maride/guacamole-spice-protocol
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

GUACAMOLE-514: Remove x509 support.

Browse Source
This commit is contained in:
Nick Couchman 2019-08-08 16:19:01 -04:00
parent 88425160ae
commit f21621e677
3 changed files with 3 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/protocols/vnc/auth.c
View File

@ -33,54 +33,17 @@ char* guac_vnc_get_password(rfbClient* client) {
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) { rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY); guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
rfbCredential *creds = malloc(sizeof(rfbCredential));
guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings; guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings;
if (credentialType == rfbCredentialTypeUser) { if (credentialType == rfbCredentialTypeUser) {
rfbCredential *creds = malloc(sizeof(rfbCredential));
creds->userCredential.username = settings->username; creds->userCredential.username = settings->username;
creds->userCredential.password = settings->password; creds->userCredential.password = settings->password;
return creds; return creds;
} }
else if (credentialType == rfbCredentialTypeX509) { guac_client_log(gc, GUAC_LOG_ERROR,
char* template = "guac_XXXXXX"; "Unsupported credential type requested.");
if (settings->client_cert != NULL) {
settings->client_cert_temp = strdup(template);
int cert_fd = mkstemp(settings->client_cert_temp);
write(cert_fd, settings->client_cert, strlen(settings->client_cert));
close(cert_fd);
creds->x509Credential.x509ClientCertFile = settings->client_cert_temp;
}
if (settings->client_key != NULL) {
settings->client_key_temp = strdup(template);
int key_fd = mkstemp(settings->client_key_temp);
write(key_fd, settings->client_key, strlen(settings->client_key));
close(key_fd);
creds->x509Credential.x509ClientKeyFile = settings->client_key_temp;
}
if (settings->ca_cert != NULL) {
settings->ca_cert_temp = strdup(template);
int ca_fd = mkstemp(settings->ca_cert_temp);
write(ca_fd, settings->ca_cert, strlen(settings->ca_cert));
close(ca_fd);
creds->x509Credential.x509CACertFile = settings->ca_cert_temp;
}
if (settings->ca_crl != NULL) {
settings->ca_crl_temp = strdup(template);
int crl_fd = mkstemp(settings->ca_crl_temp);
write(crl_fd, settings->ca_crl, strlen(settings->ca_crl));
close(crl_fd);
creds->x509Credential.x509CACrlFile = settings->ca_crl_temp;
}
return creds;
}
guac_client_log(gc, GUAC_LOG_ERROR, "Unknown credential type requested.");
return NULL; return NULL;
} }

67
src/protocols/vnc/settings.c
View File

@ -28,7 +28,6 @@
#include <stdlib.h> #include <stdlib.h>
#include <string.h> #include <string.h>
#include <time.h> #include <time.h>
#include <unistd.h>
/* Client plugin arguments */ /* Client plugin arguments */
const char* GUAC_VNC_CLIENT_ARGS[] = { const char* GUAC_VNC_CLIENT_ARGS[] = {
@ -38,10 +37,6 @@ const char* GUAC_VNC_CLIENT_ARGS[] = {
"encodings", "encodings",
"username", "username",
"password", "password",
"client-cert",
"client-key",
"ca-cert",
"ca-crl",
"swap-red-blue", "swap-red-blue",
"color-depth", "color-depth",
"cursor", "cursor",
@ -123,28 +118,6 @@ enum VNC_ARGS_IDX {
* The password to send to the VNC server if authentication is requested. * The password to send to the VNC server if authentication is requested.
*/ */
IDX_PASSWORD, IDX_PASSWORD,
/**
* The client certificate to send to the VNC server if x509 authentication
* is being used.
*/
IDX_CLIENT_CERT,
/**
* The client private key to send to the VNC server if x509 authentication
* is being used.
*/
IDX_CLIENT_KEY,
/**
* The CA certificate to use when performing x509 authentication.
*/
IDX_CA_CERT,
/**
* The location of the CA CRL to use when performing x509 authentication.
*/
IDX_CA_CRL,
/** /**
* "true" if the red and blue components of each color should be swapped, * "true" if the red and blue components of each color should be swapped,
@ -377,22 +350,6 @@ guac_vnc_settings* guac_vnc_parse_args(guac_user* user,
settings->password = settings->password =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv, guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */ IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */
settings->client_cert =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_CLIENT_CERT, NULL);
settings->client_key =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_CLIENT_KEY, NULL);
settings->ca_cert =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_CA_CERT, NULL);
settings->ca_crl =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_CA_CRL, NULL);
/* Remote cursor */ /* Remote cursor */
if (strcmp(argv[IDX_CURSOR], "remote") == 0) { if (strcmp(argv[IDX_CURSOR], "remote") == 0) {
@ -583,30 +540,6 @@ void guac_vnc_settings_free(guac_vnc_settings* settings) {
free(settings->hostname); free(settings->hostname);
free(settings->recording_name); free(settings->recording_name);
free(settings->recording_path); free(settings->recording_path);
free(settings->client_cert);
free(settings->client_key);
free(settings->ca_cert);
free(settings->ca_crl);
if (settings->client_cert_temp != NULL) {
unlink(settings->client_cert_temp);
free(settings->client_cert_temp);
}
if (settings->client_key_temp != NULL) {
unlink(settings->client_key_temp);
free(settings->client_key_temp);
}
if (settings->ca_cert_temp != NULL) {
unlink(settings->ca_cert_temp);
free(settings->ca_cert_temp);
}
if (settings->ca_crl_temp != NULL) {
unlink(settings->ca_crl_temp);
free(settings->ca_crl_temp);
}
#ifdef ENABLE_VNC_REPEATER #ifdef ENABLE_VNC_REPEATER
/* Free VNC repeater settings */ /* Free VNC repeater settings */

41
src/protocols/vnc/settings.h
View File

@ -54,47 +54,6 @@ typedef struct guac_vnc_settings {
* The password given in the arguments. * The password given in the arguments.
*/ */
char* password; char* password;
/**
* The contents of the client certificate to use for authentication.
*/
char* client_cert;
/**
* The location of the temporary client certificate file.
*/
char* client_cert_temp;
/**
* The contents of the client private key to use for authentication.
*/
char* client_key;
/**
* The location of the temporary client key file.
*/
char* client_key_temp;
/**
* The contents of the CA certificate file to use for authentication.
*/
char* ca_cert;
/**
* The location of the temporary CA file.
*/
char* ca_cert_temp;
/**
* The contents of the CA CRL location to use for checking for revoked
* certificates during authentication.
*/
char* ca_crl;
/**
* The location of the temporary CRL file.
*/
char* ca_crl_temp;
/** /**
* Space-separated list of encodings to use within the VNC session. * Space-separated list of encodings to use within the VNC session.