci; /* if the connection is immediately closed, don't report anything, so @@ -1146,10 +1144,6 @@ InitialiseRFBConnection(rfbClient* client) break; case rfbTLS: -#ifndef LIBVNCSERVER_WITH_CLIENT_TLS - rfbClientLog("TLS support was not compiled in\n"); - return FALSE; -#else if (!HandleAnonTLSAuth(client)) return FALSE; /* After the TLS session is established, sub auth types are expected. * Note that all following reading/writing are through the TLS session from here. @@ -1179,15 +1173,10 @@ InitialiseRFBConnection(rfbClient* client) (int)subAuthScheme); return FALSE; } -#endif break; case rfbVeNCrypt: -#ifndef LIBVNCSERVER_WITH_CLIENT_TLS - rfbClientLog("TLS support was not compiled in\n"); - return FALSE; -#else if (!HandleVeNCryptAuth(client)) return FALSE; switch (client->subAuthScheme) { @@ -1213,7 +1202,7 @@ InitialiseRFBConnection(rfbClient* client) client->subAuthScheme); return FALSE; } -#endif + break; default: diff --git a/libvncclient/sockets.c b/libvncclient/sockets.c index 1a8df56..76441f9 100644 --- a/libvncclient/sockets.c +++ b/libvncclient/sockets.c @@ -136,15 +136,11 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n) while (client->buffered < n) { int i; -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS if (client->tlsSession) { i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered); } else { -#endif i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered); -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS } -#endif if (i <= 0) { if (i < 0) { #ifdef WIN32 @@ -178,15 +174,12 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n) while (n > 0) { int i; -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS if (client->tlsSession) { i = ReadFromTLS(client, out, n); } else { -#endif i = read(client->sock, out, n); -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS } -#endif + if (i <= 0) { if (i < 0) { #ifdef WIN32 @@ -241,7 +234,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n) if (client->serverPort==-1) return TRUE; /* vncrec playing */ -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS if (client->tlsSession) { /* WriteToTLS() will guarantee either everything is written, or error/eof returns */ i = WriteToTLS(client, buf, n); @@ -249,7 +241,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n) return TRUE; } -#endif while (i < n) { j = write(client->sock, buf + i, (n - i)); diff --git a/libvncclient/tls_gnutls.c b/libvncclient/tls_gnutls.c index 5d29362..3daa416 100644 --- a/libvncclient/tls_gnutls.c +++ b/libvncclient/tls_gnutls.c @@ -17,6 +17,7 @@ * USA. */ +#include #include #include #ifdef WIN32 @@ -29,7 +30,6 @@ #endif #include "tls.h" -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; @@ -135,21 +135,21 @@ InitializeTLSSession(rfbClient* client, rfbBool anonTLS) if (client->tlsSession) return TRUE; - if ((ret = gnutls_init(&client->tlsSession, GNUTLS_CLIENT)) < 0) + if ((ret = gnutls_init((gnutls_session_t*)&client->tlsSession, GNUTLS_CLIENT)) < 0) { rfbClientLog("Failed to initialized TLS session: %s.\n", gnutls_strerror(ret)); return FALSE; } - if ((ret = gnutls_priority_set_direct(client->tlsSession, + if ((ret = gnutls_priority_set_direct((gnutls_session_t)client->tlsSession, anonTLS ? rfbAnonTLSPriority : rfbTLSPriority, &p)) < 0) { rfbClientLog("Warning: Failed to set TLS priority: %s (%s).\n", gnutls_strerror(ret), p); } - gnutls_transport_set_ptr(client->tlsSession, (gnutls_transport_ptr_t)client); - gnutls_transport_set_push_function(client->tlsSession, PushTLS); - gnutls_transport_set_pull_function(client->tlsSession, PullTLS); + gnutls_transport_set_ptr((gnutls_session_t)client->tlsSession, (gnutls_transport_ptr_t)client); + gnutls_transport_set_push_function((gnutls_session_t)client->tlsSession, PushTLS); + gnutls_transport_set_pull_function((gnutls_session_t)client->tlsSession, PullTLS); rfbClientLog("TLS session initialized.