charon-cmd: prompt for EAP passwords on-demand using a callback credential set
authorMartin Willi <martin@revosec.ch>
Tue, 26 Mar 2013 17:04:27 +0000 (18:04 +0100)
committerMartin Willi <martin@revosec.ch>
Mon, 6 May 2013 13:28:27 +0000 (15:28 +0200)
src/charon-cmd/cmd/cmd_creds.c

index 45f1652..6112e96 100644 (file)
 
 #include "cmd_creds.h"
 
+#include <unistd.h>
+
 #include <utils/debug.h>
 #include <credentials/sets/mem_cred.h>
+#include <credentials/sets/callback_cred.h>
 
 typedef struct private_cmd_creds_t private_cmd_creds_t;
 
@@ -34,9 +37,51 @@ struct private_cmd_creds_t {
         * Reused in-memory credential set
         */
        mem_cred_t *creds;
+
+       /**
+        * Callback credential set to get secrets
+        */
+       callback_cred_t *cb;
+
+       /**
+        * Already prompted for password?
+        */
+       bool prompted;
 };
 
 /**
+ * Callback function to prompt for secret
+ */
+static shared_key_t* callback_shared(private_cmd_creds_t *this,
+                                                               shared_key_type_t type,
+                                                               identification_t *me, identification_t *other,
+                                                               id_match_t *match_me, id_match_t *match_other)
+{
+       char *label, *pwd;
+
+       if (this->prompted)
+       {
+               return NULL;
+       }
+       switch (type)
+       {
+               case SHARED_EAP:
+                       label = "EAP password: ";
+                       break;
+               default:
+                       return NULL;
+       }
+       pwd = getpass(label);
+       if (!pwd || strlen(pwd) == 0)
+       {
+               return NULL;
+       }
+       this->prompted = TRUE;
+       *match_me = *match_other = ID_MATCH_PERFECT;
+       return shared_key_create(type, chunk_clone(chunk_from_str(pwd)));
+}
+
+/**
  * Load a trusted certificate from path
  */
 static void load_cert(private_cmd_creds_t *this, char *path)
@@ -92,7 +137,9 @@ METHOD(cmd_creds_t, destroy, void,
        private_cmd_creds_t *this)
 {
        lib->credmgr->remove_set(lib->credmgr, &this->creds->set);
+       lib->credmgr->remove_set(lib->credmgr, &this->cb->set);
        this->creds->destroy(this->creds);
+       this->cb->destroy(this->cb);
        free(this);
 }
 
@@ -110,8 +157,10 @@ cmd_creds_t *cmd_creds_create()
                },
                .creds = mem_cred_create(),
        );
+       this->cb = callback_cred_create_shared((void*)callback_shared, this);
 
        lib->credmgr->add_set(lib->credmgr, &this->creds->set);
+       lib->credmgr->add_set(lib->credmgr, &this->cb->set);
 
        return &this->public;
 }