mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-27 19:22:34 +01:00
eap: Return specific error when check_settings fails
Change the check_settings eap functions to return a negative errno and return more granular Dbus error from the Connect method.
This commit is contained in:
parent
a83419011e
commit
b1d4db7cc8
@ -603,7 +603,7 @@ static void auth_destroyed(void *data)
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_aka_check_settings(struct l_settings *settings,
|
||||
static int eap_aka_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -613,15 +613,15 @@ static bool eap_aka_check_settings(struct l_settings *settings,
|
||||
auth = iwd_sim_auth_find(false, true);
|
||||
if (!auth) {
|
||||
l_debug("No SIM driver available for EAP-AKA");
|
||||
return false;
|
||||
return -EUNATCH;
|
||||
}
|
||||
|
||||
if (!iwd_sim_auth_get_nai(auth)) {
|
||||
l_error("SIM driver didn't provide NAI");
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_aka_common_load_settings(struct eap_state *eap,
|
||||
|
@ -25,6 +25,7 @@
|
||||
#endif
|
||||
|
||||
#include <stdio.h>
|
||||
#include <errno.h>
|
||||
#include <ell/ell.h>
|
||||
|
||||
#include "eap.h"
|
||||
@ -69,7 +70,7 @@ error:
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_gtc_check_settings(struct l_settings *settings,
|
||||
static int eap_gtc_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -80,10 +81,10 @@ static bool eap_gtc_check_settings(struct l_settings *settings,
|
||||
|
||||
if (!l_settings_get_value(settings, "Security", setting)) {
|
||||
l_error("Property %s is missing", setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_gtc_load_settings(struct eap_state *eap,
|
||||
|
@ -86,7 +86,7 @@ err:
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_md5_check_settings(struct l_settings *settings,
|
||||
static int eap_md5_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -97,10 +97,10 @@ static bool eap_md5_check_settings(struct l_settings *settings,
|
||||
|
||||
if (!l_settings_get_value(settings, "Security", setting)) {
|
||||
l_error("Property %s is missing", setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_md5_load_settings(struct eap_state *eap,
|
||||
|
@ -641,7 +641,7 @@ static void set_user_name(struct eap_mschapv2_state *state, const char *user)
|
||||
state->user = l_strdup(user);
|
||||
}
|
||||
|
||||
static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
static int eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -665,7 +665,7 @@ static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD,
|
||||
setting, NULL);
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix);
|
||||
@ -678,7 +678,7 @@ static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
if (password && password_hash) {
|
||||
l_error("Exactly one of (%s, %s) must be present",
|
||||
setting, setting2);
|
||||
return false;
|
||||
return -EEXIST;
|
||||
}
|
||||
|
||||
if (password_hash) {
|
||||
@ -691,10 +691,10 @@ static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
if (!tmp || len != 16) {
|
||||
l_error("Property %s is not a 16-byte hexstring",
|
||||
setting);
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
} else if (password)
|
||||
goto validate;
|
||||
|
||||
@ -702,7 +702,7 @@ static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
if (!secret) {
|
||||
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
|
||||
setting2, identity);
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
password = secret->value;
|
||||
@ -710,13 +710,13 @@ static bool eap_mschapv2_check_settings(struct l_settings *settings,
|
||||
validate:
|
||||
if (!l_utf8_validate(password, strlen(password), NULL)) {
|
||||
l_error("Password is not valid UTF-8");
|
||||
return false;
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!mschapv2_nt_password_hash(password, hash))
|
||||
return false;
|
||||
return -EINVAL;
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_mschapv2_load_settings(struct eap_state *eap,
|
||||
|
@ -816,7 +816,7 @@ error:
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
static int eap_peap_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -832,7 +832,7 @@ static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(path, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -846,7 +846,7 @@ static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(client_cert, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", client_cert);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -858,7 +858,7 @@ static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
if (path && !client_cert) {
|
||||
l_error("%s present but no client certificate (%s)",
