[PATCH] Add dbus signal for information about server certification
Dan Williams
dcbw
Mon Jun 20 21:39:12 PDT 2011
On Mon, 2011-06-20 at 12:39 +0800, Michael Chang wrote:
> In general, this patch attemps to extend commit
> 00468b4650998144f794762206c695c962c54734 with dbus support.
>
> This can be used by dbus client to implement subject match text
> entry with preset value probed from server. This preset value, if
> user accepts it, is remembered and passed to subject_match config
> for any future authenication.
How does the 'cert' dict member come out? It's marked as a STRING type,
is it a string of hex chars or something else? If it's a string of hex
chars, shouldn't the dict member's type be a byte array (ay) instead?
Dan
> Signed-off-by: Michael Chang <mchang at novell.com>
> ---
> src/eap_peer/eap.c | 13 +++++++++++
> src/eap_peer/eap.h | 2 +
> src/eapol_supp/eapol_supp_sm.c | 11 +++++++++-
> src/eapol_supp/eapol_supp_sm.h | 2 +
> wpa_supplicant/dbus/dbus_new.c | 43 +++++++++++++++++++++++++++++++++++++++
> wpa_supplicant/dbus/dbus_new.h | 10 +++++++++
> wpa_supplicant/dbus/dbus_old.c | 44 ++++++++++++++++++++++++++++++++++++++++
> wpa_supplicant/dbus/dbus_old.h | 12 ++++++++++
> wpa_supplicant/notify.c | 10 +++++++++
> wpa_supplicant/notify.h | 4 +++
> wpa_supplicant/wpas_glue.c | 11 ++++++++++
> 11 files changed, 161 insertions(+), 1 deletions(-)
>
> diff --git a/src/eap_peer/eap.c b/src/eap_peer/eap.c
> index 8a9826f..a7d2e1f 100644
> --- a/src/eap_peer/eap.c
> +++ b/src/eap_peer/eap.c
> @@ -1208,6 +1208,19 @@ static void eap_peer_sm_tls_event(void *ctx, enum tls_event ev,
> data->peer_cert.depth,
> data->peer_cert.subject,
> cert_hex);
> + if (sm->eapol_cb->notify_cert) {
> + sm->eapol_cb->notify_cert(sm->eapol_ctx,
> + data->peer_cert.depth,
> + data->peer_cert.subject,
> + cert_hex);
> + }
> + } else {
> + if (sm->eapol_cb->notify_cert) {
> + sm->eapol_cb->notify_cert(sm->eapol_ctx,
> + data->peer_cert.depth,
> + data->peer_cert.subject,
> + "");
> + }
> }
> break;
> }
> diff --git a/src/eap_peer/eap.h b/src/eap_peer/eap.h
> index 3550909..34dabe2 100644
> --- a/src/eap_peer/eap.h
> +++ b/src/eap_peer/eap.h
> @@ -221,6 +221,8 @@ struct eapol_callbacks {
> */
> void (*eap_param_needed)(void *ctx, const char *field,
> const char *txt);
> +
> + void (*notify_cert)(void *ctx, int depth, const char *subject, const char *cert);
> };
>
> /**
> diff --git a/src/eapol_supp/eapol_supp_sm.c b/src/eapol_supp/eapol_supp_sm.c
> index 18abb4e..1bdeb2f 100644
> --- a/src/eapol_supp/eapol_supp_sm.c
> +++ b/src/eapol_supp/eapol_supp_sm.c
> @@ -1825,6 +1825,14 @@ static void eapol_sm_eap_param_needed(void *ctx, const char *field,
> #define eapol_sm_eap_param_needed NULL
> #endif /* CONFIG_CTRL_IFACE || !CONFIG_NO_STDOUT_DEBUG */
>
> +static void eapol_sm_notify_cert(void *ctx, int depth, const char *subject,
> + const char *cert)
> +{
> + struct eapol_sm *sm = ctx;
> + wpa_printf(MSG_DEBUG, "EAPOL: EAP notify certification");
> + if (sm->ctx->cert_cb)
> + sm->ctx->cert_cb(sm->ctx->ctx, depth, subject, cert);
> +}
>
> static struct eapol_callbacks eapol_cb =
> {
> @@ -1837,7 +1845,8 @@ static struct eapol_callbacks eapol_cb =
> eapol_sm_set_config_blob,
> eapol_sm_get_config_blob,
> eapol_sm_notify_pending,
> - eapol_sm_eap_param_needed
> + eapol_sm_eap_param_needed,
> + eapol_sm_notify_cert
> };
>
>
> diff --git a/src/eapol_supp/eapol_supp_sm.h b/src/eapol_supp/eapol_supp_sm.h
> index 1bdf8cd..3422ef0 100644
> --- a/src/eapol_supp/eapol_supp_sm.h
> +++ b/src/eapol_supp/eapol_supp_sm.h
> @@ -220,6 +220,8 @@ struct eapol_ctx {
> * @authorized: Whether the supplicant port is now in authorized state
> */
> void (*port_cb)(void *ctx, int authorized);
> +
