summaryrefslogtreecommitdiffstats
path: root/x11vnc/sslcmds.c
diff options
context:
space:
mode:
Diffstat (limited to 'x11vnc/sslcmds.c')
-rw-r--r--x11vnc/sslcmds.c908
1 files changed, 0 insertions, 908 deletions
diff --git a/x11vnc/sslcmds.c b/x11vnc/sslcmds.c
deleted file mode 100644
index 7c4bdc1..0000000
--- a/x11vnc/sslcmds.c
+++ /dev/null
@@ -1,908 +0,0 @@
-/*
- Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com>
- All rights reserved.
-
-This file is part of x11vnc.
-
-x11vnc is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation; either version 2 of the License, or (at
-your option) any later version.
-
-x11vnc is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with x11vnc; if not, write to the Free Software
-Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
-or see <http://www.gnu.org/licenses/>.
-
-In addition, as a special exception, Karl J. Runge
-gives permission to link the code of its release of x11vnc with the
-OpenSSL project's "OpenSSL" library (or with modified versions of it
-that use the same license as the "OpenSSL" library), and distribute
-the linked executables. You must obey the GNU General Public License
-in all respects for all of the code used other than "OpenSSL". If you
-modify this file, you may extend this exception to your version of the
-file, but you are not obligated to do so. If you do not wish to do
-so, delete this exception statement from your version.
-*/
-
-/* -- sslcmds.c -- */
-
-#include "x11vnc.h"
-#include "inet.h"
-#include "cleanup.h"
-#include "sslhelper.h"
-#include "ssltools.h"
-#include "connections.h"
-
-#if LIBVNCSERVER_HAVE_FORK
-#if LIBVNCSERVER_HAVE_SYS_WAIT_H
-#if LIBVNCSERVER_HAVE_WAITPID
-#define SSLCMDS
-#endif
-#endif
-#endif
-
-
-void check_stunnel(void);
-int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport);
-void stop_stunnel(void);
-void setup_stunnel(int rport, int *argc, char **argv);
-char *get_Cert_dir(char *cdir_in, char **tmp_in);
-void sslScripts(void);
-void sslGenCA(char *cdir);
-void sslGenCert(char *ty, char *nm);
-void sslEncKey(char *path, int info_only);
-
-static pid_t stunnel_pid = 0;
-
-void check_stunnel(void) {
- static time_t last_check = 0;
- time_t now = time(NULL);
-
- if (last_check + 3 >= now) {
- return;
- }
- last_check = now;
-
- /* double check that stunnel is still running: */
-
- if (stunnel_pid > 0) {
- int status;
-#ifdef SSLCMDS
- waitpid(stunnel_pid, &status, WNOHANG);
-#endif
- if (kill(stunnel_pid, 0) != 0) {
-#ifdef SSLCMDS
- waitpid(stunnel_pid, &status, WNOHANG);
-#endif
- rfbLog("stunnel subprocess %d died.\n", stunnel_pid);
- stunnel_pid = 0;
- clean_up_exit(1);
- }
- }
-}
-
-int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport) {
-#ifdef SSLCMDS
- char extra[] = ":/usr/sbin:/usr/local/sbin:/dist/sbin";
- char *path, *p, *exe;
- char *stunnel_path = NULL;
