Commit 77286f08 authored by Christian Beier's avatar Christian Beier

LibVNCClient: Remove all those WITH_CLIENT_TLS #ifdefs and move GnuTLS...

LibVNCClient: Remove all those WITH_CLIENT_TLS #ifdefs and move GnuTLS specific functionality into tls_gnutls.c.
parent 7bf369a0
...@@ -1040,9 +1040,7 @@ InitialiseRFBConnection(rfbClient* client) ...@@ -1040,9 +1040,7 @@ InitialiseRFBConnection(rfbClient* client)
rfbProtocolVersionMsg pv; rfbProtocolVersionMsg pv;
int major,minor; int major,minor;
uint32_t authScheme; uint32_t authScheme;
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
uint32_t subAuthScheme; uint32_t subAuthScheme;
#endif
rfbClientInitMsg ci; rfbClientInitMsg ci;
/* if the connection is immediately closed, don't report anything, so /* if the connection is immediately closed, don't report anything, so
...@@ -1146,10 +1144,6 @@ InitialiseRFBConnection(rfbClient* client) ...@@ -1146,10 +1144,6 @@ InitialiseRFBConnection(rfbClient* client)
break; break;
case rfbTLS: case rfbTLS:
#ifndef LIBVNCSERVER_WITH_CLIENT_TLS
rfbClientLog("TLS support was not compiled in\n");
return FALSE;
#else
if (!HandleAnonTLSAuth(client)) return FALSE; if (!HandleAnonTLSAuth(client)) return FALSE;
/* After the TLS session is established, sub auth types are expected. /* After the TLS session is established, sub auth types are expected.
* Note that all following reading/writing are through the TLS session from here. * Note that all following reading/writing are through the TLS session from here.
...@@ -1179,15 +1173,10 @@ InitialiseRFBConnection(rfbClient* client) ...@@ -1179,15 +1173,10 @@ InitialiseRFBConnection(rfbClient* client)
(int)subAuthScheme); (int)subAuthScheme);
return FALSE; return FALSE;
} }
#endif
break; break;
case rfbVeNCrypt: case rfbVeNCrypt:
#ifndef LIBVNCSERVER_WITH_CLIENT_TLS
rfbClientLog("TLS support was not compiled in\n");
return FALSE;
#else
if (!HandleVeNCryptAuth(client)) return FALSE; if (!HandleVeNCryptAuth(client)) return FALSE;
switch (client->subAuthScheme) { switch (client->subAuthScheme) {
...@@ -1213,7 +1202,7 @@ InitialiseRFBConnection(rfbClient* client) ...@@ -1213,7 +1202,7 @@ InitialiseRFBConnection(rfbClient* client)
client->subAuthScheme); client->subAuthScheme);
return FALSE; return FALSE;
} }
#endif
break; break;
default: default:
......
...@@ -136,15 +136,11 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n) ...@@ -136,15 +136,11 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)
while (client->buffered < n) { while (client->buffered < n) {
int i; int i;
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
if (client->tlsSession) { if (client->tlsSession) {
i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered); i = ReadFromTLS(client, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
} else { } else {
#endif
i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered); i = read(client->sock, client->buf + client->buffered, RFB_BUF_SIZE - client->buffered);
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
} }
#endif
if (i <= 0) { if (i <= 0) {
if (i < 0) { if (i < 0) {
#ifdef WIN32 #ifdef WIN32
...@@ -178,15 +174,12 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n) ...@@ -178,15 +174,12 @@ ReadFromRFBServer(rfbClient* client, char *out, unsigned int n)
while (n > 0) { while (n > 0) {
int i; int i;
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
if (client->tlsSession) { if (client->tlsSession) {
i = ReadFromTLS(client, out, n); i = ReadFromTLS(client, out, n);
} else { } else {
#endif
i = read(client->sock, out, n); i = read(client->sock, out, n);
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
} }
#endif
if (i <= 0) { if (i <= 0) {
if (i < 0) { if (i < 0) {
#ifdef WIN32 #ifdef WIN32
...@@ -241,7 +234,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n) ...@@ -241,7 +234,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n)
if (client->serverPort==-1) if (client->serverPort==-1)
return TRUE; /* vncrec playing */ return TRUE; /* vncrec playing */
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
if (client->tlsSession) { if (client->tlsSession) {
/* WriteToTLS() will guarantee either everything is written, or error/eof returns */ /* WriteToTLS() will guarantee either everything is written, or error/eof returns */
i = WriteToTLS(client, buf, n); i = WriteToTLS(client, buf, n);
...@@ -249,7 +241,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n) ...@@ -249,7 +241,6 @@ WriteToRFBServer(rfbClient* client, char *buf, int n)
return TRUE; return TRUE;
} }
#endif
while (i < n) { while (i < n) {
j = write(client->sock, buf + i, (n - i)); j = write(client->sock, buf + i, (n - i));
......
