Bladeren bron
Clean up default value for X509 parameters
Let's avoid making this too complex and force every user to know about magical functions.tags/v1.11.90
Pierre Ossman
3 jaren geleden
10 gewijzigde bestanden met toevoegingen van 25 en 68 verwijderingen
+ 0
- 11
common/os/os.cxx
Bestand weergeven
| *dirp = dir; | *dirp = dir; | ||||
| return 0; | return 0; | ||||
| } | } | ||||
| int fileexists(char *file) | |||||
| { | |||||
| #ifdef WIN32 | |||||
| return (GetFileAttributes(file) == INVALID_FILE_ATTRIBUTES) ? -1 : 0; | |||||
| #else | |||||
| return access(file, R_OK); | |||||
| #endif | |||||
| } | |||||
+ 0
- 9
common/os/os.h
Bestand weergeven
| */ | */ | ||||
| int getvnchomedir(char **dirp); | int getvnchomedir(char **dirp); | ||||
| /* | |||||
| * Check if the file exists | |||||
| * | |||||
| * Returns: | |||||
| * 0 - Success | |||||
| * -1 - Failure | |||||
| */ | |||||
| int fileexists(char *file); | |||||
| #endif /* OS_OS_H */ | #endif /* OS_OS_H */ |
+ 23
- 24
common/rfb/CSecurityTLS.cxx
Bestand weergeven
| using namespace rfb; | using namespace rfb; | ||||
| StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer); | |||||
| StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer); | |||||
| static const char* homedirfn(const char* fn); | |||||
| StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", | |||||
| homedirfn("x509_ca.pem"), | |||||
| ConfViewer); | |||||
| StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", | |||||
| homedirfn("x509_crl.pem"), | |||||
| ConfViewer); | |||||
| static LogWriter vlog("TLS"); | static LogWriter vlog("TLS"); | ||||
| static const char* homedirfn(const char* fn) | |||||
| { | |||||
| static char full_path[PATH_MAX]; | |||||
| char* homedir = NULL; | |||||
| if (getvnchomedir(&homedir) == -1) | |||||
| return ""; | |||||
| snprintf(full_path, sizeof(full_path), "%s%s", homedir, fn); | |||||
| delete [] homedir; | |||||
| return full_path; | |||||
| } | |||||
| CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | ||||
| : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), | : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), | ||||
| anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) | anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) | ||||
| throw AuthFailureException("gnutls_global_init failed"); | throw AuthFailureException("gnutls_global_init failed"); | ||||
| } | } | ||||
| void CSecurityTLS::setDefaults() | |||||
| { | |||||
| char* homeDir = NULL; | |||||
| if (getvnchomedir(&homeDir) == -1) { | |||||
| vlog.error("Could not obtain VNC home directory path"); | |||||
| return; | |||||
| } | |||||
| int len = strlen(homeDir) + 1; | |||||
| CharArray caDefault(len + 11); | |||||
| CharArray crlDefault(len + 12); | |||||
| sprintf(caDefault.buf, "%sx509_ca.pem", homeDir); | |||||
| sprintf(crlDefault.buf, "%s509_crl.pem", homeDir); | |||||
| delete [] homeDir; | |||||
| if (!fileexists(caDefault.buf)) | |||||
| X509CA.setDefaultStr(caDefault.buf); | |||||
| if (!fileexists(crlDefault.buf)) | |||||
| X509CRL.setDefaultStr(crlDefault.buf); | |||||
| } | |||||
| void CSecurityTLS::shutdown() | void CSecurityTLS::shutdown() | ||||
| { | { | ||||
| if (session) { | if (session) { |
+ 0
- 1
common/rfb/CSecurityTLS.h
Bestand weergeven
| virtual const char* description() const | virtual const char* description() const | ||||
| { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | ||||
| virtual bool isSecure() const { return !anon; } | virtual bool isSecure() const { return !anon; } | ||||
| static void setDefaults(); | |||||
| static StringParameter X509CA; | static StringParameter X509CA; | ||||
| static StringParameter X509CRL; | static StringParameter X509CRL; |
+ 0
- 7