\n"); @@ -163,7 +163,7 @@ SetTLSAnonCredential(rfbClient* client) int ret; if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 || - (ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0) + (ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0) { FreeTLS(client); rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret)); @@ -179,7 +179,7 @@ HandshakeTLS(rfbClient* client) int timeout = 15; int ret; - while (timeout > 0 && (ret = gnutls_handshake(client->tlsSession)) < 0) + while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0) { if (!gnutls_error_is_fatal(ret)) { @@ -335,13 +335,10 @@ CreateX509CertCredential(rfbCredential *cred) return x509_cred; } -#endif rfbBool HandleAnonTLSAuth(rfbClient* client) { -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS - if (!InitializeTLS() || !InitializeTLSSession(client, TRUE)) return FALSE; if (!SetTLSAnonCredential(client)) return FALSE; @@ -349,17 +346,11 @@ HandleAnonTLSAuth(rfbClient* client) if (!HandshakeTLS(client)) return FALSE; return TRUE; - -#else - rfbClientLog("TLS is not supported.\n"); - return FALSE; -#endif } rfbBool HandleVeNCryptAuth(rfbClient* client) { -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS uint8_t major, minor, status; uint32_t authScheme; rfbBool anonTLS; @@ -447,7 +438,7 @@ HandleVeNCryptAuth(rfbClient* client) } else { - if ((ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0) + if ((ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0) { rfbClientLog("Cannot set x509 credential: %s.\n", gnutls_strerror(ret)); FreeTLS(client); @@ -463,20 +454,14 @@ HandleVeNCryptAuth(rfbClient* client) * to do actual sub authentication. */ return TRUE; - -#else - rfbClientLog("TLS is not supported.\n"); - return FALSE; -#endif } int ReadFromTLS(rfbClient* client, char *out, unsigned int n) { -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS ssize_t ret; - ret = gnutls_record_recv(client->tlsSession, out, n); + ret = gnutls_record_recv((gnutls_session_t)client->tlsSession, out, n); if (ret >= 0) return ret; if (ret == GNUTLS_E_REHANDSHAKE || ret == GNUTLS_E_AGAIN) { @@ -487,23 +472,17 @@ ReadFromTLS(rfbClient* client, char *out, unsigned int n) errno = EINTR; } return -1; -#else - rfbClientLog("TLS is not supported.\n"); - errno = EINTR; - return -1; -#endif } int WriteToTLS(rfbClient* client, char *buf, unsigned int n) { -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS unsigned int offset = 0; ssize_t ret; while (offset < n) { - ret = gnutls_record_send(client->tlsSession, buf+offset, (size_t)(n-offset)); + ret = gnutls_record_send((gnutls_session_t)client->tlsSession, buf+offset, (size_t)(n-offset)); if (ret == 0) continue; if (ret < 0) { @@ -514,20 +493,13 @@ WriteToTLS(rfbClient* client, char *buf, unsigned int n) offset += (unsigned int)ret; } return offset; -#else - rfbClientLog("TLS is not supported.\n"); - errno = EINTR; - return -1; -#endif } void FreeTLS(rfbClient* client) { -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS if (client->tlsSession) { - gnutls_deinit(client->tlsSession); + gnutls_deinit((gnutls_session_t)client->tlsSession); client->tlsSession = NULL; } -#endif } diff --git a/libvncclient/vncviewer.c b/libvncclient/vncviewer.c index 6a4f006..4153c97 100644 --- a/libvncclient/vncviewer.c +++ b/libvncclient/vncviewer.c @@ -191,9 +191,7 @@ rfbClient* rfbGetClient(int bitsPerSample,int samplesPerPixel, client->authScheme = 0; client->subAuthScheme = 0; client->GetCredential = NULL; -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS client->tlsSession = NULL; -#endif client->sock = -1; client->listenSock = -1; client->listenAddress = NULL; @@ -365,9 +363,8 @@ void rfbClientCleanup(rfbClient* client) { #endif #endif -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS FreeTLS(client); -#endif + if (client->sock >= 0) close(client->sock); if (client->listenSock >= 0) diff --git a/rfb/rfbclient.h b/rfb/rfbclient.h index 36c109e..0ecc5e4 100644 --- a/rfb/rfbclient.h +++ b/rfb/rfbclient.h @@ -38,9 +38,6 @@ #include #include #include -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS -#include -#endif #define rfbClientSwap16IfLE(s) \ (*(char *)&client->endianTest ? ((((s) & 0xff) << 8) | (((s) >> 8) & 0xff)) : (s)) @@ -314,10 +311,8 @@ typedef struct _rfbClient { /** The selected security types */ uint32_t authScheme, subAuthScheme; -#ifdef LIBVNCSERVER_WITH_CLIENT_TLS /** The TLS session for Anonymous TLS and VeNCrypt */ - gnutls_session_t tlsSession; -#endif + void* tlsSession; /** To support security types that requires user input (except VNC password * authentication), for example VeNCrypt and MSLogon, this callback function