pki: Replace BUILD_FROM_FD with passing a chunk via BUILD_BLOB

This allows more than one builder to try parsing the data read from STDIN.

diff --git a/src/libstrongswan/credentials/builder.c b/src/libstrongswan/credentials/builder.c
index 6710dfb54a797696d3586e30ac6803f5f238aced..4e52272a7c18e48b3fd8f85f7c4eb994ebc1d409 100644 (file)
--- a/src/libstrongswan/credentials/builder.c
+++ b/src/libstrongswan/credentials/builder.c
@@ -17,7 +17,6 @@
 
 ENUM(builder_part_names, BUILD_FROM_FILE, BUILD_END,
        "BUILD_FROM_FILE",
-       "BUILD_FROM_FD",
        "BUILD_AGENT_SOCKET",
        "BUILD_BLOB",
        "BUILD_BLOB_ASN1_DER",

diff --git a/src/libstrongswan/credentials/builder.h b/src/libstrongswan/credentials/builder.h
index 5ab462fa8c5c79fea4466b3f46f9064163ab263b..103b823c0f82a30e80bb38b17c0b48d9bbd2b69f 100644 (file)
--- a/src/libstrongswan/credentials/builder.h
+++ b/src/libstrongswan/credentials/builder.h
@@ -45,8 +45,6 @@ typedef void* (*builder_function_t)(int subtype, va_list args);
 enum builder_part_t {
        /** path to a file encoded in any format, char* */
        BUILD_FROM_FILE,
-       /** file descriptor to read data, encoded in any format, int */
-       BUILD_FROM_FD,
        /** unix socket of a ssh/pgp agent, char* */
        BUILD_AGENT_SOCKET,
        /** An arbitrary blob of data, chunk_t */

diff --git a/src/libstrongswan/plugins/pem/pem_builder.c b/src/libstrongswan/plugins/pem/pem_builder.c
index e9d55f3b879435dc055811270abe2258b0f64749..254b1951b24b34f84cc83251c52585693dfbcf60 100644 (file)
--- a/src/libstrongswan/plugins/pem/pem_builder.c
+++ b/src/libstrongswan/plugins/pem/pem_builder.c
@@ -454,47 +454,12 @@ static void *load_from_file(char *file, credential_type_t type, int subtype,
        return cred;
 }
 
-/**
- * load the credential from a file descriptor
- */
-static void *load_from_fd(int fd, credential_type_t type, int subtype,
-                                                 identification_t *subject, x509_flag_t flags)
-{
-       char buf[8096];
-       char *pos = buf;
-       ssize_t len, total = 0;
-
-       while (TRUE)
-       {
-               len = read(fd, pos, buf + sizeof(buf) - pos);
-               if (len < 0)
-               {
-                       DBG1(DBG_LIB, "reading from file descriptor failed: %s",
-                                strerror(errno));
-                       return NULL;
-               }
-               if (len == 0)
-               {
-                       break;
-               }
-               total += len;
-               if (total == sizeof(buf))
-               {
-                       DBG1(DBG_LIB, "buffer too small to read from file descriptor");
-                       return NULL;
-               }
-       }
-       return load_from_blob(chunk_create(buf, total), type, subtype,
-                                                 subject, flags);
-}
-
 /**
  * Load all kind of PEM encoded credentials.
  */
 static void *pem_load(credential_type_t type, int subtype, va_list args)
 {
        char *file = NULL;
-       int fd = -1;
        chunk_t pem = chunk_empty;
        identification_t *subject = NULL;
        int flags = 0;
@@ -506,9 +471,7 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
                        case BUILD_FROM_FILE:
                                file = va_arg(args, char*);
                                continue;
-                       case BUILD_FROM_FD:
-                               fd = va_arg(args, int);
-                               continue;
+                       case BUILD_BLOB:
                        case BUILD_BLOB_PEM:
                                pem = va_arg(args, chunk_t);
                                continue;
@@ -534,10 +497,6 @@ static void *pem_load(credential_type_t type, int subtype, va_list args)
        {
                return load_from_file(file, type, subtype, subject, flags);
        }
-       if (fd != -1)
-       {
-               return load_from_fd(fd, type, subtype, subject, flags);
-       }
        return NULL;
 }
 

diff --git a/src/libstrongswan/plugins/sshkey/sshkey_builder.c b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
index 61e829fdff8abbc5adddf95701f9394370bd0aca..569b0b73840ec5a03030673c6ce1398b87083951 100644 (file)
--- a/src/libstrongswan/plugins/sshkey/sshkey_builder.c
+++ b/src/libstrongswan/plugins/sshkey/sshkey_builder.c
@@ -162,22 +162,15 @@ static sshkey_public_key_t *load_from_stream(FILE *file)
 }
 
