iPXE
Data Structures | Macros | Functions | Variables
cert_cmd.c File Reference

Certificate management commands. More...

#include <stdio.h>
#include <errno.h>
#include <getopt.h>
#include <ipxe/x509.h>
#include <ipxe/certstore.h>
#include <ipxe/image.h>
#include <ipxe/command.h>
#include <ipxe/parseopt.h>
#include <usr/imgmgmt.h>
#include <usr/certmgmt.h>

Go to the source code of this file.

Data Structures

struct  cert_options
 "cert<xxx>" options More...
 
struct  cert_command_descriptor
 A "cert<xxx>" command descriptor. More...
 

Macros

#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
 Construct "cert<xxx>" command descriptor. More...
 

Functions

 FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
 
static int cert_exec (int argc, char **argv, struct cert_command_descriptor *certcmd)
 Execute "cert<xxx>" command. More...
 
static int certstat_payload (struct x509_certificate *cert)
 "certstat" payload More...
 
static int certstat_exec (int argc, char **argv)
 The "certstat" command. More...
 
static int certstore_payload (struct x509_certificate *cert)
 "certstore" payload More...
 
static int certstore_exec (int argc, char **argv)
 The "certstore" command. More...
 
static int certfree_payload (struct x509_certificate *cert)
 "certfree" payload More...
 
static int certfree_exec (int argc, char **argv)
 The "certfree" command. More...
 

Variables

union {
   struct option_descriptor   certstore [2]
 
   struct option_descriptor   certstat [1]
 
   struct option_descriptor   certfree [1]
 
opts
 "cert<xxx>" option list More...
 
static struct cert_command_descriptor certstat_cmd
 "certstat" command descriptor More...
 
static struct cert_command_descriptor certstore_cmd
 "certstore" command descriptor More...
 
static struct cert_command_descriptor certfree_cmd
 "certfree" command descriptor More...
 
struct command certmgmt_commands [] __command
 Certificate management commands. More...
 

Detailed Description

Certificate management commands.

Definition in file cert_cmd.c.

Macro Definition Documentation

◆ CERT_COMMAND_DESC

#define CERT_COMMAND_DESC (   _struct,
  _options,
  _min_args,
  _max_args,
  _usage,
  _payload 
)
Value:
{ \
.cmd = COMMAND_DESC ( _struct, _options, _min_args, \
_max_args, _usage ), \
.payload = _payload, \
}
#define COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage)
Construct command descriptor.
Definition: parseopt.h:107

Construct "cert<xxx>" command descriptor.

Parameters
_structOptions structure type
_optionsOption descriptor array
_min_argsMinimum number of non-option arguments
_max_argsMaximum number of non-option arguments
_usageCommand usage
_payloadPayload method
Return values
_commandCommand descriptor

Definition at line 91 of file cert_cmd.c.

Function Documentation

◆ FILE_LICENCE()

FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL  )

◆ cert_exec()

static int cert_exec ( int  argc,
char **  argv,
struct cert_command_descriptor certcmd 
)
static

Execute "cert<xxx>" command.

Parameters
argcArgument count
argvArgument list
certcmdCommand descriptor
Return values
rcReturn status code

Definition at line 107 of file cert_cmd.c.

