Reconsider X.509 cert data to be TLS connection _configuration_

TigerVNC · Mar 19, 2024 · 333bc14 · 333bc14
1 parent e834cab
commit 333bc14
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 36 deletions.
diff --git a/common/os/os.cxx b/common/os/os.cxx
@@ -117,11 +117,6 @@ const char* os::getvncconfigdir()
   return getvncdir(false, "XDG_CONFIG_HOME", ".config");
 }
 
-const char* os::getvncdatadir()
-{
-  return getvncdir(false, "XDG_DATA_HOME", ".local/share");
-}
-
 const char* os::getvncstatedir()
 {
   return getvncdir(false, "XDG_STATE_HOME", ".local/state");

diff --git a/common/os/os.h b/common/os/os.h
@@ -41,16 +41,6 @@ namespace os {
    */
   const char* getvncconfigdir();
 
-  /*
-   * Get VNC data directory. On Unix-like systems, this is either:
-   * - $XDG_DATA_HOME/tigervnc
-   * - $HOME/.local/share/tigervnc
-   * On Windows, this is simply %APPDATA%/vnc/.
-   *
-   * Returns NULL on failure.
-   */
-  const char* getvncdatadir();
-
   /*
    * Get VNC state (logs) directory. On Unix-like systems, this is either:
    * - $XDG_STATE_HOME/tigervnc

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
@@ -58,22 +58,27 @@
 
 using namespace rfb;
 
-static const char* vncdirfn(const char* fn, const char* dir);
+static const char* configdirfn(const char* fn);
 
 StringParameter CSecurityTLS::X509CA("X509CA", "X509 CA certificate",
-                                     vncdirfn("x509_ca.pem", os::getvncconfigdir()),
+                                     configdirfn("x509_ca.pem"),
                                      ConfViewer);
 StringParameter CSecurityTLS::X509CRL("X509CRL", "X509 CRL file",
-                                     vncdirfn("x509_crl.pem", os::getvncdatadir()),
+                                     configdirfn("x509_crl.pem"),
                                      ConfViewer);
 
 static LogWriter vlog("TLS");
 
-static const char* vncdirfn(const char* fn, const char* dir)
+static const char* configdirfn(const char* fn)
 {
   static char full_path[PATH_MAX];
+  const char* configdir;
 
-  snprintf(full_path, sizeof(full_path), "%s/%s", dir, fn);
+  configdir = os::getvncconfigdir();
+  if (configdir == NULL)
+    return "";
+
+  snprintf(full_path, sizeof(full_path), "%s/%s", configdir, fn);
   return full_path;
 }
 
@@ -379,7 +384,7 @@ void CSecurityTLS::checkSession()
 
   /* Certificate has some user overridable problems, so TOFU time */
 
-  hostsDir = os::getvncdatadir();
+  hostsDir = os::getvncconfigdir();
   if (hostsDir == NULL) {
     throw AuthFailureException("Could not obtain VNC config directory "
                                "path for known hosts storage");

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -95,7 +95,7 @@ public static String getDefaultCA() {
   public static String getDefaultCRL() {
     if (UserPreferences.get("viewer", "x509crl") != null)
       return UserPreferences.get("viewer", "x509crl");
-    return FileUtils.getVncDataDir()+"x509_crl.pem";
+    return FileUtils.getVncConfigDir()+"x509_crl.pem";
   }
 
   public static void setDefaults()
@@ -277,7 +277,7 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
 			      "do you want to continue?"))
           throw new AuthFailureException("server certificate has expired");
       }
-      File vncDir = new File(FileUtils.getVncDataDir());
+      File vncDir = new File(FileUtils.getVncConfigDir());
       if (!vncDir.exists()) {
         try {
           vncDir.mkdir();

diff --git a/java/com/tigervnc/vncviewer/FileUtils.java b/java/com/tigervnc/vncviewer/FileUtils.java
@@ -61,7 +61,7 @@ public static String getHomeDir() {
     return homeDir + getFileSeparator();
   }
 
-  public static String getVncDir(String xdgEnv, String xdgDefault) {
+  public static String getVncConfigDir() {
     File legacyDir = new File(getVncHomeDir());
     String os = System.getProperty("os.name");
 
@@ -83,23 +83,15 @@ public static String getVncDir(String xdgEnv, String xdgDefault) {
         vlog.info("WARNING: ~/.vnc is deprecated, see https://github.com/TigerVNC/tigervnc/pull/1737");
         return getVncHomeDir();
       }
-      String xdgBaseDir = System.getenv(xdgEnv);
-      if (xdgBaseDir != null && xdgBaseDir.startsWith("/")) {
-        return xdgBaseDir + getFileSeparator() + "tigervnc" + getFileSeparator();
+      String configHome = System.getenv("XDG_CONFIG_HOME");
+      if (configHome != null && configHome.startsWith("/")) {
+        return configHome + getFileSeparator() + "tigervnc" + getFileSeparator();
       } else {
-        return getHomeDir() + xdgDefault + getFileSeparator() + "tigervnc" + getFileSeparator();
+        return getHomeDir() + ".config" + getFileSeparator() + "tigervnc" + getFileSeparator();
       }
     }
   }
 
-  public static String getVncConfigDir() {
-    return getVncDir("XDG_CONFIG_HOME", ".config");
-  }
-
-  public static String getVncDataDir() {
-    return getVncDir("XDG_DATA_HOME", ".local" + getFileSeparator() + "share");
-  }
-
   @Deprecated
   public static String getVncHomeDir() {
     return getHomeDir()+".vnc"+getFileSeparator();