9 years ago · 3d2a84b9ea
--- a/common/rfb/CSecurityTLS.cxx
+++ b/common/rfb/CSecurityTLS.cxx
@@ -63,8 +63,8 @@

 using namespace rfb;

 StringParameter CSecurityTLS::x509ca("x509ca", "X509 CA certificate", "", ConfViewer);
 StringParameter CSecurityTLS::x509crl("x509crl", "X509 CRL file", "", ConfViewer);
 StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer);
 StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer);

 static LogWriter vlog("TLS");
 static LogWriter vlog_raw("RawTLS");
@@ -94,8 +94,8 @@ void CSecurityTLS::initGlobal()
 CSecurityTLS::CSecurityTLS(bool _anon) : session(0), anon_cred(0),
 						 anon(_anon), fis(0), fos(0)
 {
  cafile = x509ca.getData();
  crlfile = x509crl.getData();
  cafile = X509CA.getData();
  crlfile = X509CRL.getData();
 }

 void CSecurityTLS::setDefaults()
@@ -115,9 +115,9 @@ void CSecurityTLS::setDefaults()
  delete [] homeDir;

 if (!fileexists(caDefault.buf))
   x509ca.setDefaultStr(strdup(caDefault.buf));
   X509CA.setDefaultStr(strdup(caDefault.buf));
 if (!fileexists(crlDefault.buf))
   x509crl.setDefaultStr(strdup(crlDefault.buf));
   X509CRL.setDefaultStr(strdup(crlDefault.buf));
 }

 void CSecurityTLS::shutdown(bool needbye)
--- a/common/rfb/CSecurityTLS.h
+++ b/common/rfb/CSecurityTLS.h
@@ -50,8 +50,8 @@ namespace rfb {
      { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; }
    static void setDefaults();

    static StringParameter x509ca;
    static StringParameter x509crl;
    static StringParameter X509CA;
    static StringParameter X509CRL;
    static UserMsgBox *msg;

  protected:
--- a/common/rfb/SSecurityTLS.cxx
+++ b/common/rfb/SSecurityTLS.cxx
@@ -39,10 +39,10 @@
 using namespace rfb;

 StringParameter SSecurityTLS::X509_CertFile
 ("x509cert", "specifies path to the x509 certificate in PEM format", "", ConfServer);
 ("X509Cert", "Path to the X509 certificate in PEM format", "", ConfServer);

 StringParameter SSecurityTLS::X509_KeyFile
 ("x509key", "specifies path to the key of the x509 certificate in PEM format", "", ConfServer);
 ("X509Key", "Path to the key of the X509 certificate in PEM format", "", ConfServer);

 static LogWriter vlog("TLS");
 static LogWriter vlog_raw("RawTLS");
--- a/common/rfb/UnixPasswordValidator.cxx
+++ b/common/rfb/UnixPasswordValidator.cxx
@@ -31,8 +31,10 @@

 using namespace rfb;

 static StringParameter pam_service
  ("pam_service", "service name for pam password validation", "vnc");
 static StringParameter pamService
  ("PAMService", "Service name for PAM password validation", "vnc");
 AliasParameter pam_service("pam_service", "Alias for PAMService",
                           &pamService);

 int do_pam_auth(const char *service, const char *username,
 	        const char *password);
@@ -42,7 +44,7 @@ bool UnixPasswordValidator::validateInternal(SConnection * sc,
 					     const char *password)
 {
 #ifdef HAVE_PAM
  CharArray service(strDup(pam_service.getData()));
  CharArray service(strDup(pamService.getData()));
  return do_pam_auth(service.buf, username, password);
 #else
  throw AuthFailureException("PAM not supported");
--- a/unix/x0vncserver/x0vncserver.man
+++ b/unix/x0vncserver/x0vncserver.man
@@ -104,18 +104,18 @@ to allow any user to authenticate using this security type. Default is to
 deny all users.
 .
 .TP
 .B pam_service
 .B pam_service, PAMService
 PAM service name to use when authentication users using any of the "Plain"
 security types. Default is \fBvnc\fP.
 .
 .TP
 .B x509cert
 .B X509Cert
 Path to a X509 certificate in PEM format to be used for all X509 based
 security types (X509None, X509Vnc, etc.).
 .
 .TP
 .B x509key
 Private key counter part to the certificate given in \fBx509cert\fP. Must
 .B X509Key
 Private key counter part to the certificate given in \fBX509Cert\fP. Must
 also be in PEM format.
 .
 .TP
--- a/unix/xserver/hw/vnc/Xvnc.man
+++ b/unix/xserver/hw/vnc/Xvnc.man
@@ -208,18 +208,18 @@ to allow any user to authenticate using this security type. Default is to
 deny all users.
 .
 .TP
 .B \-pam_service \fIname\fP
 .B \-pam_service \fIname\fP, \-PAMService \fIname\fP
 PAM service name to use when authentication users using any of the "Plain"
 security types. Default is \fBvnc\fP.
 .
 .TP
 .B \-x509cert \fIpath\fP
 .B \-X509Cert \fIpath\fP
 Path to a X509 certificate in PEM format to be used for all X509 based
 security types (X509None, X509Vnc, etc.).
 .
 .TP
 .B \-x509key \fIpath\fP
 Private key counter part to the certificate given in \fBx509cert\fP. Must
 .B \-X509Key \fIpath\fP
 Private key counter part to the certificate given in \fBX509Cert\fP. Must
 also be in PEM format.
 .
 .TP
--- a/vncviewer/OptionsDialog.cxx
+++ b/vncviewer/OptionsDialog.cxx
@@ -252,8 +252,8 @@ void OptionsDialog::loadOptions(void)
    }
  }

  caInput->value(CSecurityTLS::x509ca);
  crlInput->value(CSecurityTLS::x509crl);
  caInput->value(CSecurityTLS::X509CA);
  crlInput->value(CSecurityTLS::X509CRL);

  handleX509(encX509Checkbox, this);
 #endif
@@ -368,8 +368,8 @@ void OptionsDialog::storeOptions(void)

  SecurityClient::secTypes.setParam(security.ToString());

  CSecurityTLS::x509ca.setParam(caInput->value());
  CSecurityTLS::x509crl.setParam(crlInput->value());
  CSecurityTLS::X509CA.setParam(caInput->value());
  CSecurityTLS::X509CRL.setParam(crlInput->value());
 #endif

  /* Input */
--- a/vncviewer/parameters.cxx
+++ b/vncviewer/parameters.cxx
@@ -144,8 +144,8 @@ const char* IDENTIFIER_STRING = "TigerVNC Configuration file Version 1.0";

 VoidParameter* parameterArray[] = {
 #ifdef HAVE_GNUTLS
  &CSecurityTLS::x509ca,
  &CSecurityTLS::x509crl,
  &CSecurityTLS::X509CA,
  &CSecurityTLS::X509CRL,
 #endif // HAVE_GNUTLS
  &SecurityClient::secTypes,
  &dotWhenNoCursor,