LibVNCClient: Remove all those WITH_CLIENT_TLS #ifdefs and move GnuTLS specific functionality into tls_gnutls.c.

12 years ago · 77286f0831
parent 7bf369a04b
commit 77286f0831
5 changed files with 16 additions and 72 deletions
--- a/libvncclient/rfbproto.c
+++ b/libvncclient/rfbproto.c
@ -1040,9 +1040,7 @@ InitialiseRFBConnection(rfbClient* client)
  rfbProtocolVersionMsg pv;
  int major,minor;
  uint32_t authScheme;
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  uint32_t subAuthScheme;
-#endif
  rfbClientInitMsg ci;

  /* if the connection is immediately closed, don't report anything, so
@ -1146,10 +1144,6 @@ InitialiseRFBConnection(rfbClient* client)
    break;

  case rfbTLS:
-#ifndef LIBVNCSERVER_WITH_CLIENT_TLS
-    rfbClientLog("TLS support was not compiled in\n");
-    return FALSE;
-#else
    if (!HandleAnonTLSAuth(client)) return FALSE;
    /* After the TLS session is established, sub auth types are expected.
     * Note that all following reading/writing are through the TLS session from here.
@ -1179,15 +1173,10 @@ InitialiseRFBConnection(rfbClient* client)
            (int)subAuthScheme);
        return FALSE;
    }
-#endif

    break;

  case rfbVeNCrypt:
-#ifndef LIBVNCSERVER_WITH_CLIENT_TLS
-    rfbClientLog("TLS support was not compiled in\n");
-    return FALSE;
-#else
    if (!HandleVeNCryptAuth(client)) return FALSE;

    switch (client->subAuthScheme) {
@ -1213,7 +1202,7 @@ InitialiseRFBConnection(rfbClient* client)
            client->subAuthScheme);
        return FALSE;
    }
-#endif
+
    break;

  default:
--- a/libvncclient/sockets.c
+++ b/libvncclient/sockets.c
@ -136,15 +136,11 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)

    while (client->buffered < n) {
      int i;
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
      if (client->tlsSession) {
        i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
      } else {
-#endif
        i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
      }
-#endif
      if (i <= 0) {
 	if (i < 0) {
 #ifdef WIN32
@ -178,15 +174,12 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)

    while (n > 0) {
      int i;
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
      if (client->tlsSession) {
        i = ReadFromTLS(client, out, n);
      } else {
-#endif
        i = read(client->sock, out, n);
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
      }
-#endif
+
      if (i <= 0) {
 	if (i < 0) {
 #ifdef WIN32
@ -241,7 +234,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n)
  if (client->serverPort==-1)
    return TRUE; /* vncrec playing */

-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  if (client->tlsSession) {
    /* WriteToTLS() will guarantee either everything is written, or error/eof returns */
    i = WriteToTLS(client, buf, n);
@ -249,7 +241,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n)

    return TRUE;
  }
-#endif

  while (i < n) {
    j = write(client->sock, buf + i, (n - i));
--- a/libvncclient/tls_gnutls.c
+++ b/libvncclient/tls_gnutls.c
@ -17,6 +17,7 @@
 *  USA.
 */

+#include <gnutls/gnutls.h>
 #include <rfb/rfbclient.h>
 #include <errno.h>
 #ifdef WIN32
@ -29,7 +30,6 @@
 #endif
 #include "tls.h"

-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS

 static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
 static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
@ -135,21 +135,21 @@ InitializeTLSSession(rfbClient* client, rfbBool anonTLS)

  if (client->tlsSession) return TRUE;

-  if ((ret = gnutls_init(&client->tlsSession, GNUTLS_CLIENT)) < 0)
+  if ((ret = gnutls_init((gnutls_session_t*)&client->tlsSession, GNUTLS_CLIENT)) < 0)
  {
    rfbClientLog("Failed to initialized TLS session: %s.\n", gnutls_strerror(ret));
    return FALSE;
  }

-  if ((ret = gnutls_priority_set_direct(client->tlsSession,
+  if ((ret = gnutls_priority_set_direct((gnutls_session_t)client->tlsSession,
    anonTLS ? rfbAnonTLSPriority : rfbTLSPriority, &p)) < 0)
  {
    rfbClientLog("Warning: Failed to set TLS priority: %s (%s).\n", gnutls_strerror(ret), p);
  }

-  gnutls_transport_set_ptr(client->tlsSession, (gnutls_transport_ptr_t)client);
-  gnutls_transport_set_push_function(client->tlsSession, PushTLS);
-  gnutls_transport_set_pull_function(client->tlsSession, PullTLS);
+  gnutls_transport_set_ptr((gnutls_session_t)client->tlsSession, (gnutls_transport_ptr_t)client);
+  gnutls_transport_set_push_function((gnutls_session_t)client->tlsSession, PushTLS);
+  gnutls_transport_set_pull_function((gnutls_session_t)client->tlsSession, PullTLS);

  rfbClientLog("TLS session initialized.\n");

@ -163,7 +163,7 @@ SetTLSAnonCredential(rfbClient* client)
  int ret;

  if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 ||
-      (ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0)
+      (ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0)
  {
    FreeTLS(client);
    rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret));
@ -179,7 +179,7 @@ HandshakeTLS(rfbClient* client)
  int timeout = 15;
  int ret;

