pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB
This allows more than one builder to try parsing the data read from STDIN.
This commit is contained in:
parent
46cded2627
commit
71c9565a3a
|
@ -17,7 +17,6 @@
|
|||
|
||||
ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
|
||||
"BUILD_FROM_FILE",
|
||||
"BUILD_FROM_FD",
|
||||
"BUILD_AGENT_SOCKET",
|
||||
"BUILD_BLOB",
|
||||
"BUILD_BLOB_ASN1_DER",
|
||||
|
|
|
@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args);
|
|||
enum builder_part_t {
|
||||
/** path to a file encoded in any format, char* */
|
||||
BUILD_FROM_FILE,
|
||||
/** file descriptor to read data, encoded in any format, int */
|
||||
BUILD_FROM_FD,
|
||||
/** unix socket of a ssh/pgp agent, char* */
|
||||
BUILD_AGENT_SOCKET,
|
||||
/** An arbitrary blob of data, chunk_t */
|
||||
|
|
|
@ -454,47 +454,12 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
|
|||
return cred;
|
||||
}
|
||||
|
||||
/**
|
||||
* load the credential from a file descriptor
|
||||
*/
|
||||
static void *load_from_fd(int fd, credential_type_t type, int subtype,
|
||||
identification_t *subject, x509_flag_t flags)
|
||||
{
|
||||
char buf[8096];
|
||||
char *pos = buf;
|
||||
ssize_t len, total = 0;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
len = read(fd, pos, buf + sizeof(buf) - pos);
|
||||
if (len < 0)
|
||||
{
|
||||
DBG1(DBG_LIB, "reading from file descriptor failed: %s",
|
||||
strerror(errno));
|
||||
return NULL;
|
||||
}
|
||||
if (len == 0)
|
||||
{
|
||||
break;
|
||||
}
|
||||
total += len;
|
||||
if (total == sizeof(buf))
|
||||
{
|
||||
DBG1(DBG_LIB, "buffer too small to read from file descriptor");
|
||||
return NULL;
|
||||
}
|
||||
}
|
||||
return load_from_blob(chunk_create(buf, total), type, subtype,
|
||||
subject, flags);
|
||||
}
|
||||
|
||||
/**
|
||||
* Load all kind of PEM encoded credentials.
|
||||
*/
|
||||
static void *pem_load(credential_type_t type, int subtype, va_list args)
|
||||
{
|
||||
char *file = NULL;
|
||||
int fd = -1;
|
||||
chunk_t pem = chunk_empty;
|
||||
identification_t *subject = NULL;
|
||||
int flags = 0;
|
||||
|
@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
|
|||
case BUILD_FROM_FILE:
|
||||
file = va_arg(args, char*);
|
||||
continue;
|
||||
case BUILD_FROM_FD:
|
||||
fd = va_arg(args, int);
|
||||
continue;
|
||||
case BUILD_BLOB:
|
||||
case BUILD_BLOB_PEM:
|
||||
pem = va_arg(args, chunk_t);
|
||||
continue;
|
||||
|
@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
|
|||
{
|
||||
return load_from_file(file, type, subtype, subject, flags);
|
||||
}
|
||||
if (fd != -1)
|
||||
{
|
||||
return load_from_fd(fd, type, subtype, subject, flags);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
|
|
@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
|
|||
}
|
||||
|
||||
/**
|
||||
* Load SSH key from FD
|
||||
* Load SSH key from a blob of data (most likely the content of a file)
|
||||
*/
|
||||
static sshkey_public_key_t *load_from_fd(int fd)
|
||||
static sshkey_public_key_t *load_from_blob(chunk_t blob)
|
||||
{
|
||||
FILE *stream;
|
||||
|
||||
/* dup the FD as it gets closed in fclose() */
|
||||
fd = dup(fd);
|
||||
if (fd == -1)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
stream = fdopen(fd, "r");
|
||||
stream = fmemopen(blob.ptr, blob.len, "r");
|
||||
if (!stream)
|
||||
{
|
||||
close(fd);
|
||||
return NULL;
|
||||
}
|
||||
