« back to all changes in this revision
Viewing changes to lib/core/conf.c
- browse files at revision 6020
- compare with another revision
- download diff
- download tarball
- view history from revision 6020
- Committer: Henrik Ziegeldorf
- Date: 2011-11-15 08:47:07 UTC
- Revision ID: henrik.ziegeldorf@rwth-aachen.de-20111115084707-nfkgp8k1m2vemse8
Applied patch by Christoph Viethen.
added
removed
lib/core/conf.c
139
139
/* unused, was ACTION_HANDOVER 39 */
140
140
#define ACTION_MANUAL_UPDATE 40
141
141
#define ACTION_BROADCAST 41
142
#define ACTION_CERTIFICATE 42
142
#define ACTION_ACQUIRE 42
143
143
#define ACTION_MAX 43 /* exclusive */
144
144
145
145
/**
190
190
/* unused, was TYPE_HANDOVER 42 */
191
191
#define TYPE_MANUAL_UPDATE 43
192
192
#define TYPE_BROADCAST 44
193
#define TYPE_ACQUIRE 45
193
#define TYPE_CERTIFICATE 45
194
194
#define TYPE_MAX 46 /* exclusive */
195
195
196
196
/* #define TYPE_RELAY 22 */
238
238
"shotgun on|off\n"
239
239
"id-to-addr hit|lsi\n"
240
240
"broadcast on|off\n"
241
"certificate acquire <HIT>"
241
"acquire certificate <hit> [valid-till_timestamp]\n"
242
242
;
243
243
244
244
/**
592
592
}
593
593
} else if (!strcmp("broadcast", argv[1])) {
594
594
ret = ACTION_BROADCAST;
595
} else if (!strcmp("certificate", argv[1])) {
596
ret = ACTION_CERTIFICATE;
595
} else if (!strcmp("acquire", argv[1])) {
596
ret = ACTION_ACQUIRE;
597
597
}
598
598
599
599
return ret;
644
644
case ACTION_TRANSORDER:
645
645
case ACTION_NAT_LOCAL_PORT:
646
646
case ACTION_NAT_PEER_PORT:
647
case ACTION_CERTIFICATE:
647
case ACTION_ACQUIRE:
648
648
count = 2;
649
649
break;
650
650
default:
685
685
ret = TYPE_RST;
686
686
} else if ((!strcmp("peer_hit", text)) && (strcmp("rst", argv[1]) == 0)) {
687
687
ret = TYPE_RST;
688
} else if (!strcmp("acquire", text)) {
689
ret = TYPE_ACQUIRE;
688
} else if (!strcmp("certificate", text)) {
689
ret = TYPE_CERTIFICATE;
690
690
} else if (strcmp("nat", argv[1]) == 0) {
691
691
if (argv[2] && strcmp("port", argv[2]) == 0) {
692
692
if (argv[3] && strcmp("local", argv[3]) == 0) {
766
766
case ACTION_HIT_TO_IP:
767
767
case ACTION_HIT_TO_IP_SET:
768
768
case ACTION_BROADCAST:
769
case ACTION_CERTIFICATE:
769
case ACTION_ACQUIRE:
770
770
type_arg = 2;
771
771
break;
772
772
case ACTION_MANUAL_UPDATE:
2261
2261
return err;
2262
2262
}
2263
2263
2264
/**
2265
* Utility function which compactly checks whether a string represents
2266
* a positive natural number, since scanf() is too lenient.
