diff options
Diffstat (limited to 'src/pki/pki.c')
| -rw-r--r-- | src/pki/pki.c | 106 |
1 files changed, 95 insertions, 11 deletions
diff --git a/src/pki/pki.c b/src/pki/pki.c index ae4ef1cb0..434287de6 100644 --- a/src/pki/pki.c +++ b/src/pki/pki.c @@ -19,6 +19,7 @@ #include <time.h> #include <unistd.h> +#include <fcntl.h> #include <utils/debug.h> #include <credentials/sets/callback_cred.h> @@ -104,13 +105,12 @@ bool get_form(char *form, cred_encoding_type_t *enc, credential_type_t type) } /** - * See header + * Convert a time string to struct tm using strptime format */ -bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, - time_t *nb, time_t *na) +static bool convert_time(char *str, char *format, struct tm *tm) { - struct tm tm; - time_t now; +#ifdef HAVE_STRPTIME + char *end; if (!format) @@ -118,29 +118,84 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, format = "%d.%m.%y %T"; } + end = strptime(str, format, tm); + if (end == NULL || *end != '\0') + { + return FALSE; + } + return TRUE; + +#else /* !HAVE_STRPTIME */ + + if (format) + { + fprintf(stderr, "custom datetime string format not supported\n"); + return FALSE; + } + + if (sscanf(str, "%d.%d.%d %d:%d:%d", + &tm->tm_mday, &tm->tm_mon, &tm->tm_year, + &tm->tm_hour, &tm->tm_min, &tm->tm_sec) != 6) + { + return FALSE; + } + /* strptime() interprets two-digit years > 68 as 19xx, do the same here. + * mktime() expects years based on 1900 */ + if (tm->tm_year <= 68) + { + tm->tm_year += 100; + } + else if (tm->tm_year >= 1900) + { /* looks like four digits? */ + tm->tm_year -= 1900; + } + /* month is specified from 0-11 */ + tm->tm_mon--; + /* automatically detect daylight saving time */ + tm->tm_isdst = -1; + return TRUE; + +#endif /* !HAVE_STRPTIME */ +} + +/** + * See header + */ +bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, + time_t *nb, time_t *na) +{ + struct tm tm; + time_t now; + now = time(NULL); localtime_r(&now, &tm); if (nbstr) { - end = strptime(nbstr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nbstr, format, &tm)) { return FALSE; } } *nb = mktime(&tm); + if (*nb == -1) + { + return FALSE; + } localtime_r(&now, &tm); if (nastr) { - end = strptime(nastr, format, &tm); - if (end == NULL || *end != '\0') + if (!convert_time(nastr, format, &tm)) { return FALSE; } } *na = mktime(&tm); + if (*na == -1) + { + return FALSE; + } if (!nbstr && nastr) { @@ -154,6 +209,33 @@ bool calculate_lifetime(char *format, char *nbstr, char *nastr, time_t span, } /** + * Set output file mode appropriate for credential encoding form on Windows + */ +void set_file_mode(FILE *stream, cred_encoding_type_t enc) +{ +#ifdef WIN32 + int fd; + + switch (enc) + { + case CERT_PEM: + case PRIVKEY_PEM: + case PUBKEY_PEM: + /* keep default text mode */ + return; + default: + /* switch to binary mode */ + break; + } + fd = fileno(stream); + if (fd != -1) + { + _setmode(fd, _O_BINARY); + } +#endif +} + +/** * Callback credential set pki uses */ static callback_cred_t *cb_set; @@ -165,7 +247,7 @@ static shared_key_t* cb(void *data, shared_key_type_t type, identification_t *me, identification_t *other, id_match_t *match_me, id_match_t *match_other) { - char buf[64], *label, *secret; + char buf[64], *label, *secret = NULL; switch (type) { @@ -179,8 +261,10 @@ static shared_key_t* cb(void *data, shared_key_type_t type, return NULL; } snprintf(buf, sizeof(buf), "%s: ", label); +#ifdef HAVE_GETPASS secret = getpass(buf); - if (secret) +#endif + if (secret && strlen(secret)) { if (match_me) { |