swanctl: Make credential directories relative to swanctl.conf
authorTobias Brunner <tobias@strongswan.org>
Wed, 12 Dec 2018 10:30:09 +0000 (11:30 +0100)
committerTobias Brunner <tobias@strongswan.org>
Fri, 14 Dec 2018 08:11:14 +0000 (09:11 +0100)
All directories are now considered relative to the loaded swanctl.conf
file, in particular, when loading it from a custom location via --file
argument.  The base directory, which is used if no custom location for
swanctl.conf is specified, is now also configurable at runtime via
SWANCTL_DIR environment variable.

Closes strongswan/strongswan#120.

src/swanctl/commands/load_all.c
src/swanctl/commands/load_authorities.c
src/swanctl/commands/load_conns.c
src/swanctl/commands/load_creds.c
src/swanctl/commands/load_pools.c
src/swanctl/swanctl.c
src/swanctl/swanctl.h

index 26f043a..d003246 100644 (file)
@@ -31,7 +31,7 @@ static int load_all(vici_conn_t *conn)
        bool clear = FALSE, noprompt = FALSE;
        command_format_options_t format = COMMAND_FORMAT_NONE;
        settings_t *cfg;
-       char *arg, *file = SWANCTL_CONF;
+       char *arg, *file = NULL;
        int ret = 0;
 
        while (TRUE)
@@ -63,10 +63,9 @@ static int load_all(vici_conn_t *conn)
                break;
        }
 
-       cfg = settings_create(file);
+       cfg = load_swanctl_conf(file);
        if (!cfg)
        {
-               fprintf(stderr, "parsing '%s' failed\n", file);
                return EINVAL;
        }
 
index 61682a3..a4e1f46 100644 (file)
@@ -55,8 +55,9 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value)
        else
        {
                path = buf;
-               snprintf(path, PATH_MAX, "%s%s%s",
-                                SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, value);
+               snprintf(path, PATH_MAX, "%s%s%s%s%s", swanctl_dir,
+                                DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+                                DIRECTORY_SEPARATOR, value);
        }
        map = chunk_map(path, FALSE);
 
@@ -83,7 +84,6 @@ static bool add_key_values(vici_req_t *req, enumerator_t *enumerator)
        char *key, *value;
        bool ret = TRUE;
 
-
        while (enumerator->enumerate(enumerator, &key, &value))
        {
                if (streq(key, "cacert"))
@@ -310,7 +310,7 @@ static int load_authorities(vici_conn_t *conn)
 {
        command_format_options_t format = COMMAND_FORMAT_NONE;
        settings_t *cfg;
-       char *arg, *file = SWANCTL_CONF;
+       char *arg, *file = NULL;
        int ret;
 
        while (TRUE)
@@ -336,10 +336,9 @@ static int load_authorities(vici_conn_t *conn)
                break;
        }
 
-       cfg = settings_create(file);
+       cfg = load_swanctl_conf(file);
        if (!cfg)
        {
-               fprintf(stderr, "parsing '%s' failed\n", file);
                return EINVAL;
        }
 
index dad0394..de23816 100644 (file)
@@ -120,20 +120,23 @@ static bool add_file_list_key(vici_req_t *req, char *key, char *value)
                        {
                                if (streq(key, "certs"))
                                {
-                                       snprintf(buf, sizeof(buf), "%s%s%s",
-                                                        SWANCTL_X509DIR, DIRECTORY_SEPARATOR, token);
+                                       snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+                                                        DIRECTORY_SEPARATOR, SWANCTL_X509DIR,
+                                                        DIRECTORY_SEPARATOR, token);
                                        token = buf;
                                }
                                else if (streq(key, "cacerts"))
                                {
-                                       snprintf(buf, sizeof(buf), "%s%s%s",
-                                                        SWANCTL_X509CADIR, DIRECTORY_SEPARATOR, token);
+                                       snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+                                                        DIRECTORY_SEPARATOR, SWANCTL_X509CADIR,
+                                                        DIRECTORY_SEPARATOR, token);
                                        token = buf;
                                }
                                else if (streq(key, "pubkeys"))
                                {
-                                       snprintf(buf, sizeof(buf), "%s%s%s",
-                                                        SWANCTL_PUBKEYDIR, DIRECTORY_SEPARATOR, token);
+                                       snprintf(buf, sizeof(buf), "%s%s%s%s%s", swanctl_dir,
+                                                        DIRECTORY_SEPARATOR, SWANCTL_PUBKEYDIR,
+                                                        DIRECTORY_SEPARATOR, token);
                                        token = buf;
                                }
                        }
@@ -425,7 +428,7 @@ static int load_conns(vici_conn_t *conn)
 {
        command_format_options_t format = COMMAND_FORMAT_NONE;
        settings_t *cfg;
-       char *arg, *file = SWANCTL_CONF;
+       char *arg, *file = NULL;
        int ret;
 
        while (TRUE)
@@ -451,10 +454,9 @@ static int load_conns(vici_conn_t *conn)
                break;
        }
 
