[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-devel] [PATCH v2 7/8] ui: remove separate gnutls_session for webso
From: |
Daniel P. Berrange |
Subject: |
[Qemu-devel] [PATCH v2 7/8] ui: remove separate gnutls_session for websockets server |
Date: |
Tue, 17 Mar 2015 13:42:59 +0000 |
The previous change to the auth scheme handling guarantees we
can never have nested TLS sessions in the VNC websockets server.
Thus we can remove the separate gnutls_session instance.
Signed-off-by: Daniel P. Berrange <address@hidden>
---
ui/vnc-tls.c | 70 +++++++++++++++++++++++++-----------------------------------
ui/vnc-ws.c | 4 ++--
ui/vnc.c | 18 ++--------------
ui/vnc.h | 3 ---
4 files changed, 33 insertions(+), 62 deletions(-)
diff --git a/ui/vnc-tls.c b/ui/vnc-tls.c
index de1cb34..eddd39b 100644
--- a/ui/vnc-tls.c
+++ b/ui/vnc-tls.c
@@ -334,82 +334,77 @@ static int vnc_set_gnutls_priority(gnutls_session_t s,
int x509)
int vnc_tls_client_setup(struct VncState *vs,
int needX509Creds) {
- VncStateTLS *tls;
-
VNC_DEBUG("Do TLS setup\n");
-#ifdef CONFIG_VNC_WS
- if (vs->websocket) {
- tls = &vs->ws_tls;
- } else
-#endif /* CONFIG_VNC_WS */
- {
- tls = &vs->tls;
- }
if (vnc_tls_initialize() < 0) {
VNC_DEBUG("Failed to init TLS\n");
vnc_client_error(vs);
return -1;
}
- if (tls->session == NULL) {
- if (gnutls_init(&tls->session, GNUTLS_SERVER) < 0) {
+ if (vs->tls.session == NULL) {
+ if (gnutls_init(&vs->tls.session, GNUTLS_SERVER) < 0) {
vnc_client_error(vs);
return -1;
}
- if (gnutls_set_default_priority(tls->session) < 0) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ if (gnutls_set_default_priority(vs->tls.session) < 0) {
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
vnc_client_error(vs);
return -1;
}
- if (vnc_set_gnutls_priority(tls->session, needX509Creds) < 0) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ if (vnc_set_gnutls_priority(vs->tls.session, needX509Creds) < 0) {
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
vnc_client_error(vs);
return -1;
}
if (needX509Creds) {
- gnutls_certificate_server_credentials x509_cred =
vnc_tls_initialize_x509_cred(vs->vd);
+ gnutls_certificate_server_credentials x509_cred =
+ vnc_tls_initialize_x509_cred(vs->vd);
if (!x509_cred) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
vnc_client_error(vs);
return -1;
}
- if (gnutls_credentials_set(tls->session, GNUTLS_CRD_CERTIFICATE,
x509_cred) < 0) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ if (gnutls_credentials_set(vs->tls.session,
+ GNUTLS_CRD_CERTIFICATE, x509_cred) < 0)
{
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
gnutls_certificate_free_credentials(x509_cred);
vnc_client_error(vs);
return -1;
}
if (vs->vd->tls.x509verify) {
VNC_DEBUG("Requesting a client certificate\n");
- gnutls_certificate_server_set_request (tls->session,
GNUTLS_CERT_REQUEST);
+ gnutls_certificate_server_set_request(vs->tls.session,
+ GNUTLS_CERT_REQUEST);
}
} else {
- gnutls_anon_server_credentials_t anon_cred =
vnc_tls_initialize_anon_cred();
+ gnutls_anon_server_credentials_t anon_cred =
+ vnc_tls_initialize_anon_cred();
if (!anon_cred) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
vnc_client_error(vs);
return -1;
}
- if (gnutls_credentials_set(tls->session, GNUTLS_CRD_ANON,
anon_cred) < 0) {
- gnutls_deinit(tls->session);
- tls->session = NULL;
+ if (gnutls_credentials_set(vs->tls.session,
+ GNUTLS_CRD_ANON, anon_cred) < 0) {
+ gnutls_deinit(vs->tls.session);
+ vs->tls.session = NULL;
gnutls_anon_free_server_credentials(anon_cred);
vnc_client_error(vs);
return -1;
}
}
- gnutls_transport_set_ptr(tls->session, (gnutls_transport_ptr_t)vs);
- gnutls_transport_set_push_function(tls->session, vnc_tls_push);
