eap-ttls: Extract credentials into dedicated struct
This commit is contained in:
Tim Kourt
Denis Kenzior
parent
bb4e1ebd4f
commit
af297039b1
|
|
@ -356,68 +356,57 @@ struct phase2_method_ops {
|
||||||
bool (*reset)(void *state);
|
bool (*reset)(void *state);
|
||||||
};
|
};
|
||||||
|
|
||||||
struct phase2_method {
|
|
||||||
void *state;
|
|
||||||
const struct phase2_method_ops *ops;
|
|
||||||
};
|
|
||||||
|
|
||||||
struct phase2_credentials {
|
struct phase2_credentials {
|
||||||
char *username;
|
char *username;
|
||||||
char *password;
|
char *password;
|
||||||
};
|
};
|
||||||
|
|
||||||
static void eap_ttls_phase2_credentials_destroy(void *state)
|
struct phase2_method {
|
||||||
{
|
void *state;
|
||||||
struct phase2_credentials *credentials = state;
|
struct phase2_credentials credentials;
|
||||||
|
const struct phase2_method_ops *ops;
|
||||||
|
};
|
||||||
|
|
||||||
|
static void eap_ttls_phase2_credentials_destroy(
|
||||||
|
struct phase2_credentials *credentials)
|
||||||
|
{
|
||||||
if (!credentials)
|
if (!credentials)
|
||||||
return;
|
return;
|
||||||
|
|
||||||
|
if (credentials->password)
|
||||||
|
memset(credentials->password, 0, strlen(credentials->password));
|
||||||
|
|
||||||
l_free(credentials->username);
|
l_free(credentials->username);
|
||||||
|
|
||||||
memset(credentials->password, 0, strlen(credentials->password));
|
|
||||||
l_free(credentials->password);
|
l_free(credentials->password);
|
||||||
|
|
||||||
l_free(credentials);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool eap_ttls_phase2_non_eap_load_settings(struct phase2_method *phase2,
|
static bool eap_ttls_phase2_non_eap_load_settings(struct phase2_method *phase2,
|
||||||
struct l_settings *settings,
|
struct l_settings *settings,
|
||||||
const char *prefix)
|
const char *prefix)
|
||||||
{
|
{
|
||||||
struct phase2_credentials *credentials;
|
|
||||||
char setting[128];
|
char setting[128];
|
||||||
|
|
||||||
credentials = l_new(struct phase2_credentials, 1);
|
|
||||||
|
|
||||||
snprintf(setting, sizeof(setting), "%sIdentity", prefix);
|
snprintf(setting, sizeof(setting), "%sIdentity", prefix);
|
||||||
credentials->username =
|
phase2->credentials.username =
|
||||||
l_settings_get_string(settings, "Security", setting);
|
l_settings_get_string(settings, "Security", setting);
|
||||||
|
|
||||||
if (!credentials->username) {
|
if (!phase2->credentials.username) {
|
||||||
l_error("Phase 2 Identity is missing.");
|
l_error("Phase 2 Identity is missing.");
|
||||||
goto error;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
snprintf(setting, sizeof(setting), "%sPassword", prefix);
|
snprintf(setting, sizeof(setting), "%sPassword", prefix);
|
||||||
credentials->password =
|
phase2->credentials.password =
|
||||||
l_settings_get_string(settings, "Security", setting);
|
l_settings_get_string(settings, "Security", setting);
|
||||||
|
|
||||||
if (!credentials->password) {
|
if (!phase2->credentials.password) {
|
||||||
l_error("Phase 2 Password is missing.");
|
l_error("Phase 2 Password is missing.");
|
||||||
goto error;
|
l_free(phase2->credentials.username);
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
phase2->state = credentials;
|
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
|
|
||||||
error:
|
|
||||||
l_free(credentials->username);
|
|
||||||
l_free(credentials->password);
|
|
||||||
l_free(credentials);
|
|
||||||
|
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap,
|
static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap,
|
||||||
|
|
@ -432,7 +421,7 @@ static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap,
|
||||||
static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
