use directory enumerator to load authcerts

2009-10-15 18:01:10 +02:00 · 2009-10-15 18:01:10 +02:00 · 215b0402b3
parent ff1ca9a8a3
commit 215b0402b3
4 changed files with 30 additions and 39 deletions
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@ -15,12 +15,12 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
-#include <unistd.h>
-#include <dirent.h>
 #include <time.h>
+#include <sys/stat.h>
 #include <sys/types.h>

-#include <utils/identification.h>
+#include <debug.h>
+#include <utils/enumerator.h>

 #include <freeswan.h>

@ -284,44 +284,36 @@ x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags)
 /*
 *  Loads authority certificates
 */
-void load_authcerts(const char *type, const char *path, x509_flag_t auth_flags)
+void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
 {
-	struct dirent **filelist;
-	u_char buf[BUF_LEN];
-	u_char *save_dir;
-	int n;
+	enumerator_t *enumerator;
+	struct stat st;
+	char *file;

-	/* change directory to specified path */
-	save_dir = getcwd(buf, BUF_LEN);
+	DBG1("loading %s certificates from '%s'", type, path);

-	if (chdir(path))
+	enumerator = enumerator_create_directory(path);
+	if (!enumerator)
 	{
-		plog("Could not change to directory '%s'", path);
+		DBG1("  reading directory '%s' failed");
+		return;
 	}
-	else
+
+	while (enumerator->enumerate(enumerator, NULL, &file, &st))
 	{
-		plog("Changing to directory '%s'", path);
-		n = scandir(path, &filelist, file_select, alphasort);
+		cert_t cert;

-		if (n < 0)
-			plog("  scandir() error");
-		else
+		if (!S_ISREG(st.st_mode))
 		{
-			while (n--)
-			{
-				cert_t cert;
-
-				if (load_cert(filelist[n]->d_name, type, auth_flags, &cert))
-				{
-					add_authcert(cert.u.x509, auth_flags);
-				}
-				free(filelist[n]);
-			}
-			free(filelist);
+			/* skip special file */
+			continue;
+		}
+		if (load_cert(file, type, auth_flags, &cert))
+		{
+			add_authcert(cert.u.x509, auth_flags);
 		}
 	}
-	/* restore directory path */
-	ignore_result(chdir(save_dir));
+	enumerator->destroy(enumerator);
 }

 /*
--- a/src/pluto/ca.h
+++ b/src/pluto/ca.h
@ -44,8 +44,7 @@ extern bool match_requested_ca(linked_list_t *requested_ca,
 							   identification_t *our_ca, int *our_pathlen);
 extern x509cert_t* get_authcert(identification_t *subject, chunk_t keyid,
 								x509_flag_t auth_flags);
-extern void load_authcerts(const char *type, const char *path,
-						   x509_flag_t auth_flags);
+extern void load_authcerts(char *type, char *path, x509_flag_t auth_flags);
 extern x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags);
 extern void free_authcerts(void);
 extern void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc);
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@ -721,11 +721,11 @@ int main(int argc, char **argv)
 #endif /* CAPABILITIES */

 	/* loading X.509 CA certificates */
-	load_authcerts("CA", CA_CERT_PATH, X509_CA);
+	load_authcerts("ca", CA_CERT_PATH, X509_CA);
 	/* loading X.509 AA certificates */
-	load_authcerts("AA", AA_CERT_PATH, X509_AA);
+	load_authcerts("aa", AA_CERT_PATH, X509_AA);
 	/* loading X.509 OCSP certificates */
-	load_authcerts("OCSP", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+	load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
 	/* loading X.509 CRLs */
 	load_crls();
 	/* loading attribute certificates (experimental) */
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@ -440,17 +440,17 @@ void whack_handle(int whackctlfd)

 	if (msg.whack_reread & REREAD_CACERTS)
 	{
-		load_authcerts("CA cert", CA_CERT_PATH, X509_CA);
+		load_authcerts("ca", CA_CERT_PATH, X509_CA);
 	}

 	if (msg.whack_reread & REREAD_AACERTS)
 	{
-		load_authcerts("AA cert", AA_CERT_PATH, X509_AA);
+		load_authcerts("aa", AA_CERT_PATH, X509_AA);
 	}

 	if (msg.whack_reread & REREAD_OCSPCERTS)
 	{
-		load_authcerts("OCSP cert", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+		load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
 	}

 	if (msg.whack_reread & REREAD_ACERTS)