- struct stat verify_buf;
- struct stat crl_buf;
- int status, tmp_pem = 0;
-
- if (stunnel_pid) {
- stop_stunnel();
- }
- stunnel_pid = 0;
-
- path = getenv("PATH");
- if (! path) {
- path = strdup(extra+1);
- } else {
- char *pt = path;
- path = (char *) malloc(strlen(path)+strlen(extra)+1);
- if (! path) {
- return 0;
- }
- strcpy(path, pt);
- strcat(path, extra);
- }
-
- exe = (char *) malloc(strlen(path) + 1 + strlen("stunnel4") + 1);
-
- p = strtok(path, ":");
-
- exe[0] = '\0';
-
- while (p) {
- struct stat sbuf;
-
- sprintf(exe, "%s/%s", p, "stunnel4");
- if (! stunnel_path && stat(exe, &sbuf) == 0) {
- if (! S_ISDIR(sbuf.st_mode)) {
- stunnel_path = exe;
- break;
- }
- }
-
- sprintf(exe, "%s/%s", p, "stunnel");
- if (! stunnel_path && stat(exe, &sbuf) == 0) {
- if (! S_ISDIR(sbuf.st_mode)) {
- stunnel_path = exe;
- break;
- }
- }
-
- p = strtok(NULL, ":");
- }
- if (path) {
- free(path);
- }
-
- if (getenv("STUNNEL_PROG")) {
- free(exe);
- exe = strdup(getenv("STUNNEL_PROG"));
- stunnel_path = exe;
- }
-
- if (! stunnel_path) {
- free(exe);
- return 0;
- }
- if (stunnel_path[0] == '\0') {
- free(exe);
- return 0;
- }
-
- /* stunnel */
- if (no_external_cmds || !cmd_ok("stunnel")) {
- rfbLogEnable(1);
- rfbLog("start_stunnel: cannot run external commands in -nocmds mode:\n");
- rfbLog(" \"%s\"\n", stunnel_path);
- rfbLog(" exiting.\n");
- clean_up_exit(1);
- }
-
- if (! quiet) {
- rfbLog("\n");
- rfbLog("starting ssl tunnel: %s %d -> %d\n", stunnel_path,
- stunnel_port, x11vnc_port);
- }
-
- if (stunnel_pem && strstr(stunnel_pem, "SAVE") == stunnel_pem) {
- stunnel_pem = get_saved_pem(stunnel_pem, 1);
- if (! stunnel_pem) {
- rfbLog("start_stunnel: could not create or open"
- " saved PEM.\n");
- clean_up_exit(1);
- }
- } else if (!stunnel_pem) {
- stunnel_pem = create_tmp_pem(NULL, 0);
- if (! stunnel_pem) {
- rfbLog("start_stunnel: could not create temporary,"
- " self-signed PEM.\n");
- clean_up_exit(1);
- }
- tmp_pem = 1;
- if (getenv("X11VNC_SHOW_TMP_PEM")) {
- FILE *in = fopen(stunnel_pem, "r");
- if (in != NULL) {
- char line[128];
- fprintf(stderr, "\n");
- while (fgets(line, 128, in) != NULL) {
- fprintf(stderr, "%s", line);
- }
- fprintf(stderr, "\n");
- fclose(in);
- }
- }
- }
-
- if (ssl_verify) {
- char *file = get_ssl_verify_file(ssl_verify);
- if (file) {
- ssl_verify = file;
- }
- if (stat(ssl_verify, &verify_buf) != 0) {
- rfbLog("stunnel: %s does not exist.\n", ssl_verify);
- clean_up_exit(1);
- }
- }
- if (ssl_crl) {
- if (stat(ssl_crl, &crl_buf) != 0) {
- rfbLog("stunnel: %s does not exist.\n", ssl_crl);
- clean_up_exit(1);
- }
- }
-
- stunnel_pid = fork();
-
- if (stunnel_pid < 0) {
- stunnel_pid = 0;
- free(exe);
- return 0;
- }
-
- if (stunnel_pid == 0) {
- FILE *in;
- char fd[20];
- int i;
- char *st_if = getenv("STUNNEL_LISTEN");
-
- if (st_if == NULL) {
- st_if = "";
- } else {
