From: Jonathon Jongsma <jjongsma@xxxxxxxxxx> Removing more global variables --- server/reds-private.h | 11 +++++++++ server/reds.c | 65 ++++++++++++++++++++++----------------------------- 2 files changed, 39 insertions(+), 37 deletions(-) diff --git a/server/reds-private.h b/server/reds-private.h index 5042773..2a6f438 100644 --- a/server/reds-private.h +++ b/server/reds-private.h @@ -137,6 +137,15 @@ typedef struct RedsClientMonitorsConfig { typedef struct ChannelSecurityOptions ChannelSecurityOptions; +typedef struct RedSSLParameters { + char keyfile_password[256]; + char certs_file[256]; + char private_key_file[256]; + char ca_certificate_file[256]; + char dh_key_file[256]; + char ciphersuite[256]; +} RedSSLParameters; + struct RedsState { int listen_socket; int secure_listen_socket; @@ -225,6 +234,8 @@ struct RedsState { gboolean agent_copypaste; gboolean agent_file_xfer; gboolean exit_on_disconnect; + + RedSSLParameters ssl_parameters; }; #endif diff --git a/server/reds.c b/server/reds.c index b25a1be..14857c2 100644 --- a/server/reds.c +++ b/server/reds.c @@ -159,15 +159,6 @@ typedef struct RedLinkInfo { int skip_auth; } RedLinkInfo; -typedef struct RedSSLParameters { - char keyfile_password[256]; - char certs_file[256]; - char private_key_file[256]; - char ca_certificate_file[256]; - char dh_key_file[256]; - char ciphersuite[256]; -} RedSSLParameters; - struct ChannelSecurityOptions { uint32_t channel_id; uint32_t options; @@ -187,8 +178,6 @@ static VDIReadBuf *vdi_port_read_buf_get(RedsState *reds); static VDIReadBuf *vdi_port_read_buf_ref(VDIReadBuf *buf); static void vdi_port_read_buf_unref(RedsState *reds, VDIReadBuf *buf); -static RedSSLParameters ssl_parameters; - static ChannelSecurityOptions *reds_find_channel_security(RedsState *reds, int id) { ChannelSecurityOptions *now = reds->channels_security; @@ -2611,7 +2600,8 @@ static int load_dh_params(SSL_CTX *ctx, char *file) /*The password code is not thread safe*/ static int ssl_password_cb(char *buf, int size, int flags, void *userdata) { - char *pass = ssl_parameters.keyfile_password; + RedsState *reds = userdata; + char *pass = reds->ssl_parameters.keyfile_password; if (size < strlen(pass) + 1) { return (0); } @@ -2686,31 +2676,32 @@ static int reds_init_ssl(RedsState *reds) SSL_CTX_set_options(reds->ctx, ssl_options); /* Load our keys and certificates*/ - return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, ssl_parameters.certs_file); + return_code = SSL_CTX_use_certificate_chain_file(reds->ctx, reds->ssl_parameters.certs_file); if (return_code == 1) { - spice_info("Loaded certificates from %s", ssl_parameters.certs_file); + spice_info("Loaded certificates from %s", reds->ssl_parameters.certs_file); } else { - spice_warning("Could not load certificates from %s", ssl_parameters.certs_file); + spice_warning("Could not load certificates from %s", reds->ssl_parameters.certs_file); return -1; } SSL_CTX_set_default_passwd_cb(reds->ctx, ssl_password_cb); + SSL_CTX_set_default_passwd_cb_userdata(reds->ctx, reds); - return_code = SSL_CTX_use_PrivateKey_file(reds->ctx, ssl_parameters.private_key_file, + return_code = SSL_CTX_use_PrivateKey_file(reds->ctx, reds->ssl_parameters.private_key_file, SSL_FILETYPE_PEM); if (return_code == 1) { - spice_info("Using