|
||||
entry, client_cert_entry);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
snprintf(passphrase_entry, sizeof(passphrase_entry),
|
||||
@ -886,13 +886,13 @@ static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
if (!encrypted) {
|
||||
l_error("Error loading client private key %s",
|
||||
path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
if (passphrase) {
|
||||
l_error("Error loading encrypted client "
|
||||
"private key %s", path);
|
||||
return false;
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -911,13 +911,13 @@ static bool eap_peap_check_settings(struct l_settings *settings,
|
||||
l_error("%s present but client private "
|
||||
"key %s is not encrypted",
|
||||
passphrase_entry, path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
}
|
||||
} else if (passphrase) {
|
||||
l_error("%s present but no client private key path set (%s)",
|
||||
passphrase_entry, entry);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
snprintf(entry, sizeof(entry), "%sPEAP-Phase2-", prefix);
|
||||
|
@ -609,7 +609,7 @@ static void auth_destroyed(void *data)
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_sim_check_settings(struct l_settings *settings,
|
||||
static int eap_sim_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -619,15 +619,15 @@ static bool eap_sim_check_settings(struct l_settings *settings,
|
||||
auth = iwd_sim_auth_find(true, false);
|
||||
if (!auth) {
|
||||
l_debug("No SIM driver available for EAP-SIM");
|
||||
return false;
|
||||
return -EUNATCH;
|
||||
}
|
||||
|
||||
if (!iwd_sim_auth_get_nai(auth)) {
|
||||
l_error("SIM driver didn't provide NAI");
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_sim_load_settings(struct eap_state *eap,
|
||||
|
@ -372,7 +372,7 @@ err:
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
static int eap_tls_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -388,7 +388,7 @@ static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(path, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -402,7 +402,7 @@ static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(client_cert, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", client_cert);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -414,7 +414,7 @@ static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
if (path && !client_cert) {
|
||||
l_error("%s present but no client certificate (%s)",
|
||||
setting, client_cert_setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
snprintf(passphrase_setting, sizeof(passphrase_setting),
|
||||
@ -442,13 +442,13 @@ static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
if (!encrypted) {
|
||||
l_error("Error loading client private key %s",
|
||||
path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
if (passphrase) {
|
||||
l_error("Error loading encrypted client "
|
||||
"private key %s", path);
|
||||
return false;
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -467,16 +467,16 @@ static bool eap_tls_check_settings(struct l_settings *settings,
|
||||
l_error("%s present but client private "
|
||||
"key %s is not encrypted",
|
||||
passphrase_setting, path);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
}
|
||||
} else if (passphrase) {
|
||||
l_error("%s present but no client private key path set (%s)",
|
||||
passphrase_setting, setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
return true;
|
||||
return 0;
|
||||
}
|
||||
|
||||
static bool eap_tls_load_settings(struct eap_state *eap,
|
||||
|
@ -632,7 +632,7 @@ err:
|
||||
eap_method_error(eap);
|
||||
}
|
||||
|
||||
static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
static int eap_ttls_check_settings(struct l_settings *settings,
|
||||
struct l_queue *secrets,
|
||||
const char *prefix,
|
||||
struct l_queue **out_missing)
|
||||
@ -648,7 +648,7 @@ static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(path, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -662,7 +662,7 @@ static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
cert = l_pem_load_certificate(client_cert, &size);
|
||||
if (!cert) {
|
||||
l_error("Failed to load %s", client_cert);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
l_free(cert);
|
||||
@ -674,7 +674,7 @@ static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
if (path && !client_cert) {
|
||||
l_error("%s present but no client certificate (%s)",
|
||||
setting, client_cert_setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
snprintf(passphrase_setting, sizeof(passphrase_setting),
|
||||
@ -702,13 +702,13 @@ static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
if (!encrypted) {
|
||||
