pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB

This allows more than one builder to try parsing the data read from STDIN.
author: Tobias Brunner <tobias@strongswan.org> 2013-10-22 14:35:13 +0200
committer: Tobias Brunner <tobias@strongswan.org> 2013-10-23 17:20:39 +0200
commit: 71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5 (patch)
tree: e5781e51230ebdb41b8da3c48b108f99ca5ddb2f
parent: 46cded2627e8796c58a5d494518a6c2ee78fe5ef (diff)
download: strongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.bz2
strongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.xz
11 files changed, 54 insertions, 74 deletions
diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 6710dfb54..4e52272a7 100644
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -17,7 +17,6 @@
 
 ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
 	"BUILD_FROM_FILE",
-	"BUILD_FROM_FD",
 	"BUILD_AGENT_SOCKET",
 	"BUILD_BLOB",
 	"BUILD_BLOB_ASN1_DER",
diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 5ab462fa8..103b823c0 100644
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args);
 enum builder_part_t {
 	/** path to a file encoded in any format, char* */
 	BUILD_FROM_FILE,
-	/** file descriptor to read data, encoded in any format, int */
-	BUILD_FROM_FD,
 	/** unix socket of a ssh/pgp agent, char* */
 	BUILD_AGENT_SOCKET,
 	/** An arbitrary blob of data, chunk_t */
diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index e9d55f3b8..254b1951b 100644
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -455,46 +455,11 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
 }
 
 /**
- * load the credential from a file descriptor
- */
-static void *load_from_fd(int fd, credential_type_t type, int subtype,
-						  identification_t *subject, x509_flag_t flags)
-{
-	char buf[8096];
-	char *pos = buf;
-	ssize_t len, total = 0;
-
-	while (TRUE)
-	{
-		len = read(fd, pos, buf + sizeof(buf) - pos);
-		if (len < 0)
-		{
-			DBG1(DBG_LIB, "reading from file descriptor failed: %s",
-				 strerror(errno));
-			return NULL;
-		}
-		if (len == 0)
-		{
-			break;
-		}
-		total += len;
-		if (total == sizeof(buf))
-		{
-			DBG1(DBG_LIB, "buffer too small to read from file descriptor");
-			return NULL;
-		}
-	}
-	return load_from_blob(chunk_create(buf, total), type, subtype,
-						  subject, flags);
-}
-
-/**
  * Load all kind of PEM encoded credentials.
  */
 static void *pem_load(credential_type_t type, int subtype, va_list args)
 {
 	char *file = NULL;
-	int fd = -1;
 	chunk_t pem = chunk_empty;
 	identification_t *subject = NULL;
 	int flags = 0;
@@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 			case BUILD_FROM_FILE:
 				file = va_arg(args, char*);
 				continue;
-			case BUILD_FROM_FD:
-				fd = va_arg(args, int);
-				continue;
+			case BUILD_BLOB:
 			case BUILD_BLOB_PEM:
 				pem = va_arg(args, chunk_t);
 				continue;
@@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 	{
 		return load_from_file(file, type, subtype, subject, flags);
 	}
-	if (fd != -1)
-	{
-		return load_from_fd(fd, type, subtype, subject, flags);
-	}
 	return NULL;
 }
 
diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 61e829fdf..569b0b738 100644
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
 }
 
 /**
- * Load SSH key from FD
+ * Load SSH key from a blob of data (most likely the content of a file)
  */
-static sshkey_public_key_t *load_from_fd(int fd)
+static sshkey_public_key_t *load_from_blob(chunk_t blob)
 {
 	FILE *stream;
 