- st_if = (char *) malloc(strlen(st_if) + 2);
- sprintf(st_if, "%s:", getenv("STUNNEL_LISTEN"));
- }
-
-
- for (i=3; i<256; i++) {
- close(i);
- }
-
- if (use_stunnel == 3) {
- char sp[30], xp[30], *a = NULL;
- char *st = stunnel_path;
- char *pm = stunnel_pem;
- char *sv = ssl_verify;
-
- sprintf(sp, "%d", stunnel_port);
- sprintf(xp, "%d", x11vnc_port);
-
- if (ssl_verify) {
- if(S_ISDIR(verify_buf.st_mode)) {
- a = "-a";
- } else {
- a = "-A";
- }
- }
-
- if (ssl_crl) {
- rfbLog("stunnel: stunnel3 does not support CRL. %s\n", ssl_crl);
- clean_up_exit(1);
- }
-
- if (stunnel_pem && ssl_verify) {
- /* XXX double check -v 2 */
- execlp(st, st, "-f", "-d", sp, "-r", xp, "-P",
- "none", "-p", pm, a, sv, "-v", "2",
- (char *) NULL);
- } else if (stunnel_pem && !ssl_verify) {
- execlp(st, st, "-f", "-d", sp, "-r", xp, "-P",
- "none", "-p", pm,
- (char *) NULL);
- } else if (!stunnel_pem && ssl_verify) {
- execlp(st, st, "-f", "-d", sp, "-r", xp, "-P",
- "none", a, sv, "-v", "2",
- (char *) NULL);
- } else {
- execlp(st, st, "-f", "-d", sp, "-r", xp, "-P",
- "none", (char *) NULL);
- }
- exit(1);
- }
-
- in = tmpfile();
- if (! in) {
- exit(1);
- }
-
- fprintf(in, "foreground = yes\n");
- fprintf(in, "pid =\n");
- if (stunnel_pem) {
- fprintf(in, "cert = %s\n", stunnel_pem);
- }
- if (ssl_crl) {
- if(S_ISDIR(crl_buf.st_mode)) {
- fprintf(in, "CRLpath = %s\n", ssl_crl);
- } else {
- fprintf(in, "CRLfile = %s\n", ssl_crl);
- }
- }
- if (ssl_verify) {
- if(S_ISDIR(verify_buf.st_mode)) {
- fprintf(in, "CApath = %s\n", ssl_verify);
- } else {
- fprintf(in, "CAfile = %s\n", ssl_verify);
- }
- fprintf(in, "verify = 2\n");
- }
- fprintf(in, ";debug = 7\n\n");
- fprintf(in, "[x11vnc_stunnel]\n");
- fprintf(in, "accept = %s%d\n", st_if, stunnel_port);
- fprintf(in, "connect = %d\n", x11vnc_port);
-
- if (hport > 0 && x11vnc_hport > 0) {
- fprintf(in, "\n[x11vnc_http]\n");
- fprintf(in, "accept = %s%d\n", st_if, hport);
- fprintf(in, "connect = %d\n", x11vnc_hport);
- }
-
- fflush(in);
- rewind(in);
-
- if (getenv("STUNNEL_DEBUG")) {
- char line[1000];
- fprintf(stderr, "\nstunnel config contents:\n\n");
- while (fgets(line, sizeof(line), in) != NULL) {
- fprintf(stderr, "%s", line);
- }
- fprintf(stderr, "\n");
- rewind(in);
- }
-
- sprintf(fd, "%d", fileno(in));
- execlp(stunnel_path, stunnel_path, "-fd", fd, (char *) NULL);
- exit(1);
- }
-
- free(exe);
- usleep(750 * 1000);
-
- waitpid(stunnel_pid, &status, WNOHANG);
-
- if (ssl_verify && strstr(ssl_verify, "/sslverify-tmp-load-")) {
- /* temporary file */
- usleep(1000 * 1000);
- unlink(ssl_verify);
- }
- if (tmp_pem) {
- /* temporary cert */
- usleep(1500 * 1000);
- unlink(stunnel_pem);
- }
-
- if (kill(stunnel_pid, 0) != 0) {
- waitpid(stunnel_pid, &status, WNOHANG);
- stunnel_pid = 0;
- return 0;
- }
-
- if (! quiet) {
- rfbLog("stunnel pid is: %d\n", (int) stunnel_pid);