- gnutls_transport_set_pull_function(tls->session, vnc_tls_pull);
+ gnutls_transport_set_ptr(vs->tls.session, (gnutls_transport_ptr_t)vs);
+ gnutls_transport_set_push_function(vs->tls.session, vnc_tls_push);
+ gnutls_transport_set_pull_function(vs->tls.session, vnc_tls_pull);
}
return 0;
}
@@ -422,13 +417,6 @@ void vnc_tls_client_cleanup(struct VncState *vs)
vs->tls.session = NULL;
}
g_free(vs->tls.dname);
-#ifdef CONFIG_VNC_WS
- if (vs->ws_tls.session) {
- gnutls_deinit(vs->ws_tls.session);
- vs->ws_tls.session = NULL;
- }
- g_free(vs->ws_tls.dname);
-#endif /* CONFIG_VNC_WS */
}
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c
index 0fcce4e..5f9fcc4 100644
--- a/ui/vnc-ws.c
+++ b/ui/vnc-ws.c
@@ -26,12 +26,12 @@
static int vncws_start_tls_handshake(struct VncState *vs)
{
- int ret = gnutls_handshake(vs->ws_tls.session);
+ int ret = gnutls_handshake(vs->tls.session);
if (ret < 0) {
if (!gnutls_error_is_fatal(ret)) {
VNC_DEBUG("Handshake interrupted (blocking)\n");
- if (!gnutls_record_get_direction(vs->ws_tls.session)) {
+ if (!gnutls_record_get_direction(vs->tls.session)) {
qemu_set_fd_handler(vs->csock, vncws_tls_handshake_io,
NULL, vs);
} else {
diff --git a/ui/vnc.c b/ui/vnc.c
index ed01cef..7f45daf 100644
--- a/ui/vnc.c
+++ b/ui/vnc.c
@@ -1343,15 +1343,8 @@ long vnc_client_write_buf(VncState *vs, const uint8_t
*data, size_t datalen)
if (vs->tls.session) {
ret = vnc_client_write_tls(&vs->tls.session, data, datalen);
} else {
-#ifdef CONFIG_VNC_WS
- if (vs->ws_tls.session) {
- ret = vnc_client_write_tls(&vs->ws_tls.session, data, datalen);
- } else
-#endif /* CONFIG_VNC_WS */
#endif /* CONFIG_VNC_TLS */
- {
- ret = send(vs->csock, (const void *)data, datalen, 0);
- }
+ ret = send(vs->csock, (const void *)data, datalen, 0);
#ifdef CONFIG_VNC_TLS
}
#endif /* CONFIG_VNC_TLS */
@@ -1491,15 +1484,8 @@ long vnc_client_read_buf(VncState *vs, uint8_t *data,
size_t datalen)
if (vs->tls.session) {
ret = vnc_client_read_tls(&vs->tls.session, data, datalen);
} else {
-#ifdef CONFIG_VNC_WS
- if (vs->ws_tls.session) {
- ret = vnc_client_read_tls(&vs->ws_tls.session, data, datalen);
- } else
-#endif /* CONFIG_VNC_WS */
#endif /* CONFIG_VNC_TLS */
- {
- ret = qemu_recv(vs->csock, data, datalen, 0);
- }
+ ret = qemu_recv(vs->csock, data, datalen, 0);
#ifdef CONFIG_VNC_TLS
}
#endif /* CONFIG_VNC_TLS */
diff --git a/ui/vnc.h b/ui/vnc.h
index aac9156..e19ac39 100644
--- a/ui/vnc.h
+++ b/ui/vnc.h
@@ -295,9 +295,6 @@ struct VncState
VncStateSASL sasl;
#endif
#ifdef CONFIG_VNC_WS
-#ifdef CONFIG_VNC_TLS
- VncStateTLS ws_tls;
-#endif /* CONFIG_VNC_TLS */
bool encode_ws;
bool websocket;
#endif /* CONFIG_VNC_WS */
--
2.1.0
- [Qemu-devel] [PATCH v2 0/8] Misc fixes for VNC, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 4/8] ui: split setup of VNC auth scheme into separate method, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 1/8] ui: remove unused 'wiremode' variable in VncState struct, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 2/8] ui: replace printf() calls with VNC_DEBUG, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 6/8] ui: enforce TLS when using websockets server, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 5/8] ui: fix setup of VNC websockets auth scheme with TLS, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 3/8] ui: report error if user requests VNC option that is unsupported, Daniel P. Berrange, 2015/03/17
- [Qemu-devel] [PATCH v2 7/8] ui: remove separate gnutls_session for websockets server,
Daniel P. Berrange <=
- [Qemu-devel] [PATCH v2 8/8] ui: ensure VNC websockets server checks the ACL if requested, Daniel P. Berrange, 2015/03/17