mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 13:02:44 +01:00
eap: Add secret cache policy types
eap_append_secret now takes a new cache_policy parameter which can be used by the EAP method to signal that the value received from the agent is to never be cached, i.e. each value can only be used once. The parameter value should be EAP_CACHE_NEVER for this and we use this in value EAP-GTC where the secret tokens are one time use. The EAP_CACHE_TEMPORARY value is used in other methods, it preserves the default behaviour where a secret can be cached for as long as the network stays in range (this is the current implementation more than a design choice I believe, I didn't go for a more specific enum name as this may still change I suppose).
This commit is contained in:
parent
99d1e0595e
commit
4ffb97faa1
@ -92,8 +92,10 @@ static int eap_gtc_check_settings(struct l_settings *settings,
|
||||
|
||||
/* no secret found either */
|
||||
if (!secret)
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
setting, setting2, NULL);
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
setting, setting2, NULL,
|
||||
EAP_CACHE_NEVER);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -102,7 +104,8 @@ static int eap_gtc_check_settings(struct l_settings *settings,
|
||||
/* identity found, but secret missing */
|
||||
if (!secret)
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
|
||||
setting2, NULL, identity);
|
||||
setting2, NULL, identity,
|
||||
EAP_CACHE_NEVER);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
@ -689,7 +689,8 @@ static int eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
}
|
||||
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
setting, setting2, NULL);
|
||||
setting, setting2, NULL,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -725,7 +726,8 @@ static int eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
secret = l_queue_find(secrets, eap_secret_info_match, setting2);
|
||||
if (!secret) {
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
|
||||
setting2, NULL, identity);
|
||||
setting2, NULL, identity,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -943,7 +943,8 @@ static int eap_peap_check_settings(struct l_settings *settings,
|
||||
*/
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_LOCAL_PKEY_PASSPHRASE,
|
||||
passphrase_entry, NULL, path);
|
||||
passphrase_entry, NULL, path,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
} else {
|
||||
memset(priv_key, 0, size);
|
||||
l_free(priv_key);
|
||||
|
@ -738,7 +738,8 @@ static int eap_pwd_check_settings(struct l_settings *settings,
|
||||
if (!secret) {
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
setting, setting2, NULL);
|
||||
setting, setting2, NULL,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
}
|
||||
|
||||
return 0;
|
||||
@ -749,7 +750,8 @@ static int eap_pwd_check_settings(struct l_settings *settings,
|
||||
if (!secret) {
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_REMOTE_PASSWORD,
|
||||
setting2, NULL, identity);
|
||||
setting2, NULL, identity,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -478,7 +478,8 @@ static int eap_tls_check_settings(struct l_settings *settings,
|
||||
*/
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_LOCAL_PKEY_PASSPHRASE,
|
||||
passphrase_setting, NULL, path);
|
||||
passphrase_setting, NULL, path,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
} else {
|
||||
memset(priv_key, 0, size);
|
||||
l_free(priv_key);
|
||||
|
@ -728,7 +728,8 @@ static int eap_ttls_check_settings(struct l_settings *settings,
|
||||
*/
|
||||
eap_append_secret(out_missing,
|
||||
EAP_SECRET_LOCAL_PKEY_PASSPHRASE,
|
||||
passphrase_setting, NULL, path);
|
||||
passphrase_setting, NULL, path,
|
||||
EAP_CACHE_TEMPORARY);
|
||||
} else {
|
||||
memset(priv_key, 0, size);
|
||||
l_free(priv_key);
|
||||
|
@ -378,7 +378,8 @@ bool eap_secret_info_match(const void *a, const void *b)
|
||||
}
|
||||
|
||||
void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type,
|
||||
const char *id, const char *id2, const char *parameter)
|
||||
const char *id, const char *id2, const char *parameter,
|
||||
enum eap_secret_cache_policy cache_policy)
|
||||
{
|
||||
struct eap_secret_info *info;
|
||||
|
||||
@ -390,6 +391,7 @@ void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type,
|
||||
info->id2 = l_strdup(id2);
|
||||
info->type = type;
|
||||
info->parameter = l_strdup(parameter);
|
||||
info->cache_policy = cache_policy;
|
||||
l_queue_push_tail(*out_missing, info);
|
||||
}
|
||||
|
||||
|
@ -39,12 +39,18 @@ enum eap_secret_type {
|
||||
EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
};
|
||||
|
||||
enum eap_secret_cache_policy {
|
||||
EAP_CACHE_NEVER,
|
||||
EAP_CACHE_TEMPORARY,
|
||||
};
|
||||
|
||||
struct eap_secret_info {
|
||||
char *id;
|
||||
char *id2;
|
||||
enum eap_secret_type type;
|
||||
char *parameter;
|
||||
char *value;
|
||||
enum eap_secret_cache_policy cache_policy;
|
||||
};
|
||||
|
||||
typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len,
|
||||
@ -65,7 +71,8 @@ struct eap_state *eap_new(eap_tx_packet_func_t tx_packet,
|
||||
void eap_free(struct eap_state *eap);
|
||||
|
||||
void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type,
|
||||
const char *id, const char *id2, const char *parameter);
|
||||
const char *id, const char *id2, const char *parameter,
|
||||
enum eap_secret_cache_policy cache_policy);
|
||||
|
||||
int eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
const char *prefix, bool set_key_material,
|
||||
|
@ -108,6 +108,13 @@ static bool network_info_ptr_match(const void *a, const void *b)
|
||||
return a == b;
|
||||
}
|
||||
|
||||
static bool network_secret_check_cacheable(void *data, void *user_data)
|
||||
{
|
||||
struct eap_secret_info *secret = data;
|
||||
|
||||
return secret->cache_policy == EAP_CACHE_NEVER;
|
||||
}
|
||||
|
||||
void network_connected(struct network *network)
|
||||
{
|
||||
int err;
|
||||
@ -142,6 +149,9 @@ void network_connected(struct network *network)
|
||||
if (err < 0)
|
||||
l_error("Error %i reading network timestamp", err);
|
||||
|
||||
l_queue_foreach_remove(network->secrets,
|
||||
network_secret_check_cacheable, network);
|
||||
|
||||
/*
|
||||
* If this is the first ever connection to this network, we move the
|
||||
* network_info to the Known Networks list. Otherwise this only has
|
||||
|
Loading…
Reference in New Issue
Block a user