108  {
109  struct command_descriptor *cmd = &certcmd->cmd;
110  struct cert_options opts;
111  struct image *image = NULL;
112  struct x509_certificate *cert;
113  struct x509_certificate *tmp;
114  unsigned int count = 0;
115  size_t offset = 0;
116  int next;
117  int rc;
118 
119  /* Parse options */
120  if ( ( rc = parse_options ( argc, argv, cmd, &opts ) ) != 0 )
121  goto err_parse;
122 
123  /* Acquire image, if applicable */
124  if ( ( optind < argc ) &&
125  ( ( rc = imgacquire ( argv[optind], 0, &image ) ) != 0 ) )
126  goto err_acquire;
127 
128  /* Get first entry in certificate store */
129  tmp = list_first_entry ( &certstore.links, struct x509_certificate,
130  store.list );
131 
132  /* Iterate over certificates */
133  while ( 1 ) {
134 
135  /* Get next certificate from image or store as applicable */
136  if ( image ) {
137 
138  /* Get next certificate from image */
139  if ( offset >= image->len )
140  break;
141  next = image_x509 ( image, offset, &cert );
142  if ( next < 0 ) {
143  rc = next;
144  printf ( "Could not parse certificate: %s\n",
145  strerror ( rc ) );
146  goto err_x509;
147  }
148  offset = next;
149 
150  } else {
151 
152  /* Get next certificate from store */
153  cert = tmp;
154  if ( ! cert )
155  break;
156  tmp = list_next_entry ( tmp, &certstore.links,
157  store.list );
158  x509_get ( cert );
159  }
160 
161  /* Skip non-matching names, if a name was specified */
162  if ( opts.name && ( x509_check_name ( cert, opts.name ) != 0 )){
163  x509_put ( cert );
164  continue;
165  }
166 
167  /* Execute payload */
168  if ( ( rc = certcmd->payload ( cert ) ) != 0 ) {
169  x509_put ( cert );
170  goto err_payload;
171  }
172 
173  /* Count number of certificates processed */
174  count++;
175 
176  /* Drop reference to certificate */
177  x509_put ( cert );
178  }
179 
180  /* Fail if a name was specified and no matching certificates
181  * were found.
182  */
183  if ( opts.name && ( count == 0 ) ) {
184  printf ( "\"%s\" : no such certificate\n", opts.name );
185  rc = -ENOENT;
186  goto err_none;
187  }
188 
189  err_none:
190  err_payload:
191  err_x509:
192  if ( image && ( ! opts.keep ) )
194  err_acquire:
195  err_parse:
196  return rc;
197 }
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:236
int optind
Current option index.
Definition: getopt.c:51
int(* payload)(struct x509_certificate *cert)
Payload.
Definition: cert_cmd.c:77
uint32_t next
Next descriptor address.
Definition: myson.h:18
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1519
#define ENOENT
No such file or directory.
Definition: errno.h:514
#define list_next_entry(pos, head, member)
Get the container of the next entry in a list.
Definition: list.h:359
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:447
An executable image.
Definition: image.h:24
A command descriptor.
Definition: parseopt.h:76
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition: list.h:333
static userptr_t size_t offset
Offset of the first segment within the content.
Definition: deflate.h:259
static union @423 opts
"cert<xxx>" option list
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
An X.509 certificate.
Definition: x509.h:185
size_t len
Length of raw file image.
Definition: image.h:43
"cert<xxx>" options
Definition: cert_cmd.c:44
uint8_t * tmp
Definition: entropy.h:156
struct command_descriptor cmd
Command descriptor.
Definition: cert_cmd.c:71
void unregister_image(struct image *image)
Unregister executable image.
Definition: image.c:252
struct option_descriptor certstore[2]
Certificate store.
Definition: cert_cmd.c:54
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:247
uint16_t count
Number of entries.
Definition: ena.h:22
struct x509_link store
Link in certificate store.
Definition: x509.h:190
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition: x509.c:1781
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362
struct golan_eqe_cmd cmd
Definition: CIB_PRM.h:29
int imgacquire(const char *name_uri, unsigned long timeout, struct image **image)
Acquire an image.
Definition: imgmgmt.c:141

References certstore, cmd, cert_command_descriptor::cmd, count, ENOENT, image_x509(), imgacquire(), image::len, x509_link::list, list_first_entry, list_next_entry, next, NULL, offset, optind, opts, parse_options(), cert_command_descriptor::payload, printf(), rc, x509_certificate::store, strerror(), tmp, unregister_image(), x509_check_name(), x509_get(), and x509_put().

Referenced by certfree_exec(), certstat_exec(), and certstore_exec().

