diff options
| author | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
|---|---|---|
| committer | Yves-Alexis Perez <corsac@debian.org> | 2013-11-01 13:32:07 +0100 |
| commit | 5313d2d78ca150515f7f5eb39801c100690b6b29 (patch) | |
| tree | c78e420367283bb1b16f14210b12687cdfbd26eb /src/libpttls/sasl | |
| parent | 6b99c8d9cff7b3e8ae8f3204b99e7ea40f791349 (diff) | |
| download | vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.tar.gz vyos-strongswan-5313d2d78ca150515f7f5eb39801c100690b6b29.zip | |
Imported Upstream version 5.1.1
Diffstat (limited to 'src/libpttls/sasl')
| -rw-r--r-- | src/libpttls/sasl/sasl_mechanism.h | 7 | ||||
| -rw-r--r-- | src/libpttls/sasl/sasl_plain/sasl_plain.c | 24 |
2 files changed, 23 insertions, 8 deletions
diff --git a/src/libpttls/sasl/sasl_mechanism.h b/src/libpttls/sasl/sasl_mechanism.h index fb1d08097..e8c47c408 100644 --- a/src/libpttls/sasl/sasl_mechanism.h +++ b/src/libpttls/sasl/sasl_mechanism.h @@ -51,6 +51,13 @@ struct sasl_mechanism_t { char* (*get_name)(sasl_mechanism_t *this); /** + * Get the client identity + * + * @return client identity + */ + identification_t* (*get_client)(sasl_mechanism_t *this); + + /** * Build a SASL message to send to remote host. * * A message is returned if the return value is NEED_MORE or SUCCESS. A diff --git a/src/libpttls/sasl/sasl_plain/sasl_plain.c b/src/libpttls/sasl/sasl_plain/sasl_plain.c index e8d6dc80b..019c1b011 100644 --- a/src/libpttls/sasl/sasl_plain/sasl_plain.c +++ b/src/libpttls/sasl/sasl_plain/sasl_plain.c @@ -35,6 +35,12 @@ struct private_sasl_plain_t { identification_t *client; }; +METHOD(sasl_mechanism_t, get_client, identification_t*, + private_sasl_plain_t *this) +{ + return this->client; +} + METHOD(sasl_mechanism_t, get_name, char*, private_sasl_plain_t *this) { @@ -52,7 +58,6 @@ METHOD(sasl_mechanism_t, process_server, status_t, private_sasl_plain_t *this, chunk_t message) { chunk_t authz, authi, password; - identification_t *id; shared_key_t *shared; u_char *pos; @@ -72,22 +77,21 @@ METHOD(sasl_mechanism_t, process_server, status_t, } authi = chunk_create(message.ptr, pos - message.ptr); password = chunk_skip(message, authi.len + 1); - id = identification_create_from_data(authi); - shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, id, NULL); + DESTROY_IF(this->client); + this->client = identification_create_from_data(authi); + shared = lib->credmgr->get_shared(lib->credmgr, SHARED_EAP, this->client, + NULL); if (!shared) { - DBG1(DBG_CFG, "no shared secret found for '%Y'", id); - id->destroy(id); + DBG1(DBG_CFG, "no shared secret found for '%Y'", this->client); return FAILED; } if (!chunk_equals(shared->get_key(shared), password)) { - DBG1(DBG_CFG, "shared secret for '%Y' does not match", id); - id->destroy(id); + DBG1(DBG_CFG, "shared secret for '%Y' does not match", this->client); shared->destroy(shared); return FAILED; } - id->destroy(id); shared->destroy(shared); return SUCCESS; } @@ -113,11 +117,14 @@ METHOD(sasl_mechanism_t, build_client, status_t, len = snprintf(buf, sizeof(buf), "%s%c%Y%c%.*s", "", 0, this->client, 0, (int)password.len, password.ptr); + shared->destroy(shared); + if (len < 0 || len >= sizeof(buf)) { return FAILED; } *message = chunk_clone(chunk_create(buf, len)); + return NEED_MORE; } @@ -151,6 +158,7 @@ sasl_plain_t *sasl_plain_create(char *name, identification_t *client) .public = { .sasl = { .get_name = _get_name, + .get_client = _get_client, .destroy = _destroy, }, }, |