From: Tobias Brunner <tobias@strongswan.org>
Date: Wed, 12 Dec 2018 10:30:09 +0000 (+0100)
Subject: swanctl: Make credential directories relative to swanctl.conf
X-Git-Tag: 5.7.2rc1~5
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=501bd53a6cce6c0c8a70a2e50440655e580a6447;p=thirdparty%2Fstrongswan.git

swanctl: Make credential directories relative to swanctl.conf

All directories are now considered relative to the loaded swanctl.conf
file, in particular, when loading it from a custom location via --file
argument.  The base directory, which is used if no custom location for
swanctl.conf is specified, is now also configurable at runtime via
SWANCTL_DIR environment variable.

Closes strongswan/strongswan#120.
---

diff --git a/src/swanctl/commands/load_all.c b/src/swanctl/commands/load_all.c
index 26f043a6a0..d0032467ac 100644
--- a/src/swanctl/commands/load_all.c
+++ b/src/swanctl/commands/load_all.c
@@ -31,7 +31,7 @@ static int load_all(vici_conn_t *conn)
 	bool clear = FALSE, noprompt = FALSE;
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	settings_t *cfg;
-	char *arg, *file = SWANCTL_CONF;
+	char *arg, *file = NULL;
 	int ret = 0;
 
 	while (TRUE)
@@ -63,10 +63,9 @@ static int load_all(vici_conn_t *conn)
 		break;
 	}
 
-	cfg = settings_create(file);
+	cfg = load_swanctl_conf(file);
 	if (!cfg)
 	{
-		fprintf(stderr, "parsing '%s' failed\n", file);
 		return EINVAL;
 	}
 
diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c
index 61682a386d..a4e1f46d37 100644
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@@ -55,8 +55,9 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value)
 	else
 	{
 		path = buf;
-		snprintf(path, PATH_MAX, "%s%s%s",
-				 SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, value);
+		snprintf(path, PATH_MAX, "%s%s%s%s%s", swanctl_dir,
+				 DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+				 DIRECTORY_SEPARATOR, value);
 	}
 	map = chunk_map(path, FALSE);
 
@@ -83,7 +84,6 @@ static bool add_key_values(vici_req_t *req, enumerator_t *enumerator)
 	char *key, *value;
 	bool ret = TRUE;
 
-
 	while (enumerator->enumerate(enumerator, &key, &value))
 	{
 		if (streq(key, "cacert"))
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
 {
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	settings_t *cfg;
-	char *arg, *file = SWANCTL_CONF;
+	char *arg, *file = NULL;
 	int ret;
 
 	while (TRUE)
@@ -336,10 +336,9 @@ static int load_authorities(vici_conn_t *conn)
 		break;
 	}
 
-	cfg = settings_create(file);
+	cfg = load_swanctl_conf(file);
 	if (!cfg)
 	{
-		fprintf(stderr, "parsing '%s' failed\n", file);
 		return EINVAL;
 	}
 
diff --git a/src/swanctl/commands/load_conns.c b/src/swanctl/commands/load_conns.c
index dad03945d5..de23816fb4 100644
--- a/src/swanctl/commands/load_conns.c
+++ b/src/swanctl/commands/load_conns.c
@@ -120,20 +120,23 @@ static bool add_file_list_key(vici_req_t *req, char *key, char *value)
 			{
 				if (streq(key, "certs"))
 				{
-					snprintf(buf, sizeof(buf), "%s%s%s",
-							 SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token);
+					snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+							 DIRECTORY_SEPARATOR, SWANCTL_X509DIR,
+							 DIRECTORY_SEPARATOR, token);
 					token = buf;
 				}
 				else if (streq(key, "cacerts"))
 				{
-					snprintf(buf, sizeof(buf), "%s%s%s",
-							 SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token);
+					snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+							 DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+							 DIRECTORY_SEPARATOR, token);
 					token = buf;
 				}
 				else if (streq(key, "pubkeys"))
 				{
-					snprintf(buf, sizeof(buf), "%s%s%s",
-							 SWANCTL_PUBKEYDIR, DIRECTORY_SEPARATOR, token);
+					snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+							 DIRECTORY_SEPARATOR, SWANCTL_PUBKEYDIR,
+							 DIRECTORY_SEPARATOR, token);
 					token = buf;
 				}
 			}
@@ -425,7 +428,7 @@ static int load_conns(vici_conn_t *conn)
 {
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	settings_t *cfg;
-	char *arg, *file = SWANCTL_CONF;
+	char *arg, *file = NULL;
 	int ret;
 
 	while (TRUE)
@@ -451,10 +454,9 @@ static int load_conns(vici_conn_t *conn)
 		break;
 	}
 
