Let's avoid making this too complex and force every user to know about magical functions.tags/v1.11.90
*dirp = dir; | *dirp = dir; | ||||
return 0; | return 0; | ||||
} | } | ||||
int fileexists(char *file) | |||||
{ | |||||
#ifdef WIN32 | |||||
return (GetFileAttributes(file) == INVALID_FILE_ATTRIBUTES) ? -1 : 0; | |||||
#else | |||||
return access(file, R_OK); | |||||
#endif | |||||
} | |||||
*/ | */ | ||||
int getvnchomedir(char **dirp); | int getvnchomedir(char **dirp); | ||||
/* | |||||
* Check if the file exists | |||||
* | |||||
* Returns: | |||||
* 0 - Success | |||||
* -1 - Failure | |||||
*/ | |||||
int fileexists(char *file); | |||||
#endif /* OS_OS_H */ | #endif /* OS_OS_H */ |
using namespace rfb; | using namespace rfb; | ||||
StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", "", ConfViewer); | |||||
StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", "", ConfViewer); | |||||
static const char* homedirfn(const char* fn); | |||||
StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate", | |||||
homedirfn("x509_ca.pem"), | |||||
ConfViewer); | |||||
StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file", | |||||
homedirfn("x509_crl.pem"), | |||||
ConfViewer); | |||||
static LogWriter vlog("TLS"); | static LogWriter vlog("TLS"); | ||||
static const char* homedirfn(const char* fn) | |||||
{ | |||||
static char full_path[PATH_MAX]; | |||||
char* homedir = NULL; | |||||
if (getvnchomedir(&homedir) == -1) | |||||
return ""; | |||||
snprintf(full_path, sizeof(full_path), "%s%s", homedir, fn); | |||||
delete [] homedir; | |||||
return full_path; | |||||
} | |||||
CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | CSecurityTLS::CSecurityTLS(CConnection* cc, bool _anon) | ||||
: CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), | : CSecurity(cc), session(NULL), anon_cred(NULL), cert_cred(NULL), | ||||
anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) | anon(_anon), tlsis(NULL), tlsos(NULL), rawis(NULL), rawos(NULL) | ||||
throw AuthFailureException("gnutls_global_init failed"); | throw AuthFailureException("gnutls_global_init failed"); | ||||
} | } | ||||
void CSecurityTLS::setDefaults() | |||||
{ | |||||
char* homeDir = NULL; | |||||
if (getvnchomedir(&homeDir) == -1) { | |||||
vlog.error("Could not obtain VNC home directory path"); | |||||
return; | |||||
} | |||||
int len = strlen(homeDir) + 1; | |||||
CharArray caDefault(len + 11); | |||||
CharArray crlDefault(len + 12); | |||||
sprintf(caDefault.buf, "%sx509_ca.pem", homeDir); | |||||
sprintf(crlDefault.buf, "%s509_crl.pem", homeDir); | |||||
delete [] homeDir; | |||||
if (!fileexists(caDefault.buf)) | |||||
X509CA.setDefaultStr(caDefault.buf); | |||||
if (!fileexists(crlDefault.buf)) | |||||
X509CRL.setDefaultStr(crlDefault.buf); | |||||
} | |||||
void CSecurityTLS::shutdown() | void CSecurityTLS::shutdown() | ||||
{ | { | ||||
if (session) { | if (session) { |
virtual const char* description() const | virtual const char* description() const | ||||
{ return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | { return anon ? "TLS Encryption without VncAuth" : "X509 Encryption without VncAuth"; } | ||||
virtual bool isSecure() const { return !anon; } | virtual bool isSecure() const { return !anon; } | ||||
static void setDefaults(); | |||||
static StringParameter X509CA; | static StringParameter X509CA; | ||||
static StringParameter X509CRL; | static StringParameter X509CRL; |
strFree(def_value); | strFree(def_value); | ||||
} | } | ||||
void StringParameter::setDefaultStr(const char* v) { | |||||
strFree(def_value); | |||||
def_value = strDup(v); | |||||
strFree(value); | |||||
value = strDup(v); | |||||
} | |||||
bool StringParameter::setParam(const char* v) { | bool StringParameter::setParam(const char* v) { | ||||
LOCK_CONFIG; | LOCK_CONFIG; | ||||
if (immutable) return true; | if (immutable) return true; |
virtual bool setParam(const char* value); | virtual bool setParam(const char* value); | ||||
virtual char* getDefaultStr() const; | virtual char* getDefaultStr() const; | ||||
virtual char* getValueStr() const; | virtual char* getValueStr() const; | ||||
void setDefaultStr(const char* v); | |||||
operator const char*() const; | operator const char*() const; | ||||
// getData() returns a copy of the data - it must be delete[]d by the | // getData() returns a copy of the data - it must be delete[]d by the |
bail: | bail: | ||||
throw Exception("Security type not supported"); | throw Exception("Security type not supported"); | ||||
} | } | ||||
void SecurityClient::setDefaults() | |||||
{ | |||||
#ifdef HAVE_GNUTLS | |||||
CSecurityTLS::setDefaults(); | |||||
#endif | |||||
} |
/* Create client side CSecurity class instance */ | /* Create client side CSecurity class instance */ | ||||
CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); | CSecurity* GetCSecurity(CConnection* cc, rdr::U32 secType); | ||||
static void setDefaults(void); | |||||
static StringParameter secTypes; | static StringParameter secTypes; | ||||
}; | }; | ||||
#endif | #endif | ||||
#include <rfb/Logger_stdio.h> | #include <rfb/Logger_stdio.h> | ||||
#include <rfb/SecurityClient.h> | |||||
#include <rfb/Security.h> | |||||
#ifdef HAVE_GNUTLS | #ifdef HAVE_GNUTLS | ||||
#include <rfb/CSecurityTLS.h> | #include <rfb/CSecurityTLS.h> | ||||
#endif | #endif | ||||
bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); | bindtextdomain(PACKAGE_NAME, CMAKE_INSTALL_FULL_LOCALEDIR); | ||||
textdomain(PACKAGE_NAME); | textdomain(PACKAGE_NAME); | ||||
rfb::SecurityClient::setDefaults(); | |||||
// Write about text to console, still using normal locale codeset | // Write about text to console, still using normal locale codeset | ||||
fprintf(stderr,"\n%s\n", about_text()); | fprintf(stderr,"\n%s\n", about_text()); | ||||
.B \-X509CA \fIpath\fP | .B \-X509CA \fIpath\fP | ||||
Path to CA certificate to use when authenticating remote servers using any | Path to CA certificate to use when authenticating remote servers using any | ||||
of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM | of the X509 security schemes (X509None, X509Vnc, etc.). Must be in PEM | ||||
format. Default is \fB$HOME/.vnc/x509_ca.pem\fP, if it exists. | |||||
format. Default is \fB$HOME/.vnc/x509_ca.pem\fP. | |||||
. | . | ||||
.TP | .TP | ||||
.B \-X509CRL \fIpath\fP | .B \-X509CRL \fIpath\fP | ||||
Path to certificate revocation list to use in conjunction with | Path to certificate revocation list to use in conjunction with | ||||
\fB-X509CA\fP. Must also be in PEM format. Default is | \fB-X509CA\fP. Must also be in PEM format. Default is | ||||
\fB$HOME/.vnc/x509_crl.pem\fP, if it exists. | |||||
\fB$HOME/.vnc/x509_crl.pem\fP. | |||||
. | . | ||||
.TP | .TP | ||||
.B \-Shared | .B \-Shared |