From 960c7d2ff393917e8afd00742447ce8ee51b350f Mon Sep 17 00:00:00 2001 From: Pierre Ossman Date: Fri, 11 Jun 2021 17:40:02 +0200 Subject: [PATCH] Clean up default value for X509 parameters Let's avoid making this too complex and force every user to know about magical functions. --- common/os/os.cxx | 11 -------- common/os/os.h | 9 ------- common/rfb/CSecurityTLS.cxx | 47 +++++++++++++++++------------------ common/rfb/CSecurityTLS.h | 1 - common/rfb/Configuration.cxx | 7 ------ common/rfb/Configuration.h | 1 - common/rfb/SecurityClient.cxx | 7 ------ common/rfb/SecurityClient.h | 2 -- vncviewer/vncviewer.cxx | 4 --- vncviewer/vncviewer.man | 4 +-- 10 files changed, 25 insertions(+), 68 deletions(-) diff --git a/common/os/os.cxx b/common/os/os.cxx index 46470eaa..409a2ec6 100644 --- a/common/os/os.cxx +++ b/common/os/os.cxx @@ -84,14 +84,3 @@ int getvnchomedir(char **dirp) *dirp = dir; return 0; } - -int fileexists(char *file) -{ -#ifdef WIN32 - return (GetFileAttributes(file) == INVALID_FILE_ATTRIBUTES) ? -1 : 0; -#else - return access(file, R_OK); -#endif -} - - diff --git a/common/os/os.h b/common/os/os.h index f770e2b8..fcca20e1 100644 --- a/common/os/os.h +++ b/common/os/os.h @@ -39,13 +39,4 @@ */ int getvnchomedir(char **dirp); -/* - * Check if the file exists - * - * Returns: - * 0 - Success - * -1 - Failure - */ -int fileexists(char *file); - #endif /* OS_OS_H */ diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx index 5337d8d6..29c3d956 100644 --- a/common/rfb/CSecurityTLS.cxx +++ b/common/rfb/CSecurityTLS.cxx @@ -62,11 +62,32 @@ using namespace rfb; -StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer); -StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer); +static const char* homedirfn(const char* fn); + +StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", + homedirfn("x509_ca.pem"), + ConfViewer); +StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", + homedirfn("x509_crl.pem"), + ConfViewer); static LogWriter vlog("TLS"); +static const char* homedirfn(const char* fn) +{ + static char full_path[PATH_MAX]; + char* homedir = NULL; + + if (getvnchomedir(&homedir) == -1) + return ""; + + snprintf(full_path, sizeof(full_path), "%s%s", homedir, fn); + + delete [] homedir; + + return full_path; +} + CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) @@ -78,28 +99,6 @@ CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) throw AuthFailureException("gnutls_global_init failed"); } -void CSecurityTLS::setDefaults() -{ - char* homeDir = NULL; - - if (getvnchomedir(&homeDir) == -1) { - vlog.error("Could not obtain VNC home directory path"); - return; - } - - int len = strlen(homeDir) + 1; - CharArray caDefault(len + 11); - CharArray crlDefault(len + 12); - sprintf(caDefault.buf, "%sx509_ca.pem", homeDir); - sprintf(crlDefault.buf, "%s509_crl.pem", homeDir); - delete [] homeDir; - - if (!fileexists(caDefault.buf)) - X509CA.setDefaultStr(caDefault.buf); - if (!fileexists(crlDefault.buf)) - X509CRL.setDefaultStr(crlDefault.buf); -} - void CSecurityTLS::shutdown() { if (session) { diff --git a/common/rfb/CSecurityTLS.h b/common/rfb/CSecurityTLS.h index 0dcf2ad3..9709926e 100644 --- a/common/rfb/CSecurityTLS.h +++ b/common/rfb/CSecurityTLS.h @@ -48,7 +48,6 @@ namespace rfb { virtual const char* description() const { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } virtual bool isSecure() const { return !anon; } - static void setDefaults(); static StringParameter X509CA; static StringParameter X509CRL; diff --git a/common/rfb/Configuration.cxx b/common/rfb/Configuration.cxx index 00039d96..d5d3f252 100644 --- a/common/rfb/Configuration.cxx +++ b/common/rfb/Configuration.cxx @@ -389,13 +389,6 @@ StringParameter::~StringParameter() { strFree(def_value); } -void StringParameter::setDefaultStr(const char* v) { - strFree(def_value); - def_value = strDup(v); - strFree(value); - value = strDup(v); -} - bool StringParameter::setParam(const char* v) { LOCK_CONFIG; if (immutable) return true; diff --git a/common/rfb/Configuration.h b/common/rfb/Configuration.h index 376805bb..396e40dd 100644 --- a/common/rfb/Configuration.h +++ b/common/rfb/Configuration.h @@ -243,7 +243,6 @@ namespace rfb { virtual bool setParam(const char* value); virtual char* getDefaultStr() const; virtual char* getValueStr() const; - void setDefaultStr(const char* v); operator const char*() const; // getData() returns a copy of the data - it must be delete[]d by the diff --git a/common/rfb/SecurityClient.cxx b/common/rfb/SecurityClient.cxx index 23c1d67c..4d88d678 100644 --- a/common/rfb/SecurityClient.cxx +++ b/common/rfb/SecurityClient.cxx @@ -105,10 +105,3 @@ CSecurity* SecurityClient::GetCSecurity(CConnection* cc, U32 secType) bail: throw Exception("Security type not supported"); } - -void SecurityClient::setDefaults() -{ -#ifdef HAVE_GNUTLS - CSecurityTLS::setDefaults(); -#endif -} diff --git a/common/rfb/SecurityClient.h b/common/rfb/SecurityClient.h index 3074a876..b13afa42 100644 --- a/common/rfb/SecurityClient.h +++ b/common/rfb/SecurityClient.h @@ -35,8 +35,6 @@ namespace rfb { /* Create client side CSecurity class instance */ CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); - static void setDefaults(void); - static StringParameter secTypes; }; diff --git a/vncviewer/vncviewer.cxx b/vncviewer/vncviewer.cxx index 7dfc603a..bb41a2f7 100644 --- a/vncviewer/vncviewer.cxx +++ b/vncviewer/vncviewer.cxx @@ -45,8 +45,6 @@ #endif #include -#include -#include #ifdef HAVE_GNUTLS #include #endif @@ -521,8 +519,6 @@ int main(int argc, char** argv) bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); textdomain(PACKAGE_NAME); - rfb::SecurityClient::setDefaults(); - // Write about text to console, still using normal locale codeset fprintf(stderr,"\n%s\n", about_text()); diff --git a/vncviewer/vncviewer.man b/vncviewer/vncviewer.man index 64f0b08c..868e6aeb 100644 --- a/vncviewer/vncviewer.man +++ b/vncviewer/vncviewer.man @@ -152,13 +152,13 @@ the server, you can specify it here to avoid typing it in. It will usually be .B \-X509CA \fIpath\fP Path to CA certificate to use when authenticating remote servers using any of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM -format. Default is \fB$HOME/.vnc/x509_ca.pem\fP, if it exists. +format. Default is \fB$HOME/.vnc/x509_ca.pem\fP. . .TP .B \-X509CRL \fIpath\fP Path to certificate revocation list to use in conjunction with \fB-X509CA\fP. Must also be in PEM format. Default is -\fB$HOME/.vnc/x509_crl.pem\fP, if it exists. +\fB$HOME/.vnc/x509_crl.pem\fP. . .TP .B \-Shared -- 2.39.5