ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity

swanctl: Allow specifying pubkeys directly via 0x/0s prefix

This commit is contained in:
Tobias Brunner 2017-01-18 17:46:27 +01:00
parent bd6ef6be7e
commit 75665375b7
1 changed files with 41 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

72
src/swanctl/commands/load_conns.c
View File

@ -98,7 +98,7 @@ static void add_list_key(vici_req_t *req, char *key, char *value)
static bool add_file_list_key(vici_req_t *req, char *key, char *value) static bool add_file_list_key(vici_req_t *req, char *key, char *value)
{ {
enumerator_t *enumerator; enumerator_t *enumerator;
chunk_t *map; chunk_t *map, blob;
char *token, buf[PATH_MAX]; char *token, buf[PATH_MAX];
bool ret = TRUE; bool ret = TRUE;
@ -106,40 +106,50 @@ static bool add_file_list_key(vici_req_t *req, char *key, char *value)
enumerator = enumerator_create_token(value, ",", " "); enumerator = enumerator_create_token(value, ",", " ");
while (enumerator->enumerate(enumerator, &token)) while (enumerator->enumerate(enumerator, &token))
{ {
if (!path_absolute(token)) if (strcasepfx(token, "0x") || strcasepfx(token, "0s"))
{ {
if (streq(key, "certs")) blob = chunk_from_str(token + 2);
{ blob = strcasepfx(token, "0x") ? chunk_from_hex(blob, NULL)
snprintf(buf, sizeof(buf), "%s%s%s", : chunk_from_base64(blob, NULL);
SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token); vici_add_list_item(req, blob.ptr, blob.len);
token = buf; chunk_free(&blob);
}
else if (streq(key, "cacerts"))
{
snprintf(buf, sizeof(buf), "%s%s%s",
SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token);
token = buf;
}
else if (streq(key, "pubkeys"))
{
snprintf(buf, sizeof(buf), "%s%s%s",
SWANCTL_PUBKEYDIR, DIRECTORY_SEPARATOR, token);
token = buf;
}
}
map = chunk_map(token, FALSE);
if (map)
{
vici_add_list_item(req, map->ptr, map->len);
chunk_unmap(map);
} }
else else
{ {
fprintf(stderr, "loading %s certificate '%s' failed: %s\n", if (!path_absolute(token))
key, token, strerror(errno)); {
ret = FALSE; if (streq(key, "certs"))
break; {
snprintf(buf, sizeof(buf), "%s%s%s",
SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token);
token = buf;
}
else if (streq(key, "cacerts"))
{
snprintf(buf, sizeof(buf), "%s%s%s",
SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token);
token = buf;
}
else if (streq(key, "pubkeys"))
{
snprintf(buf, sizeof(buf), "%s%s%s",
SWANCTL_PUBKEYDIR, DIRECTORY_SEPARATOR, token);
token = buf;
}
}
map = chunk_map(token, FALSE);
if (map)
{
vici_add_list_item(req, map->ptr, map->len);
chunk_unmap(map);
}
else
{
fprintf(stderr, "loading %s certificate '%s' failed: %s\n",
key, token, strerror(errno));
ret = FALSE;
break;
}
} }
} }
enumerator->destroy(enumerator); enumerator->destroy(enumerator);