1 #include <sys/types.h>
2 #include <sys/stat.h>
3 #include <fcntl.h>
4 #include <pwd.h>
5 #include <limits.h>
6 #include <stdio.h>
7 #include <stdlib.h>
8 #include <string.h>
9 #include <syslog.h>
10 #include <openssl/bn.h>
11 #include <openssl/pem.h>
12 #include <openssl/x509.h>
13
match_user_opensc(EVP_PKEY * authkey,const char * login)14 extern int match_user_opensc(EVP_PKEY *authkey, const char *login)
15 {
16 char filename[PATH_MAX];
17 struct passwd *pw;
18 int found;
19 BIO *in;
20 X509 *cert = NULL;
21
22 if (NULL == authkey || NULL == login)
23 return -1;
24
25 pw = getpwnam(login);
26 if (!pw || !pw->pw_dir)
27 return -1;
28
29 snprintf(filename, PATH_MAX, "%s/.eid/authorized_certificates",
30 pw->pw_dir);
31
32 in = BIO_new(BIO_s_file());
33 if (!in)
34 return -1;
35
36 if (BIO_read_filename(in, filename) != 1) {
37 syslog(LOG_ERR, "BIO_read_filename from %s failed\n", filename);
38 return -1;
39 }
40
41 found = 0;
42 do {
43 EVP_PKEY *key;
44 if (NULL == PEM_read_bio_X509(in, &cert, 0, NULL)) {
45 break;
46 }
47 key = X509_get_pubkey(cert);
48 if (key == NULL)
49 continue;
50
51 if (1 == EVP_PKEY_cmp(authkey, key)) {
52 found = 1;
53 }
54 EVP_PKEY_free(key);
55 } while (found == 0);
56
57 if (cert) {
58 X509_free(cert);
59 }
60
61 BIO_free(in);
62
63 return found;
64 }
65