aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2013-10-22 14:35:13 +0200
committerTobias Brunner <tobias@strongswan.org>2013-10-23 17:20:39 +0200
commit71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5 (patch)
treee5781e51230ebdb41b8da3c48b108f99ca5ddb2f
parent46cded2627e8796c58a5d494518a6c2ee78fe5ef (diff)
downloadstrongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.bz2
strongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.xz
pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB
This allows more than one builder to try parsing the data read from STDIN.
-rw-r--r--src/libstrongswan/credentials/builder.c1
-rw-r--r--src/libstrongswan/credentials/builder.h2
-rw-r--r--src/libstrongswan/plugins/pem/pem_builder.c43
-rw-r--r--src/libstrongswan/plugins/sshkey/sshkey_builder.c30
-rw-r--r--src/pki/commands/issue.c12
-rw-r--r--src/pki/commands/keyid.c6
-rw-r--r--src/pki/commands/print.c8
-rw-r--r--src/pki/commands/pub.c8
-rw-r--r--src/pki/commands/req.c6
-rw-r--r--src/pki/commands/self.c6
-rw-r--r--src/pki/commands/verify.c6
11 files changed, 54 insertions, 74 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 6710dfb54..4e52272a7 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -17,7 +17,6 @@
ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
"BUILD_FROM_FILE",
- "BUILD_FROM_FD",
"BUILD_AGENT_SOCKET",
"BUILD_BLOB",
"BUILD_BLOB_ASN1_DER",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 5ab462fa8..103b823c0 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args);
enum builder_part_t {
/** path to a file encoded in any format, char* */
BUILD_FROM_FILE,
- /** file descriptor to read data, encoded in any format, int */
- BUILD_FROM_FD,
/** unix socket of a ssh/pgp agent, char* */
BUILD_AGENT_SOCKET,
/** An arbitrary blob of data, chunk_t */
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index e9d55f3b8..254b1951b 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -455,46 +455,11 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
}
/**
- * load the credential from a file descriptor
- */
-static void *load_from_fd(int fd, credential_type_t type, int subtype,
- identification_t *subject, x509_flag_t flags)
-{
- char buf[8096];
- char *pos = buf;
- ssize_t len, total = 0;
-
- while (TRUE)
- {
- len = read(fd, pos, buf + sizeof(buf) - pos);
- if (len < 0)
- {
- DBG1(DBG_LIB, "reading from file descriptor failed: %s",
- strerror(errno));
- return NULL;
- }
- if (len == 0)
- {
- break;
- }
- total += len;
- if (total == sizeof(buf))
- {
- DBG1(DBG_LIB, "buffer too small to read from file descriptor");
- return NULL;
- }
- }
- return load_from_blob(chunk_create(buf, total), type, subtype,
- subject, flags);
-}
-
-/**
* Load all kind of PEM encoded credentials.
*/
static void *pem_load(credential_type_t type, int subtype, va_list args)
{
char *file = NULL;
- int fd = -1;
chunk_t pem = chunk_empty;
identification_t *subject = NULL;
int flags = 0;
@@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
case BUILD_FROM_FILE:
file = va_arg(args, char*);
continue;
- case BUILD_FROM_FD:
- fd = va_arg(args, int);
- continue;
+ case BUILD_BLOB:
case BUILD_BLOB_PEM:
pem = va_arg(args, chunk_t);
continue;
@@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
{
return load_from_file(file, type, subtype, subject, flags);
}
- if (fd != -1)
- {
- return load_from_fd(fd, type, subtype, subject, flags);
- }
return NULL;
}
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 61e829fdf..569b0b738 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
}
/**
- * Load SSH key from FD
+ * Load SSH key from a blob of data (most likely the content of a file)
*/
-static sshkey_public_key_t *load_from_fd(int fd)
+static sshkey_public_key_t *load_from_blob(chunk_t blob)
{
FILE *stream;
- /* dup the FD as it gets closed in fclose() */
- fd = dup(fd);
- if (fd == -1)
- {
- return NULL;
- }
- stream = fdopen(fd, "r");
+ stream = fmemopen(blob.ptr, blob.len, "r");
if (!stream)
{
- close(fd);
return NULL;
}
return load_from_stream(stream);
@@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file)
*/
sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
{
- chunk_t blob = chunk_empty;
+ chunk_t sshkey = chunk_empty, blob = chunk_empty;
char *file = NULL;
- int fd = -1;
while (TRUE)
{
switch (va_arg(args, builder_part_t))
{
case BUILD_BLOB_SSHKEY:
- blob = va_arg(args, chunk_t);
+ sshkey = va_arg(args, chunk_t);
continue;
case BUILD_FROM_FILE:
file = va_arg(args, char*);
continue;
- case BUILD_FROM_FD:
- fd = va_arg(args, int);
+ case BUILD_BLOB:
+ blob = va_arg(args, chunk_t);
continue;
case BUILD_END:
break;
@@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
}
break;
}
- if (blob.ptr)
+ if (sshkey.ptr)
{
- return parse_public_key(blob);
+ return parse_public_key(sshkey);
}
if (file)
{
return load_from_file(file);
}
- if (fd != -1)
+ if (blob.ptr)
{
- return load_from_fd(fd);
+ return load_from_blob(blob);
}
return NULL;
}
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 9d669dfdd..000f63d1a 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -380,9 +380,13 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
CERT_PKCS10_REQUEST,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert_req)
{
@@ -419,8 +423,12 @@ static int issue()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
}
if (!public)
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 6d2f7b915..353670e32 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -87,8 +87,12 @@ static int keyid()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 90cf254c8..2261e44ff 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
if (crl->is_delta_crl(crl, &chunk))
{
- chunk = chunk_skip_zero(chunk);
+ chunk = chunk_skip_zero(chunk);
printf("delta CRL: for serial %#B\n", &chunk);
}
chunk = crl->get_authKeyIdentifier(crl);
@@ -508,8 +508,12 @@ static int print()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cred)
{
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 537af5159..7f88055ef 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -101,13 +101,17 @@ static int pub()
chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
- BUILD_PKCS11_KEYID, chunk, BUILD_END);
+ BUILD_PKCS11_KEYID, chunk, BUILD_END);
free(chunk.ptr);
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cred = lib->creds->create(lib->creds, type, subtype,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (type == CRED_PRIVATE_KEY)
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index e269f64ea..628463e7b 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -116,8 +116,12 @@ static int req()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index a1f17c8f9..6bf0b1353 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -271,8 +271,12 @@ static int self()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!private)
{
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 11c596d78..96b2b5065 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -55,8 +55,12 @@ static int verify()
}
else
{
+ chunk_t chunk;
+
+ chunk = chunk_from_fd(0);
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
- BUILD_FROM_FD, 0, BUILD_END);
+ BUILD_BLOB, chunk, BUILD_END);
+ free(chunk.ptr);
}
if (!cert)
{