diff options
| author | Martin Willi <martin@revosec.ch> | 2013-03-26 18:04:27 +0100 |
|---|---|---|
| committer | Martin Willi <martin@revosec.ch> | 2013-05-06 15:28:27 +0200 |
| commit | 3ca58c32beb8d05b010f59bf0e6fb9934c790255 (patch) | |
| tree | a90f19f9db41ce1b1d99bf1072a1ed9e4d35f6d4 /src/charon-cmd/cmd | |
| parent | b48941ae165171d4ed41927f1952d515872bb998 (diff) | |
| download | strongswan-3ca58c32beb8d05b010f59bf0e6fb9934c790255.tar.bz2 strongswan-3ca58c32beb8d05b010f59bf0e6fb9934c790255.tar.xz | |
charon-cmd: prompt for EAP passwords on-demand using a callback credential set
Diffstat (limited to 'src/charon-cmd/cmd')
| -rw-r--r-- | src/charon-cmd/cmd/cmd_creds.c | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/src/charon-cmd/cmd/cmd_creds.c b/src/charon-cmd/cmd/cmd_creds.c index 45f16522b..6112e96df 100644 --- a/src/charon-cmd/cmd/cmd_creds.c +++ b/src/charon-cmd/cmd/cmd_creds.c @@ -15,8 +15,11 @@ #include "cmd_creds.h" +#include <unistd.h> + #include <utils/debug.h> #include <credentials/sets/mem_cred.h> +#include <credentials/sets/callback_cred.h> typedef struct private_cmd_creds_t private_cmd_creds_t; @@ -34,9 +37,51 @@ struct private_cmd_creds_t { * Reused in-memory credential set */ mem_cred_t *creds; + + /** + * Callback credential set to get secrets + */ + callback_cred_t *cb; + + /** + * Already prompted for password? + */ + bool prompted; }; /** + * Callback function to prompt for secret + */ +static shared_key_t* callback_shared(private_cmd_creds_t *this, + shared_key_type_t type, + identification_t *me, identification_t *other, + id_match_t *match_me, id_match_t *match_other) +{ + char *label, *pwd; + + if (this->prompted) + { + return NULL; + } + switch (type) + { + case SHARED_EAP: + label = "EAP password: "; + break; + default: + return NULL; + } + pwd = getpass(label); + if (!pwd || strlen(pwd) == 0) + { + return NULL; + } + this->prompted = TRUE; + *match_me = *match_other = ID_MATCH_PERFECT; + return shared_key_create(type, chunk_clone(chunk_from_str(pwd))); +} + +/** * Load a trusted certificate from path */ static void load_cert(private_cmd_creds_t *this, char *path) @@ -92,7 +137,9 @@ METHOD(cmd_creds_t, destroy, void, private_cmd_creds_t *this) { lib->credmgr->remove_set(lib->credmgr, &this->creds->set); + lib->credmgr->remove_set(lib->credmgr, &this->cb->set); this->creds->destroy(this->creds); + this->cb->destroy(this->cb); free(this); } @@ -110,8 +157,10 @@ cmd_creds_t *cmd_creds_create() }, .creds = mem_cred_create(), ); + this->cb = callback_cred_create_shared((void*)callback_shared, this); lib->credmgr->add_set(lib->credmgr, &this->creds->set); + lib->credmgr->add_set(lib->credmgr, &this->cb->set); return &this->public; } |