iPXE
cert_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 2016 Michael Brown <mbrown@fensystems.co.uk>.
3  *
4  * This program is free software; you can redistribute it and/or
5  * modify it under the terms of the GNU General Public License as
6  * published by the Free Software Foundation; either version 2 of the
7  * License, or any later version.
8  *
9  * This program is distributed in the hope that it will be useful, but
10  * WITHOUT ANY WARRANTY; without even the implied warranty of
11  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  * General Public License for more details.
13  *
14  * You should have received a copy of the GNU General Public License
15  * along with this program; if not, write to the Free Software
16  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
17  * 02110-1301, USA.
18  *
19  * You can also choose to distribute this program under the terms of
20  * the Unmodified Binary Distribution Licence (as given in the file
21  * COPYING.UBDL), provided that you have satisfied its requirements.
22  */
23 
24 FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
25 
26 #include <stdio.h>
27 #include <string.h>
28 #include <errno.h>
29 #include <getopt.h>
30 #include <ipxe/x509.h>
31 #include <ipxe/certstore.h>
32 #include <ipxe/image.h>
33 #include <ipxe/command.h>
34 #include <ipxe/parseopt.h>
35 #include <usr/imgmgmt.h>
36 #include <usr/certmgmt.h>
37 
38 /** @file
39  *
40  * Certificate management commands
41  *
42  */
43 
44 /** "cert<xxx>" options */
45 struct cert_options {
46  /** Certificate subject name */
47  char *name;
48  /** Keep certificate file after parsing */
49  int keep;
50 };
51 
52 /** "cert<xxx>" option list */
53 static union {
54  /* "certstore" takes both options */
55  struct option_descriptor certstore[2];
56  /* "certstat" takes only --subject */
57  struct option_descriptor certstat[1];
58  /* "certfree" takes only --subject */
59  struct option_descriptor certfree[1];
60 } opts = {
61  .certstore = {
62  OPTION_DESC ( "subject", 's', required_argument,
63  struct cert_options, name, parse_string ),
64  OPTION_DESC ( "keep", 'k', no_argument,
65  struct cert_options, keep, parse_flag ),
66  },
67 };
68 
69 /** A "cert<xxx>" command descriptor */
70 struct cert_command_descriptor {
71  /** Command descriptor */
72  struct command_descriptor cmd;
73  /** Payload
74  *
75  * @v cert X.509 certificate
76  * @ret rc Return status code
77  */
78  int ( * payload ) ( struct x509_certificate *cert );
79 };
80 
81 /**
82  * Construct "cert<xxx>" command descriptor
83  *
84  * @v _struct Options structure type
85  * @v _options Option descriptor array
86  * @v _min_args Minimum number of non-option arguments
87  * @v _max_args Maximum number of non-option arguments
88  * @v _usage Command usage
89  * @v _payload Payload method
90  * @ret _command Command descriptor
91  */
92 #define CERT_COMMAND_DESC( _struct, _options, _min_args, _max_args, \
93  _usage, _payload ) \
94  { \
95  .cmd = COMMAND_DESC ( _struct, _options, _min_args, \
96  _max_args, _usage ), \
97  .payload = _payload, \
98  }
99 
100 /**
101  * Execute "cert<xxx>" command
102  *
103  * @v argc Argument count
104  * @v argv Argument list
105  * @v certcmd Command descriptor
106  * @ret rc Return status code
107  */
108 static int cert_exec ( int argc, char **argv,
109  struct cert_command_descriptor *certcmd ) {
110  struct command_descriptor *cmd = &certcmd->cmd;
111  struct cert_options opts;
112  struct image *image = NULL;
113  struct x509_certificate *cert;
