Menu
▾
▴
radmind-commit
|
From: Patrick M. <ume...@us...> - 2007-07-31 02:55:41
|
Update of /cvsroot/radmind/radmind In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv6324 Modified Files: daemon.c ktcheck.c lapply.c lcreate.c lfdiff.c repo.c tls.c tls.h Log Message: Added -P option that allows you to specifies a directory that contains certificates to be used when verifying the peer. Certificates must be in PEM format and the directory must have been processed with the openssl c_rehash utility. Index: repo.c =================================================================== RCS file: /cvsroot/radmind/radmind/repo.c,v retrieving revision 1.10 retrieving revision 1.11 diff -C2 -d -r1.10 -r1.11 *** repo.c 18 Jun 2007 19:40:05 -0000 1.10 --- repo.c 31 Jul 2007 02:55:37 -0000 1.11 *************** *** 40,44 **** extern struct timeval timeout; extern char *version; ! extern char *ca, *cert, *privatekey; SSL_CTX *ctx; --- 40,44 ---- extern struct timeval timeout; extern char *version; ! extern char *caFile, *caDir, *cert, *privatekey; SSL_CTX *ctx; *************** *** 58,62 **** char **capa = NULL; /* server capabilities */ ! while (( c = getopt( argc, argv, "e:h:p:vVw:x:y:Z:z:" )) != EOF ) { switch ( c ) { case 'e': /* event to report */ --- 58,62 ---- char **capa = NULL; /* server capabilities */ ! while (( c = getopt( argc, argv, "e:h:p:P:vVw:x:y:Z:z:" )) != EOF ) { switch ( c ) { case 'e': /* event to report */ *************** *** 78,81 **** --- 78,85 ---- break; + case 'P': + caDir = optarg; + break; + case 'v': verbose = 1; *************** *** 97,101 **** case 'x': ! ca = optarg; break; --- 101,105 ---- case 'x': ! caFile = optarg; break; *************** *** 146,150 **** if ( err || (( argc - optind ) < 0 )) { fprintf( stderr, "usage: %s -e event [ -Vv ] ", argv[ 0 ] ); ! fprintf( stderr, "[ -h host ] [ -p port ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file ] [ -z key-pem-file ] " ); --- 150,154 ---- if ( err || (( argc - optind ) < 0 )) { fprintf( stderr, "usage: %s -e event [ -Vv ] ", argv[ 0 ] ); ! fprintf( stderr, "[ -h host ] [ -p port ] [ -P ca-pem-directory ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file ] [ -z key-pem-file ] " ); *************** *** 193,197 **** if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, ca, cert, privatekey ) != 0 ) { exit( 2 ); --- 197,201 ---- if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, caFile, caDir, cert, privatekey ) != 0 ) { exit( 2 ); Index: daemon.c =================================================================== RCS file: /cvsroot/radmind/radmind/daemon.c,v retrieving revision 1.82 retrieving revision 1.83 diff -C2 -d -r1.82 -r1.83 *** daemon.c 18 Jun 2007 19:40:05 -0000 1.82 --- daemon.c 31 Jul 2007 02:55:36 -0000 1.83 *************** *** 142,148 **** extern int optind; extern char *optarg; ! char *ca = "cert/ca.pem"; ! char *cert = "cert/cert.pem"; ! char *privatekey = "cert/cert.pem"; pid_t pid; int status; --- 142,146 ---- extern int optind; extern char *optarg; ! extern char *caFile, *caDir, *cert, *privatekey; pid_t pid; int status; *************** *** 154,158 **** #endif /* HAVE_DNSSD */ - if (( prog = strrchr( av[ 0 ], '/' )) == NULL ) { prog = av[ 0 ]; --- 152,155 ---- *************** *** 163,167 **** b_addr.s_addr = htonl( INADDR_ANY ); ! while (( c = getopt( ac, av, "a:Bb:dD:F:fL:m:p:Ru:UVw:x:y:z:Z:" )) != EOF ) { switch ( c ) { --- 160,164 ---- b_addr.s_addr = htonl( INADDR_ANY ); ! while (( c = getopt( ac, av, "a:Bb:dD:F:fL:m:p:P:Ru:UVw:x:y:z:Z:" )) != EOF ) { switch ( c ) { *************** *** 223,226 **** --- 220,227 ---- break; + case 'P' : /* ca dir */ + caDir = optarg; + break; + case 'r' : use_randfile = 1; *************** *** 249,253 **** case 'x' : /* ca file */ ! ca = optarg; break; --- 250,254 ---- case 'x' : /* ca file */ ! caFile = optarg; break; *************** *** 285,289 **** fprintf( stderr, "[ -b backlog ] [ -D path ] [ -F syslog-facility " ); fprintf( stderr, "[ -L syslog-level ] [ -m max-connections ] " ); ! fprintf( stderr, "[ -p port ] [ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); --- 