- }
-
- return 1;
-#else
- return 0;
-#endif
-}
-
-void stop_stunnel(void) {
- int status;
- if (! stunnel_pid) {
- return;
- }
-#ifdef SSLCMDS
- kill(stunnel_pid, SIGTERM);
- usleep (150 * 1000);
- kill(stunnel_pid, SIGKILL);
- usleep (50 * 1000);
- waitpid(stunnel_pid, &status, WNOHANG);
-#endif
- stunnel_pid = 0;
-}
-
-void setup_stunnel(int rport, int *argc, char **argv) {
- int i, xport = 0, hport = 0, xhport = 0;
-
- if (! rport && argc && argv) {
- for (i=0; i< *argc; i++) {
- if (argv[i] && !strcmp(argv[i], "-rfbport")) {
- if (i < *argc - 1) {
- rport = atoi(argv[i+1]);
- }
- }
- }
- }
-
- if (! rport) {
- /* we do our own autoprobing then... */
- rport = find_free_port(5900, 5999);
- if (! rport) {
- goto stunnel_fail;
- }
- }
-
- xport = find_free_port(5950, 5999);
- if (! xport) {
- goto stunnel_fail;
- }
-
- if (https_port_num > 0) {
- hport = https_port_num;
- }
-
- if (! hport && argc && argv) {
- for (i=0; i< *argc; i++) {
- if (argv[i] && !strcmp(argv[i], "-httpport")) {
- if (i < *argc - 1) {
- hport = atoi(argv[i+1]);
- }
- }
- }
- }
-
- if (! hport && http_try_it) {
- hport = find_free_port(rport-100, rport-1);
- if (! hport) {
- goto stunnel_fail;
- }
- }
- if (hport) {
- xhport = find_free_port(5850, 5899);
- if (! xhport) {
- goto stunnel_fail;
- }
- stunnel_http_port = hport;
- }
-
-
- if (start_stunnel(rport, xport, hport, xhport)) {
- int tweaked = 0;
- char tmp[30];
- sprintf(tmp, "%d", xport);
- if (argc && argv) {
- for (i=0; i < *argc; i++) {
- if (argv[i] && !strcmp(argv[i], "-rfbport")) {
- if (i < *argc - 1) {
- /* replace orig value */
- argv[i+i] = strdup(tmp);
- tweaked = 1;
- break;
- }
- }
- }
- if (! tweaked) {
- i = *argc;
- argv[i] = strdup("-rfbport");
- argv[i+1] = strdup(tmp);
- *argc += 2;
- got_rfbport = 1;
- got_rfbport_val = atoi(tmp);
- }
- }
- stunnel_port = rport;
- ssl_initialized = 1;
- return;
- }
-
- stunnel_fail:
- rfbLog("failed to start stunnel.\n");
- clean_up_exit(1);
-}
-
-char *get_Cert_dir(char *cdir_in, char **tmp_in) {
- char *cdir, *home, *tmp;
- struct stat sbuf;
- int i;
- char *cases1[] = {"/.vnc", "/.vnc/certs", "/.vnc/certs/CA"};
- char *cases2[] = {"", "/CA", "/tmp"};
-
- if (cdir_in != NULL) {
- cdir = cdir_in;
- } else {
- cdir = ssl_certs_dir;
- }
-
- if (cdir == NULL) {
- home = get_home_dir();
- if (! home) {
- return NULL;
- }
- cdir = (char *) malloc(strlen(home) + strlen("/.vnc/certs/CA") + 1);
- for (i=0; i<3; i++) {
- sprintf(cdir, "%s%s", home, cases1[i]);
- if (stat(cdir, &sbuf) != 0) {
- rfbLog("creating dir: %s\n", cdir);
- if (mkdir(cdir, 0755) != 0) {
- rfbLog("could not create directory %s\n", cdir);
- rfbLogPerror("mkdir");
- return NULL;
- }
- } else if (! S_ISDIR(sbuf.st_mode)) {
- rfbLog("not a directory: %s\n", cdir);
- return NULL;
- }
- }
- sprintf(cdir, "%s%s", home, cases1[1]);
- }
-
