diff options
author | Daniel P. Berrange <berrange@redhat.com> | 2015-03-02 19:01:05 +0000 |
---|---|---|
committer | Daniel P. Berrange <berrange@redhat.com> | 2015-12-18 15:02:11 +0000 |
commit | 2cc452281e1746f9c02d3c66633ce9e5bc391cae (patch) | |
tree | d19f09be771030e5730e821b0c1a2fb30af20016 /ui/vnc-ws.c | |
parent | 04d2529da27db512dcbd5e99d0e26d333f16efcc (diff) |
ui: convert VNC server to use QIOChannelTLS
Switch VNC server over to using the QIOChannelTLS object for
the TLS session. This removes all remaining VNC specific code
for dealing with TLS handshakes.
Reviewed-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
Diffstat (limited to 'ui/vnc-ws.c')
-rw-r--r-- | ui/vnc-ws.c | 95 |
1 files changed, 36 insertions, 59 deletions
diff --git a/ui/vnc-ws.c b/ui/vnc-ws.c index 15649dc582..053beca7de 100644 --- a/ui/vnc-ws.c +++ b/ui/vnc-ws.c @@ -22,83 +22,60 @@ #include "qemu/main-loop.h" #include "crypto/hash.h" -static int vncws_start_tls_handshake(VncState *vs) -{ - Error *err = NULL; - - if (qcrypto_tls_session_handshake(vs->tls, &err) < 0) { - goto error; - } +static void vncws_handshake_read(VncState *vs); - switch (qcrypto_tls_session_get_handshake_status(vs->tls)) { - case QCRYPTO_TLS_HANDSHAKE_COMPLETE: - VNC_DEBUG("Handshake done, checking credentials\n"); - if (qcrypto_tls_session_check_credentials(vs->tls, &err) < 0) { - goto error; - } - VNC_DEBUG("Client verification passed, starting TLS I/O\n"); - if (vs->ioc_tag) { - g_source_remove(vs->ioc_tag); - } - vs->ioc_tag = qio_channel_add_watch( - vs->ioc, G_IO_IN, vncws_handshake_io, vs, NULL); - break; - - case QCRYPTO_TLS_HANDSHAKE_RECVING: - VNC_DEBUG("Handshake interrupted (blocking read)\n"); - if (vs->ioc_tag) { - g_source_remove(vs->ioc_tag); - } - vs->ioc_tag = qio_channel_add_watch( - vs->ioc, G_IO_IN, vncws_tls_handshake_io, vs, NULL); - break; +static void vncws_tls_handshake_done(Object *source, + Error *err, + gpointer user_data) +{ + VncState *vs = user_data; - case QCRYPTO_TLS_HANDSHAKE_SENDING: - VNC_DEBUG("Handshake interrupted (blocking write)\n"); - if (vs->ioc_tag) { - g_source_remove(vs->ioc_tag); - } + if (err) { + VNC_DEBUG("Handshake failed %s\n", error_get_pretty(err)); + vnc_client_error(vs); + } else { vs->ioc_tag = qio_channel_add_watch( - vs->ioc, G_IO_OUT, vncws_tls_handshake_io, vs, NULL); - break; + QIO_CHANNEL(vs->ioc), G_IO_IN, vncws_handshake_io, vs, NULL); } - - return 0; - - error: - VNC_DEBUG("Handshake failed %s\n", error_get_pretty(err)); - error_free(err); - vnc_client_error(vs); - return -1; } + gboolean vncws_tls_handshake_io(QIOChannel *ioc G_GNUC_UNUSED, GIOCondition condition G_GNUC_UNUSED, void *opaque) { - VncState *vs = (VncState *)opaque; + VncState *vs = opaque; + QIOChannelTLS *tls; Error *err = NULL; - vs->tls = qcrypto_tls_session_new(vs->vd->tlscreds, - NULL, - vs->vd->tlsaclname, - QCRYPTO_TLS_CREDS_ENDPOINT_SERVER, - &err); - if (!vs->tls) { - VNC_DEBUG("Failed to setup TLS %s\n", - error_get_pretty(err)); + VNC_DEBUG("TLS Websocket connection required\n"); + if (vs->ioc_tag) { + g_source_remove(vs->ioc_tag); + vs->ioc_tag = 0; + } + + tls = qio_channel_tls_new_server( + vs->ioc, + vs->vd->tlscreds, + vs->vd->tlsaclname, + &err); + if (!tls) { + VNC_DEBUG("Failed to setup TLS %s\n", error_get_pretty(err)); error_free(err); vnc_client_error(vs); return TRUE; } - qcrypto_tls_session_set_callbacks(vs->tls, - vnc_tls_push, - vnc_tls_pull, - vs); - VNC_DEBUG("Start TLS WS handshake process\n"); - vncws_start_tls_handshake(vs); + object_unref(OBJECT(vs->ioc)); + vs->ioc = QIO_CHANNEL(tls); + vs->tls = qio_channel_tls_get_session(tls); + + qio_channel_tls_handshake(tls, + vncws_tls_handshake_done, + vs, + NULL); + return TRUE; } |