儲存庫 vbox 的更動 105136
- 時間撮記:
- 2024-7-4 上午09:02:33 (5 月 以前)
- 檔案:
-
- 修改 1 筆資料
圖例:
- 未更動
- 新增
- 刪除
-
trunk/src/VBox/Main/src-server/VRDEServerImpl.cpp
r105130 r105136 55 55 #define VRDP_DEFAULT_PORT_STR "3389" 56 56 57 #define VRDE_AUTO_GENENERATED_CERT_FILENAME "VRDEAutoGeneratedCert.pem" 58 #define VRDE_AUTO_GENENERATED_PKEY_FILENAME "VRDEAutoGeneratedPrivateKey.pem" 59 60 57 61 // constructor / destructor 58 62 ///////////////////////////////////////////////////////////////////////////// … … 238 242 * 239 243 * @note Locks this object for writing. 240 */244 */ 241 245 int VRDEServer::i_generateServerCertificate() 242 246 { 243 Utf8Str strServerCertificate( "VRDEAutoGeneratedCert.pem");247 Utf8Str strServerCertificate(VRDE_AUTO_GENENERATED_CERT_FILENAME); 244 248 int vrc = mParent->i_calculateFullPath(strServerCertificate, strServerCertificate); 245 249 AssertRCReturn(vrc, vrc); 246 250 247 Utf8Str strServerPrivateKey( "VRDEAutoGeneratedPrivateKey.pem");251 Utf8Str strServerPrivateKey(VRDE_AUTO_GENENERATED_PKEY_FILENAME); 248 252 vrc = mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey); 249 253 AssertRCReturn(vrc, vrc); 250 254 251 255 AutoReadLock mlock(mParent COMMA_LOCKVAL_SRC_POS); 252 Utf8Str strVMName = mParent->i_getName();256 Utf8Str const strVMName = mParent->i_getName(); 253 257 mlock.release(); 254 258 … … 286 290 287 291 /** 288 * Checks validity of auto-generated certificates, sets VRDE properties, and deletes files if necessary. 292 * Checks validity of auto-generated certificates, sets VRDE properties, and 293 * regenerates obsolete or missing files as necessary. 289 294 * 290 295 * @note Locks this object for writing. … … 292 297 HRESULT VRDEServer::i_certificateRepair(BOOL &certificateGenerated) 293 298 { 294 if ( (mData->mapProperties["Security/Method"] != "RDP" || mData->mapProperties["Security/Method"] != "None"))295 { 296 Utf8Str strServerCertificate( "VRDEAutoGeneratedCert.pem");299 if (mData->mapProperties["Security/Method"] != "RDP" || mData->mapProperties["Security/Method"] != "None") 300 { 301 Utf8Str strServerCertificate(VRDE_AUTO_GENENERATED_CERT_FILENAME); 297 302 int vrc = mParent->i_calculateFullPath(strServerCertificate, strServerCertificate); 298 303 AssertRCReturn(vrc, VBOX_E_IPRT_ERROR); 299 304 300 Utf8Str strServerPrivateKey( "VRDEAutoGeneratedPrivateKey.pem");305 Utf8Str strServerPrivateKey(VRDE_AUTO_GENENERATED_PKEY_FILENAME); 301 306 vrc = mParent->i_calculateFullPath(strServerPrivateKey, strServerPrivateKey); 302 307 AssertRCReturn(vrc, VBOX_E_IPRT_ERROR); 303 308 304 if ( RTFileExists(strServerPrivateKey.c_str()) && RTFileExists(strServerCertificate.c_str()) ) 305 { 306 /* Check validity of certificate */ 309 bool const fServerPrivateKeyExists = RTFileExists(strServerPrivateKey.c_str()); 310 bool const fServerCertificate = RTFileExists(strServerCertificate.c_str()); 311 if (fServerPrivateKeyExists && fServerCertificate) 312 { 313 /* 314 * Check that the certificate is valid right now and for the next 365 days. 315 * 316 * The ASSUMPTIONS here are that the automatically generated certificates 317 * are valid for at least two years (currently ~10 years) and that VMs 318 * doesn't typically stay up more than a year before being completely 319 * restarted. The latter assumption is of course a big one, as we've no 320 * control what users do here, but a year seems reasonable while not being 321 * too aggressive. 