forked from pool/wpa_supplicant
08c4dd71c1
- Add wpa_supplicant-probed-cert-dbus-signal.patch to emit a D-Bus signal when the AP returned the certificate of the RADIUS server (bnc#574266) OBS-URL: https://build.opensuse.org/request/show/99552 OBS-URL: https://build.opensuse.org/package/show/hardware/wpa_supplicant?expand=0&rev=21
374 lines
12 KiB
Diff
374 lines
12 KiB
Diff
commit ade74830b45466abb41b8e8dbc2f595d8bacb793
|
|
Author: Michael Chang <mchang@novell.com>
|
|
Date: Tue Jul 5 12:22:32 2011 +0300
|
|
|
|
Add dbus signal for information about server certification
|
|
|
|
In general, this patch attemps to extend commit
|
|
00468b4650998144f794762206c695c962c54734 with dbus support.
|
|
|
|
This can be used by dbus client to implement subject match text
|
|
entry with preset value probed from server. This preset value, if
|
|
user accepts it, is remembered and passed to subject_match config
|
|
for any future authentication.
|
|
|
|
Signed-off-by: Michael Chang <mchang@novell.com>
|
|
|
|
Index: wpa_supplicant-0.7.3/src/eap_peer/eap.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.c
|
|
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.c
|
|
@@ -1206,6 +1206,13 @@ static void eap_peer_sm_tls_event(void *
|
|
data->peer_cert.subject,
|
|
cert_hex);
|
|
}
|
|
+ if (sm->eapol_cb->notify_cert) {
|
|
+ sm->eapol_cb->notify_cert(sm->eapol_ctx,
|
|
+ data->peer_cert.depth,
|
|
+ data->peer_cert.subject,
|
|
+ hash_hex,
|
|
+ data->peer_cert.cert);
|
|
+ }
|
|
break;
|
|
}
|
|
|
|
Index: wpa_supplicant-0.7.3/src/eap_peer/eap.h
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/src/eap_peer/eap.h
|
|
+++ wpa_supplicant-0.7.3/src/eap_peer/eap.h
|
|
@@ -221,6 +221,17 @@ struct eapol_callbacks {
|
|
*/
|
|
void (*eap_param_needed)(void *ctx, const char *field,
|
|
const char *txt);
|
|
+
|
|
+ /**
|
|
+ * notify_cert - Notification of a peer certificate
|
|
+ * @ctx: eapol_ctx from eap_peer_sm_init() call
|
|
+ * @depth: Depth in certificate chain (0 = server)
|
|
+ * @subject: Subject of the peer certificate
|
|
+ * @cert_hash: SHA-256 hash of the certificate
|
|
+ * @cert: Peer certificate
|
|
+ */
|
|
+ void (*notify_cert)(void *ctx, int depth, const char *subject,
|
|
+ const char *cert_hash, const struct wpabuf *cert);
|
|
};
|
|
|
|
/**
|
|
Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.c
|
|
+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.c
|
|
@@ -1810,6 +1810,15 @@ static void eapol_sm_eap_param_needed(vo
|
|
#define eapol_sm_eap_param_needed NULL
|
|
#endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
|
|
|
|
+static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+ struct eapol_sm *sm = ctx;
|
|
+ if (sm->ctx->cert_cb)
|
|
+ sm->ctx->cert_cb(sm->ctx->ctx, depth, subject,
|
|
+ cert_hash, cert);
|
|
+}
|
|
|
|
static struct eapol_callbacks eapol_cb =
|
|
{
|
|
@@ -1822,7 +1831,8 @@ static struct eapol_callbacks eapol_cb =
|
|
eapol_sm_set_config_blob,
|
|
eapol_sm_get_config_blob,
|
|
eapol_sm_notify_pending,
|
|
- eapol_sm_eap_param_needed
|
|
+ eapol_sm_eap_param_needed,
|
|
+ eapol_sm_notify_cert
|
|
};
|
|
|
|
|
|
Index: wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/src/eapol_supp/eapol_supp_sm.h
|
|
+++ wpa_supplicant-0.7.3/src/eapol_supp/eapol_supp_sm.h
|
|
@@ -220,6 +220,17 @@ struct eapol_ctx {
|
|
* @authorized: Whether the supplicant port is now in authorized state
|
|
*/
|
|
void (*port_cb)(void *ctx, int authorized);
|
|
+
|
|
+ /**
|
|
+ * cert_cb - Notification of a peer certificate
|
|
+ * @ctx: Callback context (ctx)
|
|
+ * @depth: Depth in certificate chain (0 = server)
|
|
+ * @subject: Subject of the peer certificate
|
|
+ * @cert_hash: SHA-256 hash of the certificate
|
|
+ * @cert: Peer certificate
|
|
+ */
|
|
+ void (*cert_cb)(void *ctx, int depth, const char *subject,
