diff options
author | Christian Beier <dontmind@freeshell.org> | 2014-09-03 20:54:39 +0200 |
---|---|---|
committer | Christian Beier <dontmind@freeshell.org> | 2014-09-03 20:54:39 +0200 |
commit | 498d222976975f53dea885cfe43ef0f805abd412 (patch) | |
tree | bac684fbde46fdc3e4cc3817616816b71bb67f9f /x11vnc/sslcmds.c | |
parent | 8d2db0486dcc167f1b02d4454ebf4624ce03e1de (diff) | |
download | libtdevnc-498d222976975f53dea885cfe43ef0f805abd412.tar.gz libtdevnc-498d222976975f53dea885cfe43ef0f805abd412.zip |
Remove x11vnc subdir.
The new x11vnc repo is at https://github.com/LibVNC/x11vnc.
Diffstat (limited to 'x11vnc/sslcmds.c')
-rw-r--r-- | x11vnc/sslcmds.c | 908 |
1 files changed, 0 insertions, 908 deletions
diff --git a/x11vnc/sslcmds.c b/x11vnc/sslcmds.c deleted file mode 100644 index 7c4bdc1..0000000 --- a/x11vnc/sslcmds.c +++ /dev/null @@ -1,908 +0,0 @@ -/* - Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com> - All rights reserved. - -This file is part of x11vnc. - -x11vnc is free software; you can redistribute it and/or modify -it under the terms of the GNU General Public License as published by -the Free Software Foundation; either version 2 of the License, or (at -your option) any later version. - -x11vnc is distributed in the hope that it will be useful, -but WITHOUT ANY WARRANTY; without even the implied warranty of -MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -GNU General Public License for more details. - -You should have received a copy of the GNU General Public License -along with x11vnc; if not, write to the Free Software -Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA -or see <http://www.gnu.org/licenses/>. - -In addition, as a special exception, Karl J. Runge -gives permission to link the code of its release of x11vnc with the -OpenSSL project's "OpenSSL" library (or with modified versions of it -that use the same license as the "OpenSSL" library), and distribute -the linked executables. You must obey the GNU General Public License -in all respects for all of the code used other than "OpenSSL". If you -modify this file, you may extend this exception to your version of the -file, but you are not obligated to do so. If you do not wish to do -so, delete this exception statement from your version. -*/ - -/* -- sslcmds.c -- */ - -#include "x11vnc.h" -#include "inet.h" -#include "cleanup.h" -#include "sslhelper.h" -#include "ssltools.h" -#include "connections.h" - -#if LIBVNCSERVER_HAVE_FORK -#if LIBVNCSERVER_HAVE_SYS_WAIT_H -#if LIBVNCSERVER_HAVE_WAITPID -#define SSLCMDS -#endif -#endif -#endif - - -void check_stunnel(void); -int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport); -void stop_stunnel(void); -void setup_stunnel(int rport, int *argc, char **argv); -char *get_Cert_dir(char *cdir_in, char **tmp_in); -void sslScripts(void); -void sslGenCA(char *cdir); -void sslGenCert(char *ty, char *nm); -void sslEncKey(char *path, int info_only); - -static pid_t stunnel_pid = 0; - -void