-	/* dup the FD as it gets closed in fclose() */
-	fd = dup(fd);
-	if (fd == -1)
-	{
-		return NULL;
-	}
-	stream = fdopen(fd, "r");
+	stream = fmemopen(blob.ptr, blob.len, "r");
 	if (!stream)
 	{
-		close(fd);
 		return NULL;
 	}
 	return load_from_stream(stream);
@@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file)
  */
 sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 {
-	chunk_t blob = chunk_empty;
+	chunk_t sshkey = chunk_empty, blob = chunk_empty;
 	char *file = NULL;
-	int fd = -1;
 
 	while (TRUE)
 	{
 		switch (va_arg(args, builder_part_t))
 		{
 			case BUILD_BLOB_SSHKEY:
-				blob = va_arg(args, chunk_t);
+				sshkey = va_arg(args, chunk_t);
 				continue;
 			case BUILD_FROM_FILE:
 				file = va_arg(args, char*);
 				continue;
-			case BUILD_FROM_FD:
-				fd = va_arg(args, int);
+			case BUILD_BLOB:
+				blob = va_arg(args, chunk_t);
 				continue;
 			case BUILD_END:
 				break;
@@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 		}
 		break;
 	}
-	if (blob.ptr)
+	if (sshkey.ptr)
 	{
-		return parse_public_key(blob);
+		return parse_public_key(sshkey);
 	}
 	if (file)
 	{
 		return load_from_file(file);
 	}
-	if (fd != -1)
+	if (blob.ptr)
 	{
-		return load_from_fd(fd);
+		return load_from_blob(blob);
 	}
 	return NULL;
 }
diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 9d669dfdd..000f63d1a 100644
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -380,9 +380,13 @@ static int issue()
 		}
 		else
 		{
+			chunk_t chunk;
+
+			chunk = chunk_from_fd(0);
 			cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
 										  CERT_PKCS10_REQUEST,
-										  BUILD_FROM_FD, 0, BUILD_END);
+										  BUILD_BLOB, chunk, BUILD_END);
+			free(chunk.ptr);
 		}
 		if (!cert_req)
 		{
@@ -419,8 +423,12 @@ static int issue()
 		}
 		else
 		{
+			chunk_t chunk;
+
+			chunk = chunk_from_fd(0);
 			public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
-										 BUILD_FROM_FD, 0, BUILD_END);
+										 BUILD_BLOB, chunk, BUILD_END);
+			free(chunk.ptr);
 		}
 	}
 	if (!public)
diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 6d2f7b915..353670e32 100644
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -87,8 +87,12 @@ static int keyid()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cred)
 	{
diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 90cf254c8..2261e44ff 100644
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
 
 	if (crl->is_delta_crl(crl, &chunk))
 	{
-		chunk = chunk_skip_zero(chunk);		
+		chunk = chunk_skip_zero(chunk);
 		printf("delta CRL: for serial %#B\n", &chunk);
 	}
 	chunk = crl->get_authKeyIdentifier(crl);
@@ -508,8 +508,12 @@ static int print()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cred)
 	{
diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 537af5159..7f88055ef 100644
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -101,13 +101,17 @@ static int pub()
 
 		chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
 		cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
-									 BUILD_PKCS11_KEYID, chunk, BUILD_END);
+								  BUILD_PKCS11_KEYID, chunk, BUILD_END);
 		free(chunk.ptr);
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-									 BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 
 	if (type == CRED_PRIVATE_KEY)
diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index e269f64ea..628463e7b 100644
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -116,8 +116,12 @@ static int req()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-									 BUILD_FROM_FD, 0, BUILD_END);
+									 BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!private)
 	{
diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index a1f17c8f9..6bf0b1353 100644
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -271,8 +271,12 @@ static int self()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-									 BUILD_FROM_FD, 0, BUILD_END);
+									 BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!private)
 	{
diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 11c596d78..96b2b5065 100644
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -55,8 +55,12 @@ static int verify()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cert)
 	{
author	Tobias Brunner <tobias@strongswan.org>	2013-10-22 14:35:13 +0200
committer	Tobias Brunner <tobias@strongswan.org>	2013-10-23 17:20:39 +0200
commit	71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5 (patch)
tree	e5781e51230ebdb41b8da3c48b108f99ca5ddb2f
parent	46cded2627e8796c58a5d494518a6c2ee78fe5ef (diff)
download	strongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.bz2 strongswan-71c9565a3a4935f6da55fcf74fd8ec8aafdd3df5.tar.xz