Revert "Allow certificate/private key to contain binary data"

This reverts commit 6196f93aaca970f23276407af0812179c51a29ea.

diff --git a/moonshot/mech_eap/gssapiP_eap.h b/moonshot/mech_eap/gssapiP_eap.h
index eb7e7db..c763fbd 100644 (file)
--- a/moonshot/mech_eap/gssapiP_eap.h
+++ b/moonshot/mech_eap/gssapiP_eap.h
@@ -151,7 +151,6 @@ struct gss_name_struct
 #define CRED_FLAG_RESOLVED                  0x00100000
 #define CRED_FLAG_TARGET                    0x00200000
 #define CRED_FLAG_CERTIFICATE               0x00400000
-#define CRED_FLAG_CONFIG_BLOB               0x00800000
 #define CRED_FLAG_PUBLIC_MASK               0x0000FFFF
 
 #ifdef HAVE_HEIMDAL_VERSION
@@ -199,16 +198,11 @@ struct gss_cred_id_struct
 #define CTX_FLAG_EAP_ALT_REJECT             0x01000000
 #define CTX_FLAG_EAP_MASK                   0xFFFF0000
 
-#define CONFIG_BLOB_CLIENT_CERT             0
-#define CONFIG_BLOB_PRIVATE_KEY             1
-#define CONFIG_BLOB_MAX                     2
-
 struct gss_eap_initiator_ctx {
     unsigned int idleWhile;
     struct eap_peer_config eapPeerConfig;
     struct eap_sm *eap;
     struct wpabuf reqData;
-    struct wpa_config_blob configBlobs[CONFIG_BLOB_MAX];
 };
 
 #ifdef GSSEAP_ENABLE_ACCEPTOR

diff --git a/moonshot/mech_eap/init_sec_context.c b/moonshot/mech_eap/init_sec_context.c
index a67d381..8a877fd 100644 (file)
--- a/moonshot/mech_eap/init_sec_context.c
+++ b/moonshot/mech_eap/init_sec_context.c
@@ -167,20 +167,10 @@ peerSetConfigBlob(void *ctx GSSEAP_UNUSED,
 }
 
 static const struct wpa_config_blob *
-peerGetConfigBlob(void *ctx,
-                  const char *name)
+peerGetConfigBlob(void *ctx GSSEAP_UNUSED,
+                  const char *name GSSEAP_UNUSED)
 {
-    gss_ctx_id_t gssCtx = (gss_ctx_id_t)ctx;
-    size_t index;
-
-    if (strcmp(name, "client-cert") == 0)
-        index = CONFIG_BLOB_CLIENT_CERT;
-    else if (strcmp(name, "private-key") == 0)
-        index = CONFIG_BLOB_PRIVATE_KEY;
-    else
-        return NULL;
-
-    return &gssCtx->initiatorCtx.configBlobs[index];
+    return NULL;
 }
 
 static void
@@ -210,7 +200,6 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
     OM_uint32 major;
     krb5_context krbContext;
     struct eap_peer_config *eapPeerConfig = &ctx->initiatorCtx.eapPeerConfig;
-    struct wpa_config_blob *configBlobs = ctx->initiatorCtx.configBlobs;
     gss_buffer_desc identity = GSS_C_EMPTY_BUFFER;
     gss_buffer_desc realm = GSS_C_EMPTY_BUFFER;
     gss_cred_id_t cred = ctx->cred;
@@ -272,23 +261,8 @@ peerConfigInit(OM_uint32 *minor, gss_ctx_id_t ctx)
     eapPeerConfig->altsubject_match = (unsigned char *)cred->subjectAltNameConstraint.value;
 
     if (cred->flags & CRED_FLAG_CERTIFICATE) {
-        /*
-         * CRED_FLAG_CONFIG_BLOB is an internal flag which will be used in the
-         * future to directly pass certificate and private key data to the
-         * EAP implementation, rather than an indirected string pointer.
-         */
-        if (cred->flags & CRED_FLAG_CONFIG_BLOB) {
-            eapPeerConfig->client_cert = (unsigned char *)"blob://client-cert";
-            configBlobs[CONFIG_BLOB_CLIENT_CERT].data = cred->clientCertificate.value;
-            configBlobs[CONFIG_BLOB_CLIENT_CERT].len  = cred->clientCertificate.length;
-
-            eapPeerConfig->client_cert = (unsigned char *)"blob://private-key";
-            configBlobs[CONFIG_BLOB_PRIVATE_KEY].data = cred->clientCertificate.value;
-            configBlobs[CONFIG_BLOB_PRIVATE_KEY].len  = cred->privateKey.length;
-        } else {
-            eapPeerConfig->client_cert = (unsigned char *)cred->clientCertificate.value;
-            eapPeerConfig->private_key = (unsigned char *)cred->privateKey.value;
-        }
+        eapPeerConfig->client_cert = (unsigned char *)cred->clientCertificate.value;
+        eapPeerConfig->private_key = (unsigned char *)cred->privateKey.value;
         eapPeerConfig->private_key_passwd = (unsigned char *)cred->password.value;
     }