GUACAMOLE-514: Write x509 authentication factors to temp files.
This commit is contained in:
parent
b9001f4ec7
commit
88425160ae
@ -34,18 +34,49 @@ char* guac_vnc_get_password(rfbClient* client) {
|
|||||||
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
|
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
|
||||||
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
|
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
|
||||||
rfbCredential *creds = malloc(sizeof(rfbCredential));
|
rfbCredential *creds = malloc(sizeof(rfbCredential));
|
||||||
|
guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings;
|
||||||
|
|
||||||
if (credentialType == rfbCredentialTypeUser) {
|
if (credentialType == rfbCredentialTypeUser) {
|
||||||
creds->userCredential.username = ((guac_vnc_client*) gc->data)->settings->username;
|
creds->userCredential.username = settings->username;
|
||||||
creds->userCredential.password = ((guac_vnc_client*) gc->data)->settings->password;
|
creds->userCredential.password = settings->password;
|
||||||
return creds;
|
return creds;
|
||||||
}
|
}
|
||||||
|
|
||||||
else if (credentialType == rfbCredentialTypeX509) {
|
else if (credentialType == rfbCredentialTypeX509) {
|
||||||
creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) gc->data)->settings->client_cert;
|
char* template = "guac_XXXXXX";
|
||||||
creds->x509Credential.x509ClientKeyFile = ((guac_vnc_client*) gc->data)->settings->client_key;
|
|
||||||
creds->x509Credential.x509CACertFile = ((guac_vnc_client*) gc->data)->settings->ca_cert;
|
if (settings->client_cert != NULL) {
|
||||||
creds->x509Credential.x509CACrlFile = ((guac_vnc_client*) gc->data)->settings->ca_crl;
|
settings->client_cert_temp = strdup(template);
|
||||||
|
int cert_fd = mkstemp(settings->client_cert_temp);
|
||||||
|
write(cert_fd, settings->client_cert, strlen(settings->client_cert));
|
||||||
|
close(cert_fd);
|
||||||
|
creds->x509Credential.x509ClientCertFile = settings->client_cert_temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->client_key != NULL) {
|
||||||
|
settings->client_key_temp = strdup(template);
|
||||||
|
int key_fd = mkstemp(settings->client_key_temp);
|
||||||
|
write(key_fd, settings->client_key, strlen(settings->client_key));
|
||||||
|
close(key_fd);
|
||||||
|
creds->x509Credential.x509ClientKeyFile = settings->client_key_temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->ca_cert != NULL) {
|
||||||
|
settings->ca_cert_temp = strdup(template);
|
||||||
|
int ca_fd = mkstemp(settings->ca_cert_temp);
|
||||||
|
write(ca_fd, settings->ca_cert, strlen(settings->ca_cert));
|
||||||
|
close(ca_fd);
|
||||||
|
creds->x509Credential.x509CACertFile = settings->ca_cert_temp;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->ca_crl != NULL) {
|
||||||
|
settings->ca_crl_temp = strdup(template);
|
||||||
|
int crl_fd = mkstemp(settings->ca_crl_temp);
|
||||||
|
write(crl_fd, settings->ca_crl, strlen(settings->ca_crl));
|
||||||
|
close(crl_fd);
|
||||||
|
creds->x509Credential.x509CACrlFile = settings->ca_crl_temp;
|
||||||
|
}
|
||||||
|
|
||||||
return creds;
|
return creds;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -28,6 +28,7 @@
|
|||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <time.h>
|
#include <time.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
/* Client plugin arguments */
|
/* Client plugin arguments */
|
||||||
const char* GUAC_VNC_CLIENT_ARGS[] = {
|
const char* GUAC_VNC_CLIENT_ARGS[] = {
|
||||||
@ -586,6 +587,26 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) {
|
|||||||
free(settings->client_key);
|
free(settings->client_key);
|
||||||
free(settings->ca_cert);
|
free(settings->ca_cert);
|
||||||
free(settings->ca_crl);
|
free(settings->ca_crl);
|
||||||
|
|
||||||
|
if (settings->client_cert_temp != NULL) {
|
||||||
|
unlink(settings->client_cert_temp);
|
||||||
|
free(settings->client_cert_temp);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->client_key_temp != NULL) {
|
||||||
|
unlink(settings->client_key_temp);
|
||||||
|
free(settings->client_key_temp);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->ca_cert_temp != NULL) {
|
||||||
|
unlink(settings->ca_cert_temp);
|
||||||
|
free(settings->ca_cert_temp);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (settings->ca_crl_temp != NULL) {
|
||||||
|
unlink(settings->ca_crl_temp);
|
||||||
|
free(settings->ca_crl_temp);
|
||||||
|
}
|
||||||
|
|
||||||
#ifdef ENABLE_VNC_REPEATER
|
#ifdef ENABLE_VNC_REPEATER
|
||||||
/* Free VNC repeater settings */
|
/* Free VNC repeater settings */
|
||||||
|
@ -56,25 +56,45 @@ typedef struct guac_vnc_settings {
|
|||||||
char* password;
|
char* password;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The client certificate to use for authentication.
|
* The contents of the client certificate to use for authentication.
|
||||||
*/
|
*/
|
||||||
char* client_cert;
|
char* client_cert;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The client private key to use for authentication.
|
* The location of the temporary client certificate file.
|
||||||
|
*/
|
||||||
|
char* client_cert_temp;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The contents of the client private key to use for authentication.
|
||||||
*/
|
*/
|
||||||
char* client_key;
|
char* client_key;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The CA certificate file to use for authentication.
|
* The location of the temporary client key file.
|
||||||
|
*/
|
||||||
|
char* client_key_temp;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The contents of the CA certificate file to use for authentication.
|
||||||
*/
|
*/
|
||||||
char* ca_cert;
|
char* ca_cert;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The CA CRL location to use for checking for revoked certificates during
|
* The location of the temporary CA file.
|
||||||
* authentication.
|
*/
|
||||||
|
char* ca_cert_temp;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The contents of the CA CRL location to use for checking for revoked
|
||||||
|
* certificates during authentication.
|
||||||
*/
|
*/
|
||||||
char* ca_crl;
|
char* ca_crl;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The location of the temporary CRL file.
|
||||||
|
*/
|
||||||
|
char* ca_crl_temp;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Space-separated list of encodings to use within the VNC session.
|
* Space-separated list of encodings to use within the VNC session.
|
||||||
|
Loading…
Reference in New Issue
Block a user