-	cfg = settings_create(file);
+	cfg = load_swanctl_conf(file);
 	if (!cfg)
 	{
-		fprintf(stderr, "parsing '%s' failed\n", file);
 		return EINVAL;
 	}
 
diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c
index a9e352f7e3..9a38b5d1e3 100644
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@@ -106,10 +106,13 @@ static void load_certs(load_ctx_t *ctx, char *type_str, char *dir)
 	x509_flag_t flag;
 	struct stat st;
 	chunk_t *map;
-	char *path;
+	char *path, buf[PATH_MAX];
 
 	vici_cert_info_from_str(type_str, &type, &flag);
 
+	snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+	dir = buf;
+
 	enumerator = enumerator_create_directory(dir);
 	if (enumerator)
 	{
@@ -428,7 +431,10 @@ static void load_keys(load_ctx_t *ctx, char *type, char *dir)
 	enumerator_t *enumerator;
 	struct stat st;
 	chunk_t *map;
-	char *path, *rel;
+	char *path, *rel, buf[PATH_MAX];
+
+	snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+	dir = buf;
 
 	enumerator = enumerator_create_directory(dir);
 	if (enumerator)
@@ -535,7 +541,10 @@ static void load_containers(load_ctx_t *ctx, char *type, char *dir)
 	enumerator_t *enumerator;
 	struct stat st;
 	chunk_t *map;
-	char *path, *rel;
+	char *path, *rel, buf[PATH_MAX];
+
+	snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+	dir = buf;
 
 	enumerator = enumerator_create_directory(dir);
 	if (enumerator)
@@ -946,7 +955,7 @@ static int load_creds(vici_conn_t *conn)
 	bool clear = FALSE, noprompt = FALSE;
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	settings_t *cfg;
-	char *arg, *file = SWANCTL_CONF;
+	char *arg, *file = NULL;
 	int ret;
 
 	while (TRUE)
@@ -978,10 +987,9 @@ static int load_creds(vici_conn_t *conn)
 		break;
 	}
 
-	cfg = settings_create(file);
+	cfg = load_swanctl_conf(file);
 	if (!cfg)
 	{
-		fprintf(stderr, "parsing '%s' failed\n", file);
 		return EINVAL;
 	}
 
diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c
index ec9508efb5..0ff6827e11 100644
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
 {
 	command_format_options_t format = COMMAND_FORMAT_NONE;
 	settings_t *cfg;
-	char *arg, *file = SWANCTL_CONF;
+	char *arg, *file = NULL;
 	int ret;
 
 	while (TRUE)
@@ -277,10 +277,9 @@ static int load_pools(vici_conn_t *conn)
 		break;
 	}
 
-	cfg = settings_create(file);
+	cfg = load_swanctl_conf(file);
 	if (!cfg)
 	{
-		fprintf(stderr, "parsing '%s' failed\n", file);
 		return EINVAL;
 	}
 
diff --git a/src/swanctl/swanctl.c b/src/swanctl/swanctl.c
index dc5af79a7b..cfc82f9d7b 100644
--- a/src/swanctl/swanctl.c
+++ b/src/swanctl/swanctl.c
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
@@ -13,17 +16,55 @@
  * for more details.
  */
 
+#include "swanctl.h"
 #include "command.h"
 
