]> git.ipfire.org Git - people/ms/strongswan.git/commitdiff
projects / people / ms / strongswan.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 05ccde0)
swanctl: Add 'private' directory/section to load any type of private key
authorTobias Brunner <tobias@strongswan.org>
Fri, 30 Sep 2016 13:16:42 +0000 (15:16 +0200)
committerTobias Brunner <tobias@strongswan.org>
Wed, 5 Oct 2016 09:33:36 +0000 (11:33 +0200)
src/swanctl/Makefile.am patch | blob | blame | history
src/swanctl/commands/load_creds.c patch | blob | blame | history
src/swanctl/swanctl.h patch | blob | blame | history
src/swanctl/swanctl.opt patch | blob | blame | history

diff --git a/src/swanctl/Makefile.am b/src/swanctl/Makefile.am
index 409387849ab6ad6d5babd8f5f3667df9b32c577d..9ca759ea3faf5c7e84098d78a23f7af880b62060 100644 (file)
--- a/src/swanctl/Makefile.am
+++ b/src/swanctl/Makefile.am
@@ -70,6 +70,7 @@ install-data-local: swanctl.conf
        test -e "$(DESTDIR)$(swanctldir)/x509crl" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509crl" || true
        test -e "$(DESTDIR)$(swanctldir)/x509ac" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/x509ac" || true
        test -e "$(DESTDIR)$(swanctldir)/pubkey" || $(INSTALL) -d "$(DESTDIR)$(swanctldir)/pubkey" || true
+       test -e "$(DESTDIR)$(swanctldir)/private" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/private" || true
        test -e "$(DESTDIR)$(swanctldir)/rsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/rsa" || true
        test -e "$(DESTDIR)$(swanctldir)/ecdsa" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/ecdsa" || true
        test -e "$(DESTDIR)$(swanctldir)/bliss" || $(INSTALL) -d -m 750 "$(DESTDIR)$(swanctldir)/bliss" || true
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index 4647934f7835ceb76bcd8086e13b3b2cdb57ee28..6278f66b4ccdec345049beeb4fcc88a6b2f1ee6e 100644 (file)
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -2,6 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
+ * Copyright (C) 2016 Tobias Brunner
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -128,7 +129,8 @@ static bool load_key(vici_conn_t *conn, command_format_options_t format,
 
        req = vici_begin("load-key");
 
-       if (streq(type, "pkcs8"))
+       if (streq(type, "private") ||
+               streq(type, "pkcs8"))
        {       /* as used by vici */
                vici_add_key_valuef(req, "type", "any");
        }
@@ -251,6 +253,7 @@ static bool determine_credtype(char *type, credential_type_t *credtype,
                credential_type_t credtype;
                int subtype;
        } map[] = {
+               { "private",            CRED_PRIVATE_KEY,               KEY_ANY,                        },
                { "pkcs8",                      CRED_PRIVATE_KEY,               KEY_ANY,                        },
                { "rsa",                        CRED_PRIVATE_KEY,               KEY_RSA,                        },
                { "ecdsa",                      CRED_PRIVATE_KEY,               KEY_ECDSA,                      },
@@ -565,6 +568,7 @@ static bool load_secret(vici_conn_t *conn, settings_t *cfg,
                "eap",
                "xauth",
                "ike",
+               "private",
                "rsa",
                "ecdsa",
                "bliss",
@@ -700,10 +704,11 @@ int load_creds_cfg(vici_conn_t *conn, command_format_options_t format,
        load_certs(conn, format, "x509crl",  SWANCTL_X509CRLDIR);
        load_certs(conn, format, "pubkey",   SWANCTL_PUBKEYDIR);
 
-       load_keys(conn, format, noprompt, cfg, "rsa",   SWANCTL_RSADIR);
-       load_keys(conn, format, noprompt, cfg, "ecdsa", SWANCTL_ECDSADIR);
-       load_keys(conn, format, noprompt, cfg, "bliss", SWANCTL_BLISSDIR);
-       load_keys(conn, format, noprompt, cfg, "pkcs8", SWANCTL_PKCS8DIR);
+       load_keys(conn, format, noprompt, cfg, "private", SWANCTL_PRIVATEDIR);
+       load_keys(conn, format, noprompt, cfg, "rsa",     SWANCTL_RSADIR);
+       load_keys(conn, format, noprompt, cfg, "ecdsa",   SWANCTL_ECDSADIR);
+       load_keys(conn, format, noprompt, cfg, "bliss",   SWANCTL_BLISSDIR);
+       load_keys(conn, format, noprompt, cfg, "pkcs8",   SWANCTL_PKCS8DIR);
 
        load_containers(conn, format, noprompt, cfg, "pkcs12", SWANCTL_PKCS12DIR);
 
diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h
index 560e895132dc7bf6ff02f155170a05f299acd49e..eac1fc6d033129b24cc582e331f4d218dccaf993 100644 (file)
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@@ -2,6 +2,7 @@
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
+ * Copyright (C) 2016 Tobias Brunner
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
@@ -64,6 +65,11 @@
  */
 #define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
 
+/**
+ * Directory for private keys
+ */
+#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
+
 /**
  * Directory for RSA private keys
  */
diff --git a/src/swanctl/swanctl.opt b/src/swanctl/swanctl.opt
index c4d9f86d6806a80505f56cbdc9e730fc71ad1bf1..a7d6d9fc3c0cace6c0e71214955e4edd7c573162 100644 (file)
--- a/src/swanctl/swanctl.opt
+++ b/src/swanctl/swanctl.opt
@@ -835,6 +835,15 @@ secrets.ike<suffix>.id<suffix> =
        may be specified, each having an _id_ prefix, if a secret is shared between
        multiple peers.
 
+secrets.private<suffix> { # }
+       Private key decryption passphrase for a key in the _private_ folder.
+
+secrets.private<suffix>.file =
+       File name in the _private_ folder for which this passphrase should be used.
+
+secrets.private<suffix>.secret
+       Value of decryption passphrase for private key.
+
 secrets.rsa<suffix> { # }
        Private key decryption passphrase for a key in the _rsa_ folder.
 
Michael's strongswan development tree