check_stunnel(void) { - static time_t last_check = 0; - time_t now = time(NULL); - - if (last_check + 3 >= now) { - return; - } - last_check = now; - - /* double check that stunnel is still running: */ - - if (stunnel_pid > 0) { - int status; -#ifdef SSLCMDS - waitpid(stunnel_pid, &status, WNOHANG); -#endif - if (kill(stunnel_pid, 0) != 0) { -#ifdef SSLCMDS - waitpid(stunnel_pid, &status, WNOHANG); -#endif - rfbLog("stunnel subprocess %d died.\n", stunnel_pid); - stunnel_pid = 0; - clean_up_exit(1); - } - } -} - -int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport) { -#ifdef SSLCMDS - char extra[] = ":/usr/sbin:/usr/local/sbin:/dist/sbin"; - char *path, *p, *exe; - char *stunnel_path = NULL; - struct stat verify_buf; - struct stat crl_buf; - int status, tmp_pem = 0; - - if (stunnel_pid) { - stop_stunnel(); - } - stunnel_pid = 0; - - path = getenv("PATH"); - if (! path) { - path = strdup(extra+1); - } else { - char *pt = path; - path = (char *) malloc(strlen(path)+strlen(extra)+1); - if (! path) { - return 0; - } - strcpy(path, pt); - strcat(path, extra); - } - - exe = (char *) malloc(strlen(path) + 1 + strlen("stunnel4") + 1); - - p = strtok(path, ":"); - - exe[0] = '\0'; - - while (p) { - struct stat sbuf; - - sprintf(exe, "%s/%s", p, "stunnel4"); - if (! stunnel_path && stat(exe, &sbuf) == 0) { - if (! S_ISDIR(sbuf.st_mode)) { - stunnel_path = exe; - break; - } - } - - sprintf(exe, "%s/%s", p, "stunnel"); - if (! stunnel_path && stat(exe, &sbuf) == 0) { - if (! S_ISDIR(sbuf.st_mode)) { - stunnel_path = exe; - break; - } - } - - p = strtok(NULL, ":"); - } - if (path) { - free(path); - } - - if (getenv("STUNNEL_PROG")) { - free(exe); - exe = strdup(getenv("STUNNEL_PROG")); - stunnel_path = exe; - } - - if (! stunnel_path) { - free(exe); - return 0; - } - if (stunnel_path[0] == '\0') { - free(exe); - return 0; - } - - /* stunnel */ - if (no_external_cmds || !cmd_ok("stunnel")) { - rfbLogEnable(1); - rfbLog("start_stunnel: cannot run external commands in -nocmds mode:\n"); - rfbLog(" \"%s\"\n", stunnel_path); - rfbLog(" exiting.\n"); - clean_up_exit(1); - } - - if (! quiet) { - rfbLog("\n"); - rfbLog("starting ssl tunnel: %s %d -> %d\n", stunnel_path, - stunnel_port, x11vnc_port); - } - - if (stunnel_pem && strstr(stunnel_pem, "SAVE") == stunnel_pem) { - stunnel_pem = get_saved_pem(stunnel_pem, 1); - if (! stunnel_pem) { - rfbLog("start_stunnel: could not create or open" - " saved PEM.\n"); - clean_up_exit(1); - } - } else if (!stunnel_pem) { - stunnel_pem = create_tmp_pem(NULL, 0); - if (! stunnel_pem) { - rfbLog("start_stunnel: could not create temporary," - " self-signed PEM.\n"); - clean_up_exit(1); - } - tmp_pem = 1; - if (getenv("X11VNC_SHOW_TMP_PEM")) { - FILE *in = fopen(stunnel_pem, "r"); - if (in != NULL) { - char line[128]; - fprintf(stderr, "\n"); - while (fgets(line, 128, in) != NULL) { - fprintf(stderr, "%s", line); - } - fprintf(stderr, "\n"); - fclose(in); - } - } - } - - if (ssl_verify) { - char *file = get_ssl_verify_file(ssl_verify); - if (file) { - ssl_verify = file; - } - if (stat(ssl_verify, &verify_buf) != 0) { - rfbLog("stunnel: %s does not exist.