114  struct x509_certificate *tmp;
115  unsigned int count = 0;
116  size_t offset = 0;
117  int next;
118  int rc;
119 
120  /* Parse options */
121  if ( ( rc = parse_options ( argc, argv, cmd, &opts ) ) != 0 )
122  goto err_parse;
123 
124  /* Acquire image, if applicable */
125  if ( ( optind < argc ) &&
126  ( ( rc = imgacquire ( argv[optind], 0, &image ) ) != 0 ) )
127  goto err_acquire;
128 
129  /* Get first entry in certificate store */
130  tmp = list_first_entry ( &certstore.links, struct x509_certificate,
131  store.list );
132 
133  /* Iterate over certificates */
134  while ( 1 ) {
135 
136  /* Get next certificate from image or store as applicable */
137  if ( image ) {
138 
139  /* Get next certificate from image */
140  if ( offset >= image->len )
141  break;
142  next = image_x509 ( image, offset, &cert );
143  if ( next < 0 ) {
144  rc = next;
145  printf ( "Could not parse certificate: %s\n",
146  strerror ( rc ) );
147  goto err_x509;
148  }
149  offset = next;
150 
151  } else {
152 
153  /* Get next certificate from store */
154  cert = tmp;
155  if ( ! cert )
156  break;
157  tmp = list_next_entry ( tmp, &certstore.links,
158  store.list );
159  x509_get ( cert );
160  }
161 
162  /* Skip non-matching names, if a name was specified */
163  if ( opts.name && ( x509_check_name ( cert, opts.name ) != 0 )){
164  x509_put ( cert );
165  continue;
166  }
167 
168  /* Execute payload */
169  if ( ( rc = certcmd->payload ( cert ) ) != 0 ) {
170  x509_put ( cert );
171  goto err_payload;
172  }
173 
174  /* Count number of certificates processed */
175  count++;
176 
177  /* Drop reference to certificate */
178  x509_put ( cert );
179  }
180 
181  /* Fail if a name was specified and no matching certificates
182  * were found.
183  */
184  if ( opts.name && ( count == 0 ) ) {
185  printf ( "\"%s\" : no such certificate\n", opts.name );
186  rc = -ENOENT;
187  goto err_none;
188  }
189 
190  err_none:
191  err_payload:
192  err_x509:
193  if ( image && ( ! opts.keep ) )
194  unregister_image ( image );
195  err_acquire:
196  err_parse:
197  return rc;
198 }
199 
200 /**
201  * "certstat" payload
202  *
203  * @v cert X.509 certificate
204  * @ret rc Return status code
205  */
206 static int certstat_payload ( struct x509_certificate *cert ) {
207 
208  certstat ( cert );
209  return 0;
210 }
211 
212 /** "certstat" command descriptor */
213 static struct cert_command_descriptor certstat_cmd =
214  CERT_COMMAND_DESC ( struct cert_options, opts.certstat, 0, 0, NULL,
215  certstat_payload );
216 
217 /**
218  * The "certstat" command
219  *
220  * @v argc Argument count
221  * @v argv Argument list
222  * @ret rc Return status code
223  */
224 static int certstat_exec ( int argc, char **argv ) {
225 
226  return cert_exec ( argc, argv, &certstat_cmd );
227 }
228 
229 /**
230  * "certstore" payload
231  *
232  * @v cert X.509 certificate
233  * @ret rc Return status code
234  */
235 static int certstore_payload ( struct x509_certificate *cert ) {
236 
237  /* Mark certificate as having been added explicitly */
238  cert->flags |= X509_FL_EXPLICIT;
239 
240  return 0;
241 }
242 
243 /** "certstore" command descriptor */
244 static struct cert_command_descriptor certstore_cmd =
245  CERT_COMMAND_DESC ( struct cert_options, opts.certstore, 0, 1,
246  "[<uri|image>]", certstore_payload );
247 
248 /**
249  * The "certstore" command
250  *
251  * @v argc Argument count
252  * @v argv Argument list
253  * @ret rc Return status code
254  */
255 static int certstore_exec ( int argc, char **argv ) {
256 
257  return cert_exec ( argc, argv, &certstore_cmd );
258 }
259 
260 /**
261  * "certfree" payload
262  *
263  * @v cert X.509 certificate
264  * @ret rc Return status code
265  */
266 static int certfree_payload ( struct x509_certificate *cert ) {
267 
268  /* Remove from certificate store */
269  certstore_del ( cert );
270 
271  return 0;
272 }
273 
274 /** "certfree" command descriptor */
275 static struct cert_command_descriptor certfree_cmd =
276  CERT_COMMAND_DESC ( struct cert_options, opts.certfree, 0, 0, NULL,
277  certfree_payload );
278 
279 /**
280  * The "certfree" command
281  *
282  * @v argc Argument count
283  * @v argv Argument list
284  * @ret rc Return status code
285  */
286 static int certfree_exec ( int argc, char **argv ) {
287 
288  return cert_exec ( argc, argv, &certfree_cmd );
289 }
290 
291 /** Certificate management commands */
292 COMMAND ( certstat, certstat_exec );
293 COMMAND ( certstore, certstore_exec );
294 COMMAND ( certfree, certfree_exec );
rc
struct arbelprm_rc_send_wqe rc
Definition: arbel.h:14
name
const char * name
Definition: ath9k_hw.c:1984
printf
int printf(const char *fmt,...)
Write a formatted string to the console.
Definition: vsprintf.c:464
x509_get
static struct x509_certificate * x509_get(struct x509_certificate *cert)
Get reference to X.509 certificate.
Definition: x509.h:266
certstat_exec
static int certstat_exec(int argc, char **argv)
The "certstat" command.
Definition: cert_cmd.c:224
optind
int optind
Current option index.
Definition: getopt.c:51
cert_exec
static int cert_exec(int argc, char **argv, struct cert_command_descriptor *certcmd)
Execute "cert<xxx>" command.
Definition: cert_cmd.c:108
certstore_exec
static int certstore_exec(int argc, char **argv)
The "certstore" command.
Definition: cert_cmd.c:255
cert_command_descriptor::payload
int(* payload)(struct x509_certificate *cert)
Payload.
Definition: cert_cmd.c:78
errno.h
Error codes.
certfree_cmd
static struct cert_command_descriptor certfree_cmd
"certfree" command descriptor
Definition: cert_cmd.c:275
x509_check_name
int x509_check_name(struct x509_certificate *cert, const char *name)
Check X.509 certificate name.
Definition: x509.c:1563
x509_link::list
struct list_head list
List of links.
Definition: x509.h:172
certstore_cmd
static struct cert_command_descriptor certstore_cmd
"certstore" command descriptor
Definition: cert_cmd.c:244
cert_options::keep
int keep
Keep certificate file after parsing.
Definition: cert_cmd.c:49
ENOENT
#define ENOENT
No such file or directory.
Definition: errno.h:514
list_next_entry
#define list_next_entry(pos, head, member)
Get the container of the next entry in a list.
Definition: list.h:359
parse_options
int parse_options(int argc, char **argv, struct command_descriptor *cmd, void *opts)
Parse command-line options.
Definition: parseopt.c:484
certstore_del
void certstore_del(struct x509_certificate *cert)
Remove certificate from store.
Definition: certstore.c:115
image
An executable image.
Definition: image.h:23
command_descriptor
A command descriptor.
Definition: parseopt.h:77
certstat
struct option_descriptor certstat[1]
Definition: cert_cmd.c:57
x509_certificate::flags
unsigned int flags
Flags.
Definition: x509.h:223
tmp
unsigned long tmp
Definition: linux_pci.h:64
list_first_entry
#define list_first_entry(list, type, member)
Get the container of the first entry in a list.
Definition: list.h:333
certstore.h
Certificate store.
getopt.h
Parse command-line options.
parse_string
int parse_string(char *text, char **value)
Parse string value.
