diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-09-23 17:11:35 +0200 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2017-02-23 10:15:04 +0100 |
| commit | dd17a3aaddab6f122dff3bd15b7005464c07c0ea (patch) | |
| tree | 2789a97339b086c74c0b01610cca3f7b7a374b7b /src/util/authtok-utils.c | |
| parent | f70d946f8cde55b6bdc09345e22849842bca4387 (diff) | |
| download | sssd-dd17a3aaddab6f122dff3bd15b7005464c07c0ea.tar.gz sssd-dd17a3aaddab6f122dff3bd15b7005464c07c0ea.tar.xz sssd-dd17a3aaddab6f122dff3bd15b7005464c07c0ea.zip | |
authtok: enhance support for Smartcard auth blobs
The blobs contains beside the PIN the name of the PKCS#11 module and the
token name where the certificate of the user was found and the key id.
Those data will be used e.g. by the pkinit module to make sure them
right certificate is used.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/util/authtok-utils.c')
| -rw-r--r-- | src/util/authtok-utils.c | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/src/util/authtok-utils.c b/src/util/authtok-utils.c index 65fba9022..e7123df34 100644 --- a/src/util/authtok-utils.c +++ b/src/util/authtok-utils.c @@ -72,3 +72,94 @@ errno_t sss_auth_pack_2fa_blob(const char *fa1, size_t fa1_len, return 0; } + +errno_t sss_auth_pack_sc_blob(const char *pin, size_t pin_len, + const char *token_name, size_t token_name_len, + const char *module_name, size_t module_name_len, + const char *key_id, size_t key_id_len, + uint8_t *buf, size_t buf_len, + size_t *_sc_blob_len) +{ + size_t c; + uint32_t tmp_uint32_t; + + if (pin_len > UINT32_MAX || token_name_len > UINT32_MAX + || module_name_len > UINT32_MAX + || (pin_len != 0 && pin == NULL) + || (token_name_len != 0 && token_name == NULL) + || (module_name_len != 0 && module_name == NULL) + || (key_id_len != 0 && key_id == NULL)) { + return EINVAL; + } + + /* A missing pin is ok in the case of a reader with a keyboard */ + if (pin == NULL) { + pin = ""; + pin_len = 0; + } + + if (token_name == NULL) { + token_name = ""; + token_name_len = 0; + } + + if (module_name == NULL) { + module_name = ""; + module_name_len = 0; + } + + if (key_id == NULL) { + key_id = ""; + key_id_len = 0; + } + + /* len should not include the trailing \0 */ + if (pin_len == 0 || pin[pin_len - 1] == '\0') { + pin_len = strlen(pin); + } + + if (token_name_len == 0 || token_name[token_name_len - 1] == '\0') { + token_name_len = strlen(token_name); + } + + if (module_name_len == 0 || module_name[module_name_len - 1] == '\0') { + module_name_len = strlen(module_name); + } + + if (key_id_len == 0 || key_id[key_id_len - 1] == '\0') { + key_id_len = strlen(key_id); + } + + *_sc_blob_len = pin_len + token_name_len + module_name_len + key_id_len + 4 + + 4 * sizeof(uint32_t); + if (buf == NULL || buf_len < *_sc_blob_len) { + return EAGAIN; + } + + c = 0; + tmp_uint32_t = (uint32_t) pin_len + 1; + SAFEALIGN_COPY_UINT32(buf, &tmp_uint32_t, &c); + tmp_uint32_t = (uint32_t) token_name_len + 1; + SAFEALIGN_COPY_UINT32(buf + c, &tmp_uint32_t, &c); + tmp_uint32_t = (uint32_t) module_name_len + 1; + SAFEALIGN_COPY_UINT32(buf + c, &tmp_uint32_t, &c); + tmp_uint32_t = (uint32_t) key_id_len + 1; + SAFEALIGN_COPY_UINT32(buf + c, &tmp_uint32_t, &c); + + memcpy(buf + c, pin, pin_len); + buf[c + pin_len] = '\0'; + c += pin_len + 1; + + memcpy(buf + c, token_name, token_name_len); + buf[c + token_name_len] = '\0'; + c += token_name_len + 1; + + memcpy(buf + c, module_name, module_name_len); + buf[c + module_name_len] = '\0'; + c += module_name_len + 1; + + memcpy(buf + c, key_id, key_id_len); + buf[c + key_id_len] = '\0'; + + return 0; +} |