private key from %s", ssl_parameters.private_key_file); + spice_info("Using private key from %s", reds->ssl_parameters.private_key_file); } else { spice_warning("Could not use private key file"); return -1; } /* Load the CAs we trust*/ - return_code = SSL_CTX_load_verify_locations(reds->ctx, ssl_parameters.ca_certificate_file, 0); + return_code = SSL_CTX_load_verify_locations(reds->ctx, reds->ssl_parameters.ca_certificate_file, 0); if (return_code == 1) { - spice_info("Loaded CA certificates from %s", ssl_parameters.ca_certificate_file); + spice_info("Loaded CA certificates from %s", reds->ssl_parameters.ca_certificate_file); } else { - spice_warning("Could not use CA file %s", ssl_parameters.ca_certificate_file); + spice_warning("Could not use CA file %s", reds->ssl_parameters.ca_certificate_file); return -1; } @@ -2718,15 +2709,15 @@ static int reds_init_ssl(RedsState *reds) SSL_CTX_set_verify_depth(reds->ctx, 1); #endif - if (strlen(ssl_parameters.dh_key_file) > 0) { - if (load_dh_params(reds->ctx, ssl_parameters.dh_key_file) < 0) { + if (strlen(reds->ssl_parameters.dh_key_file) > 0) { + if (load_dh_params(reds->ctx, reds->ssl_parameters.dh_key_file) < 0) { return -1; } } SSL_CTX_set_session_id_context(reds->ctx, (const unsigned char *)"SPICE", 5); - if (strlen(ssl_parameters.ciphersuite) > 0) { - if (!SSL_CTX_set_cipher_list(reds->ctx, ssl_parameters.ciphersuite)) { + if (strlen(reds->ssl_parameters.ciphersuite) > 0) { + if (!SSL_CTX_set_cipher_list(reds->ctx, reds->ssl_parameters.ciphersuite)) { return -1; } } @@ -3633,27 +3624,27 @@ SPICE_GNUC_VISIBLE int spice_server_set_tls(SpiceServer *s, int port, if (port < 0 || port > 0xffff) { return -1; } - memset(&ssl_parameters, 0, sizeof(ssl_parameters)); + memset(&s->ssl_parameters, 0, sizeof(s->ssl_parameters)); s->spice_secure_port = port; - g_strlcpy(ssl_parameters.ca_certificate_file, ca_cert_file, - sizeof(ssl_parameters.ca_certificate_file)); - g_strlcpy(ssl_parameters.certs_file, certs_file, - sizeof(ssl_parameters.certs_file)); - g_strlcpy(ssl_parameters.private_key_file, private_key_file, - sizeof(ssl_parameters.private_key_file)); + g_strlcpy(s->ssl_parameters.ca_certificate_file, ca_cert_file, + sizeof(s->ssl_parameters.ca_certificate_file)); + g_strlcpy(s->ssl_parameters.certs_file, certs_file, + sizeof(s->ssl_parameters.certs_file)); + g_strlcpy(s->ssl_parameters.private_key_file, private_key_file, + sizeof(s->ssl_parameters.private_key_file)); if (key_passwd) { - g_strlcpy(ssl_parameters.keyfile_password, key_passwd, - sizeof(ssl_parameters.keyfile_password)); + g_strlcpy(s->ssl_parameters.keyfile_password, key_passwd, + sizeof(s->ssl_parameters.keyfile_password)); } if (ciphersuite) { - g_strlcpy(ssl_parameters.ciphersuite, ciphersuite, - sizeof(ssl_parameters.ciphersuite)); + g_strlcpy(s->ssl_parameters.ciphersuite, ciphersuite, + sizeof(s->ssl_parameters.ciphersuite)); } if (dh_key_file) { - g_strlcpy(ssl_parameters.dh_key_file, dh_key_file, - sizeof(ssl_parameters.dh_key_file)); + g_strlcpy(s->ssl_parameters.dh_key_file, dh_key_file, + sizeof(s->ssl_parameters.dh_key_file)); } return 0; } -- 2.4.3 _______________________________________________ Spice-devel mailing list Spice-devel@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/spice-devel