2267
*
2268
* @param string NUL-terminated string to be checked
2269
*
2270
* @return 1 if the only characters in the string are digits,
2271
* optionally with one leading '+' sign; 0 otherwise
2272
*/
2273
2274
static int is_pos_natural_number(const char *string)
2275
{
2276
if (string != NULL) {
2277
size_t len;
2278
2279
// allow one leading '+'
2280
if (string[0] == '+') {
2281
string++;
2282
}
2283
2284
if ((len = strlen(string)) > 0) {
2285
for (size_t i = 0; i < len; i++) {
2286
if (string[i] < '0' || string[i] > '9') {
2287
return 0;
2288
}
2289
}
2290
return 1;
2291
}
2292
}
2293
return 0;
2294
}
2295
2264
2296
static int hip_conf_handle_certificate(struct hip_common *msg,
2265
UNUSED int action,
2297
int action,
2266
2298
const char *opt[],
2267
UNUSED int optc,
2299
int optc,
2268
2300
UNUSED int send_only)
2269
2301
{
2270
int err = 0, ret;
2271
struct in6_addr subject_hit;
2272
2273
ret = inet_pton(AF_INET6, opt[0], &subject_hit);
2274
HIP_DEBUG_HIT("Requesting certificate for subject:", &subject_hit);
2275
2276
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
2277
"Failed to build user message header.: %s\n", strerror(err));
2278
HIP_IFEL(hip_build_param_cert_x509_req(msg, &subject_hit), -1,
2279
"Failed to build cert_info\n");
2302
hip_hit_t subject_hit;
2303
uint32_t valid_until_h = 0;
2304
uint32_t valid_until_n = 0;
2305
int scanf_res = 0;
2306
int err = 0;
2307
2308
/* convert the parameter strings input by the user into the
2309
* appropriate binary formats for further processing */
2310
const int pton_res = inet_pton(AF_INET6, opt[0], &subject_hit);
2311
2312
if (optc == 2 && is_pos_natural_number(opt[1])) {
2313
/* need to use sscanf() here: strtol() won't do since we want the
2314
* result of the conversion to fit into an uint32_t, whereas
2315
* strtol() and relatives would write to a variable of platform-
2316
* dependent size */
2317
scanf_res = sscanf(opt[1], "%"SCNu32, &valid_until_h);
2318
}
2319
2320
/* the second parameter after "acquire certificate" is optional, so we accept
2321
* optc == 1 as well as optc == 2 (the latter is implied if scanf_res is 1) */
2322
if (pton_res == 1 && action == ACTION_ACQUIRE &&
2323
(optc == 1 || scanf_res == 1)) {
2324
HIP_DEBUG_HIT("Requesting certificate for subject", &subject_hit);
2325
2326
HIP_IFEL(hip_build_user_hdr(msg, HIP_MSG_CERT_X509V3_SIGN, 0), -1,
2327
"Failed to build user message header.\n");
2328
2329
/* if the user provides a second parameter (following the HIT), it's meant to indicate
2330
* the point in time when validity of the issued certificate ends; expressed in "number
2331
* of seconds since the epoch"; we use a uint32_t for this, so we're creating a
2332
* year-2106-problem here (be scared) */
2333
if (scanf_res == 1) {
2334
valid_until_n = htonl(valid_until_h);
2335
HIP_IFEL(hip_build_param_contents(msg, &valid_until_n, HIP_PARAM_UINT, sizeof(uint32_t)), -1,
2336
"Failed to build validity parameter.\n");
2337
}
2338
2339
HIP_IFEL(hip_build_param_cert_x509_req(msg, &subject_hit), -1,
2340
"Failed to build cert_x509_req parameter.\n");
2341
} else {
2342
err = -1;
2343
HIP_ERROR("Invalid arguments.\n");
2344
}
2280
2345
2281
2346
out_err:
2282
2347
return err;
2293
2358
2294
2359
HIP_IFEL(!(p = hip_get_param(msg, HIP_PARAM_CERT_X509_RESP)), -1,
2295
2360
"No name x509 struct found\n");
2296
HIP_IFEL(!(cert = cert_DER_to_X509(p->der, p->der_len)),
2361
const uint32_t der_len_h = ntohl(p->der_len);
2362
HIP_IFEL(!(cert = cert_DER_to_X509(p->der, der_len_h)),
2297
2363
-1, "Could not get X509 certificate from DER encoding\n.");
2298
X509_print_fp(stdout, cert);
2299
PEM_write_X509(stdout, cert);
2364
HIP_IFEL(fwrite(p->der, der_len_h, 1, stdout) != 1, -1, "Couldn't output certificate.\n");
2300
2365
2301
2366
out_err:
2302
2367
return err;
2375
2440
NULL, /* 42: unused, was TYPE_HANDOVER */
2376
2441
hip_conf_handle_manual_update, /* 43: TYPE_MANUAL_UPDATE */
2377
2442
hip_conf_handle_broadcast, /* 44: TYPE_BROADCAST */
2378
hip_conf_handle_certificate, /* 45: TYPE CERTIFICATE */
2443
hip_conf_handle_certificate, /* 45: TYPE_CERTIFICATE */
2379
2444
NULL /* TYPE_MAX, the end. */
2380
2445
};
2381
2446
2431
2496
NULL, /* 42: unused, was TYPE_HANDOVER */
2432
2497
NULL, /* 43: TYPE_MANUAL_UPDATE */
2433
2498
NULL, /* 44: TYPE_BROADCAST */
2434
hip_conf_handle_certificate_answer, /* 45: TYPE CERTIFICATE */
2499
hip_conf_handle_certificate_answer, /* 45: TYPE_CERTIFICATE */
2435
2500
NULL /* TYPE_MAX, the end. */
2436
2501
};
2437
2502
/**
Loggerhead is a web-based interface for Breezy
Version: 2.0.1