2
Copyright (C) 2002-2010 Karl J. Runge <runge@karlrunge.com>
5
This file is part of x11vnc.
7
x11vnc is free software; you can redistribute it and/or modify
8
it under the terms of the GNU General Public License as published by
9
the Free Software Foundation; either version 2 of the License, or (at
10
your option) any later version.
12
x11vnc is distributed in the hope that it will be useful,
13
but WITHOUT ANY WARRANTY; without even the implied warranty of
14
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15
GNU General Public License for more details.
17
You should have received a copy of the GNU General Public License
18
along with x11vnc; if not, write to the Free Software
19
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA
20
or see <http://www.gnu.org/licenses/>.
22
In addition, as a special exception, Karl J. Runge
23
gives permission to link the code of its release of x11vnc with the
24
OpenSSL project's "OpenSSL" library (or with modified versions of it
25
that use the same license as the "OpenSSL" library), and distribute
26
the linked executables. You must obey the GNU General Public License
27
in all respects for all of the code used other than "OpenSSL". If you
28
modify this file, you may extend this exception to your version of the
29
file, but you are not obligated to do so. If you do not wish to do
30
so, delete this exception statement from your version.
1
33
/* -- sslcmds.c -- */
18
#ifdef NO_SSL_OR_UNIXPW
23
51
void check_stunnel(void);
24
int start_stunnel(int stunnel_port, int x11vnc_port);
52
int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport);
25
53
void stop_stunnel(void);
26
54
void setup_stunnel(int rport, int *argc, char **argv);
27
55
char *get_Cert_dir(char *cdir_in, char **tmp_in);
56
void sslScripts(void);
28
57
void sslGenCA(char *cdir);
29
58
void sslGenCert(char *ty, char *nm);
30
59
void sslEncKey(char *path, int info_only);
61
int start_stunnel(int stunnel_port, int x11vnc_port) {
90
int start_stunnel(int stunnel_port, int x11vnc_port, int hport, int x11vnc_hport) {
63
92
char extra[] = ":/usr/sbin:/usr/local/sbin:/dist/sbin";
64
93
char *path, *p, *exe;
65
94
char *stunnel_path = NULL;
66
95
struct stat verify_buf;
97
int status, tmp_pem = 0;
126
sprintf(exe, "%s/%s", p, "stunnel4");
127
if (! stunnel_path && stat(exe, &sbuf) == 0) {
128
if (! S_ISDIR(sbuf.st_mode)) {
96
134
sprintf(exe, "%s/%s", p, "stunnel");
97
135
if (! stunnel_path && stat(exe, &sbuf) == 0) {
98
136
if (! S_ISDIR(sbuf.st_mode)) {
138
182
" saved PEM.\n");
139
183
clean_up_exit(1);
185
} else if (!stunnel_pem) {
186
stunnel_pem = create_tmp_pem(NULL, 0);
188
rfbLog("start_stunnel: could not create temporary,"
189
" self-signed PEM.\n");
193
if (getenv("X11VNC_SHOW_TMP_PEM")) {
194
FILE *in = fopen(stunnel_pem, "r");
197
fprintf(stderr, "\n");
198
while (fgets(line, 128, in) != NULL) {
199
fprintf(stderr, "%s", line);
201
fprintf(stderr, "\n");
143
207
if (ssl_verify) {
208
char *file = get_ssl_verify_file(ssl_verify);
144
212
if (stat(ssl_verify, &verify_buf) != 0) {
145
213
rfbLog("stunnel: %s does not exist.\n", ssl_verify);
146
214
clean_up_exit(1);
218
if (stat(ssl_crl, &crl_buf) != 0) {
219
rfbLog("stunnel: %s does not exist.\n", ssl_crl);
150
224
stunnel_pid = fork();
208
297
fprintf(in, "foreground = yes\n");
209
298
fprintf(in, "pid =\n");
210
299
if (stunnel_pem) {
211
300
fprintf(in, "cert = %s\n", stunnel_pem);
303
if(S_ISDIR(crl_buf.st_mode)) {
304
fprintf(in, "CRLpath = %s\n", ssl_crl);
306
fprintf(in, "CRLfile = %s\n", ssl_crl);
213
309
if (ssl_verify) {
214
310
if(S_ISDIR(verify_buf.st_mode)) {
215
311
fprintf(in, "CApath = %s\n", ssl_verify);
217
313
fprintf(in, "CAfile = %s\n", ssl_verify);
219
/* XXX double check -v 2 */
220
315
fprintf(in, "verify = 2\n");
222
317
fprintf(in, ";debug = 7\n\n");
223
318
fprintf(in, "[x11vnc_stunnel]\n");
224
fprintf(in, "accept = %d\n", stunnel_port);
319
fprintf(in, "accept = %s%d\n", st_if, stunnel_port);
225
320
fprintf(in, "connect = %d\n", x11vnc_port);
322
if (hport > 0 && x11vnc_hport > 0) {
323
fprintf(in, "\n[x11vnc_http]\n");
324
fprintf(in, "accept = %s%d\n", st_if, hport);
325
fprintf(in, "connect = %d\n", x11vnc_hport);
331
if (getenv("STUNNEL_DEBUG")) {
333
fprintf(stderr, "\nstunnel config contents:\n\n");
334
while (fgets(line, sizeof(line), in) != NULL) {
335
fprintf(stderr, "%s", line);
337
fprintf(stderr, "\n");
230
341
sprintf(fd, "%d", fileno(in));
231
342
execlp(stunnel_path, stunnel_path, "-fd", fd, (char *) NULL);
238
349
waitpid(stunnel_pid, &status, WNOHANG);
351
if (ssl_verify && strstr(ssl_verify, "/sslverify-tmp-load-")) {
239
362
if (kill(stunnel_pid, 0) != 0) {
240
363
waitpid(stunnel_pid, &status, WNOHANG);
270
393
void setup_stunnel(int rport, int *argc, char **argv) {
394
int i, xport = 0, hport = 0, xhport = 0;
272
396
if (! rport && argc && argv) {
273
397
for (i=0; i< *argc; i++) {
274
398
if (argv[i] && !strcmp(argv[i], "-rfbport")) {
275
399
if (i < *argc - 1) {
276
400
rport = atoi(argv[i+1]);
293
416
goto stunnel_fail;
296
if (start_stunnel(rport, xport)) {
419
if (https_port_num > 0) {
420
hport = https_port_num;
423
if (! hport && argc && argv) {
424
for (i=0; i< *argc; i++) {
425
if (argv[i] && !strcmp(argv[i], "-httpport")) {
427
hport = atoi(argv[i+1]);
433
if (! hport && http_try_it) {
434
hport = find_free_port(rport-100, rport-1);
440
xhport = find_free_port(5850, 5899);
444
stunnel_http_port = hport;
448
if (start_stunnel(rport, xport, hport, xhport)) {
299
451
sprintf(tmp, "%d", xport);
585
void sslScripts(void) {
586
fprintf(stdout, "======================================================\n");
587
fprintf(stdout, "genCA script for '-sslGenCA':\n\n");
588
fprintf(stdout, "%s\n", genCA);
589
fprintf(stdout, "======================================================\n");
590
fprintf(stdout, "genCert script for '-sslGenCert', etc.:\n\n");
591
fprintf(stdout, "%s\n", genCert);
433
594
void sslGenCA(char *cdir) {
434
595
char *cmd, *scr = getsslscript(cdir, "genca", genCA);