-  while (timeout > 0 && (ret = gnutls_handshake(client->tlsSession)) < 0)
+  while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0)
  {
    if (!gnutls_error_is_fatal(ret))
    {
@ -335,13 +335,10 @@ CreateX509CertCredential(rfbCredential *cred)
  return x509_cred;
 }

-#endif

 rfbBool
 HandleAnonTLSAuth(rfbClient* client)
 {
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
-
  if (!InitializeTLS() || !InitializeTLSSession(client, TRUE)) return FALSE;

  if (!SetTLSAnonCredential(client)) return FALSE;
@ -349,17 +346,11 @@ HandleAnonTLSAuth(rfbClient* client)
  if (!HandshakeTLS(client)) return FALSE;

  return TRUE;
-
-#else
-  rfbClientLog("TLS is not supported.\n");
-  return FALSE;
-#endif
 }

 rfbBool
 HandleVeNCryptAuth(rfbClient* client)
 {
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  uint8_t major, minor, status;
  uint32_t authScheme;
  rfbBool anonTLS;
@ -447,7 +438,7 @@ HandleVeNCryptAuth(rfbClient* client)
  }
  else
  {
-    if ((ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0)
+    if ((ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0)
    {
      rfbClientLog("Cannot set x509 credential: %s.\n", gnutls_strerror(ret));
      FreeTLS(client);
@ -463,20 +454,14 @@ HandleVeNCryptAuth(rfbClient* client)
   * to do actual sub authentication.
   */
  return TRUE;
-
-#else
-  rfbClientLog("TLS is not supported.\n");
-  return FALSE;
-#endif
 }

 int
 ReadFromTLS(rfbClient* client, char *out, unsigned int n)
 {
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  ssize_t ret;

-  ret = gnutls_record_recv(client->tlsSession, out, n);
+  ret = gnutls_record_recv((gnutls_session_t)client->tlsSession, out, n);
  if (ret >= 0) return ret;
  if (ret == GNUTLS_E_REHANDSHAKE || ret == GNUTLS_E_AGAIN)
  {
@ -487,23 +472,17 @@ ReadFromTLS(rfbClient* client, char *out, unsigned int n)
    errno = EINTR;
  }
  return -1;
-#else
-  rfbClientLog("TLS is not supported.\n");
-  errno = EINTR;
-  return -1;
-#endif
 }

 int
 WriteToTLS(rfbClient* client, char *buf, unsigned int n)
 {
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  unsigned int offset = 0;
  ssize_t ret;

  while (offset < n)
  {
-    ret = gnutls_record_send(client->tlsSession, buf+offset, (size_t)(n-offset));
+    ret = gnutls_record_send((gnutls_session_t)client->tlsSession, buf+offset, (size_t)(n-offset));
    if (ret == 0) continue;
    if (ret < 0)
    {
@ -514,20 +493,13 @@ WriteToTLS(rfbClient* client, char *buf, unsigned int n)
    offset += (unsigned int)ret;
  }
  return offset;
-#else
-  rfbClientLog("TLS is not supported.\n");
-  errno = EINTR;
-  return -1;
-#endif
 }

 void FreeTLS(rfbClient* client)
 {
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  if (client->tlsSession)
  {
-    gnutls_deinit(client->tlsSession);
+    gnutls_deinit((gnutls_session_t)client->tlsSession);
    client->tlsSession = NULL;
  }
-#endif
 }
--- a/libvncclient/vncviewer.c
+++ b/libvncclient/vncviewer.c
@ -191,9 +191,7 @@ rfbClient* rfbGetClient(int bitsPerSample,int samplesPerPixel,
  client->authScheme = 0;
  client->subAuthScheme = 0;
  client->GetCredential = NULL;
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  client->tlsSession = NULL;
-#endif
  client->sock = -1;
  client->listenSock = -1;
  client->listenAddress = NULL;
@ -365,9 +363,8 @@ void rfbClientCleanup(rfbClient* client) {
 #endif
 #endif

-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
  FreeTLS(client);
-#endif
+
  if (client->sock >= 0)
    close(client->sock);
  if (client->listenSock >= 0)
--- a/rfb/rfbclient.h
+++ b/rfb/rfbclient.h
@ -38,9 +38,6 @@
 #include <unistd.h>
 #include <rfb/rfbproto.h>
 #include <rfb/keysym.h>
-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
-#include <gnutls/gnutls.h>
-#endif

 #define rfbClientSwap16IfLE(s) \
    (*(char *)&client->endianTest ? ((((s) & 0xff) << 8) | (((s) >> 8) & 0xff)) : (s))
@ -314,10 +311,8 @@ typedef struct _rfbClient {
 	/** The selected security types */
 	uint32_t authScheme, subAuthScheme;

-#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
 	/** The TLS session for Anonymous TLS and VeNCrypt */
-	gnutls_session_t tlsSession;
-#endif
+	void* tlsSession;

 	/** To support security types that requires user input (except VNC password
 	 * authentication), for example VeNCrypt and MSLogon, this callback function