Kernel/iwd
3
0
Fork 0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-26 10:39:23 +01:00
Code Releases Activity

eap-ttls: Extract credentials into dedicated struct

Browse Source
This commit is contained in:
Tim Kourt 2019-01-10 14:34:24 -08:00 committed by Denis Kenzior
parent bb4e1ebd4f
commit af297039b1
1 changed files with 26 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

64
src/eap-ttls.c
View File

@ -356,68 +356,57 @@ struct phase2_method_ops {
bool (*reset)(void *state); bool (*reset)(void *state);
}; };
struct phase2_method {
void *state;
const struct phase2_method_ops *ops;
};
struct phase2_credentials { struct phase2_credentials {
char *username; char *username;
char *password; char *password;
}; };
static void eap_ttls_phase2_credentials_destroy(void *state) struct phase2_method {
{ void *state;
struct phase2_credentials *credentials = state; struct phase2_credentials credentials;
const struct phase2_method_ops *ops;
};
static void eap_ttls_phase2_credentials_destroy(
struct phase2_credentials *credentials)
{
if (!credentials) if (!credentials)
return; return;
if (credentials->password)
memset(credentials->password, 0, strlen(credentials->password));
l_free(credentials->username); l_free(credentials->username);
memset(credentials->password, 0, strlen(credentials->password));
l_free(credentials->password); l_free(credentials->password);
l_free(credentials);
} }
static bool eap_ttls_phase2_non_eap_load_settings(struct phase2_method *phase2, static bool eap_ttls_phase2_non_eap_load_settings(struct phase2_method *phase2,
struct l_settings *settings, struct l_settings *settings,
const char *prefix) const char *prefix)
{ {
struct phase2_credentials *credentials;
char setting[128]; char setting[128];
credentials = l_new(struct phase2_credentials, 1);
snprintf(setting, sizeof(setting), "%sIdentity", prefix); snprintf(setting, sizeof(setting), "%sIdentity", prefix);
credentials->username = phase2->credentials.username =
l_settings_get_string(settings, "Security", setting); l_settings_get_string(settings, "Security", setting);
if (!credentials->username) { if (!phase2->credentials.username) {
l_error("Phase 2 Identity is missing."); l_error("Phase 2 Identity is missing.");
goto error; return false;
} }
snprintf(setting, sizeof(setting), "%sPassword", prefix); snprintf(setting, sizeof(setting), "%sPassword", prefix);
credentials->password = phase2->credentials.password =
l_settings_get_string(settings, "Security", setting); l_settings_get_string(settings, "Security", setting);
if (!credentials->password) { if (!phase2->credentials.password) {
l_error("Phase 2 Password is missing."); l_error("Phase 2 Password is missing.");
goto error; l_free(phase2->credentials.username);
return false;
} }
phase2->state = credentials;
return true; return true;
error:
l_free(credentials->username);
l_free(credentials->password);
l_free(credentials);
return false;
} }
static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap, static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap,
@ -432,7 +421,7 @@ static bool eap_ttls_phase2_chap_generate_challenge(struct eap_state *eap,
static bool eap_ttls_phase2_chap_init(struct eap_state *eap) static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
{ {
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap); struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
struct phase2_credentials *credentials = phase2->state; struct phase2_credentials *credentials = &phase2->credentials;
struct avp_builder *builder; struct avp_builder *builder;
uint8_t challenge[CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN]; uint8_t challenge[CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
uint8_t password_hash[CHAP_PASSWORD_LEN]; uint8_t password_hash[CHAP_PASSWORD_LEN];
@ -481,13 +470,12 @@ static bool eap_ttls_phase2_chap_init(struct eap_state *eap)
static const struct phase2_method_ops phase2_chap_ops = { static const struct phase2_method_ops phase2_chap_ops = {
.init = eap_ttls_phase2_chap_init, .init = eap_ttls_phase2_chap_init,
.destroy = eap_ttls_phase2_credentials_destroy,
}; };
static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap) static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
{ {
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap); struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
struct phase2_credentials *credentials = phase2->state; struct phase2_credentials *credentials = &phase2->credentials;
struct avp_builder *builder; struct avp_builder *builder;
uint8_t challenge[MS_CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN]; uint8_t challenge[MS_CHAP_CHALLENGE_LEN + CHAP_IDENT_LEN];
uint8_t password_hash[16]; uint8_t password_hash[16];
@ -524,21 +512,20 @@ static bool eap_ttls_phase2_ms_chap_init(struct eap_state *eap)
static const struct phase2_method_ops phase2_mschap_ops = { static const struct phase2_method_ops phase2_mschap_ops = {
.init = eap_ttls_phase2_ms_chap_init, .init = eap_ttls_phase2_ms_chap_init,
.destroy = eap_ttls_phase2_credentials_destroy,
}; };
static bool eap_ttls_phase2_pap_init(struct eap_state *eap) static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
{ {
struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap); struct phase2_method *phase2 = eap_tls_common_get_variant_data(eap);
struct phase2_credentials *state = phase2->state; struct phase2_credentials *credentials = &phase2->credentials;
struct avp_builder *builder; struct avp_builder *builder;
uint8_t *buf; uint8_t *buf;
size_t buf_len; size_t buf_len;
builder = avp_builder_new(512); builder = avp_builder_new(512);
build_avp_user_name(builder, state->username); build_avp_user_name(builder, credentials->username);
build_avp_user_password(builder, state->password); build_avp_user_password(builder, credentials->password);
buf = avp_builder_free(builder, false, &buf_len); buf = avp_builder_free(builder, false, &buf_len);
@ -550,7 +537,6 @@ static bool eap_ttls_phase2_pap_init(struct eap_state *eap)
static const struct phase2_method_ops phase2_pap_ops = { static const struct phase2_method_ops phase2_pap_ops = {
.init = eap_ttls_phase2_pap_init, .init = eap_ttls_phase2_pap_init,
.destroy = eap_ttls_phase2_credentials_destroy,
}; };
static void eap_ttls_phase2_eap_send_response(const uint8_t *data, size_t len, static void eap_ttls_phase2_eap_send_response(const uint8_t *data, size_t len,
@ -734,6 +720,8 @@ static void eap_ttls_state_destroy(void *data)
{ {
struct phase2_method *phase2 = data; struct phase2_method *phase2 = data;
eap_ttls_phase2_credentials_destroy(&phase2->credentials);
if (phase2->ops->destroy) if (phase2->ops->destroy)
phase2->ops->destroy(phase2->state); phase2->ops->destroy(phase2->state);