-       cfg = settings_create(file);
+       cfg = load_swanctl_conf(file);
        if (!cfg)
        {
-               fprintf(stderr, "parsing '%s' failed\n", file);
                return EINVAL;
        }
 
index a9e352f..9a38b5d 100644 (file)
@@ -106,10 +106,13 @@ static void load_certs(load_ctx_t *ctx, char *type_str, char *dir)
        x509_flag_t flag;
        struct stat st;
        chunk_t *map;
-       char *path;
+       char *path, buf[PATH_MAX];
 
        vici_cert_info_from_str(type_str, &type, &flag);
 
+       snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+       dir = buf;
+
        enumerator = enumerator_create_directory(dir);
        if (enumerator)
        {
@@ -428,7 +431,10 @@ static void load_keys(load_ctx_t *ctx, char *type, char *dir)
        enumerator_t *enumerator;
        struct stat st;
        chunk_t *map;
-       char *path, *rel;
+       char *path, *rel, buf[PATH_MAX];
+
+       snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+       dir = buf;
 
        enumerator = enumerator_create_directory(dir);
        if (enumerator)
@@ -535,7 +541,10 @@ static void load_containers(load_ctx_t *ctx, char *type, char *dir)
        enumerator_t *enumerator;
        struct stat st;
        chunk_t *map;
-       char *path, *rel;
+       char *path, *rel, buf[PATH_MAX];
+
+       snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir, DIRECTORY_SEPARATOR, dir);
+       dir = buf;
 
        enumerator = enumerator_create_directory(dir);
        if (enumerator)
@@ -946,7 +955,7 @@ static int load_creds(vici_conn_t *conn)
        bool clear = FALSE, noprompt = FALSE;
        command_format_options_t format = COMMAND_FORMAT_NONE;
        settings_t *cfg;
-       char *arg, *file = SWANCTL_CONF;
+       char *arg, *file = NULL;
        int ret;
 
        while (TRUE)
@@ -978,10 +987,9 @@ static int load_creds(vici_conn_t *conn)
                break;
        }
 
-       cfg = settings_create(file);
+       cfg = load_swanctl_conf(file);
        if (!cfg)
        {
-               fprintf(stderr, "parsing '%s' failed\n", file);
                return EINVAL;
        }
 
index ec9508e..0ff6827 100644 (file)
@@ -251,7 +251,7 @@ static int load_pools(vici_conn_t *conn)
 {
        command_format_options_t format = COMMAND_FORMAT_NONE;
        settings_t *cfg;
-       char *arg, *file = SWANCTL_CONF;
+       char *arg, *file = NULL;
        int ret;
 
        while (TRUE)
@@ -277,10 +277,9 @@ static int load_pools(vici_conn_t *conn)
                break;
        }
 
-       cfg = settings_create(file);
+       cfg = load_swanctl_conf(file);
        if (!cfg)
        {
-               fprintf(stderr, "parsing '%s' failed\n", file);
                return EINVAL;
        }
 
index dc5af79..cfc82f9 100644 (file)
@@ -1,4 +1,7 @@
 /*
+ * Copyright (C) 2018 Tobias Brunner
+ * HSR Hochschule fuer Technik Rapperswil
+ *
  * Copyright (C) 2014 Martin Willi
  * Copyright (C) 2014 revosec AG
  *
  * for more details.
  */
 
+#include "swanctl.h"
 #include "command.h"
 
