mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2025-01-09 00:02:48 +01:00
eap: Print a hint if Identity is likely wrong
This commit is contained in:
parent
694799c9c2
commit
e148e1ea99
28
src/eap.c
28
src/eap.c
@ -57,12 +57,15 @@ struct eap_state {
|
|||||||
|
|
||||||
struct eap_method *method;
|
struct eap_method *method;
|
||||||
char *identity;
|
char *identity;
|
||||||
|
char *identity_setting;
|
||||||
bool authenticator;
|
bool authenticator;
|
||||||
|
|
||||||
int last_id;
|
int last_id;
|
||||||
void *method_state;
|
void *method_state;
|
||||||
bool method_success;
|
bool method_success;
|
||||||
struct l_timeout *complete_timeout;
|
struct l_timeout *complete_timeout;
|
||||||
|
unsigned int identity_req_count;
|
||||||
|
unsigned int method_req_count;
|
||||||
|
|
||||||
bool discard_success_and_failure:1;
|
bool discard_success_and_failure:1;
|
||||||
};
|
};
|
||||||
@ -124,11 +127,31 @@ static void eap_free_common(struct eap_state *eap)
|
|||||||
if (eap->identity) {
|
if (eap->identity) {
|
||||||
l_free(eap->identity);
|
l_free(eap->identity);
|
||||||
eap->identity = NULL;
|
eap->identity = NULL;
|
||||||
|
l_free(eap->identity_setting);
|
||||||
|
eap->identity_setting = NULL;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
void eap_free(struct eap_state *eap)
|
void eap_free(struct eap_state *eap)
|
||||||
{
|
{
|
||||||
|
/*
|
||||||
|
* In supplicant mode we get here whether the authenticator has
|
||||||
|
* sent an EAP-Failure or interrupted the connection at a higher
|
||||||
|
* layer, or even when the negotiation stalled and we interrupted
|
||||||
|
* it, so use this code path to check if it is the Identity value
|
||||||
|
* that the authenticator may have a problem with. We don't know
|
||||||
|
* whether we're the phase 1 or phase 2 EAP state machine
|
||||||
|
* (eap->set_key_material is a hint but doesn't work with EAP-PEAP
|
||||||
|
* phase2) so print the setting name.
|
||||||
|
*/
|
||||||
|
if (!eap->authenticator && !eap->method_success) {
|
||||||
|
if (eap->identity_req_count && !eap->method_req_count)
|
||||||
|
l_info("EAP negotiation stopped after the Identity "
|
||||||
|
"exchange, this can happen when the %s value "
|
||||||
|
"is not what the authenticator expects",
|
||||||
|
eap->identity_setting ?: "identity");
|
||||||
|
}
|
||||||
|
|
||||||
eap_free_common(eap);
|
eap_free_common(eap);
|
||||||
l_timeout_remove(eap->complete_timeout);
|
l_timeout_remove(eap->complete_timeout);
|
||||||
|
|
||||||
@ -286,6 +309,8 @@ void __eap_handle_request(struct eap_state *eap, uint16_t id,
|
|||||||
void (*op)(struct eap_state *eap,
|
void (*op)(struct eap_state *eap,
|
||||||
const uint8_t *pkt, size_t len);
|
const uint8_t *pkt, size_t len);
|
||||||
|
|
||||||
|
eap->method_req_count++;
|
||||||
|
|
||||||
if (type != eap->method->request_type) {
|
if (type != eap->method->request_type) {
|
||||||
l_warn("EAP server tried method %i while client was "
|
l_warn("EAP server tried method %i while client was "
|
||||||
"configured for method %i",
|
"configured for method %i",
|
||||||
@ -316,6 +341,8 @@ void __eap_handle_request(struct eap_state *eap, uint16_t id,
|
|||||||
|
|
||||||
switch (type) {
|
switch (type) {
|
||||||
case EAP_TYPE_IDENTITY:
|
case EAP_TYPE_IDENTITY:
|
||||||
|
eap->identity_req_count++;
|
||||||
|
|
||||||
if (len >= 2)
|
if (len >= 2)
|
||||||
l_debug("Optional EAP server identity prompt: \"%.*s\"",
|
l_debug("Optional EAP server identity prompt: \"%.*s\"",
|
||||||
(int) len - 1, pkt + 1);
|
(int) len - 1, pkt + 1);
|
||||||
@ -776,6 +803,7 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings,
|
|||||||
snprintf(setting, sizeof(setting), "%sIdentity", prefix);
|
snprintf(setting, sizeof(setting), "%sIdentity", prefix);
|
||||||
eap->identity = l_settings_get_string(settings,
|
eap->identity = l_settings_get_string(settings,
|
||||||
"Security", setting);
|
"Security", setting);
|
||||||
|
eap->identity_setting = l_strdup(setting);
|
||||||
} else {
|
} else {
|
||||||
eap->identity = l_strdup(eap->method->get_identity(eap));
|
eap->identity = l_strdup(eap->method->get_identity(eap));
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user