[PATCH] Add dbus signal for information about server certification

Michael Chang mchang
Sun Jun 19 21:39:52 PDT 2011


In general, this patch attemps to extend commit
00468b4650998144f794762206c695c962c54734 with dbus support.

This can be used by dbus client to implement subject match text
entry with preset value probed from server. This preset value, if
user accepts it, is remembered and passed to subject_match config
for any future authenication.

Signed-off-by: Michael Chang <mchang at novell.com>
---
 src/eap_peer/eap.c             |   13 +++++++++++
 src/eap_peer/eap.h             |    2 +
 src/eapol_supp/eapol_supp_sm.c |   11 +++++++++-
 src/eapol_supp/eapol_supp_sm.h |    2 +
 wpa_supplicant/dbus/dbus_new.c |   43 +++++++++++++++++++++++++++++++++++++++
 wpa_supplicant/dbus/dbus_new.h |   10 +++++++++
 wpa_supplicant/dbus/dbus_old.c |   44 ++++++++++++++++++++++++++++++++++++++++
 wpa_supplicant/dbus/dbus_old.h |   12 ++++++++++
 wpa_supplicant/notify.c        |   10 +++++++++
 wpa_supplicant/notify.h        |    4 +++
 wpa_supplicant/wpas_glue.c     |   11 ++++++++++
 11 files changed, 161 insertions(+), 1 deletions(-)

diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
index 8a9826f..a7d2e1f 100644
--- a/src/eap_peer/eap.c
+++ b/src/eap_peer/eap.c
@@ -1208,6 +1208,19 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
 				     data->peer_cert.depth,
 				     data->peer_cert.subject,
 				     cert_hex);
+			if (sm->eapol_cb->notify_cert) {
+				sm->eapol_cb->notify_cert(sm->eapol_ctx,
+							  data->peer_cert.depth,
+							  data->peer_cert.subject,
+							  cert_hex);
+			}
+		} else {
+			if (sm->eapol_cb->notify_cert) {
+				sm->eapol_cb->notify_cert(sm->eapol_ctx,
+							  data->peer_cert.depth,
+							  data->peer_cert.subject,
+							  "");
+			}
 		}
 		break;
 	}
diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
index 3550909..34dabe2 100644
--- a/src/eap_peer/eap.h
+++ b/src/eap_peer/eap.h
@@ -221,6 +221,8 @@ struct eapol_callbacks {
 	 */
 	void (*eap_param_needed)(void *ctx, const char *field,
 				 const char *txt);
+	
+	void (*notify_cert)(void *ctx, int depth, const char *subject, const char *cert);
 };
 
 /**
diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
index 18abb4e..1bdeb2f 100644
--- a/src/eapol_supp/eapol_supp_sm.c
+++ b/src/eapol_supp/eapol_supp_sm.c
@@ -1825,6 +1825,14 @@ static void eapol_sm_eap_param_needed(void *ctx, const char *field,
 #define eapol_sm_eap_param_needed NULL
 #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
 
+static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
+				 const char *cert)
+{
+	struct eapol_sm *sm = ctx;
+	wpa_printf(MSG_DEBUG, "EAPOL: EAP notify certification");
+	if (sm->ctx->cert_cb)
+		sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, cert);
+}
 
 static struct eapol_callbacks eapol_cb =
 {
@@ -1837,7 +1845,8 @@ static struct eapol_callbacks eapol_cb =
 	eapol_sm_set_config_blob,
 	eapol_sm_get_config_blob,
 	eapol_sm_notify_pending,
-	eapol_sm_eap_param_needed
+	eapol_sm_eap_param_needed,
+	eapol_sm_notify_cert
 };
 
 
diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
index 1bdf8cd..3422ef0 100644
--- a/src/eapol_supp/eapol_supp_sm.h
+++ b/src/eapol_supp/eapol_supp_sm.h
@@ -220,6 +220,8 @@ struct eapol_ctx {
 	 * @authorized: Whether the supplicant port is now in authorized state
 	 */
 	void (*port_cb)(void *ctx, int authorized);
+
+	void (*cert_cb)(void *ctx, int depth, const char *subject, const char *cert);
 };
 
 
diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
index 5e9ef6a..8dd5086 100644
--- a/wpa_supplicant/dbus/dbus_new.c
+++ b/wpa_supplicant/dbus/dbus_new.c
@@ -653,6 +653,43 @@ nomem:
 