common/rfb/Configuration.cxx
Bestand weergeven
| strFree(def_value); | strFree(def_value); | ||||
| } | } | ||||
| void StringParameter::setDefaultStr(const char* v) { | |||||
| strFree(def_value); | |||||
| def_value = strDup(v); | |||||
| strFree(value); | |||||
| value = strDup(v); | |||||
| } | |||||
| bool StringParameter::setParam(const char* v) { | bool StringParameter::setParam(const char* v) { | ||||
| LOCK_CONFIG; | LOCK_CONFIG; | ||||
| if (immutable) return true; | if (immutable) return true; |
+ 0
- 1
common/rfb/Configuration.h
Bestand weergeven
| virtual bool setParam(const char* value); | virtual bool setParam(const char* value); | ||||
| virtual char* getDefaultStr() const; | virtual char* getDefaultStr() const; | ||||
| virtual char* getValueStr() const; | virtual char* getValueStr() const; | ||||
| void setDefaultStr(const char* v); | |||||
| operator const char*() const; | operator const char*() const; | ||||
| // getData() returns a copy of the data - it must be delete[]d by the | // getData() returns a copy of the data - it must be delete[]d by the |
+ 0
- 7
common/rfb/SecurityClient.cxx
Bestand weergeven
| bail: | bail: | ||||
| throw Exception("Security type not supported"); | throw Exception("Security type not supported"); | ||||
| } | } | ||||
| void SecurityClient::setDefaults() | |||||
| { | |||||
| #ifdef HAVE_GNUTLS | |||||
| CSecurityTLS::setDefaults(); | |||||
| #endif | |||||
| } |
+ 0
- 2
common/rfb/SecurityClient.h
Bestand weergeven
| /* Create client side CSecurity class instance */ | /* Create client side CSecurity class instance */ | ||||
| CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); | CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); | ||||
| static void setDefaults(void); | |||||
| static StringParameter secTypes; | static StringParameter secTypes; | ||||
| }; | }; | ||||
+ 0
- 4
vncviewer/vncviewer.cxx
Bestand weergeven
| #endif | #endif | ||||
| #include <rfb/Logger_stdio.h> | #include <rfb/Logger_stdio.h> | ||||
| #include <rfb/SecurityClient.h> | |||||
| #include <rfb/Security.h> | |||||
| #ifdef HAVE_GNUTLS | #ifdef HAVE_GNUTLS | ||||
| #include <rfb/CSecurityTLS.h> | #include <rfb/CSecurityTLS.h> | ||||
| #endif | #endif | ||||
| bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); | bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); | ||||
| textdomain(PACKAGE_NAME); | textdomain(PACKAGE_NAME); | ||||
| rfb::SecurityClient::setDefaults(); | |||||
| // Write about text to console, still using normal locale codeset | // Write about text to console, still using normal locale codeset | ||||
| fprintf(stderr,"\n%s\n", about_text()); | fprintf(stderr,"\n%s\n", about_text()); | ||||
+ 2
- 2
vncviewer/vncviewer.man
Bestand weergeven
| .B \-X509CA \fIpath\fP | .B \-X509CA \fIpath\fP | ||||
| Path to CA certificate to use when authenticating remote servers using any | Path to CA certificate to use when authenticating remote servers using any | ||||
| of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM | of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM | ||||
| format. Default is \fB$HOME/.vnc/x509_ca.pem\fP, if it exists. | |||||
| format. Default is \fB$HOME/.vnc/x509_ca.pem\fP. | |||||
| . | . | ||||
| .TP | .TP | ||||
| .B \-X509CRL \fIpath\fP | .B \-X509CRL \fIpath\fP | ||||
| Path to certificate revocation list to use in conjunction with | Path to certificate revocation list to use in conjunction with | ||||
| \fB-X509CA\fP. Must also be in PEM format. Default is | \fB-X509CA\fP. Must also be in PEM format. Default is | ||||
| \fB$HOME/.vnc/x509_crl.pem\fP, if it exists. | |||||
| \fB$HOME/.vnc/x509_crl.pem\fP. | |||||
| . | . | ||||
| .TP | .TP | ||||
| .B \-Shared | .B \-Shared |
Laden…