swanctl: Allow dots in authority/shared secret/pool names

Use argument evaluation provided by settings_t instead of using strings to enumerate key/values. If section names contain dots the latter causes the names to get split and interpreted as non-existing sections and subsections. This currently doesn't work for connections and their subsections due to the recursion.
2025-10-05 00:00:45 -04:00 · 2017-11-30 09:09:39 +01:00 · 2017-11-30 09:09:39 +01:00 · 6d98bb926e
commit 6d98bb926e
parent a7f613ca2e
3 changed files with 20 additions and 22 deletions
--- a/src/swanctl/commands/load_authorities.c
+++ b/src/swanctl/commands/load_authorities.c
@ -75,15 +75,15 @@ static bool add_file_key_value(vici_req_t *req, char *key, char *value)
 }

 /**
- * Translate sletting key/values from a section into vici key-values/lists
+ * Translate sletting key/values from a section enumerator into vici
+ * key-values/lists. Destroys the enumerator.
 */
-static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section)
+static bool add_key_values(vici_req_t *req, enumerator_t *enumerator)
 {
-	enumerator_t *enumerator;
 	char *key, *value;
 	bool ret = TRUE;

-	enumerator = cfg->create_key_value_enumerator(cfg, section);
+
 	while (enumerator->enumerate(enumerator, &key, &value))
 	{
 		if (streq(key, "cacert"))
@ -115,17 +115,17 @@ static bool add_key_values(vici_req_t *req, settings_t *cfg, char *section)
 static bool load_authority(vici_conn_t *conn, settings_t *cfg,
 						   char *section, command_format_options_t format)
 {
+	enumerator_t *enumerator;
 	vici_req_t *req;
 	vici_res_t *res;
 	bool ret = TRUE;
-	char buf[128];
-
-	snprintf(buf, sizeof(buf), "%s.%s", "authorities", section);

 	req = vici_begin("load-authority");

 	vici_begin_section(req, section);
-	if (!add_key_values(req, cfg, buf))
+	enumerator = cfg->create_key_value_enumerator(cfg, "authorities.%s",
+												  section);
+	if (!add_key_values(req, enumerator))
 	{
 		vici_free_req(req);
 		return FALSE;
--- a/src/swanctl/commands/load_creds.c
+++ b/src/swanctl/commands/load_creds.c
@ -337,7 +337,7 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type,
 	credential_type_t credtype;
 	int subtype;
 	enumerator_t *enumerator, *secrets;
-	char *section, *key, *value, *file, buf[128];
+	char *section, *key, *value, *file;
 	shared_key_t *shared;
 	void *cred = NULL;
 	mem_cred_t *mem = NULL;
@ -356,8 +356,8 @@ static void* decrypt_with_config(load_ctx_t *ctx, char *name, char *type,
 			file = ctx->cfg->get_str(ctx->cfg, "secrets.%s.file", NULL, section);
 			if (file && strcaseeq(file, name))
 			{
-				snprintf(buf, sizeof(buf), "secrets.%s", section);
-				secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf);
+				secrets = ctx->cfg->create_key_value_enumerator(ctx->cfg,
+														"secrets.%s", section);
 				while (secrets->enumerate(secrets, &key, &value))
 				{
 					if (strpfx(key, "secret"))
@ -657,7 +657,7 @@ static bool load_secret(load_ctx_t *ctx, char *section)
 	vici_req_t *req;
 	vici_res_t *res;
 	chunk_t data;
-	char *key, *value, buf[128], *type = NULL;
+	char *key, *value, *type = NULL;
 	bool ret = TRUE;
 	int i;
 	char *types[] = {
@ -720,8 +720,8 @@ static bool load_secret(load_ctx_t *ctx, char *section)
 	chunk_clear(&data);

 	vici_begin_list(req, "owners");
-	snprintf(buf, sizeof(buf), "secrets.%s", section);
-	enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, buf);
+	enumerator = ctx->cfg->create_key_value_enumerator(ctx->cfg, "secrets.%s",
+													   section);
 	while (enumerator->enumerate(enumerator, &key, &value))
 	{
 		if (strpfx(key, "id"))
--- a/src/swanctl/commands/load_pools.c
+++ b/src/swanctl/commands/load_pools.c
@ -41,14 +41,13 @@ static void add_list_key(vici_req_t *req, char *key, char *value)
 }

 /**
- * Translate setting key/values from a section into vici key-values/lists
+ * Translate setting key/values from a section enumerator into vici
+ * key-values/lists. Destroys the enumerator.
 */
-static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
+static void add_key_values(vici_req_t *req, enumerator_t *enumerator)
 {
-	enumerator_t *enumerator;
 	char *key, *value;

-	enumerator = cfg->create_key_value_enumerator(cfg, section);
 	while (enumerator->enumerate(enumerator, &key, &value))
 	{
 		/* pool subnet is encoded as key/value, all other attributes as list */
@ -70,17 +69,16 @@ static void add_key_values(vici_req_t *req, settings_t *cfg, char *section)
 static bool load_pool(vici_conn_t *conn, settings_t *cfg,
 					  char *section, command_format_options_t format)
 {
+	enumerator_t *enumerator;
 	vici_req_t *req;
 	vici_res_t *res;
 	bool ret = TRUE;
-	char buf[128];
-
-	snprintf(buf, sizeof(buf), "%s.%s", "pools", section);

 	req = vici_begin("load-pool");

 	vici_begin_section(req, section);
-	add_key_values(req, cfg, buf);
+	enumerator = cfg->create_key_value_enumerator(cfg, "pools.%s", section);
+	add_key_values(req, enumerator);
 	vici_end_section(req);

 	res = vici_submit(req, conn);