mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-11-26 02:19:26 +01:00
eap-tls: Keep l_tls instance for reauthentication
After one of the eap-tls-common-based methods succeeds keep the TLS tunnel instance until the method is freed, rather than free it the moment the method succeeds. This fixes repeated method runs where until now each next run would attempt to create a new TLS tunnel instance but would have no authentication data (CA certificate, client certificate, private key and private key passphrase) since those are were by the old l_tls object from the moment of the l_tls_set_auth_data() call. Use l_tls_reset() to reset the TLS state after method success, followed by a new l_tls_start() when the reauthentication starts.
This commit is contained in:
parent
0e77e33a4d
commit
eb8362bf76
@ -131,10 +131,13 @@ static void __eap_tls_common_state_reset(struct eap_tls_state *eap_tls)
|
|||||||
eap_tls->expecting_frag_ack = false;
|
eap_tls->expecting_frag_ack = false;
|
||||||
eap_tls->tunnel_ready = false;
|
eap_tls->tunnel_ready = false;
|
||||||
|
|
||||||
if (eap_tls->tunnel) {
|
/*
|
||||||
l_tls_free(eap_tls->tunnel);
|
* Keep the tunnel instance to avoid losing the authentication
|
||||||
eap_tls->tunnel = NULL;
|
* settings that we may have loaded with l_tls_set_auth_data()
|
||||||
}
|
* since .reset_state is not supposed to clear settings.
|
||||||
|
*/
|
||||||
|
if (eap_tls->tunnel)
|
||||||
|
l_tls_reset(eap_tls->tunnel);
|
||||||
|
|
||||||
eap_tls->tx_frag_offset = 0;
|
eap_tls->tx_frag_offset = 0;
|
||||||
eap_tls->tx_frag_last_len = 0;
|
eap_tls->tx_frag_last_len = 0;
|
||||||
@ -167,6 +170,10 @@ static void __eap_tls_common_state_free(struct eap_tls_state *eap_tls)
|
|||||||
l_key_free(eap_tls->client_key);
|
l_key_free(eap_tls->client_key);
|
||||||
|
|
||||||
l_strv_free(eap_tls->domain_mask);
|
l_strv_free(eap_tls->domain_mask);
|
||||||
|
|
||||||
|
if (eap_tls->tunnel)
|
||||||
|
l_tls_free(eap_tls->tunnel);
|
||||||
|
|
||||||
l_free(eap_tls);
|
l_free(eap_tls);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -569,7 +576,7 @@ static bool eap_tls_tunnel_init(struct eap_state *eap)
|
|||||||
struct eap_tls_state *eap_tls = eap_get_data(eap);
|
struct eap_tls_state *eap_tls = eap_get_data(eap);
|
||||||
|
|
||||||
if (eap_tls->tunnel)
|
if (eap_tls->tunnel)
|
||||||
return false;
|
goto start;
|
||||||
|
|
||||||
eap_tls->tunnel = l_tls_new(false, eap_tls_tunnel_data_received,
|
eap_tls->tunnel = l_tls_new(false, eap_tls_tunnel_data_received,
|
||||||
eap_tls_tunnel_data_send,
|
eap_tls_tunnel_data_send,
|
||||||
@ -626,6 +633,7 @@ static bool eap_tls_tunnel_init(struct eap_state *eap)
|
|||||||
if (eap_tls->domain_mask)
|
if (eap_tls->domain_mask)
|
||||||
l_tls_set_domain_mask(eap_tls->tunnel, eap_tls->domain_mask);
|
l_tls_set_domain_mask(eap_tls->tunnel, eap_tls->domain_mask);
|
||||||
|
|
||||||
|
start:
|
||||||
if (!l_tls_start(eap_tls->tunnel)) {
|
if (!l_tls_start(eap_tls->tunnel)) {
|
||||||
l_error("%s: Failed to start the TLS client",
|
l_error("%s: Failed to start the TLS client",
|
||||||
eap_get_method_name(eap));
|
eap_get_method_name(eap));
|
||||||
|
Loading…
Reference in New Issue
Block a user