> + void (*cert_cb)(void *ctx, int depth, const char *subject, const char *cert);
> };
>
>
> diff --git a/wpa_supplicant/dbus/dbus_new.c b/wpa_supplicant/dbus/dbus_new.c
> index 5e9ef6a..8dd5086 100644
> --- a/wpa_supplicant/dbus/dbus_new.c
> +++ b/wpa_supplicant/dbus/dbus_new.c
> @@ -653,6 +653,43 @@ nomem:
>
> #endif /* CONFIG_WPS */
>
> +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert)
> +{
> + struct wpas_dbus_priv *iface;
> + DBusMessage *msg;
> + DBusMessageIter iter, dict_iter;
> +
> + iface = wpa_s->global->dbus;
> +
> + /* Do nothing if the control interface is not turned on */
> + if (iface == NULL)
> + return;
> +
> + msg = dbus_message_new_signal(wpa_s->dbus_new_path,
> + WPAS_DBUS_NEW_IFACE_INTERFACE,
> + "Certification");
> + if (msg == NULL)
> + return;
> +
> + dbus_message_iter_init_append(msg, &iter);
> + if (!wpa_dbus_dict_open_write(&iter, &dict_iter))
> + goto nomem;
> +
> + if (!wpa_dbus_dict_append_uint32(&dict_iter, "depth", depth) ||
> + !wpa_dbus_dict_append_string(&dict_iter, "subject", subject) ||
> + !wpa_dbus_dict_append_string(&dict_iter, "cert", cert) ||
> + !wpa_dbus_dict_close_write(&iter, &dict_iter))
> + goto nomem;
> +
> + dbus_connection_send(iface->con, msg, NULL);
> +
> +nomem:
> + dbus_message_unref(msg);
> +}
> +
> #ifdef CONFIG_P2P
>
> /**
> @@ -2216,6 +2253,12 @@ static const struct wpa_dbus_property_desc wpas_dbus_interface_properties[] = {
> (WPADBusPropertyAccessor) wpas_dbus_getter_networks,
> NULL, R
> },
> + { "Certification", WPAS_DBUS_NEW_IFACE_INTERFACE,
> + {
> + { "certification", "a{sv}", ARG_OUT },
> + END_ARGS
> + }
> + },
> #ifdef CONFIG_WPS
> { "ProcessCredentials", WPAS_DBUS_NEW_IFACE_WPS, "b",
> (WPADBusPropertyAccessor) wpas_dbus_getter_process_credentials,
> diff --git a/wpa_supplicant/dbus/dbus_new.h b/wpa_supplicant/dbus/dbus_new.h
> index e8376fe..6ba0229 100644
> --- a/wpa_supplicant/dbus/dbus_new.h
> +++ b/wpa_supplicant/dbus/dbus_new.h
> @@ -187,6 +187,10 @@ void wpas_dbus_signal_p2p_sd_response(struct wpa_supplicant *wpa_s,
> const u8 *tlvs, size_t tlvs_len);
> void wpas_dbus_signal_p2p_peer_joined(struct wpa_supplicant *wpa_s,
> const u8 *member);
> +void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert);
>
> #else /* CONFIG_CTRL_IFACE_DBUS_NEW */
>
> @@ -410,6 +414,12 @@ wpas_dbus_signal_p2p_peer_disconnected(struct wpa_supplicant *wpa_s,
> const u8 *member)
> {
> }
> +static inline void wpas_dbus_signal_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert)
> +{
> +}
> #endif /* CONFIG_CTRL_IFACE_DBUS_NEW */
>
> #endif /* CTRL_IFACE_DBUS_H_NEW */
> diff --git a/wpa_supplicant/dbus/dbus_old.c b/wpa_supplicant/dbus/dbus_old.c
> index 6a00f3e..8b35410 100644
> --- a/wpa_supplicant/dbus/dbus_old.c
> +++ b/wpa_supplicant/dbus/dbus_old.c
> @@ -549,6 +549,50 @@ void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
> }
> #endif /* CONFIG_WPS */
>
> +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert)
> +{
> + struct wpas_dbus_priv *iface;
> + DBusMessage *_signal = NULL;
> +
> + /* Do nothing if the control interface is not turned on */
> + if (wpa_s->global == NULL)
> + return;
> + iface = wpa_s->global->dbus;
> + if (iface == NULL)
> + return;
> +
> + _signal = dbus_message_new_signal(wpa_s->dbus_path,
> + WPAS_DBUS_IFACE_INTERFACE,
> + "Certification");
> + if (_signal == NULL) {
> + wpa_printf(MSG_ERROR,
> + "dbus: wpa_supplicant_dbus_notify_certification: "
> + "Could not create dbus signal; likely out of "
> + "memory");
> + return;
> + }
> +
> + if (!dbus_message_append_args(_signal,
> + DBUS_TYPE_INT32,&depth,
> + DBUS_TYPE_STRING, &subject,
> + DBUS_TYPE_STRING, &cert,
> + DBUS_TYPE_INVALID)) {
> + wpa_printf(MSG_ERROR,
> + "dbus: wpa_supplicant_dbus_notify_certification: "
