diff --git a/src/eap-mschapv2.c b/src/eap-mschapv2.c index ea64d46a..59b27d38 100644 --- a/src/eap-mschapv2.c +++ b/src/eap-mschapv2.c @@ -670,6 +670,9 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, snprintf(setting, sizeof(setting), "%sIdentity", prefix); identity = l_settings_get_value(settings, "Security", setting); + snprintf(setting2, sizeof(setting2), "%sPassword", prefix); + password = l_settings_get_value(settings, "Security", setting2); + if (!identity) { secret = l_queue_find(secrets, eap_secret_info_match, setting); if (secret) { @@ -680,7 +683,7 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, } eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD, - setting, NULL); + setting, setting2, NULL); return 0; } @@ -688,9 +691,6 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, password_hash = l_settings_get_value(settings, "Security", setting); - snprintf(setting2, sizeof(setting2), "%sPassword", prefix); - password = l_settings_get_value(settings, "Security", setting2); - if (password && password_hash) { l_error("Exactly one of (%s, %s) must be present", setting, setting2); @@ -717,7 +717,7 @@ static int eap_mschapv2_check_settings(struct l_settings *settings, secret = l_queue_find(secrets, eap_secret_info_match, setting2); if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, - setting2, identity); + setting2, NULL, identity); return 0; } @@ -740,53 +740,37 @@ static bool eap_mschapv2_load_settings(struct eap_state *eap, const char *prefix) { struct eap_mschapv2_state *state; - const char *identity, *password = NULL; + const char *identity, *password; char setting[64]; state = l_new(struct eap_mschapv2_state, 1); snprintf(setting, sizeof(setting), "%sIdentity", prefix); identity = l_settings_get_value(settings, "Security", setting); - - if (!identity) { - snprintf(setting, sizeof(setting), "%sIdentity-User", prefix); - identity = l_settings_get_value(settings, "Security", setting); - if (!identity) - goto error; - - snprintf(setting, sizeof(setting), "%sIdentity-Password", - prefix); - password = l_settings_get_value(settings, "Security", setting); - if (!password) - goto error; - - set_password_from_string(state, password); - } + if (!identity) + goto error; set_user_name(state, identity); state->user_len = strlen(state->user); /* Either read the password-hash from hexdump or password and hash it */ + snprintf(setting, sizeof(setting), "%sPassword", prefix); + password = l_settings_get_value(settings, "Security", setting); + if (password) + set_password_from_string(state, password); + if (!password) { + unsigned char *tmp; + size_t len; + snprintf(setting, sizeof(setting), "%sPassword-Hash", prefix); password = l_settings_get_value(settings, "Security", setting); - if (password) { - unsigned char *tmp; - size_t len; - - tmp = l_util_from_hexstring(password, &len); - memcpy(state->password_hash, tmp, 16); - l_free(tmp); - } - } - - if (!password) { - snprintf(setting, sizeof(setting), "%sPassword", prefix); - password = l_settings_get_value(settings, "Security", setting); if (!password) goto error; - set_password_from_string(state, password); + tmp = l_util_from_hexstring(password, &len); + memcpy(state->password_hash, tmp, 16); + l_free(tmp); } eap_set_data(eap, state); diff --git a/src/eap-peap.c b/src/eap-peap.c index c3d79dec..4957a173 100644 --- a/src/eap-peap.c +++ b/src/eap-peap.c @@ -928,7 +928,7 @@ static int eap_peap_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_entry, path); + passphrase_entry, NULL, path); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap-pwd.c b/src/eap-pwd.c index 03127d72..f5cfcec3 100644 --- a/src/eap-pwd.c +++ b/src/eap-pwd.c @@ -723,31 +723,31 @@ static int eap_pwd_check_settings(struct l_settings *settings, { const char *identity, *password = NULL; const struct eap_secret_info *secret; - char setting[64]; + char setting[64], setting2[64]; snprintf(setting, sizeof(setting), "%sIdentity", prefix); identity = l_settings_get_value(settings, "Security", setting); + snprintf(setting2, sizeof(setting2), "%sPWD-Password", prefix); + password = l_settings_get_value(settings, "Security", setting2); + if (!identity) { secret = l_queue_find(secrets, eap_secret_info_match, setting); if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD, - setting, NULL); + setting, setting2, NULL); } return 0; } - snprintf(setting, sizeof(setting), "%sPWD-Password", prefix); - password = l_settings_get_value(settings, "Security", setting); - if (!password) { - secret = l_queue_find(secrets, eap_secret_info_match, setting); + secret = l_queue_find(secrets, eap_secret_info_match, setting2); if (!secret) { eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD, - setting, identity); + setting2, NULL, identity); } } diff --git a/src/eap-tls.c b/src/eap-tls.c index f6ecd76f..0fdaf57a 100644 --- a/src/eap-tls.c +++ b/src/eap-tls.c @@ -473,7 +473,7 @@ static int eap_tls_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_setting, path); + passphrase_setting, NULL, path); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap-ttls.c b/src/eap-ttls.c index 6e70a024..bb8586df 100644 --- a/src/eap-ttls.c +++ b/src/eap-ttls.c @@ -740,7 +740,7 @@ static int eap_ttls_check_settings(struct l_settings *settings, */ eap_append_secret(out_missing, EAP_SECRET_LOCAL_PKEY_PASSPHRASE, - passphrase_setting, path); + passphrase_setting, NULL, path); } else { memset(priv_key, 0, size); l_free(priv_key); diff --git a/src/eap.c b/src/eap.c index 8ed0b0b2..9e685ec9 100644 --- a/src/eap.c +++ b/src/eap.c @@ -377,7 +377,7 @@ bool eap_secret_info_match(const void *a, const void *b) } void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, - const char *id, const char *parameter) + const char *id, const char *id2, const char *parameter) { struct eap_secret_info *info; @@ -386,6 +386,7 @@ void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, info = l_new(struct eap_secret_info, 1); info->id = l_strdup(id); + info->id2 = l_strdup(id2); info->type = type; info->parameter = l_strdup(parameter); l_queue_push_tail(*out_missing, info); @@ -409,6 +410,7 @@ void eap_secret_info_free(void *data) } l_free(info->id); + l_free(info->id2); l_free(info); } diff --git a/src/eap.h b/src/eap.h index 03b6f9ed..2682bad2 100644 --- a/src/eap.h +++ b/src/eap.h @@ -41,6 +41,7 @@ enum eap_secret_type { struct eap_secret_info { char *id; + char *id2; enum eap_secret_type type; char *parameter; char *value; @@ -62,7 +63,7 @@ void eap_free(struct eap_state *eap); bool eap_secret_info_match(const void *a, const void *b); void eap_append_secret(struct l_queue **out_missing, enum eap_secret_type type, - const char *id, const char *parameter); + const char *id, const char *id2, const char *parameter); void eap_secret_info_free(void *data); int eap_check_settings(struct l_settings *settings, struct l_queue *secrets, diff --git a/src/network.c b/src/network.c index 7f12a8ec..d0095d1c 100644 --- a/src/network.c +++ b/src/network.c @@ -385,15 +385,18 @@ static bool network_set_8021x_secrets(struct network *network) break; case EAP_SECRET_REMOTE_USER_PASSWORD: - setting = alloca(strlen(secret->id) + 10); - - sprintf(setting, "%s-User", secret->id); if (!l_settings_set_string(network->settings, - "Security", setting, + "Security", secret->id, secret->value)) return false; - sprintf(setting, "%s-Password", secret->id); + if (secret->id2) + setting = secret->id2; + else { + setting = alloca(strlen(secret->id) + 10); + sprintf(setting, "%s-Password", secret->id); + } + if (!l_settings_set_string(network->settings, "Security", setting, secret->value + 1 +