diff options
| author | Tobias Brunner <tobias@strongswan.org> | 2013-04-17 16:03:05 +0200 |
|---|---|---|
| committer | Tobias Brunner <tobias@strongswan.org> | 2013-05-08 15:02:41 +0200 |
| commit | 1c080407b2ef0a6d0cb2146ec8b0ec5760435ece (patch) | |
| tree | b6221f78cd31b3b6736da4fa0b055ecd6951d3f7 /src/libcharon/plugins/stroke | |
| parent | 4a64c3e9a0db4edcebff7f529caaf8bc0008fa38 (diff) | |
| download | strongswan-1c080407b2ef0a6d0cb2146ec8b0ec5760435ece.tar.bz2 strongswan-1c080407b2ef0a6d0cb2146ec8b0ec5760435ece.tar.xz | |
stroke: Fail silently if another builder calls PW callback after giving up
Also reduced the number of tries to 3.
Diffstat (limited to 'src/libcharon/plugins/stroke')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.c | 23 |
1 files changed, 14 insertions, 9 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 5f8911f5e..22e7ddfbe 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -620,6 +620,7 @@ static shared_key_t* passphrase_cb(passphrase_cb_data_t *data, identification_t *other, id_match_t *match_me, id_match_t *match_other) { + static const int max_tries = 3; shared_key_t *shared; chunk_t secret; char buf[256]; @@ -629,16 +630,20 @@ static shared_key_t* passphrase_cb(passphrase_cb_data_t *data, return NULL; } + data->try++; + if (data->try > max_tries + 1) + { /* another builder might call this after we gave up, fail silently */ + return NULL; + } + if (data->try > max_tries) + { + fprintf(data->prompt, "Passphrase invalid, giving up.\n"); + return NULL; + } if (data->try > 1) { - if (data->try > 5) - { - fprintf(data->prompt, "Passphrase invalid, giving up.\n"); - return NULL; - } fprintf(data->prompt, "Passphrase invalid!\n"); } - data->try++; fprintf(data->prompt, "%s '%s' is encrypted.\n", data->type == CRED_PRIVATE_KEY ? "Private key" : "PKCS#12 file", data->path); @@ -700,12 +705,12 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, return NULL; } + data->try++; if (data->try > 1) { fprintf(data->prompt, "PIN invalid, aborting.\n"); return NULL; } - data->try++; fprintf(data->prompt, "Login to '%s' required\n", data->card); fprintf(data->prompt, "PIN:\n"); if (fgets(buf, sizeof(buf), data->prompt)) @@ -794,7 +799,7 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, pin_data.prompt = prompt; pin_data.card = smartcard; pin_data.keyid = chunk; - pin_data.try = 1; + pin_data.try = 0; cb = callback_cred_create_shared((void*)pin_cb, &pin_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE); } @@ -882,7 +887,7 @@ static bool load_from_file(chunk_t line, int line_nr, FILE *prompt, .prompt = prompt, .type = type, .path = path, - .try = 1, + .try = 0, }; free(secret.ptr); |