> + "Not enough memory to construct signal");
> + goto out;
> + }
> +
> + dbus_connection_send(iface->con, _signal, NULL);
> +
> +out:
> + dbus_message_unref(_signal);
> +
> +}
> +
>
> /**
> * wpa_supplicant_dbus_ctrl_iface_init - Initialize dbus control interface
> diff --git a/wpa_supplicant/dbus/dbus_old.h b/wpa_supplicant/dbus/dbus_old.h
> index a9840c2..932c34e 100644
> --- a/wpa_supplicant/dbus/dbus_old.h
> +++ b/wpa_supplicant/dbus/dbus_old.h
> @@ -82,6 +82,10 @@ void wpa_supplicant_dbus_notify_state_change(struct wpa_supplicant *wpa_s,
> enum wpa_states old_state);
> void wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
> const struct wps_credential *cred);
> +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert);
>
> char * wpas_dbus_decompose_object_path(const char *path, char **network,
> char **bssid);
> @@ -114,6 +118,14 @@ wpa_supplicant_dbus_notify_wps_cred(struct wpa_supplicant *wpa_s,
> {
> }
>
> +static inline void
> +void wpa_supplicant_dbus_notify_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert)
> +{
> +}
> +
> static inline int
> wpas_dbus_register_iface(struct wpa_supplicant *wpa_s)
> {
> diff --git a/wpa_supplicant/notify.c b/wpa_supplicant/notify.c
> index 6d11a3d..9312e1c 100644
> --- a/wpa_supplicant/notify.c
> +++ b/wpa_supplicant/notify.c
> @@ -176,6 +176,16 @@ void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
> #endif /* CONFIG_WPS */
> }
>
> +void wpas_notify_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert)
> +{
> + /* notify the old DBus API */
> + wpa_supplicant_dbus_notify_certification(wpa_s, depth, subject, cert);
> + /* notify the new DBus API */
> + wpas_dbus_signal_certification(wpa_s, depth, subject, cert);
> +}
>
> void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
> struct wps_event_m2d *m2d)
> diff --git a/wpa_supplicant/notify.h b/wpa_supplicant/notify.h
> index 1e71091..e88a431 100644
> --- a/wpa_supplicant/notify.h
> +++ b/wpa_supplicant/notify.h
> @@ -41,6 +41,10 @@ void wpas_notify_scan_done(struct wpa_supplicant *wpa_s, int success);
> void wpas_notify_scan_results(struct wpa_supplicant *wpa_s);
> void wpas_notify_wps_credential(struct wpa_supplicant *wpa_s,
> const struct wps_credential *cred);
> +void wpas_notify_certification(struct wpa_supplicant *wpa_s,
> + int depth,
> + const char *subject,
> + const char *cert);
> void wpas_notify_wps_event_m2d(struct wpa_supplicant *wpa_s,
> struct wps_event_m2d *m2d);
> void wpas_notify_wps_event_fail(struct wpa_supplicant *wpa_s,
> diff --git a/wpa_supplicant/wpas_glue.c b/wpa_supplicant/wpas_glue.c
> index 2662eec..0fe90d7 100644
> --- a/wpa_supplicant/wpas_glue.c
> +++ b/wpa_supplicant/wpas_glue.c
> @@ -32,6 +32,7 @@
> #include "wps_supplicant.h"
> #include "bss.h"
> #include "scan.h"
> +#include "notify.h"
>
>
> #ifndef CONFIG_NO_CONFIG_BLOBS
> @@ -611,6 +612,15 @@ static void wpa_supplicant_port_cb(void *ctx, int authorized)
> authorized ? "Authorized" : "Unauthorized");
> wpa_drv_set_supp_port(wpa_s, authorized);
> }
> +
> +static void wpa_supplicant_cert_cb(void *ctx, int depth, const char *subject,
> + const char *cert)
> +{
> + struct wpa_supplicant *wpa_s = ctx;
> +
> + wpa_printf(MSG_INFO, "EAPOL: Subject: %s", subject);
> + wpas_notify_certification(wpa_s, depth, subject, cert);
> +}
> #endif /* IEEE8021X_EAPOL */
>
>
> @@ -641,6 +651,7 @@ int wpa_supplicant_init_eapol(struct wpa_supplicant *wpa_s)
> ctx->eap_param_needed = wpa_supplicant_eap_param_needed;
> ctx->port_cb = wpa_supplicant_port_cb;
> ctx->cb = wpa_supplicant_eapol_cb;
> + ctx->cert_cb = wpa_supplicant_cert_cb;
> ctx->cb_ctx = wpa_s;
> wpa_s->eapol = eapol_sm_init(ctx);
> if (wpa_s->eapol == NULL) {
More information about the Hostap
mailing list