- tmp = (char *) malloc(strlen(cdir) + strlen("/tmp") + 1);
- for (i=0; i<3; i++) {
- int ret;
- sprintf(tmp, "%s%s", cdir, cases2[i]);
- if (stat(tmp, &sbuf) != 0) {
- rfbLog("creating dir: %s\n", tmp);
- if (! strcmp(cases2[i], "/tmp")) {
- ret = mkdir(tmp, 0700);
- } else {
- ret = mkdir(tmp, 0755);
- }
-
- if (ret != 0) {
- rfbLog("could not create directory %s\n", tmp);
- rfbLogPerror("mkdir");
- return NULL;
- }
- } else if (! S_ISDIR(sbuf.st_mode)) {
- rfbLog("not a directory: %s\n", tmp);
- return NULL;
- }
- }
- sprintf(tmp, "%s/tmp", cdir);
- *tmp_in = tmp;
- return cdir;
-}
-
-static char *getsslscript(char *cdir, char *name, char *script) {
- char *openssl = find_openssl_bin();
- char *tmp, *scr, *cdir_use;
- FILE *out;
-
- if (! openssl || openssl[0] == '\0') {
- exit(1);
- }
-
- if (!name || !script) {
- exit(1);
- }
-
- cdir_use = get_Cert_dir(cdir, &tmp);
- if (!cdir_use || !tmp) {
- exit(1);
- }
-
- scr = (char *) malloc(strlen(tmp) + 1 + strlen(name) + 30);
-
- sprintf(scr, "%s/%s.%d.sh", tmp, name, getpid());
- out = fopen(scr, "w");
- if (! out) {
- rfbLog("could not open: %s\n", scr);
- rfbLogPerror("fopen");
- exit(1);
- }
- fprintf(out, "%s", script);
- fclose(out);
-
- rfbLog("Using openssl: %s\n", openssl);
- rfbLog("Using certs dir: %s\n", cdir_use);
- fprintf(stderr, "\n");
-
- set_env("BASE_DIR", cdir_use);
- set_env("OPENSSL", openssl);
-
- return scr;
-}
-
-void sslScripts(void) {
- fprintf(stdout, "======================================================\n");
- fprintf(stdout, "genCA script for '-sslGenCA':\n\n");
- fprintf(stdout, "%s\n", genCA);
- fprintf(stdout, "======================================================\n");
- fprintf(stdout, "genCert script for '-sslGenCert', etc.:\n\n");
- fprintf(stdout, "%s\n", genCert);
-}
-
-void sslGenCA(char *cdir) {
- char *cmd, *scr = getsslscript(cdir, "genca", genCA);
-
- if (! scr) {
- exit(1);
- }
-
- cmd = (char *)malloc(strlen("/bin/sh ") + strlen(scr) + 1);
- sprintf(cmd, "/bin/sh %s", scr);
-
- system(cmd);
- unlink(scr);
-
- free(cmd);
- free(scr);
-}
-
-void sslGenCert(char *ty, char *nm) {
- char *cmd, *scr = getsslscript(NULL, "gencert", genCert);
-
- if (! scr) {
- exit(1);
- }
-
- cmd = (char *)malloc(strlen("/bin/sh ") + strlen(scr) + 1);
- sprintf(cmd, "/bin/sh %s", scr);
-
- if (! ty) {
- set_env("TYPE", "");
- } else {
- set_env("TYPE", ty);
- }
- if (! nm) {
- set_env("NAME", "");
- } else {
- char *q = strstr(nm, "SAVE-");
- if (!strcmp(nm, "SAVE")) {
- set_env("NAME", "");
- } else if (q == nm) {
- q += strlen("SAVE-");
- set_env("NAME", q);
- } else {
- set_env("NAME", nm);
- }
- }
-
- system(cmd);
- unlink(scr);
-
- free(cmd);
- free(scr);
-}
-
-void sslEncKey(char *path, int mode) {
- char *openssl = find_openssl_bin();
- char *scr, *cert = NULL, *tca, *cdir = NULL;
- char line[1024], tmp[] = "/tmp/x11vnc-tmp.XXXXXX";