 #include <unistd.h>
 
 #include <library.h>
 
+/*
+ * Described in header
+ */
+char *swanctl_dir;
+
+/*
+ * Described in header
+ */
+settings_t *load_swanctl_conf(char *file)
+{
+       settings_t *cfg;
+       char buf[PATH_MAX];
+
+       if (!file)
+       {
+               if (!strlen(swanctl_dir))
+               {
+                       free(swanctl_dir);
+                       swanctl_dir = strdup(getcwd(buf, sizeof(buf)));
+               }
+               file = buf;
+               snprintf(buf, sizeof(buf), "%s%s%s", swanctl_dir,
+                                DIRECTORY_SEPARATOR, SWANCTL_CONF);
+       }
+
+       cfg = settings_create(file);
+       if (!cfg)
+       {
+               fprintf(stderr, "parsing '%s' failed\n", file);
+               return NULL;
+       }
+       free(swanctl_dir);
+       swanctl_dir = path_dirname(file);
+       return cfg;
+}
+
 /**
  * Cleanup library atexit()
  */
 static void cleanup()
 {
+       free(swanctl_dir);
        lib->processor->cancel(lib->processor);
        library_deinit();
 }
@@ -49,6 +90,9 @@ int main(int argc, char *argv[])
        {
                exit(SS_RC_INITIALIZATION_FAILED);
        }
+
+       swanctl_dir = strdup(getenv("SWANCTL_DIR") ?: SWANCTLDIR);
+
        dbg_default_set_level(0);
        lib->processor->set_threads(lib->processor, 4);
        dbg_default_set_level(1);
index eac1fc6..f0c334f 100644 (file)
@@ -1,11 +1,11 @@
 /*
- * Copyright (C) 2014 Martin Willi
- * Copyright (C) 2014 revosec AG
- *
- * Copyright (C) 2016 Tobias Brunner
+ * Copyright (C) 2016-2018 Tobias Brunner
  * Copyright (C) 2015 Andreas Steffen
  * HSR Hochschule fuer Technik Rapperswil
  *
+ * Copyright (C) 2014 Martin Willi
+ * Copyright (C) 2014 revosec AG
+ *
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of the GNU General Public License as published by the
  * Free Software Foundation; either version 2 of the License, or (at your
 #ifndef SWANCTL_H_
 #define SWANCTL_H_
 
+#include <settings/settings.h>
+
+/**
+ * Base directory for credentials and config
+ */
+char *swanctl_dir;
+
 /**
  * Configuration file for connections, etc.
  */
-#define SWANCTL_CONF SWANCTLDIR "/swanctl.conf"
+#define SWANCTL_CONF "swanctl.conf"
 
 /**
  * Directory for X.509 end entity certs
  */
-#define SWANCTL_X509DIR SWANCTLDIR "/x509"
+#define SWANCTL_X509DIR "x509"
 
 /**
  * Directory for X.509 CA certs
  */
-#define SWANCTL_X509CADIR SWANCTLDIR "/x509ca"
+#define SWANCTL_X509CADIR "x509ca"
 
 /**
  * Directory for X.509 Attribute Authority certs
  */
-#define SWANCTL_X509AADIR SWANCTLDIR "/x509aa"
+#define SWANCTL_X509AADIR "x509aa"
 
 /**
  * Directory for X.509 OCSP Signer certs
  */
-#define SWANCTL_X509OCSPDIR SWANCTLDIR "/x509ocsp"
+#define SWANCTL_X509OCSPDIR "x509ocsp"
 
 /**
  * Directory for X.509 CRLs
  */
-#define SWANCTL_X509CRLDIR SWANCTLDIR "/x509crl"
+#define SWANCTL_X509CRLDIR "x509crl"
 
 /**
  * Directory for X.509 Attribute certificates
  */
-#define SWANCTL_X509ACDIR SWANCTLDIR "/x509ac"
+#define SWANCTL_X509ACDIR "x509ac"
 
 /**
  * Directory for raw public keys
  */
-#define SWANCTL_PUBKEYDIR SWANCTLDIR "/pubkey"
+#define SWANCTL_PUBKEYDIR "pubkey"
 
 /**
  * Directory for private keys
  */
-#define SWANCTL_PRIVATEDIR SWANCTLDIR "/private"
+#define SWANCTL_PRIVATEDIR "private"
 
 /**
  * Directory for RSA private keys
  */
-#define SWANCTL_RSADIR SWANCTLDIR "/rsa"
+#define SWANCTL_RSADIR "rsa"
 
 /**
  * Directory for ECDSA private keys
  */
-#define SWANCTL_ECDSADIR SWANCTLDIR "/ecdsa"
+#define SWANCTL_ECDSADIR "ecdsa"
 
 /**
  * Directory for BLISS private keys
  */
-#define SWANCTL_BLISSDIR SWANCTLDIR "/bliss"
+#define SWANCTL_BLISSDIR "bliss"
 
 /**
  * Directory for PKCS#8 encoded private keys
  */
-#define SWANCTL_PKCS8DIR SWANCTLDIR "/pkcs8"
+#define SWANCTL_PKCS8DIR "pkcs8"
 
 /**
  * Directory for PKCS#12 containers
  */
-#define SWANCTL_PKCS12DIR SWANCTLDIR "/pkcs12"
+#define SWANCTL_PKCS12DIR "pkcs12"
+
+/**
+ * Load swanctl.conf, optionally from a custom path. Sets the base dir relative
+ * to that file.
+ *
+ * @param file         optional custom path to swanctl.conf, NULL to use default
+ * @return                     settings, or NULL if loading failed
+ */
+settings_t *load_swanctl_conf(char *file);
 
 #endif /** SWANCTL_H_ @}*/