From: Tobias Brunner Date: Thu, 30 Nov 2017 08:09:39 +0000 (+0100) Subject: swanctl: Allow dots in authority/shared secret/pool names X-Git-Tag: 5.6.2dr4~13 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6d98bb926ead3a101511bc420066efc39ce3d761;p=thirdparty%2Fstrongswan.git swanctl: Allow dots in authority/shared secret/pool names Use argument evaluation provided by settings_t instead of using strings to enumerate key/values. If section names contain dots the latter causes the names to get split and interpreted as non-existing sections and subsections. This currently doesn't work for connections and their subsections due to the recursion. --- diff --git a/src/swanctl/commands/load_authorities.c b/src/swanctl/commands/load_authorities.c index 8947866f58..d82c0f98e2 100644 --- a/src/swanctl/commands/load_authorities.c +++ b/src/swanctl/commands/load_authorities.c @@ -75,15 +75,15 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value) } /** - * Translate sletting key/values from a section into vici key-values/lists + * Translate sletting key/values from a section enumerator into vici + * key-values/lists. Destroys the enumerator. */ -static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) +static bool add_key_values(vici_req_t *req, enumerator_t *enumerator) { - enumerator_t *enumerator; char *key, *value; bool ret = TRUE; - enumerator = cfg->create_key_value_enumerator(cfg, section); + while (enumerator->enumerate(enumerator, &key, &value)) { if (streq(key, "cacert")) @@ -115,17 +115,17 @@ static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section) static bool load_authority(vici_conn_t *conn, settings_t *cfg, char *section, command_format_options_t format) { + enumerator_t *enumerator; vici_req_t *req; vici_res_t *res; bool ret = TRUE; - char buf[128]; - - snprintf(buf, sizeof(buf), "%s.%s", "authorities", section); req = vici_begin("load-authority"); vici_begin_section(req, section); - if (!add_key_values(req, cfg, buf)) + enumerator = cfg->create_key_value_enumerator(cfg, "authorities.%s", + section); + if (!add_key_values(req, enumerator)) { vici_free_req(req); return FALSE; diff --git a/src/swanctl/commands/load_creds.c b/src/swanctl/commands/load_creds.c index d8541061ec..15ef2f1517 100644 --- a/src/swanctl/commands/load_creds.c +++ b/src/swanctl/commands/load_creds.c @@ -337,7 +337,7 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type, credential_type_t credtype; int subtype; enumerator_t *enumerator, *secrets; - char *section, *key, *value, *file, buf[128]; + char *section, *key, *value, *file; shared_key_t *shared; void *cred = NULL; mem_cred_t *mem = NULL; @@ -356,8 +356,8 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type, file = ctx->cfg->get_str(ctx->cfg, "secrets.%s.file", NULL, section); if (file && strcaseeq(file, name)) { - snprintf(buf, sizeof(buf), "secrets.%s", section); - secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf); + secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg, + "secrets.%s", section); while (secrets->enumerate(secrets, &key, &value)) { if (strpfx(key, "secret")) @@ -657,7 +657,7 @@ static bool load_secret(load_ctx_t *ctx, char *section) vici_req_t *req; vici_res_t *res; chunk_t data; - char *key, *value, buf[128], *type = NULL; + char *key, *value, *type = NULL; bool ret = TRUE; int i; char *types[] = { @@ -720,8 +720,8 @@ static bool load_secret(load_ctx_t *ctx, char *section) chunk_clear(&data); vici_begin_list(req, "owners"); - snprintf(buf, sizeof(buf), "secrets.%s", section); - enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf); + enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, "secrets.%s", + section); while (enumerator->enumerate(enumerator, &key, &value)) { if (strpfx(key, "id")) diff --git a/src/swanctl/commands/load_pools.c b/src/swanctl/commands/load_pools.c index 2b9fa2d42f..feb8d3a521 100644 --- a/src/swanctl/commands/load_pools.c +++ b/src/swanctl/commands/load_pools.c @@ -41,14 +41,13 @@ static void add_list_key(vici_req_t *req, char *key, char *value) } /** - * Translate setting key/values from a section into vici key-values/lists + * Translate setting key/values from a section enumerator into vici + * key-values/lists. Destroys the enumerator. */ -static void add_key_values(vici_req_t *req, settings_t *cfg, char *section) +static void add_key_values(vici_req_t *req, enumerator_t *enumerator) { - enumerator_t *enumerator; char *key, *value; - enumerator = cfg->create_key_value_enumerator(cfg, section); while (enumerator->enumerate(enumerator, &key, &value)) { /* pool subnet is encoded as key/value, all other attributes as list */ @@ -70,17 +69,16 @@ static void add_key_values(vici_req_t *req, settings_t *cfg, char *section) static bool load_pool(vici_conn_t *conn, settings_t *cfg, char *section, command_format_options_t format) { + enumerator_t *enumerator; vici_req_t *req; vici_res_t *res; bool ret = TRUE; - char buf[128]; - - snprintf(buf, sizeof(buf), "%s.%s", "pools", section); req = vici_begin("load-pool"); vici_begin_section(req, section); - add_key_values(req, cfg, buf); + enumerator = cfg->create_key_value_enumerator(cfg, "pools.%s", section); + add_key_values(req, enumerator); vici_end_section(req); res = vici_submit(req, conn);