*dirp = dir;
return 0;
}
-
-int fileexists(char *file)
-{
-#ifdef WIN32
- return (GetFileAttributes(file) == INVALID_FILE_ATTRIBUTES) ? -1 : 0;
-#else
- return access(file, R_OK);
-#endif
-}
-
-
*/
int getvnchomedir(char **dirp);
-/*
- * Check if the file exists
- *
- * Returns:
- * 0 - Success
- * -1 - Failure
- */
-int fileexists(char *file);
-
#endif /* OS_OS_H */
using namespace rfb;
-StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer);
-StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer);
+static const char* homedirfn(const char* fn);
+
+StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate",
+ homedirfn("x509_ca.pem"),
+ ConfViewer);
+StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file",
+ homedirfn("x509_crl.pem"),
+ ConfViewer);
static LogWriter vlog("TLS");
+static const char* homedirfn(const char* fn)
+{
+ static char full_path[PATH_MAX];
+ char* homedir = NULL;
+
+ if (getvnchomedir(&homedir) == -1)
+ return "";
+
+ snprintf(full_path, sizeof(full_path), "%s%s", homedir, fn);
+
+ delete [] homedir;
+
+ return full_path;
+}
+
CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon)
: CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL),
anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL)
throw AuthFailureException("gnutls_global_init failed");
}
-void CSecurityTLS::setDefaults()
-{
- char* homeDir = NULL;
-
- if (getvnchomedir(&homeDir) == -1) {
- vlog.error("Could not obtain VNC home directory path");
- return;
- }
-
- int len = strlen(homeDir) + 1;
- CharArray caDefault(len + 11);
- CharArray crlDefault(len + 12);
- sprintf(caDefault.buf, "%sx509_ca.pem", homeDir);
- sprintf(crlDefault.buf, "%s509_crl.pem", homeDir);
- delete [] homeDir;
-
- if (!fileexists(caDefault.buf))
- X509CA.setDefaultStr(caDefault.buf);
- if (!fileexists(crlDefault.buf))
- X509CRL.setDefaultStr(crlDefault.buf);
-}
-
void CSecurityTLS::shutdown()
{
if (session) {
virtual const char* description() const
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; }
virtual bool isSecure() const { return !anon; }
- static void setDefaults();
static StringParameter X509CA;
static StringParameter X509CRL;
strFree(def_value);
}
-void StringParameter::setDefaultStr(const char* v) {
- strFree(def_value);
- def_value = strDup(v);
- strFree(value);
- value = strDup(v);
-}
-
bool StringParameter::setParam(const char* v) {
LOCK_CONFIG;
if (immutable) return true;
virtual bool setParam(const char* value);
virtual char* getDefaultStr() const;
virtual char* getValueStr() const;
- void setDefaultStr(const char* v);
operator const char*() const;
// getData() returns a copy of the data - it must be delete[]d by the
bail:
throw Exception("Security type not supported");
}
-
-void SecurityClient::setDefaults()
-{
-#ifdef HAVE_GNUTLS
- CSecurityTLS::setDefaults();
-#endif
-}
/* Create client side CSecurity class instance */
CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType);
- static void setDefaults(void);
-
static StringParameter secTypes;
};
#endif
#include <rfb/Logger_stdio.h>
-#include <rfb/SecurityClient.h>
-#include <rfb/Security.h>
#ifdef HAVE_GNUTLS
#include <rfb/CSecurityTLS.h>
#endif
bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR);
textdomain(PACKAGE_NAME);
- rfb::SecurityClient::setDefaults();
-
// Write about text to console, still using normal locale codeset
fprintf(stderr,"\n%s\n", about_text());
.B \-X509CA \fIpath\fP
Path to CA certificate to use when authenticating remote servers using any
of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM
-format. Default is \fB$HOME/.vnc/x509_ca.pem\fP, if it exists.
+format. Default is \fB$HOME/.vnc/x509_ca.pem\fP.
.
.TP
.B \-X509CRL \fIpath\fP
Path to certificate revocation list to use in conjunction with
\fB-X509CA\fP. Must also be in PEM format. Default is
-\fB$HOME/.vnc/x509_crl.pem\fP, if it exists.
+\fB$HOME/.vnc/x509_crl.pem\fP.
.
.TP
.B \-Shared
projects / tigervnc.git / commitdiff