Pass type of requested key in the callback credential set
authorMartin Willi <martin@revosec.ch>
Mon, 19 Jul 2010 14:25:26 +0000 (16:25 +0200)
committerMartin Willi <martin@revosec.ch>
Wed, 4 Aug 2010 07:26:21 +0000 (09:26 +0200)
src/libcharon/plugins/stroke/stroke_cred.c
src/libstrongswan/credentials/sets/callback_cred.c
src/libstrongswan/credentials/sets/callback_cred.h
src/pluto/keys.c

index 69e2054..16fc844 100644 (file)
@@ -689,12 +689,18 @@ typedef struct {
  * Callback function to receive Passphrases
  */
 static shared_key_t* passphrase_cb(passphrase_cb_data_t *data,
+                                                               shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other)
 {
        chunk_t secret;
        char buf[256];
 
+       if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS)
+       {
+               return NULL;
+       }
+
        if (data->try > 1)
        {
                if (data->try > 5)
@@ -744,13 +750,18 @@ typedef struct {
 /**
  * Callback function to receive PINs
  */
-static shared_key_t* pin_cb(pin_cb_data_t *data,
+static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type,
                                                        identification_t *me, identification_t *other,
                                                        id_match_t *match_me, id_match_t *match_other)
 {
        chunk_t secret;
        char buf[256];
 
+       if (type != SHARED_ANY && type != SHARED_PIN)
+       {
+               return NULL;
+       }
+
        if (!me || !chunk_equals(me->get_encoding(me), data->keyid))
        {
                return NULL;
index 87a0789..bff33f0 100644 (file)
@@ -49,6 +49,8 @@ typedef struct {
        enumerator_t public;
        /* backref to this */
        private_callback_cred_t *this;
+       /* type if requested key */
+       shared_key_type_t type;
        /* own identity to match */
        identification_t *me;
        /* other identity to match */
@@ -62,7 +64,7 @@ METHOD(enumerator_t, shared_enumerate, bool,
        id_match_t *match_me, id_match_t *match_other)
 {
        DESTROY_IF(this->current);
-       this->current = this->this->cb.shared(this->this->data,
+       this->current = this->this->cb.shared(this->this->data, this->type,
                                                                this->me, this->other, match_me, match_other);
        if (this->current)
        {
@@ -91,6 +93,7 @@ METHOD(credential_set_t, create_shared_enumerator, enumerator_t*,
                        .destroy = _shared_destroy,
                },
                .this = this,
+               .type = type,
                .me = me,
                .other = other,
        );
index 9cc5b65..efc4c7f 100644 (file)
@@ -28,12 +28,14 @@ typedef struct callback_cred_t callback_cred_t;
 /**
  * Callback function to get shared keys.
  *
+ * @param type                 type of requested shared key
  * @param me                   own identity
  * @param other                        other identity
  * @param match_me             match result of own identity
  * @param match_other  match result of other identity
  */
-typedef shared_key_t* (*callback_cred_shared_cb_t)(void *data,
+typedef shared_key_t* (*callback_cred_shared_cb_t)(
+                                                               void *data, shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other);
 
index dc78b0e..12a3ccf 100644 (file)
@@ -554,12 +554,17 @@ typedef struct {
 /**
  * Passphrase callback to read from whack fd
  */
-static shared_key_t* whack_pass_cb(prompt_pass_t *pass,
+static shared_key_t* whack_pass_cb(prompt_pass_t *pass, shared_key_type_t type,
                                                                identification_t *me, identification_t *other,
                                                                id_match_t *match_me, id_match_t *match_other)
 {
        int n;
 
+       if (type != SHARED_ANY && type != SHARED_PRIVATE_KEY_PASS)
+       {
+               return NULL;
+       }
+
        if (pass->try > MAX_PROMPT_PASS_TRIALS)
        {
                whack_log(RC_LOG_SERIOUS, "invalid passphrase, too many trials");