6543/davfs2
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Read ca_cert in mount_davfs.c

Browse Source
This commit is contained in:
wbaumann 2012-01-31 20:34:02 +00:00
parent f1b02bed97
commit 21414ee396
3 changed files with 43 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
src/mount_davfs.c
View File

@ -74,7 +74,7 @@
#include "xvasprintf.h"
#include "xstrndup.h"

#include <ne_string.h>
#include <ne_ssl.h>
#include <ne_uri.h>
#include <ne_utils.h>

@ -981,7 +981,7 @@ parse_commandline(dav_args *args, int argc, char *argv[])
Requires: privileged, uid, home, conf, mopts, dir_mode, file_mode
Provides: dav_user, dav_group, dav_uid, dav_gid, kernel_fs, buf_size,
dir_umask, file_umask, dir_mode, file_mode,
servercert, secrets, clicert, p_host, p_port, use_proxy,
trust_ca_cert, secrets, clicert, p_host, p_port, use_proxy,
ask_auth, locks, lock_owner, lock_timeout, lock_refresh,
expect100, if_match_bug, drop_weak_etags, allow_cookie,
precheck, ignore_dav_header, connect_timeout, read_timeout,
@ -1015,23 +1015,31 @@ parse_config(dav_args *args)

eval_modes(args);

if (args->servercert)
expand_home(&args->servercert, args);
if (args->servercert && *args->servercert != '/' && !args->privileged) {
char *f = xasprintf("%s/.%s/%s/%s", args->home, PACKAGE, DAV_CERTS_DIR,
args->servercert);
if (access(f, F_OK) == 0) {
free(args->servercert);
args->servercert = f;
if (args->trust_ca_cert) {
char *f = NULL;
expand_home(&args->trust_ca_cert, args);
if (*args->trust_ca_cert == '/') {
args->ca_cert = ne_ssl_cert_read(args->trust_ca_cert);
} else {
free(f);
if (!args->privileged) {
f = xasprintf("%s/.%s/%s/%s", args->home, PACKAGE,
DAV_CERTS_DIR, args->trust_ca_cert);
args->ca_cert = ne_ssl_cert_read(f);
}
if (!args->ca_cert) {
if (f) free(f);
f = xasprintf("%s/%s/%s", DAV_SYS_CONF_DIR, DAV_CERTS_DIR,
args->trust_ca_cert);
args->ca_cert = ne_ssl_cert_read(f);
}
if (args->ca_cert) {
free(args->trust_ca_cert);
args->trust_ca_cert = f;
}
}
}
if (args->servercert && *args->servercert != '/') {
char *f = xasprintf("%s/%s/%s", DAV_SYS_CONF_DIR, DAV_CERTS_DIR,
args->servercert);
free(args->servercert);
args->servercert = f;
if (!args->ca_cert)
error(EXIT_FAILURE, 0, _("can't read server certificate %s"),
args->trust_ca_cert);
}

if (args->secrets)
@ -1417,8 +1425,10 @@ delete_args(dav_args *args)
free(args->host);
if (args->path)
free(args->path);
if (args->servercert)
free(args->servercert);
if (args->trust_ca_cert)
free(args->trust_ca_cert);
if (args->ca_cert)
free(args->ca_cert);
if (args->secrets)
free(args->secrets);
if (args->username) {
@ -1594,7 +1604,7 @@ get_options(dav_args *args, char *option)
};

if (args->privileged)
args->mopts = DAV_USER_MOPTS;
args->mopts = DAV_MOPTS;
args->fsuid = args->uid;
args->fsgid = args->gid;
@ -1805,7 +1815,7 @@ log_dbg_config(dav_args *args)
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
" path: %s", args->path);
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
" servercert: %s", args->servercert);
" trust_ca_cert: %s", args->trust_ca_cert);
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
" secrets: %s", args->secrets);
syslog(LOG_MAKEPRI(LOG_DAEMON, LOG_DEBUG),
@ -2043,7 +2053,7 @@ proxy_from_env(dav_args *args)
file. Some parameters are allowed only in the system wide
configuration file, some only in the user configuration file.
Requires: none
Provides: dav_user, dav_group, kernel_fs, buf_size, servercert, secrets,
Provides: dav_user, dav_group, kernel_fs, buf_size, trust_ca_cert, secrets,
clicert, p_host, p_port, use_proxy, ask_auth, locks,
lock_owner, lock_timeout, lock_refresh, expect100, if_match_bug,
drop_weak_etags, allow_cookie, precheck, ignore_dav_header,
@ -2102,10 +2112,11 @@ read_config(dav_args *args, const char * filename, int system)
args->kernel_fs = xstrdup(parmv[1]);
} else if (strcmp(parmv[0], "buf_size") == 0) {
args->buf_size = arg_to_int(parmv[1], 10, parmv[0]);
} else if (strcmp(parmv[0], "servercert") == 0) {
if (args->servercert)
free(args->servercert);
args->servercert = xstrdup(parmv[1]);
} else if (strcmp(parmv[0], "trust_ca_cert") == 0
|| strcmp(parmv[0], "servercert") == 0) {
if (args->trust_ca_cert)
free(args->trust_ca_cert);
args->trust_ca_cert = xstrdup(parmv[1]);
} else if (!system && strcmp(parmv[0], "secrets") == 0) {
if (args->secrets)
free(args->secrets);

3
src/mount_davfs.h
View File

@ -65,7 +65,8 @@ typedef struct {
char *host; /* Command line */
int port; /* Command line */
char *path; /* Command line */
char *servercert; /* User config file, system config file */
char *trust_ca_cert; /* User config file, system config file */
ne_ssl_certificate *ca_cert;
char *secrets; /* User config file */
char *username; /* User secrets file, system secrets file */
char *cl_username; /* Command line */

16
src/webdav.c
View File

@ -60,7 +60,6 @@
#include "xstrndup.h"
#include "xvasprintf.h"

#include <ne_alloc.h>
#include <ne_auth.h>
#include <ne_basic.h>
#include <ne_dates.h>
@ -412,15 +411,8 @@ dav_init_webdav(const dav_args *args)
ne_ssl_set_verify(session, ssl_verify, NULL);
ne_ssl_trust_default_ca(session);

if (args->servercert) {
ne_ssl_certificate *server_cert
= ne_ssl_cert_read(args->servercert);
if (!server_cert)
error(EXIT_FAILURE, 0, _("can't read server certificate %s"),
args->servercert);
ne_ssl_trust_cert(session, server_cert);
ne_ssl_cert_free(server_cert);
}
if (args->ca_cert)
ne_ssl_trust_cert(session, args->ca_cert);

if (args->clicert) {
uid_t orig = geteuid();
@ -1796,7 +1788,7 @@ prop_result(void *userdata, const ne_uri *uri, const ne_prop_result_set *set)
dav_delete_props(result);
return;
}
result->name = ne_strndup(result->path + strlen(ctx->path),
result->name = xstrndup(result->path + strlen(ctx->path),
strlen(result->path) - strlen(ctx->path)
- result->is_dir);
replace_slashes(&result->name);
@ -2057,7 +2049,7 @@ update_cookie(ne_request *req, void *userdata, const ne_status *status)
cookie = NULL;
}

char *value = ne_strndup(cookie_hdr, sep - cookie_hdr + 1);
char *value = xstrndup(cookie_hdr, sep - cookie_hdr + 1);
cookie = xasprintf("Cookie: $Version=1;%s\r\n", value);
free(value);