GUACAMOLE-514: Write x509 authentication factors to temp files.
diff --git a/src/protocols/vnc/auth.c b/src/protocols/vnc/auth.c
index 95ce7b8..f0b2ed5 100644
--- a/src/protocols/vnc/auth.c
+++ b/src/protocols/vnc/auth.c
@@ -34,18 +34,49 @@
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
rfbCredential *creds = malloc(sizeof(rfbCredential));
+ guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings;
if (credentialType == rfbCredentialTypeUser) {
- creds->userCredential.username = ((guac_vnc_client*) gc->data)->settings->username;
- creds->userCredential.password = ((guac_vnc_client*) gc->data)->settings->password;
+ creds->userCredential.username = settings->username;
+ creds->userCredential.password = settings->password;
return creds;
}
else if (credentialType == rfbCredentialTypeX509) {
- creds->x509Credential.x509ClientCertFile = ((guac_vnc_client*) gc->data)->settings->client_cert;
- creds->x509Credential.x509ClientKeyFile = ((guac_vnc_client*) gc->data)->settings->client_key;
- creds->x509Credential.x509CACertFile = ((guac_vnc_client*) gc->data)->settings->ca_cert;
- creds->x509Credential.x509CACrlFile = ((guac_vnc_client*) gc->data)->settings->ca_crl;
+ char* template = "guac_XXXXXX";
+
+ if (settings->client_cert != NULL) {
+ settings->client_cert_temp = strdup(template);
+ int cert_fd = mkstemp(settings->client_cert_temp);
+ write(cert_fd, settings->client_cert, strlen(settings->client_cert));
+ close(cert_fd);
+ creds->x509Credential.x509ClientCertFile = settings->client_cert_temp;
+ }
+
+ if (settings->client_key != NULL) {
+ settings->client_key_temp = strdup(template);
+ int key_fd = mkstemp(settings->client_key_temp);
+ write(key_fd, settings->client_key, strlen(settings->client_key));
+ close(key_fd);
+ creds->x509Credential.x509ClientKeyFile = settings->client_key_temp;
+ }
+
+ if (settings->ca_cert != NULL) {
+ settings->ca_cert_temp = strdup(template);
+ int ca_fd = mkstemp(settings->ca_cert_temp);
+ write(ca_fd, settings->ca_cert, strlen(settings->ca_cert));
+ close(ca_fd);
+ creds->x509Credential.x509CACertFile = settings->ca_cert_temp;
+ }
+
+ if (settings->ca_crl != NULL) {
+ settings->ca_crl_temp = strdup(template);
+ int crl_fd = mkstemp(settings->ca_crl_temp);
+ write(crl_fd, settings->ca_crl, strlen(settings->ca_crl));
+ close(crl_fd);
+ creds->x509Credential.x509CACrlFile = settings->ca_crl_temp;
+ }
+
return creds;
}
diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c
index 24f1ff6..a38aac6 100644
--- a/src/protocols/vnc/settings.c
+++ b/src/protocols/vnc/settings.c
@@ -28,6 +28,7 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
+#include <unistd.h>
/* Client plugin arguments */
const char* GUAC_VNC_CLIENT_ARGS[] = {
@@ -586,6 +587,26 @@
free(settings->client_key);
free(settings->ca_cert);
free(settings->ca_crl);
+
+ if (settings->client_cert_temp != NULL) {
+ unlink(settings->client_cert_temp);
+ free(settings->client_cert_temp);
+ }
+
+ if (settings->client_key_temp != NULL) {
+ unlink(settings->client_key_temp);
+ free(settings->client_key_temp);
+ }
+
+ if (settings->ca_cert_temp != NULL) {
+ unlink(settings->ca_cert_temp);
+ free(settings->ca_cert_temp);
+ }
+
+ if (settings->ca_crl_temp != NULL) {
+ unlink(settings->ca_crl_temp);
+ free(settings->ca_crl_temp);
+ }
#ifdef ENABLE_VNC_REPEATER
/* Free VNC repeater settings */
diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h
index 078f7f0..18570b0 100644
--- a/src/protocols/vnc/settings.h
+++ b/src/protocols/vnc/settings.h
@@ -56,25 +56,45 @@
char* password;
/**
- * The client certificate to use for authentication.
+ * The contents of the client certificate to use for authentication.
*/
char* client_cert;
/**
- * The client private key to use for authentication.
+ * The location of the temporary client certificate file.
+ */
+ char* client_cert_temp;
+
+ /**
+ * The contents of the client private key to use for authentication.
*/
char* client_key;
/**
- * The CA certificate file to use for authentication.
+ * The location of the temporary client key file.
+ */
+ char* client_key_temp;
+
+ /**
+ * The contents of the CA certificate file to use for authentication.
*/
char* ca_cert;
/**
- * The CA CRL location to use for checking for revoked certificates during
- * authentication.
+ * The location of the temporary CA file.
+ */
+ char* ca_cert_temp;
+
+ /**
+ * The contents of the CA CRL location to use for checking for revoked
+ * certificates during authentication.
*/
char* ca_crl;
+
+ /**
+ * The location of the temporary CRL file.
+ */
+ char* ca_crl_temp;
/**
* Space-separated list of encodings to use within the VNC session.