Definition: parseopt.c:73
image.h
Executable images.
certfree
struct option_descriptor certfree[1]
Definition: cert_cmd.c:59
COMMAND
COMMAND(certstat, certstat_exec)
Certificate management commands.
certstore_payload
static int certstore_payload(struct x509_certificate *cert)
"certstore" payload
Definition: cert_cmd.c:235
CERT_COMMAND_DESC
#define CERT_COMMAND_DESC(_struct, _options, _min_args, _max_args, _usage, _payload)
Construct "cert<xxx>" command descriptor.
Definition: cert_cmd.c:92
count
static unsigned int count
Number of entries.
Definition: dwmac.h:225
cert_command_descriptor
A "cert<xxx>" command descriptor.
Definition: cert_cmd.c:70
parse_flag
int parse_flag(char *text __unused, int *flag)
Parse flag.
Definition: parseopt.c:226
strerror
char * strerror(int errno)
Retrieve string representation of error number.
Definition: strerror.c:78
x509_certificate
An X.509 certificate.
Definition: x509.h:215
image::len
size_t len
Length of raw file image.
Definition: image.h:55
cert_options
"cert<xxx>" options
Definition: cert_cmd.c:45
parseopt.h
Command line option parsing.
no_argument
Option does not take an argument.
Definition: getopt.h:16
certstat_payload
static int certstat_payload(struct x509_certificate *cert)
"certstat" payload
Definition: cert_cmd.c:206
certmgmt.h
Certificate management.
x509.h
X.509 certificates.
next
uint32_t next
Next descriptor address.
Definition: dwmac.h:22
cert_command_descriptor::cmd
struct command_descriptor cmd
Command descriptor.
Definition: cert_cmd.c:72
unregister_image
void unregister_image(struct image *image)
Unregister executable image.
Definition: image.c:357
cert_options::name
char * name
Certificate subject name.
Definition: cert_cmd.c:47
imgmgmt.h
Image management.
certstore
struct option_descriptor certstore[2]
Certificate store.
Definition: cert_cmd.c:55
x509_put
static void x509_put(struct x509_certificate *cert)
Drop reference to X.509 certificate.
Definition: x509.h:277
certstat_cmd
static struct cert_command_descriptor certstat_cmd
"certstat" command descriptor
Definition: cert_cmd.c:213
OPTION_DESC
#define OPTION_DESC(_longopt, _shortopt, _has_arg, _struct, _field, _parse)
Construct option descriptor.
Definition: parseopt.h:67
required_argument
Option requires an argument.
Definition: getopt.h:18
option_descriptor
A command-line option descriptor.
Definition: parseopt.h:23
FILE_LICENCE
FILE_LICENCE(GPL2_OR_LATER_OR_UBDL)
x509_certificate::store
struct x509_link store
Link in certificate store.
Definition: x509.h:220
opts
static union @447 opts
"cert<xxx>" option list
image_x509
int image_x509(struct image *image, size_t offset, struct x509_certificate **cert)
Extract X.509 certificate object from image.
Definition: x509.c:1960
certfree_payload
static int certfree_payload(struct x509_certificate *cert)
"certfree" payload
Definition: cert_cmd.c:266
offset
uint16_t offset
Offset to command line.
Definition: bzimage.h:8
NULL
#define NULL
NULL pointer (VOID *)
Definition: Base.h:321
cmd
struct golan_eqe_cmd cmd
Definition: CIB_PRM.h:29
X509_FL_EXPLICIT
Certificate was added explicitly at run time.
Definition: x509.h:256
string.h
String functions.
imgacquire
int imgacquire(const char *name_uri, unsigned long timeout, struct image **image)
Acquire an image.
Definition: imgmgmt.c:142
certfree_exec
static int certfree_exec(int argc, char **argv)
The "certfree" command.
Definition: cert_cmd.c:286
Generated by   doxygen 1.8.15