...@@ -17,6 +17,7 @@ ...@@ -17,6 +17,7 @@
* USA. * USA.
*/ */
#include <gnutls/gnutls.h>
#include <rfb/rfbclient.h> #include <rfb/rfbclient.h>
#include <errno.h> #include <errno.h>
#ifdef WIN32 #ifdef WIN32
...@@ -29,7 +30,6 @@ ...@@ -29,7 +30,6 @@
#endif #endif
#include "tls.h" #include "tls.h"
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP"; static const char *rfbTLSPriority = "NORMAL:+DHE-DSS:+RSA:+DHE-RSA:+SRP";
static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH"; static const char *rfbAnonTLSPriority= "NORMAL:+ANON-DH";
...@@ -135,21 +135,21 @@ InitializeTLSSession(rfbClient* client, rfbBool anonTLS) ...@@ -135,21 +135,21 @@ InitializeTLSSession(rfbClient* client, rfbBool anonTLS)
if (client->tlsSession) return TRUE; if (client->tlsSession) return TRUE;
if ((ret = gnutls_init(&client->tlsSession, GNUTLS_CLIENT)) < 0) if ((ret = gnutls_init((gnutls_session_t*)&client->tlsSession, GNUTLS_CLIENT)) < 0)
{ {
rfbClientLog("Failed to initialized TLS session: %s.\n", gnutls_strerror(ret)); rfbClientLog("Failed to initialized TLS session: %s.\n", gnutls_strerror(ret));
return FALSE; return FALSE;
} }
if ((ret = gnutls_priority_set_direct(client->tlsSession, if ((ret = gnutls_priority_set_direct((gnutls_session_t)client->tlsSession,
anonTLS ? rfbAnonTLSPriority : rfbTLSPriority, &p)) < 0) anonTLS ? rfbAnonTLSPriority : rfbTLSPriority, &p)) < 0)
{ {
rfbClientLog("Warning: Failed to set TLS priority: %s (%s).\n", gnutls_strerror(ret), p); rfbClientLog("Warning: Failed to set TLS priority: %s (%s).\n", gnutls_strerror(ret), p);
} }
gnutls_transport_set_ptr(client->tlsSession, (gnutls_transport_ptr_t)client); gnutls_transport_set_ptr((gnutls_session_t)client->tlsSession, (gnutls_transport_ptr_t)client);
gnutls_transport_set_push_function(client->tlsSession, PushTLS); gnutls_transport_set_push_function((gnutls_session_t)client->tlsSession, PushTLS);
gnutls_transport_set_pull_function(client->tlsSession, PullTLS); gnutls_transport_set_pull_function((gnutls_session_t)client->tlsSession, PullTLS);
rfbClientLog("TLS session initialized.\n"); rfbClientLog("TLS session initialized.\n");
...@@ -163,7 +163,7 @@ SetTLSAnonCredential(rfbClient* client) ...@@ -163,7 +163,7 @@ SetTLSAnonCredential(rfbClient* client)
int ret; int ret;
if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 || if ((ret = gnutls_anon_allocate_client_credentials(&anonCred)) < 0 ||
(ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0) (ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_ANON, anonCred)) < 0)