 #endif /* CONFIG_WPS */
 
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+				   int depth,
+				   const char *subject,
+				   const char *cert)
+{
+	struct wpas_dbus_priv *iface;
+	DBusMessage *msg;
+	DBusMessageIter iter, dict_iter;
+
+	iface = wpa_s->global->dbus;
+
+	/* Do nothing if the control interface is not turned on */
+	if (iface == NULL)
+		return;
+
+	msg = dbus_message_new_signal(wpa_s->dbus_new_path,
+				      WPAS_DBUS_NEW_IFACE_INTERFACE,
+				      "Certification");
+	if (msg == NULL)
+		return;
+
+	dbus_message_iter_init_append(msg, &iter);
+	if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
+		goto nomem;
+
+	if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
+	    !wpa_dbus_dict_append_string(&dict_iter, "subject", subject) ||
+	    !wpa_dbus_dict_append_string(&dict_iter, "cert", cert) ||
+	    !wpa_dbus_dict_close_write(&iter, &dict_iter))
+		goto nomem;
+
+	dbus_connection_send(iface->con, msg, NULL);	
+
+nomem:	
+	dbus_message_unref(msg);
+}
+
 #ifdef CONFIG_P2P
 
 /**
@@ -2216,6 +2253,12 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
 	  (WPADBusPropertyAccessor) wpas_dbus_getter_networks,
 	  NULL, R
 	},
+	{ "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
+	  {
+		  { "certification", "a{sv}", ARG_OUT },
+		  END_ARGS
+	  }
+	},
 #ifdef CONFIG_WPS
 	{ "ProcessCredentials", WPAS_DBUS_NEW_IFACE_WPS, "b",
 	  (WPADBusPropertyAccessor) wpas_dbus_getter_process_credentials,
diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
index e8376fe..6ba0229 100644
--- a/wpa_supplicant/dbus/dbus_new.h
+++ b/wpa_supplicant/dbus/dbus_new.h
@@ -187,6 +187,10 @@ void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
 				      const u8 *tlvs, size_t tlvs_len);
 void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
 				const u8 *member);
+void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+				    int depth,
+				    const char *subject,
+				    const char *cert);
 
 #else /* CONFIG_CTRL_IFACE_DBUS_NEW */
 
@@ -410,6 +414,12 @@ wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
 				       const u8 *member)
 {
 }
+static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
+						  int depth,
+						  const char *subject,
+				   		  const char *cert)
+{
+}
 #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
 
 #endif /* CTRL_IFACE_DBUS_H_NEW */
diff --git a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c
index 6a00f3e..8b35410 100644
--- a/wpa_supplicant/dbus/dbus_old.c
+++ b/wpa_supplicant/dbus/dbus_old.c
@@ -549,6 +549,50 @@ void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
 }
 #endif /* CONFIG_WPS */
 
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth,
+					      const char *subject,
+					      const char *cert)
+{
+	struct wpas_dbus_priv *iface;
+	DBusMessage *_signal = NULL;
+
+	/* Do nothing if the control interface is not turned on */
+	if (wpa_s->global == NULL)
+		return;
+	iface = wpa_s->global->dbus;
+	if (iface == NULL)
+		return;
+
+	_signal = dbus_message_new_signal(wpa_s->dbus_path,
+					  WPAS_DBUS_IFACE_INTERFACE,
+					  "Certification");
+	if (_signal == NULL) {
+		wpa_printf(MSG_ERROR,
+		           "dbus: wpa_supplicant_dbus_notify_certification: "
+		           "Could not create dbus signal; likely out of "
+		           "memory");
+		return;
+	}
+
+	if (!dbus_message_append_args(_signal,
+				      DBUS_TYPE_INT32,&depth,
+				      DBUS_TYPE_STRING, &subject,
+	                              DBUS_TYPE_STRING, &cert,
+	                              DBUS_TYPE_INVALID)) {
+		wpa_printf(MSG_ERROR,
+		           "dbus: wpa_supplicant_dbus_notify_certification: "
+		           "Not enough memory to construct signal");
+		goto out;
+	}
+
+	dbus_connection_send(iface->con, _signal, NULL);
+
+out:
+	dbus_message_unref(_signal);
+
+}
+
 
