#include <dirent.h>
#include <string.h>
#include <assert.h>
+#include <fcntl.h>
#include <libxml/tree.h>
#include <xmlsec/xmlsec.h>
static void *file_open_cb(const char *file)
{
struct filedesc *fdesc;
+ int fd;
FILE *f;
fdesc = file_of_name(file);
return NULL;
}
- f = fopen(file, "r");
- if (f == NULL)
+ fd = openat(workdirfd, file, O_RDONLY);
+ f = fd < 0 ? NULL : fdopen(fd, "r");
+ if (f == NULL) {
syslog(LOG_ERR, "can't open file %s for reading", file);
- else
+ if (fd >= 0)
+ close(fd);
+ } else
fdesc->flags |= flag_opened;
return f;
}
/* fills database with trusted keys */
-static int fill_trusted_keys()
+static int fill_trusted_keys_file(const char *file)
+{
+ int err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, file, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);
+ if (err < 0) {
+ syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", file);
+ return -1;
+ }
+ return 0;
+}
+
+/* fills database with trusted keys */
+static int fill_trusted_keys_dir(const char *directory)
{
int err;
DIR *dir;
struct dirent *ent;
char path[PATH_MAX], *e;
- e = stpcpy(path, CA_ROOT_DIRECTORY);
+ e = stpcpy(path, directory);
dir = opendir(path);
if (!dir) {
- syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys", path);
+ syslog(LOG_ERR, "opendir %s failed in fill_trusted_keys_dir", path);
return -1;
}
while (ent != NULL) {
if (ent->d_type == DT_REG) {
strcpy(e, ent->d_name);
- err = xmlSecCryptoAppKeysMngrCertLoad(keymgr, path, xmlSecKeyDataFormatPem, xmlSecKeyDataTypeTrusted);
+ err = fill_trusted_keys_file(path);
if (err < 0) {
- syslog(LOG_ERR, "xmlSecCryptoAppKeysMngrCertLoadMemory failed for %s", path);
closedir(dir);
return -1;
}
syslog(LOG_ERR, "xmlSecCryptoAppDefaultKeysMngrInit failed.");
goto end;
}
- fill_trusted_keys();
+ fill_trusted_keys_dir(CA_ROOT_DIRECTORY);
initstatus = 0;
end: