GUACAMOLE-514: Write x509 authentication factors to temp files.

2019-08-04 18:35:23 -04:00 · 2019-08-04 18:35:23 -04:00 · 88425160ae
commit 88425160ae
parent b9001f4ec7
3 changed files with 83 additions and 11 deletions
--- a/src/protocols/vnc/auth.c
+++ b/src/protocols/vnc/auth.c
@ -34,18 +34,49 @@ char* guac_vnc_get_password(rfbClient* client) {
 rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
    guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
    rfbCredential *creds = malloc(sizeof(rfbCredential));
+    guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings;
    
    if (credentialType == rfbCredentialTypeUser) {
-        creds->userCredential.username = ((guac_vnc_client*) gc->data)->settings->username;
-        creds->userCredential.password = ((guac_vnc_client*) gc->data)->settings->password;
+        creds->userCredential.username = settings->username;
+        creds->userCredential.password = settings->password;
        return creds;
    }
    
    else if (credentialType == rfbCredentialTypeX509) {
-        creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) gc->data)->settings->client_cert;
-        creds->x509Credential.x509ClientKeyFile = ((guac_vnc_client*) gc->data)->settings->client_key;
-        creds->x509Credential.x509CACertFile = ((guac_vnc_client*) gc->data)->settings->ca_cert;
-        creds->x509Credential.x509CACrlFile = ((guac_vnc_client*) gc->data)->settings->ca_crl;        
+        char* template = "guac_XXXXXX";
+        
+        if (settings->client_cert != NULL) {
+            settings->client_cert_temp = strdup(template);
+            int cert_fd = mkstemp(settings->client_cert_temp);
+            write(cert_fd, settings->client_cert, strlen(settings->client_cert));
+            close(cert_fd);
+            creds->x509Credential.x509ClientCertFile = settings->client_cert_temp;
+        }
+        
+        if (settings->client_key != NULL) {
+            settings->client_key_temp = strdup(template);
+            int key_fd = mkstemp(settings->client_key_temp);
+            write(key_fd, settings->client_key, strlen(settings->client_key));
+            close(key_fd);
+            creds->x509Credential.x509ClientKeyFile = settings->client_key_temp;
+        }
+        
+        if (settings->ca_cert != NULL) {
+            settings->ca_cert_temp = strdup(template);
+            int ca_fd = mkstemp(settings->ca_cert_temp);
+            write(ca_fd, settings->ca_cert, strlen(settings->ca_cert));
+            close(ca_fd);
+            creds->x509Credential.x509CACertFile = settings->ca_cert_temp;
+        }
+        
+        if (settings->ca_crl != NULL) {
+            settings->ca_crl_temp = strdup(template);
+            int crl_fd = mkstemp(settings->ca_crl_temp);
+            write(crl_fd, settings->ca_crl, strlen(settings->ca_crl));
+            close(crl_fd);
+            creds->x509Credential.x509CACrlFile = settings->ca_crl_temp;
+        }
+        
        return creds;
    }
    
--- a/src/protocols/vnc/settings.c
+++ b/src/protocols/vnc/settings.c
@ -28,6 +28,7 @@
 #include <stdlib.h>
 #include <string.h>
 #include <time.h>
+#include <unistd.h>

 /* Client plugin arguments */
 const char* GUAC_VNC_CLIENT_ARGS[] = {
@ -586,6 +587,26 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) {
    free(settings->client_key);
    free(settings->ca_cert);
    free(settings->ca_crl);
+    
+    if (settings->client_cert_temp != NULL) {
+        unlink(settings->client_cert_temp);
+        free(settings->client_cert_temp);
+    }
+    
+    if (settings->client_key_temp != NULL) {
+        unlink(settings->client_key_temp);
+        free(settings->client_key_temp);
+    }
+    
+    if (settings->ca_cert_temp != NULL) {
+        unlink(settings->ca_cert_temp);
+        free(settings->ca_cert_temp);
+    }
+    
+    if (settings->ca_crl_temp != NULL) {
+        unlink(settings->ca_crl_temp);
+        free(settings->ca_crl_temp);
+    }

 #ifdef ENABLE_VNC_REPEATER
    /* Free VNC repeater settings */
--- a/src/protocols/vnc/settings.h
+++ b/src/protocols/vnc/settings.h
@ -56,25 +56,45 @@ typedef struct guac_vnc_settings {
    char* password;
    
    /**
-     * The client certificate to use for authentication.
+     * The contents of the client certificate to use for authentication.
     */
    char* client_cert;
    
    /**
-     * The client private key to use for authentication.
+     * The location of the temporary client certificate file.
+     */
+    char* client_cert_temp;
+    
+    /**
+     * The contents of the client private key to use for authentication.
     */
    char* client_key;
    
    /**
-     * The CA certificate file to use for authentication.
+     * The location of the temporary client key file.
+     */
+    char* client_key_temp;
+    
+    /**
+     * The contents of the CA certificate file to use for authentication.
     */
    char* ca_cert;
    
    /**
-     * The CA CRL location to use for checking for revoked certificates during
-     * authentication.
+     * The location of the temporary CA file.
+     */
+    char* ca_cert_temp;
+    
+    /**
+     * The contents of the CA CRL location to use for checking for revoked
+     * certificates during authentication.
     */
    char* ca_crl;
+    
+    /**
+     * The location of the temporary CRL file.
+     */
+    char* ca_crl_temp;

    /**
     * Space-separated list of encodings to use within the VNC session.