pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB

This allows more than one builder to try parsing the data read from STDIN.
2013-10-22 14:35:13 +02:00 · 2013-10-22 14:35:13 +02:00 · 71c9565a3a
parent 46cded2627
commit 71c9565a3a
11 changed files with 54 additions and 74 deletions
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@ -17,7 +17,6 @@

 ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
 	"BUILD_FROM_FILE",
-	"BUILD_FROM_FD",
 	"BUILD_AGENT_SOCKET",
 	"BUILD_BLOB",
 	"BUILD_BLOB_ASN1_DER",
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args);
 enum builder_part_t {
 	/** path to a file encoded in any format, char* */
 	BUILD_FROM_FILE,
-	/** file descriptor to read data, encoded in any format, int */
-	BUILD_FROM_FD,
 	/** unix socket of a ssh/pgp agent, char* */
 	BUILD_AGENT_SOCKET,
 	/** An arbitrary blob of data, chunk_t */
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@ -454,47 +454,12 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
 	return cred;
 }

-/**
- * load the credential from a file descriptor
- */
-static void *load_from_fd(int fd, credential_type_t type, int subtype,
-						  identification_t *subject, x509_flag_t flags)
-{
-	char buf[8096];
-	char *pos = buf;
-	ssize_t len, total = 0;
-
-	while (TRUE)
-	{
-		len = read(fd, pos, buf + sizeof(buf) - pos);
-		if (len < 0)
-		{
-			DBG1(DBG_LIB, "reading from file descriptor failed: %s",
-				 strerror(errno));
-			return NULL;
-		}
-		if (len == 0)
-		{
-			break;
-		}
-		total += len;
-		if (total == sizeof(buf))
-		{
-			DBG1(DBG_LIB, "buffer too small to read from file descriptor");
-			return NULL;
-		}
-	}
-	return load_from_blob(chunk_create(buf, total), type, subtype,
-						  subject, flags);
-}
-
 /**
 * Load all kind of PEM encoded credentials.
 */
 static void *pem_load(credential_type_t type, int subtype, va_list args)
 {
 	char *file = NULL;
-	int fd = -1;
 	chunk_t pem = chunk_empty;
 	identification_t *subject = NULL;
 	int flags = 0;
@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 			case BUILD_FROM_FILE:
 				file = va_arg(args, char*);
 				continue;
-			case BUILD_FROM_FD:
-				fd = va_arg(args, int);
-				continue;
+			case BUILD_BLOB:
 			case BUILD_BLOB_PEM:
 				pem = va_arg(args, chunk_t);
 				continue;
@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
 	{
 		return load_from_file(file, type, subtype, subject, flags);
 	}
-	if (fd != -1)
-	{
-		return load_from_fd(fd, type, subtype, subject, flags);
-	}
 	return NULL;
 }

--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
 }

 /**
- * Load SSH key from FD
+ * Load SSH key from a blob of data (most likely the content of a file)
 */
-static sshkey_public_key_t *load_from_fd(int fd)
+static sshkey_public_key_t *load_from_blob(chunk_t blob)
 {
 	FILE *stream;

-	/* dup the FD as it gets closed in fclose() */
-	fd = dup(fd);
-	if (fd == -1)
-	{
-		return NULL;
-	}
-	stream = fdopen(fd, "r");
+	stream = fmemopen(blob.ptr, blob.len, "r");
 	if (!stream)
 	{
-		close(fd);
 		return NULL;
 	}
 	return load_from_stream(stream);
@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file)
 */
 sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 {
-	chunk_t blob = chunk_empty;
+	chunk_t sshkey = chunk_empty, blob = chunk_empty;
 	char *file = NULL;
-	int fd = -1;

 	while (TRUE)
 	{
 		switch (va_arg(args, builder_part_t))
 		{
 			case BUILD_BLOB_SSHKEY:
-				blob = va_arg(args, chunk_t);
+				sshkey = va_arg(args, chunk_t);
 				continue;
 			case BUILD_FROM_FILE:
 				file = va_arg(args, char*);
 				continue;
-			case BUILD_FROM_FD:
-				fd = va_arg(args, int);
+			case BUILD_BLOB:
+				blob = va_arg(args, chunk_t);
 				continue;
 			case BUILD_END:
 				break;
@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 		}
 		break;
 	}
-	if (blob.ptr)
+	if (sshkey.ptr)
 	{
-		return parse_public_key(blob);
+		return parse_public_key(sshkey);
 	}
 	if (file)
 	{
 		return load_from_file(file);
 	}
-	if (fd != -1)
+	if (blob.ptr)
 	{
-		return load_from_fd(fd);
+		return load_from_blob(blob);
 	}
 	return NULL;
 }
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@ -380,9 +380,13 @@ static int issue()
 		}
 		else
 		{
+			chunk_t chunk;
+
+			chunk = chunk_from_fd(0);
 			cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
 										  CERT_PKCS10_REQUEST,
-										  BUILD_FROM_FD, 0, BUILD_END);
+										  BUILD_BLOB, chunk, BUILD_END);
+			free(chunk.ptr);
 		}
 		if (!cert_req)
 		{
@ -419,8 +423,12 @@ static int issue()
 		}
 		else
 		{
+			chunk_t chunk;
+
+			chunk = chunk_from_fd(0);
 			public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
-										 BUILD_FROM_FD, 0, BUILD_END);
+										 BUILD_BLOB, chunk, BUILD_END);
+			free(chunk.ptr);
 		}
 	}
 	if (!public)
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@ -87,8 +87,12 @@ static int keyid()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cred)
 	{
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)

 	if (crl->is_delta_crl(crl, &chunk))
 	{
-		chunk = chunk_skip_zero(chunk);		
+		chunk = chunk_skip_zero(chunk);
 		printf("delta CRL: for serial %#B\n", &chunk);
 	}
 	chunk = crl->get_authKeyIdentifier(crl);
@ -508,8 +508,12 @@ static int print()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cred)
 	{
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@ -101,13 +101,17 @@ static int pub()

 		chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
 		cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
-									 BUILD_PKCS11_KEYID, chunk, BUILD_END);
+								  BUILD_PKCS11_KEYID, chunk, BUILD_END);
 		free(chunk.ptr);
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cred = lib->creds->create(lib->creds, type, subtype,
-									 BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}

 	if (type == CRED_PRIVATE_KEY)
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@ -116,8 +116,12 @@ static int req()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-									 BUILD_FROM_FD, 0, BUILD_END);
+									 BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!private)
 	{
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@ -271,8 +271,12 @@ static int self()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-									 BUILD_FROM_FD, 0, BUILD_END);
+									 BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!private)
 	{
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@ -55,8 +55,12 @@ static int verify()
 	}
 	else
 	{
+		chunk_t chunk;
+
+		chunk = chunk_from_fd(0);
 		cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-								  BUILD_FROM_FD, 0, BUILD_END);
+								  BUILD_BLOB, chunk, BUILD_END);
+		free(chunk.ptr);
 	}
 	if (!cert)
 	{