typedef struct {
/** socket we use for prompting */
FILE *prompt;
+ /** type of secret to unlock */
+ int type;
/** private key file */
char *path;
/** number of tries */
} passphrase_cb_data_t;
/**
- * Callback function to receive Passphrases
+ * Callback function to receive passphrases
*/
static shared_key_t* passphrase_cb(passphrase_cb_data_t *data,
- shared_key_type_t type,
- identification_t *me, identification_t *other,
- id_match_t *match_me, id_match_t *match_other)
+ shared_key_type_t type, identification_t *me,
+ identification_t *other, id_match_t *match_me,
+ id_match_t *match_other)
{
chunk_t secret;
char buf[256];
{
if (data->try > 5)
{
- fprintf(data->prompt, "PIN invalid, giving up.\n");
+ fprintf(data->prompt, "Passphrase invalid, giving up.\n");
return NULL;
}
- fprintf(data->prompt, "PIN invalid!\n");
+ fprintf(data->prompt, "Passphrase invalid!\n");
}
data->try++;
- fprintf(data->prompt, "Private key '%s' is encrypted.\n", data->path);
+ fprintf(data->prompt, "%s '%s' is encrypted.\n",
+ data->type == CRED_PRIVATE_KEY ? "Private key" : "PKCS#12 file",
+ data->path);
fprintf(data->prompt, "Passphrase:\n");
if (fgets(buf, sizeof(buf), data->prompt))
{
}
if (secret.len == 7 && strneq(secret.ptr, "%prompt", 7))
{
- callback_cred_t *cb = NULL;
+ callback_cred_t *cb;
passphrase_cb_data_t pp_data = {
.prompt = prompt,
+ .type = type,
.path = path,
.try = 1,
};
return TRUE;
}
/* use callback credential set to prompt for the passphrase */
- pp_data.prompt = prompt;
- pp_data.path = path;
- pp_data.try = 1;
cb = callback_cred_create_shared((void*)passphrase_cb, &pp_data);
lib->credmgr->add_local_set(lib->credmgr, &cb->set, FALSE);
projects / thirdparty / strongswan.git / commitdiff
