diff --git a/src/protocols/vnc/auth.c b/src/protocols/vnc/auth.c index f0b2ed5c..72f60bd1 100644 --- a/src/protocols/vnc/auth.c +++ b/src/protocols/vnc/auth.c @@ -33,54 +33,17 @@ char* guac_vnc_get_password(rfbClient* client) { rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) { guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY); - rfbCredential *creds = malloc(sizeof(rfbCredential)); guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings; if (credentialType == rfbCredentialTypeUser) { + rfbCredential *creds = malloc(sizeof(rfbCredential)); creds->userCredential.username = settings->username; creds->userCredential.password = settings->password; return creds; } - else if (credentialType == rfbCredentialTypeX509) { - char* template = "guac_XXXXXX"; - - if (settings->client_cert != NULL) { - settings->client_cert_temp = strdup(template); - int cert_fd = mkstemp(settings->client_cert_temp); - write(cert_fd, settings->client_cert, strlen(settings->client_cert)); - close(cert_fd); - creds->x509Credential.x509ClientCertFile = settings->client_cert_temp; - } - - if (settings->client_key != NULL) { - settings->client_key_temp = strdup(template); - int key_fd = mkstemp(settings->client_key_temp); - write(key_fd, settings->client_key, strlen(settings->client_key)); - close(key_fd); - creds->x509Credential.x509ClientKeyFile = settings->client_key_temp; - } - - if (settings->ca_cert != NULL) { - settings->ca_cert_temp = strdup(template); - int ca_fd = mkstemp(settings->ca_cert_temp); - write(ca_fd, settings->ca_cert, strlen(settings->ca_cert)); - close(ca_fd); - creds->x509Credential.x509CACertFile = settings->ca_cert_temp; - } - - if (settings->ca_crl != NULL) { - settings->ca_crl_temp = strdup(template); - int crl_fd = mkstemp(settings->ca_crl_temp); - write(crl_fd, settings->ca_crl, strlen(settings->ca_crl)); - close(crl_fd); - creds->x509Credential.x509CACrlFile = settings->ca_crl_temp; - } - - return creds; - } - - guac_client_log(gc, GUAC_LOG_ERROR, "Unknown credential type requested."); + guac_client_log(gc, GUAC_LOG_ERROR, + "Unsupported credential type requested."); return NULL; } diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c index a38aac6e..21f64057 100644 --- a/src/protocols/vnc/settings.c +++ b/src/protocols/vnc/settings.c @@ -28,7 +28,6 @@ #include #include #include -#include /* Client plugin arguments */ const char* GUAC_VNC_CLIENT_ARGS[] = { @@ -38,10 +37,6 @@ const char* GUAC_VNC_CLIENT_ARGS[] = { "encodings", "username", "password", - "client-cert", - "client-key", - "ca-cert", - "ca-crl", "swap-red-blue", "color-depth", "cursor", @@ -123,28 +118,6 @@ enum VNC_ARGS_IDX { * The password to send to the VNC server if authentication is requested. */ IDX_PASSWORD, - - /** - * The client certificate to send to the VNC server if x509 authentication - * is being used. - */ - IDX_CLIENT_CERT, - - /** - * The client private key to send to the VNC server if x509 authentication - * is being used. - */ - IDX_CLIENT_KEY, - - /** - * The CA certificate to use when performing x509 authentication. - */ - IDX_CA_CERT, - - /** - * The location of the CA CRL to use when performing x509 authentication. - */ - IDX_CA_CRL, /** * "true" if the red and blue components of each color should be swapped, @@ -377,22 +350,6 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user, settings->password = guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */ - - settings->client_cert = - guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, - IDX_CLIENT_CERT, NULL); - - settings->client_key = - guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, - IDX_CLIENT_KEY, NULL); - - settings->ca_cert = - guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, - IDX_CA_CERT, NULL); - - settings->ca_crl = - guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, - IDX_CA_CRL, NULL); /* Remote cursor */ if (strcmp(argv[IDX_CURSOR], "remote") == 0) { @@ -583,30 +540,6 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) { free(settings->hostname); free(settings->recording_name); free(settings->recording_path); - free(settings->client_cert); - free(settings->client_key); - free(settings->ca_cert); - free(settings->ca_crl); - - if (settings->client_cert_temp != NULL) { - unlink(settings->client_cert_temp); - free(settings->client_cert_temp); - } - - if (settings->client_key_temp != NULL) { - unlink(settings->client_key_temp); - free(settings->client_key_temp); - } - - if (settings->ca_cert_temp != NULL) { - unlink(settings->ca_cert_temp); - free(settings->ca_cert_temp); - } - - if (settings->ca_crl_temp != NULL) { - unlink(settings->ca_crl_temp); - free(settings->ca_crl_temp); - } #ifdef ENABLE_VNC_REPEATER /* Free VNC repeater settings */ diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h index 18570b0b..34c08ec9 100644 --- a/src/protocols/vnc/settings.h +++ b/src/protocols/vnc/settings.h @@ -54,47 +54,6 @@ typedef struct guac_vnc_settings { * The password given in the arguments. */ char* password; - - /** - * The contents of the client certificate to use for authentication. - */ - char* client_cert; - - /** - * The location of the temporary client certificate file. - */ - char* client_cert_temp; - - /** - * The contents of the client private key to use for authentication. - */ - char* client_key; - - /** - * The location of the temporary client key file. - */ - char* client_key_temp; - - /** - * The contents of the CA certificate file to use for authentication. - */ - char* ca_cert; - - /** - * The location of the temporary CA file. - */ - char* ca_cert_temp; - - /** - * The contents of the CA CRL location to use for checking for revoked - * certificates during authentication. - */ - char* ca_crl; - - /** - * The location of the temporary CRL file. - */ - char* ca_crl_temp; /** * Space-separated list of encodings to use within the VNC session.