l_error("Error loading client private key %s",
|
||||
path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
|
||||
if (passphrase) {
|
||||
l_error("Error loading encrypted client "
|
||||
"private key %s", path);
|
||||
return false;
|
||||
return -EACCES;
|
||||
}
|
||||
|
||||
/*
|
||||
@ -727,13 +727,13 @@ static bool eap_ttls_check_settings(struct l_settings *settings,
|
||||
l_error("%s present but client private "
|
||||
"key %s is not encrypted",
|
||||
passphrase_setting, path);
|
||||
return false;
|
||||
return -EIO;
|
||||
}
|
||||
}
|
||||
} else if (passphrase) {
|
||||
l_error("%s present but no client private key path set (%s)",
|
||||
passphrase_setting, setting);
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
snprintf(setting, sizeof(setting), "%sTTLS-Phase2-", prefix);
|
||||
|
12
src/eap.c
12
src/eap.c
@ -390,7 +390,7 @@ void eap_secret_info_free(void *data)
|
||||
l_free(info);
|
||||
}
|
||||
|
||||
bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
int eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
const char *prefix, bool set_key_material,
|
||||
struct l_queue **out_missing)
|
||||
{
|
||||
@ -405,7 +405,7 @@ bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
if (!method_name) {
|
||||
l_error("Property %s missing", setting);
|
||||
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
|
||||
for (entry = l_queue_get_entries(eap_methods); entry;
|
||||
@ -419,7 +419,7 @@ bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
if (!entry) {
|
||||
l_error("EAP method \"%s\" unsupported", method_name);
|
||||
|
||||
return false;
|
||||
return -ENOTSUP;
|
||||
}
|
||||
|
||||
/* Check if selected method is suitable for 802.1x */
|
||||
@ -427,7 +427,7 @@ bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
l_error("EAP method \"%s\" doesn't export key material",
|
||||
method_name);
|
||||
|
||||
return false;
|
||||
return -ENOTSUP;
|
||||
}
|
||||
|
||||
/* method may not store identity in settings file */
|
||||
@ -436,12 +436,12 @@ bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
if (!l_settings_get_value(settings, "Security", setting)) {
|
||||
l_error("Property %s is missing", setting);
|
||||
|
||||
return false;
|
||||
return -ENOENT;
|
||||
}
|
||||
}
|
||||
|
||||
if (!method->check_settings)
|
||||
return true;
|
||||
return 0;
|
||||
|
||||
return method->check_settings(settings, secrets, prefix, out_missing);
|
||||
}
|
||||
|
@ -65,7 +65,7 @@ void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type,
|
||||
const char *id, const char *parameter);
|
||||
void eap_secret_info_free(void *data);
|
||||
|
||||
bool eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
int eap_check_settings(struct l_settings *settings, struct l_queue *secrets,
|
||||
const char *prefix, bool set_key_material,
|
||||
struct l_queue **out_missing);
|
||||
bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
|
||||
@ -123,7 +123,7 @@ struct eap_method {
|
||||
bool exports_msk;
|
||||
const char *name;
|
||||
|
||||
bool (*check_settings)(struct l_settings *settings,
|
||||
int (*check_settings)(struct l_settings *settings,
|
||||
struct l_queue *secrets, const char *prefix,
|
||||
struct l_queue **out_missing);
|
||||
|
||||
|
@ -476,7 +476,7 @@ int network_autoconnect(struct network *network, struct scan_bss *bss)
|
||||
if (!network_settings_load(network))
|
||||
return -ENOKEY;
|
||||
|
||||
if (!eap_check_settings(network->settings, network->secrets,
|
||||
if (eap_check_settings(network->settings, network->secrets,
|
||||
"EAP-", true, &missing_secrets) ||
|
||||
!l_queue_isempty(missing_secrets) ||
|
||||
!network_set_8021x_secrets(network)) {
|
||||
@ -892,7 +892,7 @@ static struct l_dbus_message *network_connect_8021x(struct network *network,
|
||||
struct scan_bss *bss,
|
||||
struct l_dbus_message *message)
|
||||
{
|
||||
bool r;
|
||||
int r;
|
||||
struct l_queue *missing_secrets = NULL;
|
||||
struct l_dbus_message *reply;
|
||||
|
||||
@ -900,8 +900,15 @@ static struct l_dbus_message *network_connect_8021x(struct network *network,
|
||||
|
||||
r = eap_check_settings(network->settings, network->secrets, "EAP-",
|
||||
true, &missing_secrets);
|
||||
if (!r) {
|
||||
reply = dbus_error_not_configured(message);
|
||||
if (r) {
|
||||
if (r == -EUNATCH)
|
||||
reply = dbus_error_not_available(message);
|
||||
else if (r == -ENOTSUP)
|
||||
reply = dbus_error_not_supported(message);
|
||||
else if (r == -EACCES)
|
||||
reply = dbus_error_failed(message);
|
||||
else
|
||||
reply = dbus_error_not_configured(message);
|
||||
|
||||
goto error;
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user