Read ca_cert in mount_davfs.c
This commit is contained in:
wbaumann
parent
f1b02bed97
commit
21414ee396
@ -74,7 +74,7 @@
|
|||||||
#include "xvasprintf.h"
|
#include "xvasprintf.h"
|
||||||
#include "xstrndup.h"
|
#include "xstrndup.h"
|
||||||
|
|
||||||
#include <ne_string.h>
|
#include <ne_ssl.h>
|
||||||
#include <ne_uri.h>
|
#include <ne_uri.h>
|
||||||
#include <ne_utils.h>
|
#include <ne_utils.h>
|
||||||
|
|
||||||
@ -981,7 +981,7 @@ parse_commandline(dav_args *args, int argc, char *argv[])
|
|||||||
Requires: privileged, uid, home, conf, mopts, dir_mode, file_mode
|
Requires: privileged, uid, home, conf, mopts, dir_mode, file_mode
|
||||||
Provides: dav_user, dav_group, dav_uid, dav_gid, kernel_fs, buf_size,
|
Provides: dav_user, dav_group, dav_uid, dav_gid, kernel_fs, buf_size,
|
||||||
dir_umask, file_umask, dir_mode, file_mode,
|
dir_umask, file_umask, dir_mode, file_mode,
|
||||||
servercert, secrets, clicert, p_host, p_port, use_proxy,
|
trust_ca_cert, secrets, clicert, p_host, p_port, use_proxy,
|
||||||
ask_auth, locks, lock_owner, lock_timeout, lock_refresh,
|
ask_auth, locks, lock_owner, lock_timeout, lock_refresh,
|
||||||
expect100, if_match_bug, drop_weak_etags, allow_cookie,
|
expect100, if_match_bug, drop_weak_etags, allow_cookie,
|
||||||
precheck, ignore_dav_header, connect_timeout, read_timeout,
|
precheck, ignore_dav_header, connect_timeout, read_timeout,
|
||||||
@ -1015,23 +1015,31 @@ parse_config(dav_args *args)
|
|||||||
|
|
||||||
eval_modes(args);
|
eval_modes(args);
|
||||||
|
|
||||||
if (args->servercert)
|
if (args->trust_ca_cert) {
|
||||||
expand_home(&args->servercert, args);
|
char *f = NULL;
|
||||||
if (args->servercert && *args->servercert != '/' && !args->privileged) {
|
expand_home(&args->trust_ca_cert, args);
|
||||||
char *f = xasprintf("%s/.%s/%s/%s", args->home, PACKAGE, DAV_CERTS_DIR,
|
if (*args->trust_ca_cert == '/') {
|
||||||
args->servercert);
|
args->ca_cert = ne_ssl_cert_read(args->trust_ca_cert);
|
||||||
if (access(f, F_OK) == 0) {
|
|
||||||
free(args->servercert);
|
|
||||||
args->servercert = f;
|
|
||||||
} else {
|
} else {
|
||||||
free(f);
|
if (!args->privileged) {
|
||||||
|
f = xasprintf("%s/.%s/%s/%s", args->home, PACKAGE,
|
||||||
|
DAV_CERTS_DIR, args->trust_ca_cert);
|
||||||
|
args->ca_cert = ne_ssl_cert_read(f);
|
||||||
|
}
|
||||||
|
if (!args->ca_cert) {
|
||||||
|
if (f) free(f);
|
||||||
|
f = xasprintf("%s/%s/%s", DAV_SYS_CONF_DIR, DAV_CERTS_DIR,
|
||||||
|
args->trust_ca_cert);
|
||||||
|
args->ca_cert = ne_ssl_cert_read(f);
|
||||||
|
}
|
||||||
|
if (args->ca_cert) {
|
||||||
|
free(args->trust_ca_cert);
|
||||||
|
args->trust_ca_cert = f;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
if (!args->ca_cert)
|
||||||
if (args->servercert && *args->servercert != '/') {
|
error(EXIT_FAILURE, 0, _("can't read server certificate %s"),
|
||||||
char *f = xasprintf("%s/%s/%s", DAV_SYS_CONF_DIR, DAV_CERTS_DIR,
|
args->trust_ca_cert);
|
||||||
args->servercert);
|
|
||||||
free(args->servercert);
|
|
||||||
args->servercert = f;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (args->secrets)
|
if (args->secrets)
|
||||||