◆ certstat_payload()

static int certstat_payload ( struct x509_certificate cert)
static

"certstat" payload

Parameters
certX.509 certificate
Return values
rcReturn status code

Definition at line 205 of file cert_cmd.c.

205  {
206 
207  certstat ( cert );
208  return 0;
209 }
struct option_descriptor certstat[1]
Definition: cert_cmd.c:56

References certstat.

◆ certstat_exec()

static int certstat_exec ( int  argc,
char **  argv 
)
static

The "certstat" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 223 of file cert_cmd.c.

223  {
224 
225  return cert_exec ( argc, argv, &certstat_cmd );
226 }
static int cert_exec(int argc, char **argv, struct cert_command_descriptor *certcmd)
Execute "cert<xxx>" command.
Definition: cert_cmd.c:107
static struct cert_command_descriptor certstat_cmd
"certstat" command descriptor
Definition: cert_cmd.c:212

References cert_exec(), and certstat_cmd.

◆ certstore_payload()

static int certstore_payload ( struct x509_certificate cert)
static

"certstore" payload

Parameters
certX.509 certificate
Return values
rcReturn status code

Definition at line 234 of file cert_cmd.c.

234  {
235 
236  /* Mark certificate as having been added explicitly */
237  cert->flags |= X509_FL_EXPLICIT;
238 
239  return 0;
240 }
unsigned int flags
Flags.
Definition: x509.h:193
Certificate was added explicitly at run time.
Definition: x509.h:226

References x509_certificate::flags, and X509_FL_EXPLICIT.

◆ certstore_exec()

static int certstore_exec ( int  argc,
char **  argv 
)
static

The "certstore" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 254 of file cert_cmd.c.

254  {
255 
256  return cert_exec ( argc, argv, &certstore_cmd );
257 }
static int cert_exec(int argc, char **argv, struct cert_command_descriptor *certcmd)
Execute "cert<xxx>" command.
Definition: cert_cmd.c:107
static struct cert_command_descriptor certstore_cmd
"certstore" command descriptor
Definition: cert_cmd.c:243

References cert_exec(), and certstore_cmd.

◆ certfree_payload()

static int certfree_payload ( struct x509_certificate cert)
static

"certfree" payload

Parameters
certX.509 certificate
Return values
rcReturn status code

Definition at line 265 of file cert_cmd.c.

265  {
266 
267  /* Remove from certificate store */
268  certstore_del ( cert );
269 
270  return 0;
271 }
void certstore_del(struct x509_certificate *cert)
Remove certificate from store.
Definition: certstore.c:153

References certstore_del().

◆ certfree_exec()

static int certfree_exec ( int  argc,
char **  argv 
)
static

The "certfree" command.

Parameters
argcArgument count
argvArgument list
Return values
rcReturn status code

Definition at line 285 of file cert_cmd.c.

285  {
286 
287  return cert_exec ( argc, argv, &certfree_cmd );
288 }
static int cert_exec(int argc, char **argv, struct cert_command_descriptor *certcmd)
Execute "cert<xxx>" command.
Definition: cert_cmd.c:107
static struct cert_command_descriptor certfree_cmd
"certfree" command descriptor
Definition: cert_cmd.c:274

References cert_exec(), and certfree_cmd.

Variable Documentation

◆ certstore

struct option_descriptor certstore[2]

Certificate store.

Definition at line 54 of file cert_cmd.c.

Referenced by cert_exec().

◆ certstat

struct option_descriptor certstat[1]

Definition at line 56 of file cert_cmd.c.

Referenced by certstat_payload().

◆ certfree

struct option_descriptor certfree[1]

Definition at line 58 of file cert_cmd.c.