|
static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
||||||
struct phase2_credentials *credentials = phase2->state;
|
struct phase2_credentials *credentials = &phase2->credentials;
|
||||||
struct avp_builder *builder;
|
struct avp_builder *builder;
|
||||||
uint8_t challenge[CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
|
uint8_t challenge[CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
|
||||||
uint8_t password_hash[CHAP_PASSWORD_LEN];
|
uint8_t password_hash[CHAP_PASSWORD_LEN];
|
||||||
|
|
@ -481,13 +470,12 @@ static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
|
||||||
|
|
||||||
static const struct phase2_method_ops phase2_chap_ops = {
|
static const struct phase2_method_ops phase2_chap_ops = {
|
||||||
.init = eap_ttls_phase2_chap_init,
|
.init = eap_ttls_phase2_chap_init,
|
||||||
.destroy = eap_ttls_phase2_credentials_destroy,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
|
static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
||||||
struct phase2_credentials *credentials = phase2->state;
|
struct phase2_credentials *credentials = &phase2->credentials;
|
||||||
struct avp_builder *builder;
|
struct avp_builder *builder;
|
||||||
uint8_t challenge[MS_CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
|
uint8_t challenge[MS_CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
|
||||||
uint8_t password_hash[16];
|
uint8_t password_hash[16];
|
||||||
|
|
@ -524,21 +512,20 @@ static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
|
||||||
|
|
||||||
static const struct phase2_method_ops phase2_mschap_ops = {
|
static const struct phase2_method_ops phase2_mschap_ops = {
|
||||||
.init = eap_ttls_phase2_ms_chap_init,
|
.init = eap_ttls_phase2_ms_chap_init,
|
||||||
.destroy = eap_ttls_phase2_credentials_destroy,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
|
static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
|
||||||
struct phase2_credentials *state = phase2->state;
|
struct phase2_credentials *credentials = &phase2->credentials;
|
||||||
struct avp_builder *builder;
|
struct avp_builder *builder;
|
||||||
uint8_t *buf;
|
uint8_t *buf;
|
||||||
size_t buf_len;
|
size_t buf_len;
|
||||||
|
|
||||||
builder = avp_builder_new(512);
|
builder = avp_builder_new(512);
|
||||||
|
|
||||||
build_avp_user_name(builder, state->username);
|
build_avp_user_name(builder, credentials->username);
|
||||||
build_avp_user_password(builder, state->password);
|
build_avp_user_password(builder, credentials->password);
|
||||||
|
|
||||||
buf = avp_builder_free(builder, false, &buf_len);
|
buf = avp_builder_free(builder, false, &buf_len);
|
||||||
|
|
||||||
|
|
@ -550,7 +537,6 @@ static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
|
||||||
|
|
||||||
static const struct phase2_method_ops phase2_pap_ops = {
|
static const struct phase2_method_ops phase2_pap_ops = {
|
||||||
.init = eap_ttls_phase2_pap_init,
|
.init = eap_ttls_phase2_pap_init,
|
||||||
.destroy = eap_ttls_phase2_credentials_destroy,
|
|
||||||
};
|
};
|
||||||
|
|
||||||
static void eap_ttls_phase2_eap_send_response(const uint8_t *data, size_t len,
|
static void eap_ttls_phase2_eap_send_response(const uint8_t *data, size_t len,
|
||||||
|
|
@ -734,6 +720,8 @@ static void eap_ttls_state_destroy(void *data)
|
||||||
{
|
{
|
||||||
struct phase2_method *phase2 = data;
|
struct phase2_method *phase2 = data;
|
||||||
|
|
||||||
|
eap_ttls_phase2_credentials_destroy(&phase2->credentials);
|
||||||
|
|
||||||
if (phase2->ops->destroy)
|
if (phase2->ops->destroy)
|
||||||
phase2->ops->destroy(phase2->state);
|
phase2->ops->destroy(phase2->state);
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue