From: Andreas Steffen <andreas.steffen@strongswan.org>
Date: Thu, 15 Oct 2009 16:01:10 +0000 (+0200)
Subject: use directory enumerator to load authcerts
X-Git-Tag: 4.3.5rc1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=215b0402b34968603d37dfd285e46a345333ad24;p=thirdparty%2Fstrongswan.git

use directory enumerator to load authcerts
---

diff --git a/src/pluto/ca.c b/src/pluto/ca.c
index 5ee3ce14a4..2f59a90141 100644
--- a/src/pluto/ca.c
+++ b/src/pluto/ca.c
@@ -15,12 +15,12 @@
 #include <stdlib.h>
 #include <stdio.h>
 #include <string.h>
-#include <unistd.h>
-#include <dirent.h>
 #include <time.h>
+#include <sys/stat.h>
 #include <sys/types.h>
 
-#include <utils/identification.h>
+#include <debug.h>
+#include <utils/enumerator.h>
 
 #include <freeswan.h>
 
@@ -284,44 +284,36 @@ x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags)
 /*
  *  Loads authority certificates
  */
-void load_authcerts(const char *type, const char *path, x509_flag_t auth_flags)
+void load_authcerts(char *type, char *path, x509_flag_t auth_flags)
 {
-	struct dirent **filelist;
-	u_char buf[BUF_LEN];
-	u_char *save_dir;
-	int n;
+	enumerator_t *enumerator;
+	struct stat st;
+	char *file;
 
-	/* change directory to specified path */
-	save_dir = getcwd(buf, BUF_LEN);
+	DBG1("loading %s certificates from '%s'", type, path);
 
-	if (chdir(path))
+	enumerator = enumerator_create_directory(path);
+	if (!enumerator)
 	{
-		plog("Could not change to directory '%s'", path);
+		DBG1("  reading directory '%s' failed");
+		return;
 	}
-	else
+
+	while (enumerator->enumerate(enumerator, NULL, &file, &st))
 	{
-		plog("Changing to directory '%s'", path);
-		n = scandir(path, &filelist, file_select, alphasort);
+		cert_t cert;
 
-		if (n < 0)
-			plog("  scandir() error");
-		else
+		if (!S_ISREG(st.st_mode))
 		{
-			while (n--)
-			{
-				cert_t cert;
-
-				if (load_cert(filelist[n]->d_name, type, auth_flags, &cert))
-				{
-					add_authcert(cert.u.x509, auth_flags);
-				}
-				free(filelist[n]);
-			}
-			free(filelist);
+			/* skip special file */
+			continue;
+		}
+		if (load_cert(file, type, auth_flags, &cert))
+		{
+			add_authcert(cert.u.x509, auth_flags);
 		}
 	}
-	/* restore directory path */
-	ignore_result(chdir(save_dir));
+	enumerator->destroy(enumerator);
 }
 
 /*
diff --git a/src/pluto/ca.h b/src/pluto/ca.h
index ca211587b5..77dfe33274 100644
--- a/src/pluto/ca.h
+++ b/src/pluto/ca.h
@@ -44,8 +44,7 @@ extern bool match_requested_ca(linked_list_t *requested_ca,
 							   identification_t *our_ca, int *our_pathlen);
 extern x509cert_t* get_authcert(identification_t *subject, chunk_t keyid,
 								x509_flag_t auth_flags);
-extern void load_authcerts(const char *type, const char *path,
-						   x509_flag_t auth_flags);
+extern void load_authcerts(char *type, char *path, x509_flag_t auth_flags);
 extern x509cert_t* add_authcert(x509cert_t *cert, x509_flag_t auth_flags);
 extern void free_authcerts(void);
 extern void list_authcerts(const char *caption, x509_flag_t auth_flags, bool utc);
diff --git a/src/pluto/plutomain.c b/src/pluto/plutomain.c
index 6e594aa9ad..0471d26a0f 100644
--- a/src/pluto/plutomain.c
+++ b/src/pluto/plutomain.c
@@ -721,11 +721,11 @@ int main(int argc, char **argv)
 #endif /* CAPABILITIES */
 
 	/* loading X.509 CA certificates */
-	load_authcerts("CA", CA_CERT_PATH, X509_CA);
+	load_authcerts("ca", CA_CERT_PATH, X509_CA);
 	/* loading X.509 AA certificates */
-	load_authcerts("AA", AA_CERT_PATH, X509_AA);
+	load_authcerts("aa", AA_CERT_PATH, X509_AA);
 	/* loading X.509 OCSP certificates */
-	load_authcerts("OCSP", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+	load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
 	/* loading X.509 CRLs */
 	load_crls();
 	/* loading attribute certificates (experimental) */
diff --git a/src/pluto/rcv_whack.c b/src/pluto/rcv_whack.c
index 6209406755..79e63d27af 100644
--- a/src/pluto/rcv_whack.c
+++ b/src/pluto/rcv_whack.c
@@ -440,17 +440,17 @@ void whack_handle(int whackctlfd)
 
 	if (msg.whack_reread & REREAD_CACERTS)
 	{
-		load_authcerts("CA cert", CA_CERT_PATH, X509_CA);
+		load_authcerts("ca", CA_CERT_PATH, X509_CA);
 	}
 
 	if (msg.whack_reread & REREAD_AACERTS)
 	{
-		load_authcerts("AA cert", AA_CERT_PATH, X509_AA);
+		load_authcerts("aa", AA_CERT_PATH, X509_AA);
 	}
 
 	if (msg.whack_reread & REREAD_OCSPCERTS)
 	{
-		load_authcerts("OCSP cert", OCSP_CERT_PATH, X509_OCSP_SIGNER);
+		load_authcerts("ocsp", OCSP_CERT_PATH, X509_OCSP_SIGNER);
 	}
 
 	if (msg.whack_reread & REREAD_ACERTS)