diff --git a/src/lib/deskflow/ArgParser.cpp b/src/lib/deskflow/ArgParser.cpp index 6b15dedd2..06902fb00 100644 --- a/src/lib/deskflow/ArgParser.cpp +++ b/src/lib/deskflow/ArgParser.cpp @@ -37,8 +37,6 @@ bool ArgParser::parseServerArgs(deskflow::ServerArgs &args, int argc, const char } else if (isArg(i, argc, argv, "-c", "--config", 1)) { // save configuration file path args.m_configFile = argv[++i]; - } else if (isArg(i, argc, argv, nullptr, "--disable-client-cert-check")) { - args.m_chkPeerCert = false; } else { LOG_CRIT("%s: unrecognized option `%s'" BYE, "deskflow-core", argv[i], "deskflow-core"); return false; diff --git a/src/lib/deskflow/CoreArgParser.cpp b/src/lib/deskflow/CoreArgParser.cpp index dcd2036c1..cb0c96f66 100644 --- a/src/lib/deskflow/CoreArgParser.cpp +++ b/src/lib/deskflow/CoreArgParser.cpp @@ -109,6 +109,13 @@ void CoreArgParser::parse() (m_parser.value(CoreArgs::useHooksOption) == "1")); Settings::setValue(Settings::Core::UseHooks, value); } + + if (m_parser.isSet(CoreArgs::peerCheckOption)) { + bool value = + ((m_parser.value(CoreArgs::peerCheckOption).toLower() == "true") || + (m_parser.value(CoreArgs::peerCheckOption) == "1")); + Settings::setValue(Settings::Security::CheckPeers, value); + } } [[noreturn]] void CoreArgParser::showHelpText() const diff --git a/src/lib/deskflow/CoreArgs.h b/src/lib/deskflow/CoreArgs.h index 0cc58f49f..1fcd4f069 100644 --- a/src/lib/deskflow/CoreArgs.h +++ b/src/lib/deskflow/CoreArgs.h @@ -58,20 +58,13 @@ struct CoreArgs inline static const auto useHooksOption = QCommandLineOption("useHooks", "Sets if hooks are used for windows desks", "value"); - inline static const auto options = { - helpOption, - versionOption, - configOption, - interfaceOption, - portOption, - nameOption, - logLevelOption, - logFileOption, - secureOption, - tlsCertOption, - preventSleepOption, - restartOption, - displayOption, - useHooksOption - }; + // Server Options + inline static const auto peerCheckOption = QCommandLineOption( + "peerCertCheck", "Server Mode: Enable client SSL certificate checking (default: true)", "value" + ); + + inline static const auto options = {helpOption, versionOption, configOption, interfaceOption, + portOption, nameOption, logLevelOption, logFileOption, + secureOption, tlsCertOption, preventSleepOption, restartOption, + displayOption, useHooksOption, peerCheckOption}; }; diff --git a/src/lib/deskflow/ServerApp.cpp b/src/lib/deskflow/ServerApp.cpp index d00e96357..aa72927d7 100644 --- a/src/lib/deskflow/ServerApp.cpp +++ b/src/lib/deskflow/ServerApp.cpp @@ -107,8 +107,6 @@ void ServerApp::help() help << "\n\nServer Mode:\n\n" << "Usage: " << kAppId << "-core server \n" << " -c, --config path of the configuration file\n" - << " --disable-client-cert-check disable client SSL certificate \n" - " checking (deprecated)\n" << s_helpVersionArgs << "\n" << s_helpNoWayland; @@ -507,7 +505,7 @@ ClientListener *ServerApp::openClientListener(const NetworkAddress &address) using enum SecurityLevel; auto securityLevel = PlainText; if (Settings::value(Settings::Security::TlsEnabled).toBool()) { - if (args().m_chkPeerCert) { + if (Settings::value(Settings::Security::CheckPeers).toBool()) { securityLevel = PeerAuth; } else { securityLevel = Encrypted; diff --git a/src/lib/deskflow/ServerArgs.h b/src/lib/deskflow/ServerArgs.h index 608e2ecfa..87ff41395 100644 --- a/src/lib/deskflow/ServerArgs.h +++ b/src/lib/deskflow/ServerArgs.h @@ -29,7 +29,6 @@ public: public: std::string m_configFile = ""; std::shared_ptr m_config; - bool m_chkPeerCert = true; }; } // namespace deskflow diff --git a/src/lib/gui/core/CoreProcess.cpp b/src/lib/gui/core/CoreProcess.cpp index 63c7f87b6..55e99051d 100644 --- a/src/lib/gui/core/CoreProcess.cpp +++ b/src/lib/gui/core/CoreProcess.cpp @@ -459,10 +459,6 @@ bool CoreProcess::addServerArgs(QStringList &args) args << "--log" << Settings::value(Settings::Log::File).toString(); } - if (!Settings::value(Settings::Security::CheckPeers).toBool()) { - args << "--disable-client-cert-check"; - } - QString configFilename = persistServerConfig(); if (configFilename.isEmpty()) { qFatal("config file name empty for server args"); diff --git a/src/unittests/deskflow/CoreArgParserTests.cpp b/src/unittests/deskflow/CoreArgParserTests.cpp index c8cb959f7..aa85b91b4 100644 --- a/src/unittests/deskflow/CoreArgParserTests.cpp +++ b/src/unittests/deskflow/CoreArgParserTests.cpp @@ -290,6 +290,26 @@ void CoreArgParserTests::hookOptions_true() QVERIFY(Settings::value(Settings::Core::UseHooks).toBool()); } +void CoreArgParserTests::server_peerCheck_false() +{ + QStringList args = {"stub", "server", "--peerCertCheck", "false"}; + + CoreArgParser parser(args); + parser.parse(); + + QVERIFY(!Settings::value(Settings::Security::CheckPeers).toBool()); +} + +void CoreArgParserTests::server_peerCheck_true() +{ + QStringList args = {"stub", "server", "--peerCertCheck", "true"}; + + CoreArgParser parser(args); + parser.parse(); + + QVERIFY(Settings::value(Settings::Security::CheckPeers).toBool()); +} + void CoreArgParserTests::preventSleep_true() { QStringList args = {"stub", "client", "--prevent-sleep", "true"}; diff --git a/src/unittests/deskflow/CoreArgParserTests.h b/src/unittests/deskflow/CoreArgParserTests.h index 3202161fd..e714c6eb0 100644 --- a/src/unittests/deskflow/CoreArgParserTests.h +++ b/src/unittests/deskflow/CoreArgParserTests.h @@ -42,6 +42,8 @@ private Q_SLOTS: void restartShortOption_true(); void hookOptions_false(); void hookOptions_true(); + void server_peerCheck_false(); + void server_peerCheck_true(); private: inline static const QString m_settingsPath = QStringLiteral("tmp/test");