GUACAMOLE-514: Remove x509 support.
diff --git a/src/protocols/vnc/auth.c b/src/protocols/vnc/auth.c
index f0b2ed5..72f60bd 100644
--- a/src/protocols/vnc/auth.c
+++ b/src/protocols/vnc/auth.c
@@ -33,54 +33,17 @@
rfbCredential* guac_vnc_get_credentials(rfbClient* client, int credentialType) {
guac_client* gc = rfbClientGetClientData(client, GUAC_VNC_CLIENT_KEY);
- rfbCredential *creds = malloc(sizeof(rfbCredential));
guac_vnc_settings* settings = ((guac_vnc_client*) gc->data)->settings;
if (credentialType == rfbCredentialTypeUser) {
+ rfbCredential *creds = malloc(sizeof(rfbCredential));
creds->userCredential.username = settings->username;
creds->userCredential.password = settings->password;
return creds;
}
- else if (credentialType == rfbCredentialTypeX509) {
- char* template = "guac_XXXXXX";
-
- if (settings->client_cert != NULL) {
- settings->client_cert_temp = strdup(template);
- int cert_fd = mkstemp(settings->client_cert_temp);
- write(cert_fd, settings->client_cert, strlen(settings->client_cert));
- close(cert_fd);
- creds->x509Credential.x509ClientCertFile = settings->client_cert_temp;
- }
-
- if (settings->client_key != NULL) {
- settings->client_key_temp = strdup(template);
- int key_fd = mkstemp(settings->client_key_temp);
- write(key_fd, settings->client_key, strlen(settings->client_key));
- close(key_fd);
- creds->x509Credential.x509ClientKeyFile = settings->client_key_temp;
- }
-
- if (settings->ca_cert != NULL) {
- settings->ca_cert_temp = strdup(template);
- int ca_fd = mkstemp(settings->ca_cert_temp);
- write(ca_fd, settings->ca_cert, strlen(settings->ca_cert));
- close(ca_fd);
- creds->x509Credential.x509CACertFile = settings->ca_cert_temp;
- }
-
- if (settings->ca_crl != NULL) {
- settings->ca_crl_temp = strdup(template);
- int crl_fd = mkstemp(settings->ca_crl_temp);
- write(crl_fd, settings->ca_crl, strlen(settings->ca_crl));
- close(crl_fd);
- creds->x509Credential.x509CACrlFile = settings->ca_crl_temp;
- }
-
- return creds;
- }
-
- guac_client_log(gc, GUAC_LOG_ERROR, "Unknown credential type requested.");
+ guac_client_log(gc, GUAC_LOG_ERROR,
+ "Unsupported credential type requested.");
return NULL;
}
diff --git a/src/protocols/vnc/settings.c b/src/protocols/vnc/settings.c
index a38aac6..21f6405 100644
--- a/src/protocols/vnc/settings.c
+++ b/src/protocols/vnc/settings.c
@@ -28,7 +28,6 @@
#include <stdlib.h>
#include <string.h>
#include <time.h>
-#include <unistd.h>
/* Client plugin arguments */
const char* GUAC_VNC_CLIENT_ARGS[] = {
@@ -38,10 +37,6 @@
"encodings",
"username",
"password",
- "client-cert",
- "client-key",
- "ca-cert",
- "ca-crl",
"swap-red-blue",
"color-depth",
"cursor",
@@ -123,28 +118,6 @@
* The password to send to the VNC server if authentication is requested.
*/
IDX_PASSWORD,
-
- /**
- * The client certificate to send to the VNC server if x509 authentication
- * is being used.
- */
- IDX_CLIENT_CERT,
-
- /**
- * The client private key to send to the VNC server if x509 authentication
- * is being used.
- */
- IDX_CLIENT_KEY,
-
- /**
- * The CA certificate to use when performing x509 authentication.
- */
- IDX_CA_CERT,
-
- /**
- * The location of the CA CRL to use when performing x509 authentication.
- */
- IDX_CA_CRL,
/**
* "true" if the red and blue components of each color should be swapped,
@@ -377,22 +350,6 @@
settings->password =
guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
IDX_PASSWORD, ""); /* NOTE: freed by libvncclient */
-
- settings->client_cert =
- guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
- IDX_CLIENT_CERT, NULL);
-
- settings->client_key =
- guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
- IDX_CLIENT_KEY, NULL);
-
- settings->ca_cert =
- guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
- IDX_CA_CERT, NULL);
-
- settings->ca_crl =
- guac_user_parse_args_string(user, GUAC_VNC_CLIENT_ARGS, argv,
- IDX_CA_CRL, NULL);
/* Remote cursor */
if (strcmp(argv[IDX_CURSOR], "remote") == 0) {
@@ -583,30 +540,6 @@
free(settings->hostname);
free(settings->recording_name);
free(settings->recording_path);
- free(settings->client_cert);
- free(settings->client_key);
- free(settings->ca_cert);
- free(settings->ca_crl);
-
- if (settings->client_cert_temp != NULL) {
- unlink(settings->client_cert_temp);
- free(settings->client_cert_temp);
- }
-
- if (settings->client_key_temp != NULL) {
- unlink(settings->client_key_temp);
- free(settings->client_key_temp);
- }
-
- if (settings->ca_cert_temp != NULL) {
- unlink(settings->ca_cert_temp);
- free(settings->ca_cert_temp);
- }
-
- if (settings->ca_crl_temp != NULL) {
- unlink(settings->ca_crl_temp);
- free(settings->ca_crl_temp);
- }
#ifdef ENABLE_VNC_REPEATER
/* Free VNC repeater settings */
diff --git a/src/protocols/vnc/settings.h b/src/protocols/vnc/settings.h
index 18570b0..34c08ec 100644
--- a/src/protocols/vnc/settings.h
+++ b/src/protocols/vnc/settings.h
@@ -54,47 +54,6 @@
* The password given in the arguments.
*/
char* password;
-
- /**
- * The contents of the client certificate to use for authentication.
- */
- char* client_cert;
-
- /**
- * The location of the temporary client certificate file.
- */
- char* client_cert_temp;
-
- /**
- * The contents of the client private key to use for authentication.
- */
- char* client_key;
-
- /**
- * The location of the temporary client key file.
- */
- char* client_key_temp;
-
- /**
- * The contents of the CA certificate file to use for authentication.
- */
- char* ca_cert;
-
- /**
- * The location of the temporary CA file.
- */
- char* ca_cert_temp;
-
- /**
- * The contents of the CA CRL location to use for checking for revoked
- * certificates during authentication.
- */
- char* ca_crl;
-
- /**
- * The location of the temporary CRL file.
- */
- char* ca_crl_temp;
/**
* Space-separated list of encodings to use within the VNC session.