- int tmp_fd, incert, info_only = 0, delete_only = 0, listlong = 0;
- struct stat sbuf;
- FILE *file;
- static int depth = 0;
-
- if (depth > 0) {
- /* get_saved_pem may call us back. */
- return;
- }
-
- if (! path) {
- return;
- }
-
- depth++;
-
- if (mode == 1) {
- info_only = 1;
- } else if (mode == 2) {
- delete_only = 1;
- }
-
- if (! openssl) {
- exit(1);
- }
-
- cdir = get_Cert_dir(NULL, &tca);
- if (! cdir || ! tca) {
- fprintf(stderr, "could not find Cert dir\n");
- exit(1);
- }
-
- if (!strcasecmp(path, "LL") || !strcasecmp(path, "LISTL")) {
- listlong = 1;
- path = "LIST";
- }
-
- if (strstr(path, "SAVE") == path) {
- char *p = get_saved_pem(path, 0);
- if (p == NULL) {
- fprintf(stderr, "could not find saved pem "
- "matching: %s\n", path);
- exit(1);
- }
- path = p;
-
- } else if (!strcmp(path, "CA")) {
- tca = (char *) malloc(strlen(cdir)+strlen("/CA/cacert.pem")+1);
- sprintf(tca, "%s/CA/cacert.pem", cdir);
- path = tca;
-
- } else if (info_only && (!strcasecmp(path, "LIST") ||
- !strcasecmp(path, "LS") || !strcasecmp(path, "ALL"))) {
-
- if (! program_name || strchr(program_name, ' ')) {
- fprintf(stderr, "bad program name.\n");
- exit(1);
- }
- if (strchr(cdir, '\'')) {
- fprintf(stderr, "bad certdir char: %s\n", cdir);
- exit(1);
- }
-
- tca = (char *) malloc(2*strlen(cdir)+strlen(program_name)+1000);
-
- sprintf(tca, "find '%s' | egrep '/(CA|tmp|clients)$|"
- "\\.(crt|pem|key|req)$' | grep -v CA/newcerts", cdir);
-
- if (!strcasecmp(path, "ALL")) {
- /* ugh.. */
- strcat(tca, " | egrep -v 'private/cakey.pem|"
- "(CA|tmp|clients)$' | xargs -n1 ");
- strcat(tca, program_name);
- strcat(tca, " -ssldir '");
- strcat(tca, cdir);
- strcat(tca, "' -sslCertInfo 2>&1 ");
- } else if (listlong) {
- strcat(tca, " | xargs ls -ld ");
- }
- system(tca);
- free(tca);
-
- depth--;
- return;
-
- } else if (info_only && (!strcasecmp(path, "HASHON")
- || !strcasecmp(path, "HASHOFF"))) {
-
- tmp_fd = mkstemp(tmp);
- if (tmp_fd < 0) {
- exit(1);
- }
-
- write(tmp_fd, genCert, strlen(genCert));
- close(tmp_fd);
-
- scr = (char *) malloc(strlen("/bin/sh ") + strlen(tmp) + 1);
- sprintf(scr, "/bin/sh %s", tmp);
-
- set_env("BASE_DIR", cdir);
- set_env("OPENSSL", openssl);
- set_env("TYPE", "server");
- if (!strcasecmp(path, "HASHON")) {
- set_env("HASHON", "1");
- } else {
- set_env("HASHOFF", "1");
- }
- system(scr);
- unlink(tmp);
- free(scr);
-
- depth--;
- return;
- }
-
-
- if (stat(path, &sbuf) != 0) {
- if (strstr(path, "client") || strchr(path, '/') == NULL) {
- int i;
- tca = (char *) malloc(strlen(cdir) + strlen(path) + 100);
- for (i = 1; i <= 15; i++) {
- tca[0] = '\0';
- if ( i == 1) {
- sprintf(tca, "%s/%s", cdir, path);
- } else if (i == 2 && mode > 0) {
- sprintf(tca, "%s/%s.crt", cdir, path);
- } else if (i == 3) {
- sprintf(tca, "%s/%s.pem", cdir, path);
- } else if (i == 4 && mode > 1) {