◆ opts

union { ... } opts
Initial value:
= {
.certstore = {
OPTION_DESC ( "subject", 's', required_argument,
OPTION_DESC ( "keep", 'k', no_argument,
struct cert_options, keep, parse_flag ),
},
}
const char * name
Definition: ath9k_hw.c:1984
int parse_string(char *text, char **value)
Parse string value.
Definition: parseopt.c:70
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:200
"cert<xxx>" options
Definition: cert_cmd.c:44
Option does not take an argument.
Definition: getopt.h:16
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:66
Option requires an argument.
Definition: getopt.h:18

"cert<xxx>" option list

Referenced by attr_get(), attr_off(), attr_on(), attr_set(), cert_exec(), choose_exec(), colour_exec(), colour_set(), config_exec(), console_exec(), cpair_exec(), cpuid_exec(), digest_exec(), echo_exec(), exit_exec(), fcels_exec(), fcstat_exec(), gdbstub_exec(), goto_exec(), ibstat_exec(), ifcommon_exec(), ifconf_payload(), imgtrust_exec(), imgverify_exec(), inc_exec(), ipstat_exec(), iseq_exec(), isset_exec(), item_exec(), login_exec(), lotest_exec(), menu_exec(), nslookup_exec(), nstat_exec(), ntp_exec(), param_exec(), params_exec(), parse_options(), pciscan_exec(), ping_exec(), poweroff_exec(), profstat_exec(), prompt_exec(), pxebs_exec(), reboot_exec(), reparse_options(), route_exec(), set_core_exec(), shell_exec(), show_exec(), sleep_exec(), stoppxe_exec(), sync_exec(), time_exec(), vcreate_exec(), and vdestroy_exec().

◆ certstat_cmd

struct cert_command_descriptor certstat_cmd
static
Initial value:
=
CERT_COMMAND_DESC ( struct cert_options, opts.certstat, 0, 0, NULL,
#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
Construct "cert<xxx>" command descriptor.
Definition: cert_cmd.c:91
static union @423 opts
"cert<xxx>" option list
"cert<xxx>" options
Definition: cert_cmd.c:44
static int certstat_payload(struct x509_certificate *cert)
"certstat" payload
Definition: cert_cmd.c:205
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362

"certstat" command descriptor

Definition at line 212 of file cert_cmd.c.

Referenced by certstat_exec().

◆ certstore_cmd

struct cert_command_descriptor certstore_cmd
static
Initial value:
=
CERT_COMMAND_DESC ( struct cert_options, opts.certstore, 0, 1,
"[<uri|image>]", certstore_payload )
static int certstore_payload(struct x509_certificate *cert)
"certstore" payload
Definition: cert_cmd.c:234
#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
Construct "cert<xxx>" command descriptor.
Definition: cert_cmd.c:91
static union @423 opts
"cert<xxx>" option list
"cert<xxx>" options
Definition: cert_cmd.c:44

"certstore" command descriptor

Definition at line 243 of file cert_cmd.c.

Referenced by certstore_exec().

◆ certfree_cmd

struct cert_command_descriptor certfree_cmd
static
Initial value:
=
CERT_COMMAND_DESC ( struct cert_options, opts.certfree, 0, 0, NULL,
#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
Construct "cert<xxx>" command descriptor.
Definition: cert_cmd.c:91
static union @423 opts
"cert<xxx>" option list
"cert<xxx>" options
Definition: cert_cmd.c:44
static int certfree_payload(struct x509_certificate *cert)
"certfree" payload
Definition: cert_cmd.c:265
#define NULL
NULL pointer (VOID *)
Definition: Base.h:362

"certfree" command descriptor

Definition at line 274 of file cert_cmd.c.

Referenced by certfree_exec().

◆ __command

struct command certmgmt_commands [] __command
Initial value:
= {
{
.name = "certstat",
.exec = certstat_exec,
},
{
.name = "certstore",
.exec = certstore_exec,
},
{
.name = "certfree",
.exec = certfree_exec,
},
}
static int certstat_exec(int argc, char **argv)
The "certstat" command.
Definition: cert_cmd.c:223
static int certstore_exec(int argc, char **argv)
The "certstore" command.
Definition: cert_cmd.c:254
static int certfree_exec(int argc, char **argv)
The "certfree" command.
Definition: cert_cmd.c:285

Certificate management commands.

Definition at line 291 of file cert_cmd.c.