 /**
- * Load SSH key from FD
+ * Load SSH key from a blob of data (most likely the content of a file)
  */
-static sshkey_public_key_t *load_from_fd(int fd)
+static sshkey_public_key_t *load_from_blob(chunk_t blob)
 {
        FILE *stream;
 
-       /* dup the FD as it gets closed in fclose() */
-       fd = dup(fd);
-       if (fd == -1)
-       {
-               return NULL;
-       }
-       stream = fdopen(fd, "r");
+       stream = fmemopen(blob.ptr, blob.len, "r");
        if (!stream)
        {
-               close(fd);
                return NULL;
        }
        return load_from_stream(stream);
@@ -204,22 +197,21 @@ static sshkey_public_key_t *load_from_file(char *file)
  */
 sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
 {
-       chunk_t blob = chunk_empty;
+       chunk_t sshkey = chunk_empty, blob = chunk_empty;
        char *file = NULL;
-       int fd = -1;
 
        while (TRUE)
        {
                switch (va_arg(args, builder_part_t))
                {
                        case BUILD_BLOB_SSHKEY:
-                               blob = va_arg(args, chunk_t);
+                               sshkey = va_arg(args, chunk_t);
                                continue;
                        case BUILD_FROM_FILE:
                                file = va_arg(args, char*);
                                continue;
-                       case BUILD_FROM_FD:
-                               fd = va_arg(args, int);
+                       case BUILD_BLOB:
+                               blob = va_arg(args, chunk_t);
                                continue;
                        case BUILD_END:
                                break;
@@ -228,17 +220,17 @@ sshkey_public_key_t *sshkey_public_key_load(key_type_t type, va_list args)
                }
                break;
        }
-       if (blob.ptr)
+       if (sshkey.ptr)
        {
-               return parse_public_key(blob);
+               return parse_public_key(sshkey);
        }
        if (file)
        {
                return load_from_file(file);
        }
-       if (fd != -1)
+       if (blob.ptr)
        {
-               return load_from_fd(fd);
+               return load_from_blob(blob);
        }
        return NULL;
 }

diff --git a/src/pki/commands/issue.c b/src/pki/commands/issue.c
index 9d669dfddad275259d848dc92862f55b094ac709..000f63d1a80b9eb0ddaa47a7e7df1ea4b63769df 100644 (file)
--- a/src/pki/commands/issue.c
+++ b/src/pki/commands/issue.c
@@ -380,9 +380,13 @@ static int issue()
                }
                else
                {
+                       chunk_t chunk;
+
+                       chunk = chunk_from_fd(0);
                        cert_req = lib->creds->create(lib->creds, CRED_CERTIFICATE,
                                                                                  CERT_PKCS10_REQUEST,
-                                                                                 BUILD_FROM_FD, 0, BUILD_END);
+                                                                                 BUILD_BLOB, chunk, BUILD_END);
+                       free(chunk.ptr);
                }
                if (!cert_req)
                {
@@ -419,8 +423,12 @@ static int issue()
                }
                else
                {
+                       chunk_t chunk;
+
+                       chunk = chunk_from_fd(0);
                        public = lib->creds->create(lib->creds, CRED_PUBLIC_KEY, KEY_ANY,
-                                                                                BUILD_FROM_FD, 0, BUILD_END);
+                                                                                BUILD_BLOB, chunk, BUILD_END);
+                       free(chunk.ptr);
                }
        }
        if (!public)