286,290 ---- fprintf( stderr, "[ -b backlog ] [ -D path ] [ -F syslog-facility " ); fprintf( stderr, "[ -L syslog-level ] [ -m max-connections ] " ); ! fprintf( stderr, "[ -p port ] [ -P ca-pem-directory ] [ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); *************** *** 355,359 **** if ( authlevel != 0 ) { ! if ( tls_server_setup( use_randfile, authlevel, ca, cert, privatekey ) != 0 ) { exit( 1 ); --- 356,360 ---- if ( authlevel != 0 ) { ! if ( tls_server_setup( use_randfile, authlevel, caFile, caDir, cert, privatekey ) != 0 ) { exit( 1 ); Index: lcreate.c =================================================================== RCS file: /cvsroot/radmind/radmind/lcreate.c,v retrieving revision 1.88 retrieving revision 1.89 diff -C2 -d -r1.88 -r1.89 *** lcreate.c 18 Jun 2007 19:40:05 -0000 1.88 --- lcreate.c 31 Jul 2007 02:55:36 -0000 1.89 *************** *** 68,72 **** SSL_CTX *ctx; ! extern char *ca, *cert, *privatekey; int --- 68,72 ---- SSL_CTX *ctx; ! extern char *caFile, *caDir, *cert, *privatekey; int *************** *** 98,102 **** char **capa = NULL; /* capabilities */ ! while (( c = getopt( argc, argv, "%c:Fh:ilnNp:qrt:TU:vVw:x:y:z:Z:" )) != EOF ) { switch( c ) { --- 98,102 ---- char **capa = NULL; /* capabilities */ ! while (( c = getopt( argc, argv, "%c:Fh:ilnNp:P:qrt:TU:vVw:x:y:z:Z:" )) != EOF ) { switch( c ) { *************** *** 149,152 **** --- 149,156 ---- break; + case 'P' : /* ca dir */ + caDir = optarg; + break; + case 'q': quiet = 1; *************** *** 193,197 **** case 'x' : /* ca file */ ! ca = optarg; break; --- 197,201 ---- case 'x' : /* ca file */ ! caFile = optarg; break; *************** *** 236,240 **** fprintf( stderr, "usage: lcreate [ -%%FlnNrTV ] [ -q | -v | -i ] " ); fprintf( stderr, "[ -c checksum ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] " ); fprintf( stderr, "[ -t stored-name ] [ -U user ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); --- 240,244 ---- fprintf( stderr, "usage: lcreate [ -%%FlnNrTV ] [ -q | -v | -i ] " ); fprintf( stderr, "[ -c checksum ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] [ -P ca-pem-directory ] " ); fprintf( stderr, "[ -t stored-name ] [ -U user ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); *************** *** 266,271 **** if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, ca, cert, ! privatekey ) != 0 ) { /* error message printed in tls_setup */ exit( 2 ); --- 270,275 ---- if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, caFile, caDir, ! cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ exit( 2 ); Index: tls.c =================================================================== RCS file: /cvsroot/radmind/radmind/tls.c,v retrieving revision 1.21 retrieving revision 1.22 diff -C2 -d -r1.21 -r1.22 *** tls.c 24 Jan 2006 20:43:52 -0000 1.21 --- tls.c 31 Jul 2007 02:55:37 -0000 1.22 *************** *** 41,45 **** extern struct timeval timeout; ! char *ca = _RADMIND_TLS_CA; char *cert = _RADMIND_TLS_CERT; char *privatekey = _RADMIND_TLS_CERT; --- 41,46 ---- extern struct timeval timeout; ! char *caFile = NULL; ! char *caDir = NULL; char *cert = _RADMIND_TLS_CERT; char *privatekey = _RADMIND_TLS_CERT; *************** *** 74,78 **** int ! tls_server_setup( int use_randfile, int authlevel, char *ca, char *cert, char *privatekey ) { extern SSL_CTX *ctx; --- 75,79 ---- int ! tls_server_setup( int use_randfile, int authlevel, char *caFile, char *caDir, char *cert, char *privatekey ) { extern SSL_CTX *ctx; *************** *** 114,124 **** if ( authlevel == 2 ) { ! /* Load CA */ ! if ( SSL_CTX_load_verify_locations( ctx, ca, NULL ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! ca, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); } } /* Set level of security expecations */ if ( authlevel == 1 ) { --- 115,140 ---- if ( authlevel == 2 ) { ! /* Set default CA location of not specified */ ! if ( caFile == NULL && caDir == NULL ) { ! caFile = _RADMIND_TLS_CA; ! } ! ! /* Load CA */ ! if ( caFile != NULL ) { ! if ( SSL_CTX_load_verify_locations( ctx, caFile, NULL ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! caFile, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); ! } ! } ! if ( caDir != NULL ) { ! if ( SSL_CTX_load_verify_locations( ctx, NULL, caDir ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! caDir, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); ! } } } + /* Set level of security expecations */ if ( authlevel == 1 ) { *************** *** 134,138 **** int ! tls_client_setup( int use_randfile, int authlevel, char *ca, char *cert, char *privatekey ) { extern SSL_CTX *ctx; --- 150,154 ---- int ! tls_client_setup( int use_randfile, int authlevel, char *caFile, char *caDir, char *cert, char *privatekey ) { extern SSL_CTX *ctx; *************** *** 176,184 **** } /* Load CA */ ! if ( SSL_CTX_load_verify_locations( ctx, ca, NULL ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! ca, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); } --- 192,214 ---- } + /* Set default CA location of not specified */ + if ( caFile == NULL && caDir == NULL ) { + caFile = _RADMIND_TLS_CA; + } + /* Load CA */ ! if ( caFile != NULL ) { ! if ( SSL_CTX_load_verify_locations( ctx, caFile, NULL ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! caFile, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); ! } ! } ! if ( caDir != NULL ) { ! if ( SSL_CTX_load_verify_locations( ctx, NULL, caDir ) != 1 ) { ! fprintf( stderr, "SSL_CTX_load_verify_locations: %s: %s\n", ! caDir, ERR_error_string( ERR_get_error(), NULL )); ! return( -1 ); ! } } Index: ktcheck.c =================================================================== RCS file: /cvsroot/radmind/radmind/ktcheck.c,v retrieving revision 1.124 retrieving revision 1.125 diff -C2 -d -r1.124 -r1.125 *** ktcheck.c 11 Jul 2007 03:01:42 -0000 1.124 --- ktcheck.c 31 Jul 2007 02:55:36 -0000 1.125 *************** *** 78,82 **** extern struct timeval timeout; extern char *version, *checksumlist; ! extern char *ca, *cert, *privatekey; static void --- 78,82 ---- extern struct timeval timeout; extern char *version, *checksumlist; ! extern char *caFile, *caDir, *cert, *privatekey; static void *************** *** 561,565 **** char **capa = NULL; /* capabilities */ ! while (( c = getopt( argc, argv, "Cc:D:h:iK:np:qrvVw:x:y:z:Z:" )) != EOF ) { switch( c ) { case 'C': /* clean up dir containing command.K */ --- 561,566 ---- char **capa = NULL; /* capabilities */ ! while (( c = getopt( argc, argv, ! "Cc:D:h:iK:np:P:qrvVw:x:y:z:Z:" )) != EOF ) { switch( c ) { case 'C': /* clean up dir containing command.K */ *************** *** 606,609 **** --- 607,614 ---- } break; + + case 'P' : /* ca dir */ + caDir = optarg; + break; case 'q': *************** *** 638,642 **** case 'x' : /* ca file */ ! ca = optarg; break; --- 643,647 ---- case 'x' : /* ca file */ ! caFile = optarg; break; *************** *** 677,681 **** fprintf( stderr, "[ -c checksum ] [ -D radmind_path ] " ); fprintf( stderr, "[ -K command file ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); --- 682,686 ---- fprintf( stderr, "[ -c checksum ] [ -D radmind_path ] " ); fprintf( stderr, "[ -K command file ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] [ -P ca-pem-directory ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); *************** *** 718,722 **** if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, ca, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ --- 723,727 ---- if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, caFile, caDir, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ Index: tls.h =================================================================== RCS file: /cvsroot/radmind/radmind/tls.h,v retrieving revision 1.4 retrieving revision 1.5 diff -C2 -d -r1.4 -r1.5 *** tls.h 12 Oct 2004 15:35:45 -0000 1.4 --- tls.h 31 Jul 2007 02:55:37 -0000 1.5 *************** *** 4,8 **** */ ! int tls_server_setup( int use_randfile, int authlevel, char *ca, char *cert, char *privatekey ); ! int tls_client_setup( int use_randfile, int authlevel, char *ca, char *cert, char *privatekey ); int tls_client_start( SNET *sn, char *host, int authlevel ); --- 4,8 ---- */ ! int tls_server_setup( int