154 lines
3.5 KiB
Diff
154 lines
3.5 KiB
Diff
From 9cb7daa54708dcf5e6500cd20ec7b1cc2f6f6350 Mon Sep 17 00:00:00 2001
|
|
From: Stephen Gallagher <sgallagh@redhat.com>
|
|
Date: Mon, 10 Jun 2019 10:15:42 -0400
|
|
Subject: [PATCH 6/6] Allow specifying keyfile password by file
|
|
|
|
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
---
|
|
src/sscg.c | 84 ++++++++++++++++++++++++++++++++++++++++++++++++++++++
|
|
1 file changed, 84 insertions(+)
|
|
|
|
diff --git a/src/sscg.c b/src/sscg.c
|
|
index 9dc926c77038105ca881a612cccd1913bc2d42f1..a02e4df66c6cf9ec1865f425b4a15da82fbfdc72 100644
|
|
--- a/src/sscg.c
|
|
+++ b/src/sscg.c
|
|
@@ -34,6 +34,10 @@
|
|
#include "include/authority.h"
|
|
#include "include/service.h"
|
|
|
|
+
|
|
+/* Same as OpenSSL CLI */
|
|
+#define MAX_PW_LEN 1024
|
|
+
|
|
static int
|
|
get_security_level (void)
|
|
{
|
|
@@ -209,6 +213,44 @@ sscg_options_destructor (TALLOC_CTX *opts)
|
|
}
|
|
|
|
|
|
+static char *
|
|
+sscg_read_pw_file (TALLOC_CTX *mem_ctx, char *path)
|
|
+{
|
|
+ int i;
|
|
+ BIO *pwdbio = NULL;
|
|
+ char tpass[MAX_PW_LEN];
|
|
+ char *tmp = NULL;
|
|
+ char *password = NULL;
|
|
+
|
|
+ pwdbio = BIO_new_file (path, "r");
|
|
+ if (pwdbio == NULL)
|
|
+ {
|
|
+ fprintf (stderr, "Can't open file %s\n", path);
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ i = BIO_gets (pwdbio, tpass, MAX_PW_LEN);
|
|
+ BIO_free_all (pwdbio);
|
|
+ pwdbio = NULL;
|
|
+
|
|
+ if (i <= 0)
|
|
+ {
|
|
+ fprintf (stderr, "Error reading password from BIO\n");
|
|
+ return NULL;
|
|
+ }
|
|
+
|
|
+ tmp = strchr (tpass, '\n');
|
|
+ if (tmp != NULL)
|
|
+ *tmp = 0;
|
|
+
|
|
+ password = talloc_strdup (mem_ctx, tpass);
|
|
+
|
|
+ memset (tpass, 0, MAX_PW_LEN);
|
|
+
|
|
+ return password;
|
|
+}
|
|
+
|
|
+
|
|
int
|
|
main (int argc, const char **argv)
|
|
{
|
|
@@ -236,10 +278,12 @@ main (int argc, const char **argv)
|
|
int ca_mode = 0644;
|
|
int ca_key_mode = 0600;
|
|
char *ca_key_password = NULL;
|
|
+ char *ca_key_passfile = NULL;
|
|
|
|
int cert_mode = 0644;
|
|
int cert_key_mode = 0600;
|
|
char *cert_key_password = NULL;
|
|
+ char *cert_key_passfile = NULL;
|
|
|
|
char *create_mode = NULL;
|
|
|
|
@@ -470,6 +514,16 @@ main (int argc, const char **argv)
|
|
NULL
|
|
},
|
|
|
|
+ {
|
|
+ "ca-key-passfile",
|
|
+ '\0',
|
|
+ POPT_ARG_STRING,
|
|
+ &ca_key_passfile,
|
|
+ 0,
|
|
+ _ ("A file containing the password to encrypt the CA key file."),
|
|
+ NULL
|
|
+ },
|
|
+
|
|
{
|
|
"ca-key-password-prompt",
|
|
'C',
|
|
@@ -531,6 +585,16 @@ main (int argc, const char **argv)
|
|
NULL
|
|
},
|
|
|
|
+ {
|
|
+ "cert-key-passfile",
|
|
+ '\0',
|
|
+ POPT_ARG_STRING,
|
|
+ &cert_key_passfile,
|
|
+ 0,
|
|
+ _ ("A file containing the password to encrypt the service key file."),
|
|
+ NULL
|
|
+ },
|
|
+
|
|
{
|
|
"cert-key-password-prompt",
|
|
'P',
|
|
@@ -697,12 +761,32 @@ main (int argc, const char **argv)
|
|
options->ca_key_pass =
|
|
sscg_secure_string_steal (options, ca_key_password);
|
|
}
|
|
+ else if (ca_key_passfile)
|
|
+ {
|
|
+ options->ca_key_pass = sscg_read_pw_file (options, ca_key_passfile);
|
|
+ if (!options->ca_key_pass)
|
|
+ {
|
|
+ fprintf (
|
|
+ stderr, "Failed to read passphrase from %s", ca_key_passfile);
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
|
|
if (cert_key_password)
|
|
{
|
|
options->cert_key_pass =
|
|
sscg_secure_string_steal (options, cert_key_password);
|
|
}
|
|
+ else if (cert_key_passfile)
|
|
+ {
|
|
+ options->cert_key_pass = sscg_read_pw_file (options, cert_key_passfile);
|
|
+ if (!options->cert_key_pass)
|
|
+ {
|
|
+ fprintf (
|
|
+ stderr, "Failed to read passphrase from %s", cert_key_passfile);
|
|
+ goto done;
|
|
+ }
|
|
+ }
|
|
|
|
|
|
if (options->key_strength < options->minimum_key_strength)
|
|
--
|
|
2.23.0
|
|
|