\n", ssl_verify); - clean_up_exit(1); - } - } - if (ssl_crl) { - if (stat(ssl_crl, &crl_buf) != 0) { - rfbLog("stunnel: %s does not exist.\n", ssl_crl); - clean_up_exit(1); - } - } - - stunnel_pid = fork(); - - if (stunnel_pid < 0) { - stunnel_pid = 0; - free(exe); - return 0; - } - - if (stunnel_pid == 0) { - FILE *in; - char fd[20]; - int i; - char *st_if = getenv("STUNNEL_LISTEN"); - - if (st_if == NULL) { - st_if = ""; - } else { - st_if = (char *) malloc(strlen(st_if) + 2); - sprintf(st_if, "%s:", getenv("STUNNEL_LISTEN")); - } - - - for (i=3; i<256; i++) { - close(i); - } - - if (use_stunnel == 3) { - char sp[30], xp[30], *a = NULL; - char *st = stunnel_path; - char *pm = stunnel_pem; - char *sv = ssl_verify; - - sprintf(sp, "%d", stunnel_port); - sprintf(xp, "%d", x11vnc_port); - - if (ssl_verify) { - if(S_ISDIR(verify_buf.st_mode)) { - a = "-a"; - } else { - a = "-A"; - } - } - - if (ssl_crl) { - rfbLog("stunnel: stunnel3 does not support CRL. %s\n", ssl_crl); - clean_up_exit(1); - } - - if (stunnel_pem && ssl_verify) { - /* XXX double check -v 2 */ - execlp(st, st, "-f", "-d", sp, "-r", xp, "-P", - "none", "-p", pm, a, sv, "-v", "2", - (char *) NULL); - } else if (stunnel_pem && !ssl_verify) { - execlp(st, st, "-f", "-d", sp, "-r", xp, "-P", - "none", "-p", pm, - (char *) NULL); - } else if (!stunnel_pem && ssl_verify) { - execlp(st, st, "-f", "-d", sp, "-r", xp, "-P", - "none", a, sv, "-v", "2", - (char *) NULL); - } else { - execlp(st, st, "-f", "-d", sp, "-r", xp, "-P", - "none", (char *) NULL); - } - exit(1); - } - - in = tmpfile(); - if (! in) { - exit(1); - } - - fprintf(in, "foreground = yes\n"); - fprintf(in, "pid =\n"); - if (stunnel_pem) { - fprintf(in, "cert = %s\n", stunnel_pem); - } - if (ssl_crl) { - if(S_ISDIR(crl_buf.st_mode)) { - fprintf(in, "CRLpath = %s\n", ssl_crl); - } else { - fprintf(in, "CRLfile = %s\n", ssl_crl); - } - } - if (ssl_verify) { - if(S_ISDIR(verify_buf.st_mode)) { - fprintf(in, "CApath = %s\n", ssl_verify); - } else { - fprintf(in, "CAfile = %s\n", ssl_verify); - } - fprintf(in, "verify = 2\n"); - } - fprintf(in, ";debug = 7\n\n"); - fprintf(in, "[x11vnc_stunnel]\n"); - fprintf(in, "accept = %s%d\n", st_if, stunnel_port); - fprintf(in, "connect = %d\n", x11vnc_port); - - if (hport > 0 && x11vnc_hport > 0) { - fprintf(in, "\n[x11vnc_http]\n"); - fprintf(in, "accept = %s%d\n", st_if, hport); - fprintf(in, "connect = %d\n", x11vnc_hport); - } - - fflush(in); - rewind(in); - - if (getenv("STUNNEL_DEBUG")) { - char line[1000]; - fprintf(stderr, "\nstunnel config contents:\n\n"); - while (fgets(line, sizeof(line), in) != NULL) { - fprintf(stderr, "%s", line); - } - fprintf(stderr, "\n"); - rewind(in); - } - - sprintf(fd, "%d", fileno(in)); - execlp(stunnel_path, stunnel_path, "-fd", fd, (char *) NULL); - exit(1); - } - - free(exe); - usleep(750 * 1000); - - waitpid(stunnel_pid, &status, WNOHANG); - - if (ssl_verify && strstr(ssl_verify, "/sslverify-tmp-load-")) { - /* temporary file */ - usleep(1000 * 1000); - unlink(ssl_verify); - } - if (tmp_pem) { - /* temporary cert */ - usleep(1500 * 1000); - unlink(stunnel_pem); - } - - if (kill(stunnel_pid, 0) != 0) { - waitpid(stunnel_pid, &status, WNOHANG); - stunnel_pid = 0; - return 0; - } - - if (! quiet) { - rfbLog("stunnel pid is: %d\n", (int) stunnel_pid); - } - - return 1; -#else - return 0; -#endif -} - -void stop_stunnel(void) { - int status; - if (! stunnel_pid) { - return; - } -#ifdef SSLCMDS - kill(stunnel_pid, SIGTERM); - usleep (150 * 1000); - kill(stunnel_pid, SIGKILL); - usleep (50 * 1000); - waitpid(stunnel_pid, &status, WNOHANG); -#endif - stunnel_pid = 0; -} - -void setup_stunnel(int rport, int *argc, char **argv) { - int i, xport = 0, hport = 0, xhport = 0; - - if (! rport && argc && argv) { - for (i=0; i< *argc; i++) { - if (argv[i] && !strcmp(argv[i], "-rfbport")) { - if (i < *argc - 1) { - rport = atoi(argv[i+1]); - } - } - } - } - - if (! rport) { - /* we do our own autoprobing then... */ - rport = find_free_port(5900, 5999); - if (! rport) { - goto stunnel_fail; - } - } - - xport = find_free_port(5950, 5999); - if (! xport) { - goto stunnel_fail; - } - - if (https_port_num > 0) { - hport = https_port_num; - } - - if (! hport && argc && argv) { - for (i=0; i< *argc; i++) { - if (argv[i] && !strcmp(argv[i], "-httpport")) { - if (i < *argc - 1) { - hport = atoi(argv[i+1]); - } - } - } - } - - if (! hport && http_try_it) { - hport = find_free_port(rport-100, rport-1); - if (! hport) { - goto stunnel_fail; - } - } - if (hport) { - xhport = find_free_port(5850, 5899); - if (! xhport) { - goto stunnel_fail; - } - stunnel_http_port = hport; - } - - - if (start_stunnel(rport, xport, hport, xhport)) { - int tweaked = 0; - char tmp[30]; - sprintf(tmp, "%d", xport); - if (argc && argv) { - for (i=0; i < *argc; i++) { - if (argv[i] && !strcmp(argv[i], "-rfbport")) { - if (i < *argc - 1) { - /* replace orig value */ - argv[i+i] = strdup(tmp); - tweaked = 1; - break; - } - } - } - if (! tweaked) { - i = *argc; - argv[i] = strdup("-rfbport"); - argv[i+1] = strdup(tmp); - *argc += 2; - got_rfbport = 1; - got_rfbport_val = atoi(tmp); - } - } - stunnel_port = rport; - ssl_initialized = 1; - return; - } - - stunnel_fail: - rfbLog("failed to start stunnel.\n"); - clean_up_exit(1); -} - -char *get_Cert_dir(char *cdir_in, char **tmp_in) { - char *cdir, *home, *tmp; - struct stat sbuf; - int i; - char *cases1[] = {"/.vnc", "/.vnc/certs", "/.vnc/certs/CA"}; - char *cases2[] = {"", "/CA", "/tmp"}; - - if (cdir_in != NULL) { - cdir = cdir_in; - } else { - cdir = ssl_certs_dir; - } - - if (cdir == NULL) { - home = get_home_dir(); - if (! home) { - return NULL; - } - cdir = (char *) malloc(strlen(home) + strlen("/.vnc/certs/CA") + 1); - for (i=0; i<3; i++) { - sprintf(cdir, "%s%s", home, cases1[i]); - if (stat(cdir, &sbuf) != 0) { - rfbLog("creating dir: %s\n", cdir); - if (mkdir(cdir, 0755) != 0) { - rfbLog("could not create directory %s\n", cdir); - rfbLogPerror("mkdir"); - return NULL; - } - } else if (! S_ISDIR(sbuf.st_mode)) { - rfbLog("not a directory: %s\n", cdir); - return NULL; - } - } - sprintf(cdir, "%s%s", home, cases1[1]); - } - - tmp = (char *) malloc(strlen(cdir) + strlen("/tmp") + 1); - for (i=0; i<3; i++) { - int ret; - sprintf(tmp, "%s%s", cdir, cases2[i]); - if (stat(tmp, &sbuf) != 0) { - rfbLog("creating dir: %s\n", tmp); - if (! strcmp(cases2[i], "/tmp")) { - ret = mkdir(tmp, 0700); - } else { - ret = mkdir(tmp, 0755); - } - - if (ret != 0) { - rfbLog("could not create directory %s\n", tmp); - rfbLogPerror("mkdir"); - return NULL; - } - } else if (! S_ISDIR(sbuf.st_mode)) { - rfbLog("not a directory: %s\n", tmp); - return NULL; - } - } - sprintf(tmp, "%s/tmp", cdir); - *tmp_in = tmp; - return cdir; -} - -static char *getsslscript(char *cdir, char *name, char *script) { - char *openssl = find_openssl_bin(); - char *tmp, *scr, *cdir_use; - FILE *out; - - if (! openssl || openssl[0] == '\0') { - exit(1); - } - - if (!name || !script) { - exit(1); - } - - cdir_use = get_Cert_dir(cdir, &tmp); - if (!cdir_use || !tmp) { - exit(1); - } - - scr = (char *) malloc(strlen(tmp) + 1 + strlen(name) + 30); - - sprintf(scr, "%s/%s.%d.sh", tmp, name, getpid()); - out = fopen(scr, "w"); - if (! out) { - rfbLog("could not open: %s\n", scr); - rfbLogPerror("fopen"); - exit(1); - } - fprintf(out, "%s", script); - fclose(out); - - rfbLog("Using openssl: %s\n", openssl); - rfbLog("Using certs dir: %s\n", cdir_use); - fprintf(stderr, "\n"); - - set_env("BASE_DIR", cdir_use); - set_env("OPENSSL", openssl); - - return scr; -} - -void sslScripts(void) { - fprintf(stdout, "======================================================\n"); - fprintf(stdout, "genCA script for '-sslGenCA':\n\n"); - fprintf(stdout, "%s\n", genCA); - fprintf(stdout, "======================================================\n"); - fprintf(stdout, "genCert script for '-sslGenCert', etc.:\n\n"); - fprintf(stdout, "%s\n", genCert); -} - -void sslGenCA(char *cdir) { - char *cmd, *scr = getsslscript(cdir, "genca", genCA); - - if (! scr) { - exit(1); - } - - cmd = (char *)malloc(strlen("/bin/sh ") + strlen(scr) + 1); - sprintf(cmd, "/bin/sh %s", scr); - - system(cmd); - unlink(scr); - - free(cmd); - free(scr); -} - -void sslGenCert(char *ty, char *nm) { - char *cmd, *scr = getsslscript(NULL, "gencert", genCert); - - if (! scr) { - exit(1); - } - - cmd = (char *)malloc(strlen("/bin/sh ") + strlen(scr) + 1); - sprintf(cmd, "/bin/sh %s", scr); - - if (! ty) { - set_env("TYPE", ""); - } else { - set_env("TYPE", ty); - } - if (! nm) { - set_env("NAME", ""); - } else { - char *q = strstr(nm, "SAVE-"); - if (!strcmp(nm, "SAVE")) { - set_env("NAME", ""); - } else if (q == nm) { - q += strlen("SAVE-"); - set_env("NAME", q); - } else { - set_env("NAME", nm); - } - } - - system(cmd); - unlink(scr); - - free(cmd); - free(scr); -} - -void sslEncKey(char *path, int mode) { - char *openssl = find_openssl_bin(); - char *scr, *cert = NULL, *tca, *cdir = NULL; - char line[1024], tmp[] = "/tmp/x11vnc-tmp.XXXXXX"; - int tmp_fd, incert, info_only = 0, delete_only = 0, listlong = 0; - struct stat sbuf; - FILE *file; - static int depth = 0; - - if (depth > 0) { - /* get_saved_pem may call us back. */ - return; - } - - if (! path) { - return; - } - - depth++; - - if (mode == 1) { - info_only = 1; - } else if (mode == 2) { - delete_only = 1; - } - - if (! openssl) { - exit(1); - } - - cdir = get_Cert_dir(NULL, &tca); - if (! cdir || ! tca) { - fprintf(stderr, "could not find Cert dir\n"); - exit(1); - } - - if (!strcasecmp(path, "LL") || !strcasecmp(path, "LISTL")) { - listlong = 1; - path = "LIST"; - } - - if (strstr(path, "SAVE") == path) { - char *p = get_saved_pem(path, 0); - if (p == NULL) { - fprintf(stderr, "could not find saved pem " - "matching: %s\n", path); - exit(1); - } - path = p; - - } else if (!strcmp(path, "CA")) { - tca = (char *) malloc(strlen(cdir)+strlen("/CA/cacert.pem")+1); - sprintf(tca, "%s/CA/cacert.pem", cdir); - path = tca; - - } else if (info_only && (!strcasecmp(path, "LIST") || - !strcasecmp(path, "LS") || !strcasecmp(path, "ALL"))) { - - if (! program_name || strchr(program_name, ' ')) { - fprintf(stderr, "bad program name.\n"); - exit(1); - } - if (strchr(cdir, '\'')) { - fprintf(stderr, "bad certdir char: %s\n", cdir); - exit(1); - } - - tca = (char *) malloc(2*strlen(cdir)+strlen(program_name)+1000); - - sprintf(tca, "find '%s' | egrep '/(CA|tmp|clients)$|" - "\\.(crt|pem|key|req)$' | grep -v CA/newcerts", cdir); - - if (!strcasecmp(path, "ALL")) { - /* ugh.. */ - strcat(tca, " | egrep -v 'private/cakey.pem|" - "(CA|tmp|clients)$' | xargs -n1 "); - strcat(tca, program_name); - strcat(tca, " -ssldir '"); - strcat(tca, cdir); - strcat(tca, "' -sslCertInfo 2>&1 "); - } else if (listlong) { - strcat(tca, " | xargs ls -ld "); - } - system(tca); - free(tca); - - depth--; - return; - - } else if (info_only && (!strcasecmp(path, "HASHON") - || !strcasecmp(path, "HASHOFF"))) { - - tmp_fd = mkstemp(tmp); - if (tmp_fd < 0) { - exit(1); - } - - write(tmp_fd, genCert, strlen(genCert)); - close(tmp_fd); - - scr = (char *) malloc(strlen("/bin/sh ") + strlen(tmp) + 1); - sprintf(scr, "/bin/sh %s", tmp); - - set_env("BASE_DIR", cdir); - set_env("OPENSSL", openssl); - set_env("TYPE", "server"); - if (!strcasecmp(path, "HASHON")) { - set_env("HASHON", "1"); - } else { - set_env("HASHOFF", "1"); - } - system(scr); - unlink(tmp); - free(scr); - - depth--; - return; - } - - - if (stat(path, &sbuf) != 0) { - if (strstr(path, "client") || strchr(path, '/') == NULL) { - int i; - tca = (char *) malloc(strlen(cdir) + strlen(path) + 100); - for (i = 1; i <= 15; i++) { - tca[0] = '\0'; - if ( i == 1) { - sprintf(tca, "%s/%s", cdir, path); - } else if (i == 2 && mode > 