use_randfile, int authlevel, char *caFile, char *caDir, char *cert, char *privatekey ); ! int tls_client_setup( int use_randfile, int authlevel, char *caFile, char *caDir, char *cert, char *privatekey ); int tls_client_start( SNET *sn, char *host, int authlevel ); Index: lapply.c =================================================================== RCS file: /cvsroot/radmind/radmind/lapply.c,v retrieving revision 1.140 retrieving revision 1.141 diff -C2 -d -r1.140 -r1.141 *** lapply.c 11 Jul 2007 03:01:42 -0000 1.140 --- lapply.c 31 Jul 2007 02:55:36 -0000 1.141 *************** *** 65,69 **** SSL_CTX *ctx; ! extern char *ca, *cert, *privatekey; struct node { --- 65,69 ---- SSL_CTX *ctx; ! extern char *caFile, *caDir, *cert, *privatekey; struct node { *************** *** 254,258 **** while (( c = getopt( argc, argv, ! "%c:CFh:iInp:qru:Vvw:x:y:z:Z:" )) != EOF ) { switch( c ) { case '%': --- 254,258 ---- while (( c = getopt( argc, argv, ! "%c:CFh:iInp:P:qru:Vvw:x:y:z:Z:" )) != EOF ) { switch( c ) { case '%': *************** *** 304,307 **** --- 304,311 ---- break; + case 'P' : /* ca dir */ + caDir = optarg; + break; + case 'q': quiet = 1; *************** *** 339,343 **** case 'x' : /* ca file */ ! ca = optarg; break; --- 343,347 ---- case 'x' : /* ca file */ ! caFile = optarg; break; *************** *** 403,407 **** argv[ 0 ] ); fprintf( stderr, "[ -c checksum ] [ -h host ] [ -p port ] " ); ! fprintf( stderr, "[ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file ] [ -z key-pem-file ] " ); --- 407,411 ---- argv[ 0 ] ); fprintf( stderr, "[ -c checksum ] [ -h host ] [ -p port ] " ); ! fprintf( stderr, "[ -P ca-pem-directory ] [ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file ] [ -z key-pem-file ] " ); *************** *** 416,420 **** if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, ca, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ --- 420,424 ---- if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, caFile, caDir, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ Index: lfdiff.c =================================================================== RCS file: /cvsroot/radmind/radmind/lfdiff.c,v retrieving revision 1.60 retrieving revision 1.61 diff -C2 -d -r1.60 -r1.61 *** lfdiff.c 11 Jul 2007 03:01:42 -0000 1.60 --- lfdiff.c 31 Jul 2007 02:55:36 -0000 1.61 *************** *** 51,55 **** SSL_CTX *ctx; ! extern char *ca, *cert, *privatekey; static struct transcript * --- 51,55 ---- SSL_CTX *ctx; ! extern char *caFile, *caDir, *cert, *privatekey; static struct transcript * *************** *** 156,161 **** diffargv[ diffargc++ ] = diff; ! while (( c = getopt ( argc, argv, "h:Ip:rST:u:Vvw:x:y:z:Z:bitcefnC:D:sX:" )) ! != EOF ) { switch( c ) { case 'I': --- 156,161 ---- diffargv[ diffargc++ ] = diff; ! while (( c = getopt ( argc, argv, ! "h:Ip:P:rST:u:Vvw:x:y:z:Z:bitcefnC:D:sX:" )) != EOF ) { switch( c ) { case 'I': *************** *** 177,180 **** --- 177,184 ---- break; + case 'P' : /* ca dir */ + caDir = optarg; + break; + case 'r': use_randfile = 1; *************** *** 215,219 **** case 'x' : /* ca file */ ! ca = optarg; break; --- 219,223 ---- case 'x' : /* ca file */ ! caFile = optarg; break; *************** *** 328,332 **** fprintf( stderr, "[ -IrvV ] " ); fprintf( stderr, "[ -T transcript | -S ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] [ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); --- 332,337 ---- fprintf( stderr, "[ -IrvV ] " ); fprintf( stderr, "[ -T transcript | -S ] " ); ! fprintf( stderr, "[ -h host ] [ -p port ] [ -P ca-pem-directory ] " ); ! fprintf( stderr, "[ -u umask ] " ); fprintf( stderr, "[ -w auth-level ] [ -x ca-pem-file ] " ); fprintf( stderr, "[ -y cert-pem-file] [ -z key-pem-file ] " ); *************** *** 340,344 **** if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, ca, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ --- 345,349 ---- if ( authlevel != 0 ) { ! if ( tls_client_setup( use_randfile, authlevel, caFile, caDir, cert, privatekey ) != 0 ) { /* error message printed in tls_setup */ |
Thanks for helping keep SourceForge clean.
X