|
|
+ const char *cert_hash, const struct wpabuf *cert);
|
|
};
|
|
|
|
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.c
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.c
|
|
@@ -650,6 +650,53 @@ nomem:
|
|
|
|
#endif /* CONFIG_WPS */
|
|
|
|
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+ struct wpas_dbus_priv *iface;
|
|
+ DBusMessage *msg;
|
|
+ DBusMessageIter iter, dict_iter;
|
|
+
|
|
+ iface = wpa_s->global->dbus;
|
|
+
|
|
+ /* Do nothing if the control interface is not turned on */
|
|
+ if (iface == NULL)
|
|
+ return;
|
|
+
|
|
+ msg = dbus_message_new_signal(wpa_s->dbus_new_path,
|
|
+ WPAS_DBUS_NEW_IFACE_INTERFACE,
|
|
+ "Certification");
|
|
+ if (msg == NULL)
|
|
+ return;
|
|
+
|
|
+ dbus_message_iter_init_append(msg, &iter);
|
|
+ if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
|
|
+ goto nomem;
|
|
+
|
|
+ if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
|
|
+ !wpa_dbus_dict_append_string(&dict_iter, "subject", subject))
|
|
+ goto nomem;
|
|
+
|
|
+ if (cert_hash &&
|
|
+ !wpa_dbus_dict_append_string(&dict_iter, "cert_hash", cert_hash))
|
|
+ goto nomem;
|
|
+
|
|
+ if (cert &&
|
|
+ !wpa_dbus_dict_append_byte_array(&dict_iter, "cert",
|
|
+ wpabuf_head(cert),
|
|
+ wpabuf_len(cert)))
|
|
+ goto nomem;
|
|
+
|
|
+ if (!wpa_dbus_dict_close_write(&iter, &dict_iter))
|
|
+ goto nomem;
|
|
+
|
|
+ dbus_connection_send(iface->con, msg, NULL);
|
|
+
|
|
+nomem:
|
|
+ dbus_message_unref(msg);
|
|
+}
|
|
|
|
/**
|
|
* wpas_dbus_signal_prop_changed - Signals change of property
|
|
@@ -1488,6 +1535,12 @@ static const struct wpa_dbus_signal_desc
|
|
}
|
|
},
|
|
#endif /* CONFIG_WPS */
|
|
+ { "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
|
|
+ {
|
|
+ { "certification", "a{sv}", ARG_OUT },
|
|
+ END_ARGS
|
|
+ }
|
|
+ },
|
|
{ NULL, NULL, { END_ARGS } }
|
|
};
|
|
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_new.h
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_new.h
|
|
@@ -120,6 +120,10 @@ void wpas_dbus_signal_blob_removed(struc
|
|
void wpas_dbus_signal_debug_level_changed(struct wpa_global *global);
|
|
void wpas_dbus_signal_debug_timestamp_changed(struct wpa_global *global);
|
|
void wpas_dbus_signal_debug_show_keys_changed(struct wpa_global *global);
|
|
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert);
|
|
|
|
#else /* CONFIG_CTRL_IFACE_DBUS_NEW */
|
|
|
|
@@ -230,6 +234,14 @@ static inline void wpas_dbus_signal_debu
|
|
{
|
|
}
|
|
|
|
+static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth,
|
|
+ const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+}
|
|
+
|
|
#endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
|
|
|
|
#endif /* CTRL_IFACE_DBUS_H_NEW */
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.c
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.c
|
|
@@ -547,6 +547,59 @@ void wpa_supplicant_dbus_notify_wps_cred
|
|
}
|
|
#endif /* CONFIG_WPS */
|
|
|
|
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+ struct wpas_dbus_priv *iface;
|
|
+ DBusMessage *_signal = NULL;
|
|
+ const char *hash;
|
|
+ const char *cert_hex;
|
|
+ int cert_hex_len;
|
|
+
|
|
+ /* Do nothing if the control interface is not turned on */
|
|
+ if (wpa_s->global == NULL)
|
|
+ return;
|
|
+ iface = wpa_s->global->dbus;
|
|
+ if (iface == NULL)
|
|
+ return;
|
|
+
|
|
+ _signal = dbus_message_new_signal(wpa_s->dbus_path,
|
|
+ WPAS_DBUS_IFACE_INTERFACE,
|
|
+ "Certification");
|
|
+ if (_signal == NULL) {
|
|
+ wpa_printf(MSG_ERROR,
|
|
+ "dbus: wpa_supplicant_dbus_notify_certification: "
|
|
+ "Could not create dbus signal; likely out of "
|
|
+ "memory");
|
|
+ return;
|
|
+ }
|
|
+
|
|
+ hash = cert_hash ? cert_hash : "";
|
|
+ cert_hex = cert ? wpabuf_head(cert) : "";
|
|
+ cert_hex_len = cert ? wpabuf_len(cert) : 0;
|
|
+
|
|