{ {
FreeTLS(client); FreeTLS(client);
rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret)); rfbClientLog("Failed to create anonymous credentials: %s", gnutls_strerror(ret));
...@@ -179,7 +179,7 @@ HandshakeTLS(rfbClient* client) ...@@ -179,7 +179,7 @@ HandshakeTLS(rfbClient* client)
int timeout = 15; int timeout = 15;
int ret; int ret;
while (timeout > 0 && (ret = gnutls_handshake(client->tlsSession)) < 0) while (timeout > 0 && (ret = gnutls_handshake((gnutls_session_t)client->tlsSession)) < 0)
{ {
if (!gnutls_error_is_fatal(ret)) if (!gnutls_error_is_fatal(ret))
{ {
...@@ -335,13 +335,10 @@ CreateX509CertCredential(rfbCredential *cred) ...@@ -335,13 +335,10 @@ CreateX509CertCredential(rfbCredential *cred)
return x509_cred; return x509_cred;
} }
#endif
rfbBool rfbBool
HandleAnonTLSAuth(rfbClient* client) HandleAnonTLSAuth(rfbClient* client)
{ {
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
if (!InitializeTLS() || !InitializeTLSSession(client, TRUE)) return FALSE; if (!InitializeTLS() || !InitializeTLSSession(client, TRUE)) return FALSE;
if (!SetTLSAnonCredential(client)) return FALSE; if (!SetTLSAnonCredential(client)) return FALSE;
...@@ -349,17 +346,11 @@ HandleAnonTLSAuth(rfbClient* client) ...@@ -349,17 +346,11 @@ HandleAnonTLSAuth(rfbClient* client)
if (!HandshakeTLS(client)) return FALSE; if (!HandshakeTLS(client)) return FALSE;
return TRUE; return TRUE;
#else
rfbClientLog("TLS is not supported.\n");
return FALSE;
#endif
} }
rfbBool rfbBool
HandleVeNCryptAuth(rfbClient* client) HandleVeNCryptAuth(rfbClient* client)
{ {
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
uint8_t major, minor, status; uint8_t major, minor, status;
uint32_t authScheme; uint32_t authScheme;
rfbBool anonTLS; rfbBool anonTLS;
...@@ -447,7 +438,7 @@ HandleVeNCryptAuth(rfbClient* client) ...@@ -447,7 +438,7 @@ HandleVeNCryptAuth(rfbClient* client)
} }
else else
{ {
if ((ret = gnutls_credentials_set(client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0) if ((ret = gnutls_credentials_set((gnutls_session_t)client->tlsSession, GNUTLS_CRD_CERTIFICATE, x509_cred)) < 0)
{ {
rfbClientLog("Cannot set x509 credential: %s.\n", gnutls_strerror(ret)); rfbClientLog("Cannot set x509 credential: %s.\n", gnutls_strerror(ret));
FreeTLS(client); FreeTLS(client);
...@@ -463,20 +454,14 @@ HandleVeNCryptAuth(rfbClient* client) ...@@ -463,20 +454,14 @@ HandleVeNCryptAuth(rfbClient* client)
* to do actual sub authentication. * to do actual sub authentication.