@ -1417,8 +1425,10 @@ delete_args(dav_args *args)
|
|||||||
free(args->host);
|
free(args->host);
|
||||||
if (args->path)
|
if (args->path)
|
||||||
free(args->path);
|
free(args->path);
|
||||||
if (args->servercert)
|
if (args->trust_ca_cert)
|
||||||
free(args->servercert);
|
free(args->trust_ca_cert);
|
||||||
|
if (args->ca_cert)
|
||||||
|
free(args->ca_cert);
|
||||||
if (args->secrets)
|
if (args->secrets)
|
||||||
free(args->secrets);
|
free(args->secrets);
|
||||||
if (args->username) {
|
if (args->username) {
|
||||||
@ -1594,7 +1604,7 @@ get_options(dav_args *args, char *option)
|
|||||||
};
|
};
|
||||||
|
|
||||||
if (args->privileged)
|
if (args->privileged)
|
||||||
args->mopts = DAV_USER_MOPTS;
|
args->mopts = DAV_MOPTS;
|
||||||
args->fsuid = args->uid;
|
args->fsuid = args->uid;
|
||||||
args->fsgid = args->gid;
|
args->fsgid = args->gid;
|
||||||
|
|
||||||
@ -1805,7 +1815,7 @@ log_dbg_config(dav_args *args)
|
|||||||
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
||||||
" path: %s", args->path);
|
" path: %s", args->path);
|
||||||
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
||||||
" servercert: %s", args->servercert);
|
" trust_ca_cert: %s", args->trust_ca_cert);
|
||||||
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
||||||
" secrets: %s", args->secrets);
|
" secrets: %s", args->secrets);
|
||||||
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
|
||||||
@ -2043,7 +2053,7 @@ proxy_from_env(dav_args *args)
|
|||||||
file. Some parameters are allowed only in the system wide
|
file. Some parameters are allowed only in the system wide
|
||||||
configuration file, some only in the user configuration file.
|
configuration file, some only in the user configuration file.
|
||||||
Requires: none
|
Requires: none
|
||||||
Provides: dav_user, dav_group, kernel_fs, buf_size, servercert, secrets,
|
Provides: dav_user, dav_group, kernel_fs, buf_size, trust_ca_cert, secrets,
|
||||||
clicert, p_host, p_port, use_proxy, ask_auth, locks,
|
clicert, p_host, p_port, use_proxy, ask_auth, locks,
|
||||||
lock_owner, lock_timeout, lock_refresh, expect100, if_match_bug,
|
lock_owner, lock_timeout, lock_refresh, expect100, if_match_bug,
|
||||||
drop_weak_etags, allow_cookie, precheck, ignore_dav_header,
|
drop_weak_etags, allow_cookie, precheck, ignore_dav_header,
|
||||||
@ -2102,10 +2112,11 @@ read_config(dav_args *args, const char * filename, int system)
|
|||||||
args->kernel_fs = xstrdup(parmv[1]);
|
args->kernel_fs = xstrdup(parmv[1]);
|
||||||
} else if (strcmp(parmv[0], "buf_size") == 0) {
|
} else if (strcmp(parmv[0], "buf_size") == 0) {
|
||||||
args->buf_size = arg_to_int(parmv[1], 10, parmv[0]);
|
args->buf_size = arg_to_int(parmv[1], 10, parmv[0]);
|
||||||
} else if (strcmp(parmv[0], "servercert") == 0) {
|
} else if (strcmp(parmv[0], "trust_ca_cert") == 0
|
||||||
if (args->servercert)
|
|| strcmp(parmv[0], "servercert") == 0) {
|
||||||
free(args->servercert);
|
if (args->trust_ca_cert)
|
||||||
args->servercert = xstrdup(parmv[1]);
|
free(args->trust_ca_cert);
|
||||||
|
args->trust_ca_cert = xstrdup(parmv[1]);
|
||||||
} else if (!system && strcmp(parmv[0], "secrets") == 0) {
|
