iPXE
Data Structures | Defines | Functions | Variables
cert_cmd.c File Reference

Certificate management commands. More...

#include <stdio.h>
#include <errno.h>
#include <getopt.h>
#include <ipxe/x509.h>
#include <ipxe/certstore.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/certmgmt.h>

Go to the source code of this file.

Data Structures

struct  cert_options
 "cert<xxx>" options More...
struct  cert_command_descriptor
 A "cert<xxx>" command descriptor. More...

Defines

#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
 Construct "cert<xxx>" command descriptor.

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static int cert_exec (int argc, char **argv, struct cert_command_descriptor *certcmd)
 Execute "cert<xxx>" command.
static int certstat_payload (struct x509_certificate *cert)
 "certstat" payload
static int certstat_exec (int argc, char **argv)
 The "certstat" command.
static int certstore_payload (struct x509_certificate *cert)
 "certstore" payload
static int certstore_exec (int argc, char **argv)
 The "certstore" command.
static int certfree_payload (struct x509_certificate *cert)
 "certfree" payload
static int certfree_exec (int argc, char **argv)
 The "certfree" command.

Variables

union {
   struct option_descriptor   certstore [2]
   struct option_descriptor   certstat [1]
   struct option_descriptor   certfree [1]
opts
 "cert<xxx>" option list
static struct
cert_command_descriptor 
certstat_cmd
 "certstat" command descriptor
static struct
cert_command_descriptor 
certstore_cmd
 "certstore" command descriptor
static struct
cert_command_descriptor 
certfree_cmd
 "certfree" command descriptor
struct command certmgmt_commands[] __command
 Certificate management commands.

Detailed Description

Certificate management commands.

Definition in file cert_cmd.c.


Define Documentation

#define CERT_COMMAND_DESC (   _struct,
  _options,
  _min_args,
  _max_args,
  _usage,
  _payload 
)
Value:
{                                                               \
                .cmd = COMMAND_DESC ( _struct, _options, _min_args,     \
                                      _max_args, _usage ),              \
                .payload = _payload,                                    \
        }

Construct "cert<xxx>" command descriptor.

Parameters:
_structOptions structure type
_optionsOption descriptor array
_min_argsMinimum number of non-option arguments
_max_argsMaximum number of non-option arguments
_usageCommand usage
_payloadPayload method
Return values:
_commandCommand descriptor

Definition at line 91 of file cert_cmd.c.


Function Documentation

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )
static int cert_exec ( int  argc,
char **  argv,
struct cert_command_descriptor certcmd 
) [static]

Execute "cert<xxx>" command.

Parameters:
argcArgument count
argvArgument list
certcmdCommand descriptor
Return values:
rcReturn status code

Definition at line 107 of file cert_cmd.c.

References certstore, cert_command_descriptor::cmd, cmd, count, ENOENT, image_x509(), imgacquire(), cert_options::keep, image::len, x509_chain::links, x509_link::list, list_first_entry, list_next_entry, cert_options::name, next, NULL, offset, optind, parse_options(), cert_command_descriptor::payload, printf(), rc, x509_certificate::store, strerror(), unregister_image(), x509_check_name(), x509_get(), and x509_put().

Referenced by certfree_exec(), certstat_exec(), and certstore_exec().

                                                                 {
        struct command_descriptor *cmd = &certcmd->cmd;
        struct cert_options opts;
        struct image *image = NULL;
        struct x509_certificate *cert;
        struct x509_certificate *tmp;
        unsigned int count = 0;
        size_t offset = 0;
        int next;
        int rc;

        /* Parse options */
        if ( ( rc = parse_options ( argc, argv, cmd, &opts ) ) != 0 )
                goto err_parse;

        /* Acquire image, if applicable */
        if ( ( optind < argc ) &&
             ( ( rc = imgacquire ( argv[optind], 0, &image ) ) != 0 ) )
                goto err_acquire;

        /* Get first entry in certificate store */
        tmp = list_first_entry ( &certstore.links, struct x509_certificate,
                                 store.list );

        /* Iterate over certificates */
        while ( 1 ) {

                /* Get next certificate from image or store as applicable */
                if ( image ) {

                        /* Get next certificate from image */
                        if ( offset >= image->len )
                                break;
                        next = image_x509 ( image, offset, &cert );
                        if ( next < 0 ) {
                                rc = next;
                                printf ( "Could not parse certificate: %s\n",
                                         strerror ( rc ) );
                                goto err_x509;
                        }
                        offset = next;