322 */ 323 RTERRINFOSTATIC ErrInfo; 307 324 RTCRX509CERTIFICATE certificate; 308 325 vrc = RTCrX509Certificate_ReadFromFile(&certificate, strServerCertificate.c_str(), RTCRX509CERT_READ_F_PEM_ONLY, 309 &g_RTAsn1DefaultAllocator, NULL);310 if (RT_FAILURE(vrc))326 &g_RTAsn1DefaultAllocator, RTErrInfoInitStatic(&ErrInfo)); 327 if (RT_FAILURE(vrc)) 311 328 { 312 329 RTCrX509Certificate_Delete(&certificate); 313 return setError(VBOX_E_IPRT_ERROR, tr("Failed to read server certificate: (%Rrc)\n"), vrc); 330 return setError(VBOX_E_IPRT_ERROR, tr("Failed to read server certificate '%s': %Rrc%#RTeim\n"), 331 strServerCertificate.c_str(), vrc, &ErrInfo.Core); 314 332 } 315 333 316 334 RTTIMESPEC Now; 317 bool const validCert = RTCrX509Validity_IsValidAtTimeSpec(&certificate.TbsCertificate.Validity, RTTimeNow(&Now)); 335 bool const validCert = RTCrX509Validity_IsValidAtTimeSpec(&certificate.TbsCertificate.Validity, RTTimeNow(&Now)) 336 && RTCrX509Validity_IsValidAtTimeSpec(&certificate.TbsCertificate.Validity, 337 RTTimeSpecAddSeconds(&Now, 365 * RT_SEC_1DAY_64)); 318 338 319 339 RTCrX509Certificate_Delete(&certificate); 320 340 321 Utf8Str strPath = mData->mapProperties["Security/ServerCertificate"];322 if ( strPath.isEmpty() && validCert)341 Utf8Str const strPath = mData->mapProperties["Security/ServerCertificate"]; 342 if (validCert && strPath.isEmpty()) 323 343 { 324 344 /* … … 333 353 alock.release(); 334 354 certificateGenerated = true; 355 LogRel(("VRDE: Reconfigured using existing '%s' and '%s' files.\n", 356 strServerCertificate.c_str(), strServerPrivateKey.c_str())); 335 357 } 336 else if ( (strPath.isEmpty() || strstr(strPath.c_str(),"VRDEAutoGeneratedCert.pem")) && !validCert) 358 else if ( !validCert 359 && (strPath.isEmpty() || RTStrICmp(RTPathFilename(strPath.c_str()), VRDE_AUTO_GENENERATED_CERT_FILENAME))) 337 360 { 338 /* Certificate is not valid so delete the files and create new ones */ 361 /* 362 * Certificate is not valid so delete the files and create new ones 363 */ 364 LogRel(("VRDE: Regenerating expired or expiring certificate files '%s' and '%s'...\n", 365 strServerCertificate.c_str(), strServerPrivateKey.c_str())); 339 366 RTFileDelete(strServerPrivateKey.c_str()); 340 367 RTFileDelete(strServerCertificate.c_str()); … … 348 375 } 349 376 } 350 else if (RTFileExists(strServerPrivateKey.c_str())) /* If only one of cert/key pair exists */ 351 { 377 /* 378 * If only one of cert/key pair exists, delete the file and generate a new matching. 379 */ 380 else if (fServerPrivateKeyExists) 381 { 382 LogRel(("VRDE: Orphaned private key file found. Regenerating certificate files '%s' and '%s'...\n", 383 strServerCertificate.c_str(), strServerPrivateKey.c_str())); 352 384 RTFileDelete(strServerPrivateKey.c_str()); 353 385 vrc = i_generateServerCertificate(); … … 359 391 certificateGenerated = true; 360 392 } 361 else if (RTFileExists(strServerCertificate.c_str())) 362 { 393 else if (fServerCertificate) 394 { 395 LogRel(("VRDE: Orphaned certificate file found. Regenerating certificate files '%s' and '%s'...\n", 396 strServerCertificate.c_str(), strServerPrivateKey.c_str())); 363 397 RTFileDelete(strServerCertificate.c_str()); 364 398 vrc = i_generateServerCertificate(); … … 370 404 certificateGenerated = true; 371 405 } 406 /* 407 * Auto-generated certificate and key files do not exist 408 * If the server certificate property is not set 409 * or indicates an auto-generated certificate should exist, create one 410 */ 372 411 else 373 412 { 374 /* 375 * Auto-generated certificate and key files do not exist 376 * If the server certificate property is not set 377 * or indicates an auto-generated certificate should exist, create one 378 */ 379 Utf8Str strPath = mData->mapProperties["Security/ServerCertificate"]; 380 if (strPath.isEmpty() || strstr(strPath.c_str(),"VRDEAutoGeneratedCert.pem")) 413 Utf8Str const strPath = mData->mapProperties["Security/ServerCertificate"]; 414 if (strPath.isEmpty() || RTStrICmp(RTPathFilename(strPath.c_str()), VRDE_AUTO_GENENERATED_CERT_FILENAME) == 0) 381 415 { 416 LogRel(("VRDE: Generating certificate files '%s' and '%s'...\n", 417 strServerCertificate.c_str(), strServerPrivateKey.c_str())); 382 418 vrc = i_generateServerCertificate(); 383 419 if (RT_FAILURE(vrc))
注意:
瀏覽 TracChangeset
來幫助您使用更動檢視器