} else if (!system && strcmp(parmv[0], "secrets") == 0) {
|
||||||
if (args->secrets)
|
if (args->secrets)
|
||||||
free(args->secrets);
|
free(args->secrets);
|
||||||
|
|||||||
@ -65,7 +65,8 @@ typedef struct {
|
|||||||
char *host; /* Command line */
|
char *host; /* Command line */
|
||||||
int port; /* Command line */
|
int port; /* Command line */
|
||||||
char *path; /* Command line */
|
char *path; /* Command line */
|
||||||
char *servercert; /* User config file, system config file */
|
char *trust_ca_cert; /* User config file, system config file */
|
||||||
|
ne_ssl_certificate *ca_cert;
|
||||||
char *secrets; /* User config file */
|
char *secrets; /* User config file */
|
||||||
char *username; /* User secrets file, system secrets file */
|
char *username; /* User secrets file, system secrets file */
|
||||||
char *cl_username; /* Command line */
|
char *cl_username; /* Command line */
|
||||||
|
|||||||
16
src/webdav.c
16
src/webdav.c
@ -60,7 +60,6 @@
|
|||||||
#include "xstrndup.h"
|
#include "xstrndup.h"
|
||||||
#include "xvasprintf.h"
|
#include "xvasprintf.h"
|
||||||
|
|
||||||
#include <ne_alloc.h>
|
|
||||||
#include <ne_auth.h>
|
#include <ne_auth.h>
|
||||||
#include <ne_basic.h>
|
#include <ne_basic.h>
|
||||||
#include <ne_dates.h>
|
#include <ne_dates.h>
|
||||||
@ -412,15 +411,8 @@ dav_init_webdav(const dav_args *args)
|
|||||||
ne_ssl_set_verify(session, ssl_verify, NULL);
|
ne_ssl_set_verify(session, ssl_verify, NULL);
|
||||||
ne_ssl_trust_default_ca(session);
|
ne_ssl_trust_default_ca(session);
|
||||||
|
|
||||||
if (args->servercert) {
|
if (args->ca_cert)
|
||||||
ne_ssl_certificate *server_cert
|
ne_ssl_trust_cert(session, args->ca_cert);
|
||||||
= ne_ssl_cert_read(args->servercert);
|
|
||||||
if (!server_cert)
|
|
||||||
error(EXIT_FAILURE, 0, _("can't read server certificate %s"),
|
|
||||||
args->servercert);
|
|
||||||
ne_ssl_trust_cert(session, server_cert);
|
|
||||||
ne_ssl_cert_free(server_cert);
|
|
||||||
}
|
|
||||||
|
|
||||||
if (args->clicert) {
|
if (args->clicert) {
|
||||||
uid_t orig = geteuid();
|
uid_t orig = geteuid();
|
||||||
@ -1796,7 +1788,7 @@ prop_result(void *userdata, const ne_uri *uri, const ne_prop_result_set *set)
|
|||||||
dav_delete_props(result);
|
dav_delete_props(result);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
result->name = ne_strndup(result->path + strlen(ctx->path),
|
result->name = xstrndup(result->path + strlen(ctx->path),
|
||||||
strlen(result->path) - strlen(ctx->path)
|
strlen(result->path) - strlen(ctx->path)
|
||||||
- result->is_dir);
|
- result->is_dir);
|
||||||
replace_slashes(&result->name);
|
replace_slashes(&result->name);
|
||||||
@ -2057,7 +2049,7 @@ update_cookie(ne_request *req, void *userdata, const ne_status *status)
|
|||||||
cookie = NULL;
|
cookie = NULL;
|
||||||
}
|
}
|
||||||
|
|
||||||
char *value = ne_strndup(cookie_hdr, sep - cookie_hdr + 1);
|
char *value = xstrndup(cookie_hdr, sep - cookie_hdr + 1);
|
||||||
cookie = xasprintf("Cookie: $Version=1;%s\r\n", value);
|
cookie = xasprintf("Cookie: $Version=1;%s\r\n", value);
|
||||||
free(value);
|
free(value);
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user