                } else {

                        /* Get next certificate from store */
                        cert = tmp;
                        if ( ! cert )
                                break;
                        tmp = list_next_entry ( tmp, &certstore.links,
                                                store.list );
                        x509_get ( cert );
                }

                /* Skip non-matching names, if a name was specified */
                if ( opts.name && ( x509_check_name ( cert, opts.name ) != 0 )){
                        x509_put ( cert );
                        continue;
                }

                /* Execute payload */
                if ( ( rc = certcmd->payload ( cert ) ) != 0 ) {
                        x509_put ( cert );
                        goto err_payload;
                }

                /* Count number of certificates processed */
                count++;

                /* Drop reference to certificate */
                x509_put ( cert );
        }

        /* Fail if a name was specified and no matching certificates
         * were found.
         */
        if ( opts.name && ( count == 0 ) ) {
                printf ( "\"%s\" : no such certificate\n", opts.name );
                rc = -ENOENT;
                goto err_none;
        }

 err_none:
 err_payload:
 err_x509:
        if ( image && ( ! opts.keep ) )
                unregister_image ( image );
 err_acquire:
 err_parse:
        return rc;
}
static int certstat_payload ( struct x509_certificate cert) [static]

"certstat" payload

Parameters:
certX.509 certificate
Return values:
rcReturn status code

Definition at line 205 of file cert_cmd.c.

References certstat.

                                                              {

        certstat ( cert );
        return 0;
}
static int certstat_exec ( int  argc,
char **  argv 
) [static]

The "certstat" command.

Parameters:
argcArgument count
argvArgument list
Return values:
rcReturn status code

Definition at line 223 of file cert_cmd.c.

References cert_exec().

                                                   {

        return cert_exec ( argc, argv, &certstat_cmd );
}
static int certstore_payload ( struct x509_certificate cert) [static]

"certstore" payload

Parameters:
certX.509 certificate
Return values:
rcReturn status code

Definition at line 234 of file cert_cmd.c.

References x509_certificate::flags, and X509_FL_EXPLICIT.

                                                               {

        /* Mark certificate as having been added explicitly */
        cert->flags |= X509_FL_EXPLICIT;

        return 0;
}
static int certstore_exec ( int  argc,
char **  argv 
) [static]

The "certstore" command.

Parameters:
argcArgument count
argvArgument list
Return values:
rcReturn status code

Definition at line 254 of file cert_cmd.c.

References cert_exec().

                                                    {

        return cert_exec ( argc, argv, &certstore_cmd );
}
static int certfree_payload ( struct x509_certificate cert) [static]

"certfree" payload

Parameters:
certX.509 certificate
Return values:
rcReturn status code

Definition at line 265 of file cert_cmd.c.

References certstore_del().

                                                              {

        /* Remove from certificate store */
        certstore_del ( cert );

        return 0;
}
static int certfree_exec ( int  argc,
char **  argv 
) [static]

The "certfree" command.

Parameters:
argcArgument count
argvArgument list
Return values:
rcReturn status code

Definition at line 285 of file cert_cmd.c.

References cert_exec().

                                                   {

        return cert_exec ( argc, argv, &certfree_cmd );
}

Variable Documentation

Certificate store.

Definition at line 54 of file cert_cmd.c.

Definition at line 56 of file cert_cmd.c.

Referenced by certstat_payload().

Definition at line 58 of file cert_cmd.c.

union { ... } opts [static]

"cert<xxx>" option list

Referenced by ifcommon_exec().

Initial value:

"certstat" command descriptor

Definition at line 212 of file cert_cmd.c.

Initial value:
        CERT_COMMAND_DESC ( struct cert_options, opts.certstore, 0, 1,
                            "[<uri|image>]", certstore_payload )

"certstore" command descriptor

Definition at line 243 of file cert_cmd.c.

Initial value:

"certfree" command descriptor

Definition at line 274 of file cert_cmd.c.

struct command certmgmt_commands [] __command
Initial value:
 {
        {
                .name = "certstat",
                .exec = certstat_exec,
        },
        {
                .name = "certstore",
                .exec = certstore_exec,
        },
        {
                .name = "certfree",
                .exec = certfree_exec,
        },
}

Certificate management commands.

Definition at line 291 of file cert_cmd.c.