- sprintf(tca, "%s/%s.req", cdir, path);
- } else if (i == 5 && mode > 1) {
- sprintf(tca, "%s/%s.key", cdir, path);
- } else if (i == 6) {
- sprintf(tca, "%s/clients/%s", cdir, path);
- } else if (i == 7 && mode > 0) {
- sprintf(tca, "%s/clients/%s.crt", cdir, path);
- } else if (i == 8) {
- sprintf(tca, "%s/clients/%s.pem", cdir, path);
- } else if (i == 9 && mode > 1) {
- sprintf(tca, "%s/clients/%s.req", cdir, path);
- } else if (i == 10 && mode > 1) {
- sprintf(tca, "%s/clients/%s.key", cdir, path);
- } else if (i == 11) {
- sprintf(tca, "%s/server-%s", cdir, path);
- } else if (i == 12 && mode > 0) {
- sprintf(tca, "%s/server-%s.crt", cdir, path);
- } else if (i == 13) {
- sprintf(tca, "%s/server-%s.pem", cdir, path);
- } else if (i == 14 && mode > 1) {
- sprintf(tca, "%s/server-%s.req", cdir, path);
- } else if (i == 15 && mode > 1) {
- sprintf(tca, "%s/server-%s.key", cdir, path);
- }
- if (tca[0] == '\0') {
- continue;
- }
- if (stat(tca, &sbuf) == 0) {
- path = tca;
- break;
- }
- }
- }
- }
-
- if (stat(path, &sbuf) != 0) {
- rfbLog("sslEncKey: %s\n", path);
- rfbLogPerror("stat");
- exit(1);
- }
-
- if (! info_only) {
- cert = (char *) malloc(2*(sbuf.st_size + 1024));
- file = fopen(path, "r");
- if (file == NULL) {
- rfbLog("sslEncKey: %s\n", path);
- rfbLogPerror("fopen");
- exit(1);
- }
- incert = 0;
- cert[0] = '\0';
- while (fgets(line, 1024, file) != NULL) {
- if (strstr(line, "-----BEGIN CERTIFICATE-----")
- == line) {
- incert = 1;
- }
- if (incert) {
- if (strlen(cert)+strlen(line) <
- 2 * (size_t) sbuf.st_size) {
- strcat(cert, line);
- }
- }
- if (strstr(line, "-----END CERTIFICATE-----")
- == line) {
- incert = 0;
- }
- }
- fclose(file);
- }
-
- tmp_fd = mkstemp(tmp);
- if (tmp_fd < 0) {
- exit(1);
- }
-
- write(tmp_fd, genCert, strlen(genCert));
- close(tmp_fd);
-
- scr = (char *) malloc(strlen("/bin/sh ") + strlen(tmp) + 1);
- sprintf(scr, "/bin/sh %s", tmp);
-
- set_env("BASE_DIR", "/no/such/dir");
- set_env("OPENSSL", openssl);
- set_env("TYPE", "server");
- if (info_only) {
- set_env("INFO_ONLY", path);
- } else if (delete_only) {
- set_env("DELETE_ONLY", path);
- } else {
- set_env("ENCRYPT_ONLY", path);
- }
- system(scr);
- unlink(tmp);
-
- if (! mode && cert && cert[0] != '\0') {
- int got_cert = 0;
- file = fopen(path, "r");
- if (file == NULL) {
- rfbLog("sslEncKey: %s\n", path);
- rfbLogPerror("fopen");
- exit(1);
- }
- while (fgets(line, 1024, file) != NULL) {
- if (strstr(line, "-----BEGIN CERTIFICATE-----")
- == line) {
- got_cert++;
- }
- if (strstr(line, "-----END CERTIFICATE-----")
- == line) {
- got_cert++;
- }
- }
- fclose(file);
- if (got_cert < 2) {
- file = fopen(path, "a");
- if (file == NULL) {
- rfbLog("sslEncKey: %s\n", path);
- rfbLogPerror("fopen");
- exit(1);
- }
- fprintf(file, "%s", cert);
- fclose(file);
- }
- free(cert);
- }
-
- depth--;
-}
-