diff --git a/src/pki/commands/keyid.c b/src/pki/commands/keyid.c
index 6d2f7b9150a12ee03ec33cf608f72ecaa7e53d87..353670e32a71b0032d24e803a8002e3c54cf782c 100644 (file)
--- a/src/pki/commands/keyid.c
+++ b/src/pki/commands/keyid.c
@@ -87,8 +87,12 @@ static int keyid()
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                cred = lib->creds->create(lib->creds, type, subtype,
-                                                                 BUILD_FROM_FD, 0, BUILD_END);
+                                                                 BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
        if (!cred)
        {

diff --git a/src/pki/commands/print.c b/src/pki/commands/print.c
index 90cf254c8263898889a1711ad3e7c36c2aa32684..2261e44ff995958c8f0d00c5e7cd350bf9f68b71 100644 (file)
--- a/src/pki/commands/print.c
+++ b/src/pki/commands/print.c
@@ -338,7 +338,7 @@ static void print_crl(crl_t *crl)
 
        if (crl->is_delta_crl(crl, &chunk))
        {
-               chunk = chunk_skip_zero(chunk);         
+               chunk = chunk_skip_zero(chunk);
                printf("delta CRL: for serial %#B\n", &chunk);
        }
        chunk = crl->get_authKeyIdentifier(crl);
@@ -508,8 +508,12 @@ static int print()
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                cred = lib->creds->create(lib->creds, type, subtype,
-                                                                 BUILD_FROM_FD, 0, BUILD_END);
+                                                                 BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
        if (!cred)
        {

diff --git a/src/pki/commands/pub.c b/src/pki/commands/pub.c
index 537af5159a5508c435629ed767cbbbf39112185d..7f88055ef4e5872468f1784c4eb239a2c6e1475c 100644 (file)
--- a/src/pki/commands/pub.c
+++ b/src/pki/commands/pub.c
@@ -101,13 +101,17 @@ static int pub()
 
                chunk = chunk_from_hex(chunk_create(keyid, strlen(keyid)), NULL);
                cred = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, KEY_ANY,
-                                                                        BUILD_PKCS11_KEYID, chunk, BUILD_END);
+                                                                 BUILD_PKCS11_KEYID, chunk, BUILD_END);
                free(chunk.ptr);
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                cred = lib->creds->create(lib->creds, type, subtype,
-                                                                        BUILD_FROM_FD, 0, BUILD_END);
+                                                                 BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
 
        if (type == CRED_PRIVATE_KEY)

diff --git a/src/pki/commands/req.c b/src/pki/commands/req.c
index e269f64eaf2e5ec5ab0d620c51d8f8d8bfcdcf2c..628463e7b0a3ed7941c5e256d45bff7fcbfcab45 100644 (file)
--- a/src/pki/commands/req.c
+++ b/src/pki/commands/req.c
@@ -116,8 +116,12 @@ static int req()
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-                                                                        BUILD_FROM_FD, 0, BUILD_END);
+                                                                        BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
        if (!private)
        {

diff --git a/src/pki/commands/self.c b/src/pki/commands/self.c
index a1f17c8f94daf4be252752d622e3febbac9145af..6bf0b13537a5ce024f3f1078faf9d220c7616024 100644 (file)
--- a/src/pki/commands/self.c
+++ b/src/pki/commands/self.c
@@ -271,8 +271,12 @@ static int self()
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                private = lib->creds->create(lib->creds, CRED_PRIVATE_KEY, type,
-                                                                        BUILD_FROM_FD, 0, BUILD_END);
+                                                                        BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
        if (!private)
        {

diff --git a/src/pki/commands/verify.c b/src/pki/commands/verify.c
index 11c596d78f485e4e90873331445d5b87fca58336..96b2b50658db9674bac25240be519c7f837e5118 100644 (file)
--- a/src/pki/commands/verify.c
+++ b/src/pki/commands/verify.c
@@ -55,8 +55,12 @@ static int verify()
        }
        else
        {
+               chunk_t chunk;
+
+               chunk = chunk_from_fd(0);
                cert = lib->creds->create(lib->creds, CRED_CERTIFICATE, CERT_X509,
-                                                                 BUILD_FROM_FD, 0, BUILD_END);
+                                                                 BUILD_BLOB, chunk, BUILD_END);
+               free(chunk.ptr);
        }
        if (!cert)
        {