Let's avoid making this too complex and force every user to know about magical functions.tags/v1.11.90
@@ -84,14 +84,3 @@ int getvnchomedir(char **dirp) | |||
*dirp = dir; | |||
return 0; | |||
} | |||
int fileexists(char *file) | |||
{ | |||
#ifdef WIN32 | |||
return (GetFileAttributes(file) == INVALID_FILE_ATTRIBUTES) ? -1 : 0; | |||
#else | |||
return access(file, R_OK); | |||
#endif | |||
} | |||
@@ -39,13 +39,4 @@ | |||
*/ | |||
int getvnchomedir(char **dirp); | |||
/* | |||
* Check if the file exists | |||
* | |||
* Returns: | |||
* 0 - Success | |||
* -1 - Failure | |||
*/ | |||
int fileexists(char *file); | |||
#endif /* OS_OS_H */ |
@@ -62,11 +62,32 @@ | |||
using namespace rfb; | |||
StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer); | |||
StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer); | |||
static const char* homedirfn(const char* fn); | |||
StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", | |||
homedirfn("x509_ca.pem"), | |||
ConfViewer); | |||
StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", | |||
homedirfn("x509_crl.pem"), | |||
ConfViewer); | |||
static LogWriter vlog("TLS"); | |||
static const char* homedirfn(const char* fn) | |||
{ | |||
static char full_path[PATH_MAX]; | |||
char* homedir = NULL; | |||
if (getvnchomedir(&homedir) == -1) | |||
return ""; | |||
snprintf(full_path, sizeof(full_path), "%s%s", homedir, fn); | |||
delete [] homedir; | |||
return full_path; | |||
} | |||
CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | |||
: CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), | |||
anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) | |||
@@ -78,28 +99,6 @@ CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | |||
throw AuthFailureException("gnutls_global_init failed"); | |||
} | |||
void CSecurityTLS::setDefaults() | |||
{ | |||
char* homeDir = NULL; | |||
if (getvnchomedir(&homeDir) == -1) { | |||
vlog.error("Could not obtain VNC home directory path"); | |||
return; | |||
} | |||
int len = strlen(homeDir) + 1; | |||
CharArray caDefault(len + 11); | |||
CharArray crlDefault(len + 12); | |||
sprintf(caDefault.buf, "%sx509_ca.pem", homeDir); | |||
sprintf(crlDefault.buf, "%s509_crl.pem", homeDir); | |||
delete [] homeDir; | |||
if (!fileexists(caDefault.buf)) | |||
X509CA.setDefaultStr(caDefault.buf); | |||
if (!fileexists(crlDefault.buf)) | |||
X509CRL.setDefaultStr(crlDefault.buf); | |||
} | |||
void CSecurityTLS::shutdown() | |||
{ | |||
if (session) { |
@@ -48,7 +48,6 @@ namespace rfb { | |||
virtual const char* description() const | |||
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | |||
virtual bool isSecure() const { return !anon; } | |||
static void setDefaults(); | |||
static StringParameter X509CA; | |||
static StringParameter X509CRL; |
@@ -389,13 +389,6 @@ StringParameter::~StringParameter() { | |||
strFree(def_value); | |||
} | |||
void StringParameter::setDefaultStr(const char* v) { | |||
strFree(def_value); | |||
def_value = strDup(v); | |||
strFree(value); | |||
value = strDup(v); | |||
} | |||
bool StringParameter::setParam(const char* v) { | |||
LOCK_CONFIG; | |||
if (immutable) return true; |
@@ -243,7 +243,6 @@ namespace rfb { | |||
virtual bool setParam(const char* value); | |||
virtual char* getDefaultStr() const; | |||
virtual char* getValueStr() const; | |||
void setDefaultStr(const char* v); | |||
operator const char*() const; | |||
// getData() returns a copy of the data - it must be delete[]d by the |
@@ -105,10 +105,3 @@ CSecurity* SecurityClient::GetCSecurity(CConnection* cc, U32 secType) | |||
bail: | |||
throw Exception("Security type not supported"); | |||
} | |||
void SecurityClient::setDefaults() | |||
{ | |||
#ifdef HAVE_GNUTLS | |||
CSecurityTLS::setDefaults(); | |||
#endif | |||
} |
@@ -35,8 +35,6 @@ namespace rfb { | |||
/* Create client side CSecurity class instance */ | |||
CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); | |||
static void setDefaults(void); | |||
static StringParameter secTypes; | |||
}; | |||
@@ -45,8 +45,6 @@ | |||
#endif | |||
#include <rfb/Logger_stdio.h> | |||
#include <rfb/SecurityClient.h> | |||
#include <rfb/Security.h> | |||
#ifdef HAVE_GNUTLS | |||
#include <rfb/CSecurityTLS.h> | |||
#endif | |||
@@ -521,8 +519,6 @@ int main(int argc, char** argv) | |||
bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); | |||
textdomain(PACKAGE_NAME); | |||
rfb::SecurityClient::setDefaults(); | |||
// Write about text to console, still using normal locale codeset | |||
fprintf(stderr,"\n%s\n", about_text()); | |||
@@ -152,13 +152,13 @@ the server, you can specify it here to avoid typing it in. It will usually be | |||
.B \-X509CA \fIpath\fP | |||
Path to CA certificate to use when authenticating remote servers using any | |||
of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM | |||
format. Default is \fB$HOME/.vnc/x509_ca.pem\fP, if it exists. | |||
format. Default is \fB$HOME/.vnc/x509_ca.pem\fP. | |||
. | |||
.TP | |||
.B \-X509CRL \fIpath\fP | |||
Path to certificate revocation list to use in conjunction with | |||
\fB-X509CA\fP. Must also be in PEM format. Default is | |||
\fB$HOME/.vnc/x509_crl.pem\fP, if it exists. | |||
\fB$HOME/.vnc/x509_crl.pem\fP. | |||
. | |||
.TP | |||
.B \-Shared |