+ if (!dbus_message_append_args(_signal,
|
|
+ DBUS_TYPE_INT32,&depth,
|
|
+ DBUS_TYPE_STRING, &subject,
|
|
+ DBUS_TYPE_STRING, &hash,
|
|
+ DBUS_TYPE_ARRAY, DBUS_TYPE_BYTE,
|
|
+ &cert_hex, cert_hex_len,
|
|
+ DBUS_TYPE_INVALID)) {
|
|
+ wpa_printf(MSG_ERROR,
|
|
+ "dbus: wpa_supplicant_dbus_notify_certification: "
|
|
+ "Not enough memory to construct signal");
|
|
+ goto out;
|
|
+ }
|
|
+
|
|
+ dbus_connection_send(iface->con, _signal, NULL);
|
|
+
|
|
+out:
|
|
+ dbus_message_unref(_signal);
|
|
+
|
|
+}
|
|
+
|
|
|
|
/**
|
|
* wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/dbus/dbus_old.h
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/dbus/dbus_old.h
|
|
@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_ch
|
|
enum wpa_states old_state);
|
|
void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
|
|
const struct wps_credential *cred);
|
|
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert);
|
|
|
|
char * wpas_dbus_decompose_object_path(const char *path, char **network,
|
|
char **bssid);
|
|
@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(stru
|
|
{
|
|
}
|
|
|
|
+static inline void
|
|
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
|
|
+ int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+}
|
|
+
|
|
static inline int
|
|
wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
|
|
{
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.c
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.c
|
|
@@ -337,3 +337,15 @@ void wpas_notify_resume(struct wpa_globa
|
|
wpa_supplicant_req_scan(wpa_s, 0, 100000);
|
|
}
|
|
}
|
|
+
|
|
+
|
|
+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
|
|
+ const char *subject, const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+ /* notify the old DBus API */
|
|
+ wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject,
|
|
+ cert_hash, cert);
|
|
+ /* notify the new DBus API */
|
|
+ wpas_dbus_signal_certification(wpa_s, depth, subject, cert_hash, cert);
|
|
+}
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/notify.h
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/notify.h
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/notify.h
|
|
@@ -78,4 +78,8 @@ void wpas_notify_debug_show_keys_changed
|
|
void wpas_notify_suspend(struct wpa_global *global);
|
|
void wpas_notify_resume(struct wpa_global *global);
|
|
|
|
+void wpas_notify_certification(struct wpa_supplicant *wpa_s, int depth,
|
|
+ const char *subject, const char *cert_hash,
|
|
+ const struct wpabuf *cert);
|
|
+
|
|
#endif /* NOTIFY_H */
|
|
Index: wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
|
|
===================================================================
|
|
--- wpa_supplicant-0.7.3.orig/wpa_supplicant/wpas_glue.c
|
|
+++ wpa_supplicant-0.7.3/wpa_supplicant/wpas_glue.c
|
|
@@ -32,6 +32,7 @@
|
|
#include "wps_supplicant.h"
|
|
#include "bss.h"
|
|
#include "scan.h"
|
|
+#include "notify.h"
|
|
|
|
|
|
#ifndef CONFIG_NO_CONFIG_BLOBS
|
|
@@ -572,6 +573,16 @@ static void wpa_supplicant_port_cb(void
|
|
authorized ? "Authorized" : "Unauthorized");
|
|
wpa_drv_set_supp_port(wpa_s, authorized);
|
|
}
|
|
+
|
|
+
|
|
+static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
|
|
+ const char *cert_hash,
|
|
+ const struct wpabuf *cert)
|
|
+{
|
|
+ struct wpa_supplicant *wpa_s = ctx;
|
|
+
|
|
+ wpas_notify_certification(wpa_s, depth, subject, cert_hash, cert);
|
|
+}
|
|
#endif /* IEEE8021X_EAPOL */
|
|
|
|
|
|
@@ -602,6 +613,7 @@ int wpa_supplicant_init_eapol(struct wpa
|
|
ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
|
|
ctx->port_cb = wpa_supplicant_port_cb;
|
|
ctx->cb = wpa_supplicant_eapol_cb;
|
|
+ ctx->cert_cb = wpa_supplicant_cert_cb;
|
|
ctx->cb_ctx = wpa_s;
|
|
wpa_s->eapol = eapol_sm_init(ctx);
|
|
if (wpa_s->eapol == NULL) {
|