trust: Rework input path treatment

* Accept a single --with-trust-paths argument to ./configure which cotnains all the input paths. * The --with-system-anchors and --with-system-certificates ./configure arguments are no longer supported. Since they were only present briefly, no provision is made for backwards compatibility. * Each input file is treated as containing anchors by default unless an input certificate contains detailed trust information. * The files in each input directory are not automatically treated as anchors unless a certificate contains detailed trust information. * The files in anchors/ subdirectory of each input directory are automatically marked as anchors. * The files in the blacklist/ subdirectory of each input directory are automatically marked as blacklisted. * Update tests and move around test certificates so we can test these changes. https://bugs.freedesktop.org/show_bug.cgi?id=62327
author: Stef Walter <stefw@gnome.org> 2013-03-14 10:05:17 +0100
committer: Stef Walter <stefw@gnome.org> 2013-03-15 17:19:01 +0100
commit: 86e60637394340ef2fa3b3db6b451dac1d73052b (patch)
tree: 8fa4f4c353534ffc259f9e333e64fbf7d068e913 /trust/token.c
parent: bf63f009cd4a1147a3e0684d898f140f46666b0e (diff)
1 files changed, 52 insertions, 26 deletions
diff --git a/trust/token.c b/trust/token.c
index 3c0de4c..f96d865 100644
--- a/trust/token.c
+++ b/trust/token.c
@@ -50,6 +50,7 @@
 #include <sys/types.h>
 
 #include <dirent.h>
+#include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
 
@@ -58,9 +59,7 @@
 struct _p11_token {
 	p11_parser *parser;
 	p11_dict *objects;
-	const char *anchor_paths;
-	const char *other_paths;
-	const char *certificate_paths;
+	const char *paths;
 	int loaded;
 };
 
@@ -149,11 +148,32 @@ loader_load_directory (p11_token *token,
 }
 
 static int
+loader_load_subdirectory (p11_token *token,
+                          const char *directory,
+                          const char *subdir,
+                          int flags)
+{
+	struct stat sb;
+	char *path;
+	int ret = 0;
+
+	if (asprintf (&path, "%s/%s", directory, subdir) < 0)
+		return_val_if_reached (-1);
+
+	if (stat (path, &sb) >= 0 && S_ISDIR (sb.st_mode))
+		ret = loader_load_directory (token, path, flags);
+
+	free (path);
+	return ret;
+}
+
+static int
 loader_load_path (p11_token *token,
-                  const char *path,
-                  int flags)
+                  const char *path)
 {
 	struct stat sb;
+	int total;
+	int ret;
 
 	if (stat (path, &sb) < 0) {
 		if (errno == ENOENT) {
@@ -167,16 +187,30 @@ loader_load_path (p11_token *token,
 		return 0;
 	}
 
-	if (S_ISDIR (sb.st_mode))
-		return loader_load_directory (token, path, flags);
-	else
-		return loader_load_file (token, path, &sb, flags);
+	if (S_ISDIR (sb.st_mode)) {
+		total = 0;
+
+		ret = loader_load_subdirectory (token, path, "anchors", P11_PARSE_FLAG_ANCHOR);
+		return_val_if_fail (ret >= 0, ret);
+		total += ret;
+
+		ret = loader_load_subdirectory (token, path, "blacklist", P11_PARSE_FLAG_BLACKLIST);
+		return_val_if_fail (ret >= 0, ret);
+		total += ret;
+
+		ret = loader_load_directory (token, path, P11_PARSE_FLAG_NONE);
+		return_val_if_fail (ret >= 0, ret);
+		total += ret;
+
+		return total;
+	} else {
+		return loader_load_file (token, path, &sb, P11_PARSE_FLAG_ANCHOR);
+	}
 }
 
 static int
 loader_load_paths (p11_token *token,
-                   const char *paths,
-                   int flags)
+                   const char *paths)
 {
 	const char *pos;
 	int total = 0;
@@ -199,7 +233,7 @@ loader_load_paths (p11_token *token,
 
 		if (path[0] != '\0') {
 			/* We don't expect this to fail except for in strange circumstances */
-			ret = loader_load_path (token, path, flags);
+			ret = loader_load_path (token, path);
 			if (ret < 0)
 				return_val_if_reached (-1);
 			total += ret;
@@ -383,8 +417,7 @@ int
 p11_token_load (p11_token *token)
 {
 	int builtins;
-	int anchors;
-	int other;
+	int count;
 
 	if (token->loaded)
 		return 0;
@@ -392,15 +425,10 @@ p11_token_load (p11_token *token)
 
 	builtins = load_builtin_objects (token);
 
-	anchors = loader_load_paths (token, token->anchor_paths, P11_PARSE_FLAG_ANCHOR);
-	if (anchors < 0)
-		return anchors;
-
-	other = loader_load_paths (token, token->other_paths, P11_PARSE_FLAG_NONE);
-	if (other < 0)
-		return other;
+	count = loader_load_paths (token, token->paths);
+	return_val_if_fail (count >= 0, count);
 
-	return anchors + builtins + other;
+	return count + builtins;
 }
 
 p11_dict *
@@ -421,8 +449,7 @@ p11_token_free (p11_token *token)
 }
 
 p11_token *
-p11_token_new (const char *anchor_paths,
-               const char *other_paths)
+p11_token_new (const char *paths)
 {
 	p11_token *token;
 
@@ -437,8 +464,7 @@ p11_token_new (const char *anchor_paths,
 	                               free, p11_attrs_free);
 	return_val_if_fail (token->objects != NULL, NULL);
 
-	token->anchor_paths = anchor_paths;
-	token->other_paths = other_paths;
+	token->paths = paths;
 	token->loaded = 0;
 
 	return token;
author	Stef Walter <stefw@gnome.org>	2013-03-14 10:05:17 +0100
committer	Stef Walter <stefw@gnome.org>	2013-03-15 17:19:01 +0100
commit	86e60637394340ef2fa3b3db6b451dac1d73052b (patch)
tree	8fa4f4c353534ffc259f9e333e64fbf7d068e913 /trust/token.c
parent	bf63f009cd4a1147a3e0684d898f140f46666b0e (diff)