From a771578767d77a45ab0bddb814aac565dae7a3e0 Mon Sep 17 00:00:00 2001 From: Luke Howard Date: Tue, 29 Nov 2011 02:01:28 +1100 Subject: [PATCH] Revert "Allow certificate/private key to contain binary data" This reverts commit 6196f93aaca970f23276407af0812179c51a29ea. --- mech_eap/gssapiP_eap.h | 6 ------ mech_eap/init_sec_context.c | 36 +++++------------------------------- 2 files changed, 5 insertions(+), 37 deletions(-) diff --git a/mech_eap/gssapiP_eap.h b/mech_eap/gssapiP_eap.h index eb7e7db..c763fbd 100644 --- a/mech_eap/gssapiP_eap.h +++ b/mech_eap/gssapiP_eap.h @@ -151,7 +151,6 @@ struct gss_name_struct #define CRED_FLAG_RESOLVED 0x00100000 #define CRED_FLAG_TARGET 0x00200000 #define CRED_FLAG_CERTIFICATE 0x00400000 -#define CRED_FLAG_CONFIG_BLOB 0x00800000 #define CRED_FLAG_PUBLIC_MASK 0x0000FFFF #ifdef HAVE_HEIMDAL_VERSION @@ -199,16 +198,11 @@ struct gss_cred_id_struct #define CTX_FLAG_EAP_ALT_REJECT 0x01000000 #define CTX_FLAG_EAP_MASK 0xFFFF0000 -#define CONFIG_BLOB_CLIENT_CERT 0 -#define CONFIG_BLOB_PRIVATE_KEY 1 -#define CONFIG_BLOB_MAX 2 - struct gss_eap_initiator_ctx { unsigned int idleWhile; struct eap_peer_config eapPeerConfig; struct eap_sm *eap; struct wpabuf reqData; - struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX]; }; #ifdef GSSEAP_ENABLE_ACCEPTOR diff --git a/mech_eap/init_sec_context.c b/mech_eap/init_sec_context.c index a67d381..8a877fd 100644 --- a/mech_eap/init_sec_context.c +++ b/mech_eap/init_sec_context.c @@ -167,20 +167,10 @@ peerSetConfigBlob(void *ctx GSSEAP_UNUSED, } static const struct wpa_config_blob * -peerGetConfigBlob(void *ctx, - const char *name) +peerGetConfigBlob(void *ctx GSSEAP_UNUSED, + const char *name GSSEAP_UNUSED) { - gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx; - size_t index; - - if (strcmp(name, "client-cert") == 0) - index = CONFIG_BLOB_CLIENT_CERT; - else if (strcmp(name, "private-key") == 0) - index = CONFIG_BLOB_PRIVATE_KEY; - else - return NULL; - - return &gssCtx->initiatorCtx.configBlobs[index]; + return NULL; } static void @@ -210,7 +200,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx) OM_uint32 major; krb5_context krbContext; struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig; - struct wpa_config_blob *configBlobs = ctx->initiatorCtx.configBlobs; gss_buffer_desc identity = GSS_C_EMPTY_BUFFER; gss_buffer_desc realm = GSS_C_EMPTY_BUFFER; gss_cred_id_t cred = ctx->cred; @@ -272,23 +261,8 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx) eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value; if (cred->flags & CRED_FLAG_CERTIFICATE) { - /* - * CRED_FLAG_CONFIG_BLOB is an internal flag which will be used in the - * future to directly pass certificate and private key data to the - * EAP implementation, rather than an indirected string pointer. - */ - if (cred->flags & CRED_FLAG_CONFIG_BLOB) { - eapPeerConfig->client_cert = (unsigned char *)"blob://client-cert"; - configBlobs[CONFIG_BLOB_CLIENT_CERT].data = cred->clientCertificate.value; - configBlobs[CONFIG_BLOB_CLIENT_CERT].len = cred->clientCertificate.length; - - eapPeerConfig->client_cert = (unsigned char *)"blob://private-key"; - configBlobs[CONFIG_BLOB_PRIVATE_KEY].data = cred->clientCertificate.value; - configBlobs[CONFIG_BLOB_PRIVATE_KEY].len = cred->privateKey.length; - } else { - eapPeerConfig->client_cert = (unsigned char *)cred->clientCertificate.value; - eapPeerConfig->private_key = (unsigned char *)cred->privateKey.value; - } + eapPeerConfig->client_cert = (unsigned char *)cred->clientCertificate.value; + eapPeerConfig->private_key = (unsigned char *)cred->privateKey.value; eapPeerConfig->private_key_passwd = (unsigned char *)cred->password.value; } -- 2.1.4