Add dbus signal for information about server certification

In general, this patch attemps to extend commit 00468b4650 with dbus support. This can be used by dbus client to implement subject match text entry with preset value probed from server. This preset value, if user accepts it, is remembered and passed to subject_match config for any future authentication. Signed-off-by: Michael Chang <mchang@novell.com>
2011-07-05 12:22:32 +03:00 · 2011-07-05 12:22:32 +03:00 · ade74830b4
commit ade74830b4
parent a3e685a04b
11 changed files with 199 additions and 1 deletions
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@ -1209,6 +1209,13 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
 				     data->peer_cert.subject,
 				     cert_hex);
 		}
+		if (sm->eapol_cb->notify_cert) {
+			sm->eapol_cb->notify_cert(sm->eapol_ctx,
+						  data->peer_cert.depth,
+						  data->peer_cert.subject,
+						  hash_hex,
+						  data->peer_cert.cert);
+		}
 		break;
 	}

--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@ -221,6 +221,17 @@ struct eapol_callbacks {
 	 */
 	void (*eap_param_needed)(void *ctx, const char *field,
 				 const char *txt);
+
+	/**
+	 * notify_cert - Notification of a peer certificate
+	 * @ctx: eapol_ctx from eap_peer_sm_init() call
+	 * @depth: Depth in certificate chain (0 = server)
+	 * @subject: Subject of the peer certificate
+	 * @cert_hash: SHA-256 hash of the certificate
+	 * @cert: Peer certificate
+	 */
+	void (*notify_cert)(void *ctx, int depth, const char *subject,
+			    const char *cert_hash, const struct wpabuf *cert);
 };

 /**
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@ -1825,6 +1825,15 @@ static void eapol_sm_eap_param_needed(void *ctx, const char *field,
 #define eapol_sm_eap_param_needed NULL
 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */

+static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
+				 const char *cert_hash,
+				 const struct wpabuf *cert)
+{
+	struct eapol_sm *sm = ctx;
+	if (sm->ctx->cert_cb)
+		sm->ctx->cert_cb(sm->ctx->ctx, depth, subject,
+				 cert_hash, cert);
+}

 static struct eapol_callbacks eapol_cb =
 {
@ -1837,7 +1846,8 @@ static struct eapol_callbacks eapol_cb =
 	eapol_sm_set_config_blob,
 	eapol_sm_get_config_blob,
 	eapol_sm_notify_pending,
-	eapol_sm_eap_param_needed
+	eapol_sm_eap_param_needed,
+	eapol_sm_notify_cert
 };


--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@ -220,6 +220,17 @@ struct eapol_ctx {
 	 * @authorized: Whether the supplicant port is now in authorized state
 	 */
 	void (*port_cb)(void *ctx, int authorized);
+
+	/**
+	 * cert_cb - Notification of a peer certificate
+	 * @ctx: Callback context (ctx)
+	 * @depth: Depth in certificate chain (0 = server)
+	 * @subject: Subject of the peer certificate
+	 * @cert_hash: SHA-256 hash of the certificate
+	 * @cert: Peer certificate
+	 */
+	void (*cert_cb)(void *ctx, int depth, const char *subject,
+			const char *cert_hash, const struct wpabuf *cert);
 };