 #include <unistd.h>
 
 #include <library.h>
 
+/*
+ * Described in header
+ */
+char *swanctl_dir;
+
+/*
+ * Described in header
+ */
+settings_t *load_swanctl_conf(char *file)
+{
+	settings_t *cfg;
+	char buf[PATH_MAX];
+
+	if (!file)
+	{
+		if (!strlen(swanctl_dir))
+		{
+			free(swanctl_dir);
+			swanctl_dir = strdup(getcwd(buf, sizeof(buf)));
+		}
+		file = buf;
+		snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir,
+				 DIRECTORY_SEPARATOR, SWANCTL_CONF);
+	}
+
+	cfg = settings_create(file);
+	if (!cfg)
+	{
+		fprintf(stderr, "parsing '%s' failed\n", file);
+		return NULL;
+	}
+	free(swanctl_dir);
+	swanctl_dir = path_dirname(file);
+	return cfg;
+}
+
 /**
  * Cleanup library atexit()
  */
 static void cleanup()
 {
+	free(swanctl_dir);
 	lib->processor->cancel(lib->processor);
 	library_deinit();
 }
@@ -49,6 +90,9 @@ int main(int argc, char *argv[])
 	{
 		exit(SS_RC_INITIALIZATION_FAILED);
 	}
+
+	swanctl_dir = strdup(getenv("SWANCTL_DIR") ?: SWANCTLDIR);
+
 	dbg_default_set_level(0);
 	lib->processor->set_threads(lib->processor, 4);
 	dbg_default_set_level(1);
diff --git a/src/swanctl/swanctl.h b/src/swanctl/swanctl.h
index eac1fc6d03..f0c334f7ef 100644
--- a/src/swanctl/swanctl.h
+++ b/src/swanctl/swanctl.h
@@ -1,11 +1,11 @@
 /*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
- *
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
@@ -25,74 +25,90 @@
 #ifndef SWANCTL_H_
 #define SWANCTL_H_
 
+#include <settings/settings.h>
+
+/**
+ * Base directory for credentials and config
+ */
+char *swanctl_dir;
+
 /**
  * Configuration file for connections, etc.
  */
-#define SWANCTL_CONF SWANCTLDIR "/swanctl.conf"
+#define SWANCTL_CONF "swanctl.conf"
 
 /**
  * Directory for X.509 end entity certs
  */
-#define SWANCTL_X509DIR SWANCTLDIR "/x509"
+#define SWANCTL_X509DIR "x509"
 
 /**
  * Directory for X.509 CA certs
  */
-#define SWANCTL_X509CADIR SWANCTLDIR "/x509ca"
+#define SWANCTL_X509CADIR "x509ca"
 
 /**
  * Directory for X.509 Attribute Authority certs
  */
-#define SWANCTL_X509AADIR SWANCTLDIR "/x509aa"
+#define SWANCTL_X509AADIR "x509aa"
 
 /**
  * Directory for X.509 OCSP Signer certs
  */
-#define SWANCTL_X509OCSPDIR SWANCTLDIR "/x509ocsp"
+#define SWANCTL_X509OCSPDIR "x509ocsp"
 
 /**
  * Directory for X.509 CRLs
  */
-#define SWANCTL_X509CRLDIR SWANCTLDIR "/x509crl"
+#define SWANCTL_X509CRLDIR "x509crl"
 
 /**
  * Directory for X.509 Attribute certificates
  */
-#define SWANCTL_X509ACDIR SWANCTLDIR "/x509ac"
+#define SWANCTL_X509ACDIR "x509ac"
 
 /**
  * Directory for raw public keys
  */
-#define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
+#define SWANCTL_PUBKEYDIR "pubkey"
 
 /**
  * Directory for private keys
  */
-#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
+#define SWANCTL_PRIVATEDIR "private"
 
 /**
  * Directory for RSA private keys
  */
-#define SWANCTL_RSADIR SWANCTLDIR "/rsa"
+#define SWANCTL_RSADIR "rsa"
 
 /**
  * Directory for ECDSA private keys
  */
-#define SWANCTL_ECDSADIR SWANCTLDIR "/ecdsa"
+#define SWANCTL_ECDSADIR "ecdsa"
 
 /**
  * Directory for BLISS private keys
  */
-#define SWANCTL_BLISSDIR SWANCTLDIR "/bliss"
+#define SWANCTL_BLISSDIR "bliss"
 
 /**
  * Directory for PKCS#8 encoded private keys
  */
-#define SWANCTL_PKCS8DIR SWANCTLDIR "/pkcs8"
+#define SWANCTL_PKCS8DIR "pkcs8"
 
 /**
  * Directory for PKCS#12 containers
  */
-#define SWANCTL_PKCS12DIR SWANCTLDIR "/pkcs12"
+#define SWANCTL_PKCS12DIR "pkcs12"
+
+/**
+ * Load swanctl.conf, optionally from a custom path. Sets the base dir relative
+ * to that file.
+ *
+ * @param file		optional custom path to swanctl.conf, NULL to use default
+ * @return			settings, or NULL if loading failed
+ */
+settings_t *load_swanctl_conf(char *file);
 
 #endif /** SWANCTL_H_ @}*/