Use XDG_DATA_HOME for X.509 known hosts file

TigerVNC · Mar 26, 2024 · ed56b3e · ed56b3e
1 parent 93cb5b2
commit ed56b3e
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 11 deletions.
diff --git a/common/os/os.cxx b/common/os/os.cxx
@@ -116,6 +116,11 @@ const char* os::getvncconfigdir()
   return getvncdir(false, "XDG_CONFIG_HOME", ".config");
 }
 
+const char* os::getvncdatadir()
+{
+  return getvncdir(false, "XDG_DATA_HOME", ".local/share");
+}
+
 const char* os::getvncstatedir()
 {
   return getvncdir(false, "XDG_STATE_HOME", ".local/state");

diff --git a/common/os/os.h b/common/os/os.h
@@ -41,6 +41,17 @@ namespace os {
    */
   const char* getvncconfigdir();
 
+  /*
+   * Get VNC data directory used for X.509 known hosts.
+   * On Unix-like systems, this is either:
+   * - $XDG_DATA_HOME/tigervnc
+   * - $HOME/.local/share/tigervnc
+   * On Windows, this is simply %APPDATA%/vnc/.
+   *
+   * Returns NULL on failure.
+   */
+  const char* getvncdatadir();
+
   /*
    * Get VNC state (logs) directory. On Unix-like systems, this is either:
    * - $XDG_STATE_HOME/tigervnc

diff --git a/common/rfb/CSecurityTLS.cxx b/common/rfb/CSecurityTLS.cxx
@@ -384,9 +384,9 @@ void CSecurityTLS::checkSession()
 
   /* Certificate has some user overridable problems, so TOFU time */
 
-  hostsDir = os::getvncconfigdir();
+  hostsDir = os::getvncdatadir();
   if (hostsDir == NULL) {
-    throw AuthFailureException("Could not obtain VNC config directory "
+    throw AuthFailureException("Could not obtain VNC data directory "
                                "path for known hosts storage");
   }
 

diff --git a/java/com/tigervnc/rfb/CSecurityTLS.java b/java/com/tigervnc/rfb/CSecurityTLS.java
@@ -277,12 +277,12 @@ public void checkServerTrusted(X509Certificate[] chain, String authType)
 			      "do you want to continue?"))
           throw new AuthFailureException("server certificate has expired");
       }
-      File vncDir = new File(FileUtils.getVncConfigDir());
+      File vncDir = new File(FileUtils.getVncDataDir());
       if (!vncDir.exists()) {
         try {
           vncDir.mkdir();
         } catch(SecurityException e) {
-          throw new AuthFailureException("Could not obtain VNC home directory "+
+          throw new AuthFailureException("Could not obtain VNC data directory "+
                                          "path for known hosts storage");
         }
       }

diff --git a/java/com/tigervnc/vncviewer/FileUtils.java b/java/com/tigervnc/vncviewer/FileUtils.java
@@ -61,7 +61,7 @@ public static String getHomeDir() {
     return homeDir + getFileSeparator();
   }
 
-  public static String getVncConfigDir() {
+  public static String getVncDir(String xdgEnv, String xdgDefault) {
     File legacyDir = new File(getHomeDir() + ".vnc" + getFileSeparator());
     String os = System.getProperty("os.name");
 
@@ -82,15 +82,21 @@ public static String getVncConfigDir() {
       if (legacyDir.exists()) {
         return legacyDir.getPath();
       }
-      String configHome = System.getenv("XDG_CONFIG_HOME");
-      if (configHome != null && configHome.startsWith("/")) {
-        return configHome + getFileSeparator() + "tigervnc" + getFileSeparator();
-      } else {
-        return getHomeDir() + ".config" + getFileSeparator() + "tigervnc" + getFileSeparator();
-      }
+      String xdgBaseDir = System.getenv(xdgEnv);
+      return (xdgBaseDir != null && xdgBaseDir.startsWith("/"))
+        ? xdgBaseDir + getFileSeparator() + "tigervnc" + getFileSeparator()
+        : getHomeDir() + xdgDefault + getFileSeparator() + "tigervnc" + getFileSeparator();
     }
   }
 
+  public static String getVncConfigDir() {
+    return getVncDir("XDG_CONFIG_HOME", ".config");
+  }
+
+  public static String getVncDataDir() {
+    return getVncDir("XDG_DATA_HOME", ".local" + getFileSeparator() + "share");
+  }
+
   public static String getFileSeparator() {
     String separator = null;
     try {