*/ */
return TRUE; return TRUE;
#else
rfbClientLog("TLS is not supported.\n");
return FALSE;
#endif
} }
int int
ReadFromTLS(rfbClient* client, char *out, unsigned int n) ReadFromTLS(rfbClient* client, char *out, unsigned int n)
{ {
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
ssize_t ret; ssize_t ret;
ret = gnutls_record_recv(client->tlsSession, out, n); ret = gnutls_record_recv((gnutls_session_t)client->tlsSession, out, n);
if (ret >= 0) return ret; if (ret >= 0) return ret;
if (ret == GNUTLS_E_REHANDSHAKE || ret == GNUTLS_E_AGAIN) if (ret == GNUTLS_E_REHANDSHAKE || ret == GNUTLS_E_AGAIN)
{ {
...@@ -487,23 +472,17 @@ ReadFromTLS(rfbClient* client, char *out, unsigned int n) ...@@ -487,23 +472,17 @@ ReadFromTLS(rfbClient* client, char *out, unsigned int n)
errno = EINTR; errno = EINTR;
} }
return -1; return -1;
#else
rfbClientLog("TLS is not supported.\n");
errno = EINTR;
return -1;
#endif
} }
int int
WriteToTLS(rfbClient* client, char *buf, unsigned int n) WriteToTLS(rfbClient* client, char *buf, unsigned int n)
{ {
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
unsigned int offset = 0; unsigned int offset = 0;
ssize_t ret; ssize_t ret;
while (offset < n) while (offset < n)
{ {
ret = gnutls_record_send(client->tlsSession, buf+offset, (size_t)(n-offset)); ret = gnutls_record_send((gnutls_session_t)client->tlsSession, buf+offset, (size_t)(n-offset));
if (ret == 0) continue; if (ret == 0) continue;
if (ret < 0) if (ret < 0)
{ {
...@@ -514,20 +493,13 @@ WriteToTLS(rfbClient* client, char *buf, unsigned int n) ...@@ -514,20 +493,13 @@ WriteToTLS(rfbClient* client, char *buf, unsigned int n)
offset += (unsigned int)ret; offset += (unsigned int)ret;
} }
return offset; return offset;
#else
rfbClientLog("TLS is not supported.\n");
errno = EINTR;
return -1;
#endif
} }
void FreeTLS(rfbClient* client) void FreeTLS(rfbClient* client)
{ {
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
if (client->tlsSession) if (client->tlsSession)
{ {
gnutls_deinit(client->tlsSession); gnutls_deinit((gnutls_session_t)client->tlsSession);
client->tlsSession = NULL; client->tlsSession = NULL;
} }
#endif
} }
...@@ -191,9 +191,7 @@ rfbClient* rfbGetClient(int bitsPerSample,int samplesPerPixel, ...@@ -191,9 +191,7 @@ rfbClient* rfbGetClient(int bitsPerSample,int samplesPerPixel,
client->authScheme = 0; client->authScheme = 0;
client->subAuthScheme = 0; client->subAuthScheme = 0;
client->GetCredential = NULL; client->GetCredential = NULL;
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
client->tlsSession = NULL; client->tlsSession = NULL;
#endif
client->sock = -1; client->sock = -1;
client->listenSock = -1; client->listenSock = -1;
client->listenAddress = NULL; client->listenAddress = NULL;
...@@ -365,9 +363,8 @@ void rfbClientCleanup(rfbClient* client) { ...@@ -365,9 +363,8 @@ void rfbClientCleanup(rfbClient* client) {
#endif #endif
#endif #endif
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
FreeTLS(client); FreeTLS(client);
#endif
if (client->sock >= 0) if (client->sock >= 0)
close(client->sock); close(client->sock);
if (client->listenSock >= 0) if (client->listenSock >= 0)
......
...@@ -38,9 +38,6 @@ ...@@ -38,9 +38,6 @@
#include <unistd.h> #include <unistd.h>
#include <rfb/rfbproto.h> #include <rfb/rfbproto.h>
#include <rfb/keysym.h> #include <rfb/keysym.h>
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
#include <gnutls/gnutls.h>
#endif
#define rfbClientSwap16IfLE(s) \ #define rfbClientSwap16IfLE(s) \
(*(char *)&client->endianTest ? ((((s) & 0xff) << 8) | (((s) >> 8) & 0xff)) : (s)) (*(char *)&client->endianTest ? ((((s) & 0xff) << 8) | (((s) >> 8) & 0xff)) : (s))
...@@ -314,10 +311,8 @@ typedef struct _rfbClient { ...@@ -314,10 +311,8 @@ typedef struct _rfbClient {
/** The selected security types */ /** The selected security types */
uint32_t authScheme, subAuthScheme; uint32_t authScheme, subAuthScheme;
#ifdef LIBVNCSERVER_WITH_CLIENT_TLS
/** The TLS session for Anonymous TLS and VeNCrypt */ /** The TLS session for Anonymous TLS and VeNCrypt */
gnutls_session_t tlsSession; void* tlsSession;
#endif
/** To support security types that requires user input (except VNC password /** To support security types that requires user input (except VNC password
* authentication), for example VeNCrypt and MSLogon, this callback function * authentication), for example VeNCrypt and MSLogon, this callback function
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment