diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2016-07-16 15:19:53 +0200 |
| commit | bf372706c469764d59e9f29c39e3ecbebd72b8d2 (patch) | |
| tree | 0f0e296e2d50e4a7faf99ae6fa428d2681e81ea1 /src/libcharon/plugins/stroke/stroke_cred.c | |
| parent | 518dd33c94e041db0444c7d1f33da363bb8e3faf (diff) | |
| download | vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.tar.gz vyos-strongswan-bf372706c469764d59e9f29c39e3ecbebd72b8d2.zip | |
Imported Upstream version 5.5.0
Diffstat (limited to 'src/libcharon/plugins/stroke/stroke_cred.c')
| -rw-r--r-- | src/libcharon/plugins/stroke/stroke_cred.c | 47 |
1 files changed, 35 insertions, 12 deletions
diff --git a/src/libcharon/plugins/stroke/stroke_cred.c b/src/libcharon/plugins/stroke/stroke_cred.c index 42928882a..929e6fc84 100644 --- a/src/libcharon/plugins/stroke/stroke_cred.c +++ b/src/libcharon/plugins/stroke/stroke_cred.c @@ -754,6 +754,8 @@ typedef struct { chunk_t keyid; /** number of tries */ int try; + /** provided PIN */ + shared_key_t *shared; } pin_cb_data_t; /** @@ -798,7 +800,9 @@ static shared_key_t* pin_cb(pin_cb_data_t *data, shared_key_type_t type, { *match_other = ID_MATCH_NONE; } - return shared_key_create(SHARED_PIN, chunk_clone(secret)); + DESTROY_IF(data->shared); + data->shared = shared_key_create(SHARED_PIN, chunk_clone(secret)); + return data->shared->get_ref(data->shared); } } return NULL; @@ -815,7 +819,7 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, private_key_t *key = NULL; u_int slot; chunk_t chunk; - shared_key_t *shared; + shared_key_t *shared = NULL; identification_t *id; mem_cred_t *mem = NULL; callback_cred_t *cb = NULL; @@ -867,10 +871,11 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, return TRUE; } /* use callback credential set to prompt for the pin */ - pin_data.prompt = prompt; - pin_data.card = smartcard; - pin_data.keyid = chunk; - pin_data.try = 0; + pin_data = (pin_cb_data_t){ + .prompt = prompt, + .card = smartcard, + .keyid = chunk, + }; cb = callback_cred_create_shared((void*)pin_cb, &pin_data); lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE); } @@ -880,30 +885,48 @@ static bool load_pin(mem_cred_t *secrets, chunk_t line, int line_nr, shared = shared_key_create(SHARED_PIN, secret); id = identification_create_from_encoding(ID_KEY_ID, chunk); mem = mem_cred_create(); - mem->add_shared(mem, shared, id, NULL); + mem->add_shared(mem, shared->get_ref(shared), id, NULL); lib->credmgr->add_local_set(lib->credmgr, &mem->set, FALSE); } /* unlock: smartcard needs the pin and potentially calls public set */ key = (private_key_t*)load_from_smartcard(format, slot, module, keyid, CRED_PRIVATE_KEY, KEY_ANY); + + if (key) + { + DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); + secrets->add_key(secrets, key); + } if (mem) { + if (!key) + { + shared->destroy(shared); + shared = NULL; + } lib->credmgr->remove_local_set(lib->credmgr, &mem->set); mem->destroy(mem); } if (cb) { + if (key) + { + shared = pin_data.shared; + } + else + { + DESTROY_IF(pin_data.shared); + } lib->credmgr->remove_local_set(lib->credmgr, &cb->set); cb->destroy(cb); } - chunk_clear(&chunk); - - if (key) + if (shared) { - DBG1(DBG_CFG, " loaded private key from %.*s", (int)sc.len, sc.ptr); - secrets->add_key(secrets, key); + id = identification_create_from_encoding(ID_KEY_ID, chunk); + secrets->add_shared(secrets, shared, id, NULL); } + chunk_clear(&chunk); return TRUE; } |