 /**
  * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
diff --git a/wpa_supplicant/dbus/dbus_old.h b/wpa_supplicant/dbus/dbus_old.h
index a9840c2..932c34e 100644
--- a/wpa_supplicant/dbus/dbus_old.h
+++ b/wpa_supplicant/dbus/dbus_old.h
@@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
 					     enum wpa_states old_state);
 void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
 					 const struct wps_credential *cred);
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth,
+					      const char *subject,
+					      const char *cert);
 
 char * wpas_dbus_decompose_object_path(const char *path, char **network,
                                        char **bssid);
@@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
 {
 }
 
+static inline void
+void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
+					      int depth,
+					      const char *subject,
+					      const char *cert)
+{
+}
+
 static inline int
 wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
 {
diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
index 6d11a3d..9312e1c 100644
--- a/wpa_supplicant/notify.c
+++ b/wpa_supplicant/notify.c
@@ -176,6 +176,16 @@ void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
 #endif /* CONFIG_WPS */
 }
 
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+			       int depth,
+			       const char *subject,
+			       const char *cert)
+{
+	/* notify the old DBus API */
+	wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject, cert);
+	/* notify the new DBus API */
+	wpas_dbus_signal_certification(wpa_s, depth, subject, cert);
+}
 
 void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
 			       struct wps_event_m2d *m2d)
diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
index 1e71091..e88a431 100644
--- a/wpa_supplicant/notify.h
+++ b/wpa_supplicant/notify.h
@@ -41,6 +41,10 @@ void wpas_notify_scan_done(struct wpa_supplicant *wpa_s, int success);
 void wpas_notify_scan_results(struct wpa_supplicant *wpa_s);
 void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
 				const struct wps_credential *cred);
+void wpas_notify_certification(struct wpa_supplicant *wpa_s,
+			       int depth,
+			       const char *subject,
+			       const char *cert);
 void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
 			       struct wps_event_m2d *m2d);
 void wpas_notify_wps_event_fail(struct wpa_supplicant *wpa_s,
diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
index 2662eec..0fe90d7 100644
--- a/wpa_supplicant/wpas_glue.c
+++ b/wpa_supplicant/wpas_glue.c
@@ -32,6 +32,7 @@
 #include "wps_supplicant.h"
 #include "bss.h"
 #include "scan.h"
+#include "notify.h"
 
 
 #ifndef CONFIG_NO_CONFIG_BLOBS
@@ -611,6 +612,15 @@ static void wpa_supplicant_port_cb(void *ctx, int authorized)
 		   authorized ? "Authorized" : "Unauthorized");
 	wpa_drv_set_supp_port(wpa_s, authorized);
 }
+
+static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
+				   const char *cert)
+{
+	struct wpa_supplicant *wpa_s = ctx;
+	
+	wpa_printf(MSG_INFO, "EAPOL: Subject: %s", subject);	
+	wpas_notify_certification(wpa_s, depth, subject, cert);
+}
 #endif /* IEEE8021X_EAPOL */
 
 
@@ -641,6 +651,7 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
 	ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
 	ctx->port_cb = wpa_supplicant_port_cb;
 	ctx->cb = wpa_supplicant_eapol_cb;
+	ctx->cert_cb = wpa_supplicant_cert_cb;
 	ctx->cb_ctx = wpa_s;
 	wpa_s->eapol = eapol_sm_init(ctx);
 	if (wpa_s->eapol == NULL) {
-- 
1.7.3.4




More information about the Hostap mailing list