return load_from_stream(stream);
|
||||
|
@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file)
|
|||
*/
|
||||
sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
|
||||
{
|
||||
chunk_t blob = chunk_empty;
|
||||
chunk_t sshkey = chunk_empty, blob = chunk_empty;
|
||||
char *file = NULL;
|
||||
int fd = -1;
|
||||
|
||||
while (TRUE)
|
||||
{
|
||||
switch (va_arg(args, builder_part_t))
|
||||
{
|
||||
case BUILD_BLOB_SSHKEY:
|
||||
blob = va_arg(args, chunk_t);
|
||||
sshkey = va_arg(args, chunk_t);
|
||||
continue;
|
||||
case BUILD_FROM_FILE:
|
||||
file = va_arg(args, char*);
|
||||
continue;
|
||||
case BUILD_FROM_FD:
|
||||
fd = va_arg(args, int);
|
||||
case BUILD_BLOB:
|
||||
blob = va_arg(args, chunk_t);
|
||||
continue;
|
||||
case BUILD_END:
|
||||
break;
|
||||
|
@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
|
|||
}
|
||||
break;
|
||||
}
|
||||
if (blob.ptr)
|
||||
if (sshkey.ptr)
|
||||
{
|
||||
return parse_public_key(blob);
|
||||
return parse_public_key(sshkey);
|
||||
}
|
||||
if (file)
|
||||
{
|
||||
return load_from_file(file);
|
||||
}
|
||||
if (fd != -1)
|
||||
if (blob.ptr)
|
||||
{
|
||||
return load_from_fd(fd);
|
||||
return load_from_blob(blob);
|
||||
}
|
||||
return NULL;
|
||||
}
|
||||
|
|
|
@ -380,9 +380,13 @@ static int issue()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
|
||||
CERT_PKCS10_REQUEST,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!cert_req)
|
||||
{
|
||||
|
@ -419,8 +423,12 @@ static int issue()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
}
|
||||
if (!public)
|
||||
|
|
|
@ -87,8 +87,12 @@ static int keyid()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
cred = lib->creds->create(lib->creds, type, subtype,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!cred)
|
||||
{
|
||||
|
|
|
@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
|
|||
|
||||
if (crl->is_delta_crl(crl, &chunk))
|
||||
{
|
||||
chunk = chunk_skip_zero(chunk);
|
||||
chunk = chunk_skip_zero(chunk);
|
||||
printf("delta CRL: for serial %#B\n", &chunk);
|
||||
}
|
||||
chunk = crl->get_authKeyIdentifier(crl);
|
||||
|
@ -508,8 +508,12 @@ static int print()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
cred = lib->creds->create(lib->creds, type, subtype,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!cred)
|
||||
{
|
||||
|
|
|
@ -101,13 +101,17 @@ static int pub()
|
|||
|
||||
chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
|
||||
cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
|
||||
BUILD_PKCS11_KEYID, chunk, BUILD_END);
|
||||
BUILD_PKCS11_KEYID, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
cred = lib->creds->create(lib->creds, type, subtype,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
|
||||
if (type == CRED_PRIVATE_KEY)
|
||||
|
|
|
@ -116,8 +116,12 @@ static int req()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!private)
|
||||
{
|
||||
|
|
|
@ -271,8 +271,12 @@ static int self()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!private)
|
||||
{
|
||||
|
|
|
@ -55,8 +55,12 @@ static int verify()
|
|||
}
|
||||
else
|
||||
{
|
||||
chunk_t chunk;
|
||||
|
||||
chunk = chunk_from_fd(0);
|
||||
cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
|
||||
BUILD_FROM_FD, 0, BUILD_END);
|
||||
BUILD_BLOB, chunk, BUILD_END);
|
||||
free(chunk.ptr);
|
||||
}
|
||||
if (!cert)
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue