diff --git a/src/eap-gtc.c b/src/eap-gtc.c index 842164d9..056e6771 100644 --- a/src/eap-gtc.c +++ b/src/eap-gtc.c @@ -92,8 +92,10 @@ static int eap_gtc_check_settings(struct l_settings *settings, /* no secret found either */ if (!secret) - eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD, - setting, setting2, NULL); + eap_append_secret(out_missing, + EAP_SECRET_REMOTE_USER_PASSWORD, + setting, setting2, NULL, + EAP_CACHE_NEVER); return 0; } @@ -102,7 +104,8 @@ static int eap_gtc_check_settings(struct l_settings *settings, /* identity found, but secret missing */ if (!secret) eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, - setting2, NULL, identity); + setting2, NULL, identity, + EAP_CACHE_NEVER); return 0; } diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c index f5ecde1b..61818cee 100644 --- a/src/eap-mschapv2.c +++ b/src/eap-mschapv2.c @@ -689,7 +689,8 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, } eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD, - setting, setting2, NULL); + setting, setting2, NULL, + EAP_CACHE_TEMPORARY); return 0; } @@ -725,7 +726,8 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, secret = l_queue_find(secrets, eap_secret_info_match, setting2); if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, - setting2, NULL, identity); + setting2, NULL, identity, + EAP_CACHE_TEMPORARY); return 0; } diff --git a/src/eap-peap.c b/src/eap-peap.c index 48f96395..ccd60655 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -943,7 +943,8 @@ static int eap_peap_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_entry, NULL, path); + passphrase_entry, NULL, path, + EAP_CACHE_TEMPORARY); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap-pwd.c b/src/eap-pwd.c index c98e4f5b..cdb7875b 100644 --- a/src/eap-pwd.c +++ b/src/eap-pwd.c @@ -738,7 +738,8 @@ static int eap_pwd_check_settings(struct l_settings *settings, if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD, - setting, setting2, NULL); + setting, setting2, NULL, + EAP_CACHE_TEMPORARY); } return 0; @@ -749,7 +750,8 @@ static int eap_pwd_check_settings(struct l_settings *settings, if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, - setting2, NULL, identity); + setting2, NULL, identity, + EAP_CACHE_TEMPORARY); } } diff --git a/src/eap-tls.c b/src/eap-tls.c index 89e543bd..281e5f01 100644 --- a/src/eap-tls.c +++ b/src/eap-tls.c @@ -478,7 +478,8 @@ static int eap_tls_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_setting, NULL, path); + passphrase_setting, NULL, path, + EAP_CACHE_TEMPORARY); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap-ttls.c b/src/eap-ttls.c index 14c60907..917c151e 100644 --- a/src/eap-ttls.c +++ b/src/eap-ttls.c @@ -728,7 +728,8 @@ static int eap_ttls_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_setting, NULL, path); + passphrase_setting, NULL, path, + EAP_CACHE_TEMPORARY); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap.c b/src/eap.c index 3f073782..96b25de1 100644 --- a/src/eap.c +++ b/src/eap.c @@ -378,7 +378,8 @@ bool eap_secret_info_match(const void *a, const void *b) } void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, - const char *id, const char *id2, const char *parameter) + const char *id, const char *id2, const char *parameter, + enum eap_secret_cache_policy cache_policy) { struct eap_secret_info *info; @@ -390,6 +391,7 @@ void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, info->id2 = l_strdup(id2); info->type = type; info->parameter = l_strdup(parameter); + info->cache_policy = cache_policy; l_queue_push_tail(*out_missing, info); } diff --git a/src/eap.h b/src/eap.h index a8d36dae..83d161c8 100644 --- a/src/eap.h +++ b/src/eap.h @@ -39,12 +39,18 @@ enum eap_secret_type { EAP_SECRET_REMOTE_USER_PASSWORD, }; +enum eap_secret_cache_policy { + EAP_CACHE_NEVER, + EAP_CACHE_TEMPORARY, +}; + struct eap_secret_info { char *id; char *id2; enum eap_secret_type type; char *parameter; char *value; + enum eap_secret_cache_policy cache_policy; }; typedef void (*eap_tx_packet_func_t)(const uint8_t *eap_data, size_t len, @@ -65,7 +71,8 @@ struct eap_state *eap_new(eap_tx_packet_func_t tx_packet, void eap_free(struct eap_state *eap); void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, - const char *id, const char *id2, const char *parameter); + const char *id, const char *id2, const char *parameter, + enum eap_secret_cache_policy cache_policy); int eap_check_settings(struct l_settings *settings, struct l_queue *secrets, const char *prefix, bool set_key_material, diff --git a/src/network.c b/src/network.c index aa6d511c..124bc861 100644 --- a/src/network.c +++ b/src/network.c @@ -108,6 +108,13 @@ static bool network_info_ptr_match(const void *a, const void *b) return a == b; } +static bool network_secret_check_cacheable(void *data, void *user_data) +{ + struct eap_secret_info *secret = data; + + return secret->cache_policy == EAP_CACHE_NEVER; +} + void network_connected(struct network *network) { int err; @@ -142,6 +149,9 @@ void network_connected(struct network *network) if (err < 0) l_error("Error %i reading network timestamp", err); + l_queue_foreach_remove(network->secrets, + network_secret_check_cacheable, network); + /* * If this is the first ever connection to this network, we move the * network_info to the Known Networks list. Otherwise this only has