diff options
author | Simon Josefsson <simon@josefsson.org> | 2007-10-17 16:45:04 +0200 |
---|---|---|
committer | Simon Josefsson <simon@josefsson.org> | 2007-10-17 16:45:04 +0200 |
commit | 9678fa354fa4ae5893e13987cf51d0660343d0ee (patch) | |
tree | efaa8114a1869a74cae80e147a2010375b9d9b17 /src | |
parent | 861d0ebc49fdc2fd6abbeef873e5e7508bfc9110 (diff) | |
download | gnutls-9678fa354fa4ae5893e13987cf51d0660343d0ee.tar.gz |
Remove TLS-authz.
Diffstat (limited to 'src')
-rw-r--r-- | src/cli.c | 104 | ||||
-rw-r--r-- | src/cli.gaa | 6 | ||||
-rw-r--r-- | src/serv.c | 112 | ||||
-rw-r--r-- | src/serv.gaa | 6 |
4 files changed, 0 insertions, 228 deletions
@@ -97,19 +97,6 @@ static int comp_priority[PRI_MAX]; static int mac_priority[PRI_MAX]; static int cert_type_priority[PRI_MAX]; -#ifdef ENABLE_AUTHZ - -static int authz_client_formats[PRI_MAX]; -static int authz_server_formats[PRI_MAX] = { - GNUTLS_AUTHZ_X509_ATTR_CERT, - GNUTLS_AUTHZ_X509_ATTR_CERT_URL, - GNUTLS_AUTHZ_SAML_ASSERTION, - GNUTLS_AUTHZ_SAML_ASSERTION_URL, - 0 -}; - -#endif - /* end of global stuff */ /* prototypes */ @@ -381,92 +368,6 @@ cert_callback (gnutls_session_t session, } -#ifdef ENABLE_AUTHZ - -int -authz_send_callback (gnutls_session_t session, - const int *client_formats, const int *server_formats) -{ - size_t i; - int ret; - - printf ("- Server authorization formats: "); - for (i = 0; server_formats[i]; i++) - printf ("%d ", server_formats[i]); - printf ("\n"); - - for (i = 0; client_formats[i]; i++) - { - if (client_formats[i] == GNUTLS_AUTHZ_X509_ATTR_CERT - && info.authz_x509_attr_cert) - { - size_t x509ac_len; - const char *x509ac = read_binary_file (info.authz_x509_attr_cert, - &x509ac_len); - if (!x509ac) - error (EXIT_FAILURE, errno, "%s", info.authz_x509_attr_cert); - - printf (" Sending X.509 Attribute Certificate\n"); - - ret = gnutls_authz_send_x509_attr_cert (session, - x509ac, x509ac_len); - if (ret < 0) - return ret; - } - - if (client_formats[i] == GNUTLS_AUTHZ_SAML_ASSERTION - && info.authz_saml_assertion) - { - size_t samlass_len; - const char *samlass = read_binary_file (info.authz_saml_assertion, - &samlass_len); - if (!samlass) - error (EXIT_FAILURE, errno, "%s", info.authz_saml_assertion); - - printf (" Sending SAML assertion\n"); - - ret = gnutls_authz_send_saml_assertion (session, - samlass, samlass_len); - if (ret < 0) - return ret; - } - } - - return 0; -} - -int -authz_recv_callback (gnutls_session_t session, - const int *authz_formats, - gnutls_datum_t * infos, - const int *hashtypes, gnutls_datum_t * hash) -{ - size_t i, j; - - for (i = 0; authz_formats[i]; i++) - { - printf ("- Received authorization data, format %02x of %d bytes\n", - authz_formats[i], infos[i].size); - - printf (" data: "); - for (j = 0; j < infos[i].size; j++) - printf ("%02x", infos[i].data[j]); - printf ("\n"); - - if (hash[i].size > 0) - { - printf (" hash: "); - for (j = 0; j < hash[i].size; j++) - printf ("%02x", hash[i].data[j]); - printf (" type %02x\n", hashtypes[i]); - } - } - - return 0; -} - -#endif - /* initializes a gnutls_session_t with some defaults. */ static gnutls_session_t @@ -528,11 +429,6 @@ init_tls_session (const char *hostname) } } -#ifdef ENABLE_AUTHZ - gnutls_authz_enable (session, authz_client_formats, authz_server_formats, - authz_recv_callback, authz_send_callback); -#endif - #ifdef ENABLE_OPRFI if (info.opaque_prf_input) gnutls_oprfi_enable_client (session, strlen (info.opaque_prf_input), diff --git a/src/cli.gaa b/src/cli.gaa index bbdd097e20..a82ac09fee 100644 --- a/src/cli.gaa +++ b/src/cli.gaa @@ -98,12 +98,6 @@ option (pskusername) STR "NAME" { $psk_username = $1 } "PSK username to use." #char *psk_key; option (pskkey) STR "KEY" { $psk_key = $1 } "PSK key (in hex) to use." -#char *authz_x509_attr_cert; -option (authz-x509-attr-cert) STR "FILE" { $authz_x509_attr_cert = $1 } "Use X.509 Attribute Certificate in FILE as authorization data." - -#char *authz_saml_assertion; -option (authz-saml-assertion) STR "FILE" { $authz_saml_assertion = $1 } "Use SAML Assertion in FILE as authorization data." - #char *opaque_prf_input; option (opaque-prf-input) STR "DATA" { $opaque_prf_input = $1 } "Use Opaque PRF Input DATA." diff --git a/src/serv.c b/src/serv.c index 4abeb57698..e5c54f75f3 100644 --- a/src/serv.c +++ b/src/serv.c @@ -336,103 +336,6 @@ static int comp_priority[PRI_MAX]; static int mac_priority[PRI_MAX]; static int cert_type_priority[PRI_MAX]; -#ifdef ENABLE_AUTHZ -static int authz_server_formats[PRI_MAX] = { - 0 -}; -static int authz_client_formats[PRI_MAX] = { - GNUTLS_AUTHZ_X509_ATTR_CERT, - GNUTLS_AUTHZ_SAML_ASSERTION, - GNUTLS_AUTHZ_X509_ATTR_CERT_URL, - GNUTLS_AUTHZ_SAML_ASSERTION_URL, - 0 -}; - -int -authz_send_callback (gnutls_session_t session, - const int *client_formats, - const int *server_formats) -{ - size_t i; - int ret; - - printf ("- Client authorization formats: "); - for (i = 0; client_formats[i]; i++) - printf ("%d ", client_formats[i]); - printf ("\n"); - - for (i = 0; server_formats[i]; i++) - { - if (server_formats[i] == GNUTLS_AUTHZ_X509_ATTR_CERT - && info.authz_x509_attr_cert) - { - size_t x509ac_len; - const char *x509ac = read_binary_file (info.authz_x509_attr_cert, - &x509ac_len); - if (!x509ac) - error (EXIT_FAILURE, errno, "%s", info.authz_x509_attr_cert); - - printf (" Sending X.509 Attribute Certificate\n"); - - ret = gnutls_authz_send_x509_attr_cert (session, - x509ac, x509ac_len); - if (ret < 0) - return ret; - } - - if (server_formats[i] == GNUTLS_AUTHZ_SAML_ASSERTION - && info.authz_saml_assertion) - { - size_t samlass_len; - const char *samlass = read_binary_file (info.authz_saml_assertion, - &samlass_len); - if (!samlass) - error (EXIT_FAILURE, errno, "%s", info.authz_saml_assertion); - - printf (" Sending SAML assertion\n"); - - ret = gnutls_authz_send_saml_assertion (session, - samlass, samlass_len); - if (ret < 0) - return ret; - } - } - - return 0; -} - -int -authz_recv_callback (gnutls_session_t session, - const int *authz_formats, - gnutls_datum_t *infos, - const int *hashtypes, - gnutls_datum_t *hash) -{ - size_t i, j; - - for (i = 0; authz_formats[i]; i++) - { - printf ("- Received authorization data, format %02x of %d bytes\n", - authz_formats[i], infos[i].size); - - printf (" data: "); - for (j = 0; j < infos[i].size; j++) - printf ("%02x", infos[i].data[j]); - printf ("\n"); - - if (hash[i].size > 0) - { - printf (" hash: "); - for (j = 0; j < hash[i].size; j++) - printf ("%02x", hash[i].data[j]); - printf (" type %02x\n", hashtypes[i]); - } - } - - return 0; -} -#endif - #if ENABLE_OPRFI int oprfi_callback (gnutls_session_t session, @@ -511,11 +414,6 @@ initialize_session (void) gnutls_certificate_server_set_request (session, GNUTLS_CERT_REQUEST); } -#ifdef ENABLE_AUTHZ - gnutls_authz_enable (session, authz_client_formats, authz_server_formats, - authz_recv_callback, authz_send_callback); -#endif - #ifdef ENABLE_OPRFI if (info.opaque_prf_input) gnutls_oprfi_enable_server (session, oprfi_callback, NULL); @@ -1479,16 +1377,6 @@ gaa_parser (int argc, char **argv) parse_ctypes (info.ctype, info.nctype, cert_type_priority); parse_kx (info.kx, info.nkx, kx_priority); parse_comp (info.comp, info.ncomp, comp_priority); - -#ifdef ENABLE_AUTHZ - { - size_t authz_idx = 0; - if (info.authz_x509_attr_cert) - authz_server_formats[authz_idx++] = GNUTLS_AUTHZ_X509_ATTR_CERT; - if (info.authz_saml_assertion) - authz_server_formats[authz_idx++] = GNUTLS_AUTHZ_SAML_ASSERTION; - } -#endif } void diff --git a/src/serv.gaa b/src/serv.gaa index 8a54e1a292..46f7a73fae 100644 --- a/src/serv.gaa +++ b/src/serv.gaa @@ -76,12 +76,6 @@ option (srppasswd) STR "FILE" { $srp_passwd = $1 } "SRP password file to use." #char *srp_passwd_conf; option (srppasswdconf) STR "FILE" { $srp_passwd_conf = $1 } "SRP password conf file to use." -#char *authz_x509_attr_cert; -option (authz-x509-attr-cert) STR "FILE" { $authz_x509_attr_cert = $1 } "Use X.509 Attribute Certificate in FILE as authorization data." - -#char *authz_saml_assertion; -option (authz-saml-assertion) STR "FILE" { $authz_saml_assertion = $1 } "Use SAML Assertion in FILE as authorization data." - #char *opaque_prf_input; option (opaque-prf-input) STR "DATA" { $opaque_prf_input = $1 } "Use Opaque PRF Input DATA." |