0) { - sprintf(tca, "%s/%s.crt", cdir, path); - } else if (i == 3) { - sprintf(tca, "%s/%s.pem", cdir, path); - } else if (i == 4 && mode > 1) { - sprintf(tca, "%s/%s.req", cdir, path); - } else if (i == 5 && mode > 1) { - sprintf(tca, "%s/%s.key", cdir, path); - } else if (i == 6) { - sprintf(tca, "%s/clients/%s", cdir, path); - } else if (i == 7 && mode > 0) { - sprintf(tca, "%s/clients/%s.crt", cdir, path); - } else if (i == 8) { - sprintf(tca, "%s/clients/%s.pem", cdir, path); - } else if (i == 9 && mode > 1) { - sprintf(tca, "%s/clients/%s.req", cdir, path); - } else if (i == 10 && mode > 1) { - sprintf(tca, "%s/clients/%s.key", cdir, path); - } else if (i == 11) { - sprintf(tca, "%s/server-%s", cdir, path); - } else if (i == 12 && mode > 0) { - sprintf(tca, "%s/server-%s.crt", cdir, path); - } else if (i == 13) { - sprintf(tca, "%s/server-%s.pem", cdir, path); - } else if (i == 14 && mode > 1) { - sprintf(tca, "%s/server-%s.req", cdir, path); - } else if (i == 15 && mode > 1) { - sprintf(tca, "%s/server-%s.key", cdir, path); - } - if (tca[0] == '\0') { - continue; - } - if (stat(tca, &sbuf) == 0) { - path = tca; - break; - } - } - } - } - - if (stat(path, &sbuf) != 0) { - rfbLog("sslEncKey: %s\n", path); - rfbLogPerror("stat"); - exit(1); - } - - if (! info_only) { - cert = (char *) malloc(2*(sbuf.st_size + 1024)); - file = fopen(path, "r"); - if (file == NULL) { - rfbLog("sslEncKey: %s\n", path); - rfbLogPerror("fopen"); - exit(1); - } - incert = 0; - cert[0] = '\0'; - while (fgets(line, 1024, file) != NULL) { - if (strstr(line, "-----BEGIN CERTIFICATE-----") - == line) { - incert = 1; - } - if (incert) { - if (strlen(cert)+strlen(line) < - 2 * (size_t) sbuf.st_size) { - strcat(cert, line); - } - } - if (strstr(line, "-----END CERTIFICATE-----") - == line) { - incert = 0; - } - } - fclose(file); - } - - tmp_fd = mkstemp(tmp); - if (tmp_fd < 0) { - exit(1); - } - - write(tmp_fd, genCert, strlen(genCert)); - close(tmp_fd); - - scr = (char *) malloc(strlen("/bin/sh ") + strlen(tmp) + 1); - sprintf(scr, "/bin/sh %s", tmp); - - set_env("BASE_DIR", "/no/such/dir"); - set_env("OPENSSL", openssl); - set_env("TYPE", "server"); - if (info_only) { - set_env("INFO_ONLY", path); - } else if (delete_only) { - set_env("DELETE_ONLY", path); - } else { - set_env("ENCRYPT_ONLY", path); - } - system(scr); - unlink(tmp); - - if (! mode && cert && cert[0] != '\0') { - int got_cert = 0; - file = fopen(path, "r"); - if (file == NULL) { - rfbLog("sslEncKey: %s\n", path); - rfbLogPerror("fopen"); - exit(1); - } - while (fgets(line, 1024, file) != NULL) { - if (strstr(line, "-----BEGIN CERTIFICATE-----") - == line) { - got_cert++; - } - if (strstr(line, "-----END CERTIFICATE-----") - == line) { - got_cert++; - } - } - fclose(file); - if (got_cert < 2) { - file = fopen(path, "a"); - if (file == NULL) { - rfbLog("sslEncKey: %s\n", path); - rfbLogPerror("fopen"); - exit(1); - } - fprintf(file, "%s", cert); - fclose(file); - } - free(cert); - } - - depth--; -} - |