3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-11-30 06:39:46 +01:00
iwd/src/eap-gtc.c
Andrew Zaborowski c826dd0052 eap: Simplify sending EAP method responses
Replace the usage of eap_send_response() in the method implementations
with a new eap_method_respond that skips the redundant "type" parameter.
The new eap_send_packet is used inside eap_method_respond and will be
reused for sending request packets in authenticator side EAP methods.
2020-08-13 10:36:43 -05:00

192 lines
4.7 KiB
C

/*
*
* Wireless daemon for Linux
*
* Copyright (C) 2018-2019 Intel Corporation. All rights reserved.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
*
*/
#ifdef HAVE_CONFIG_H
#include <config.h>
#endif
#include <stdio.h>
#include <errno.h>
#include <ell/ell.h>
#include "src/missing.h"
#include "src/eap.h"
#include "src/eap-private.h"
#define EAP_GTC_MAX_PASSWORD_LEN 2048
struct eap_gtc_state {
char *password;
};
static void eap_gtc_free(struct eap_state *eap)
{
struct eap_gtc_state *gtc = eap_get_data(eap);
eap_set_data(eap, NULL);
if (gtc->password)
explicit_bzero(gtc->password, strlen(gtc->password));
l_free(gtc->password);
l_free(gtc);
}
static void eap_gtc_handle_request(struct eap_state *eap,
const uint8_t *pkt, size_t len)
{
struct eap_gtc_state *gtc = eap_get_data(eap);
size_t secret_len = strlen(gtc->password);
uint8_t response[5 + secret_len];
if (len < 8 || strncmp((const char *)pkt, "Password", 8))
l_warn("GTC request not understood, proceeding anyway: %.*s",
(int) len, (const char *) pkt);
memcpy(response + 5, gtc->password, secret_len);
eap_method_respond(eap, response, 5 + secret_len);
eap_method_success(eap);
return;
}
static int eap_gtc_check_settings(struct l_settings *settings,
struct l_queue *secrets,
const char *prefix,
struct l_queue **out_missing)
{
const struct eap_secret_info *secret;
char identity_key[72];
char password_key[72];
char password_key_old[72];
L_AUTO_FREE_VAR(char *, identity);
L_AUTO_FREE_VAR(char *, password) = NULL;
snprintf(identity_key, sizeof(identity_key), "%sIdentity", prefix);
snprintf(password_key, sizeof(password_key), "%sPassword", prefix);
identity = l_settings_get_string(settings, "Security", identity_key);
if (!identity) {
secret = l_queue_find(secrets, eap_secret_info_match,
identity_key);
if (secret)
return 0;
eap_append_secret(out_missing, EAP_SECRET_REMOTE_USER_PASSWORD,
identity_key, password_key, NULL,
EAP_CACHE_TEMPORARY);
return 0;
}
password = l_settings_get_string(settings, "Security", password_key);
if (!password) {
snprintf(password_key_old, sizeof(password_key_old),
"%sGTC-Secret", prefix);
password = l_settings_get_string(settings, "Security",
password_key_old);
if (password) {
explicit_bzero(password, strlen(password));
l_warn("Setting '%s' is deprecated, use '%s' instead",
password_key_old, password_key);
return 0;
}
secret = l_queue_find(secrets, eap_secret_info_match,
password_key);
if (secret)
return 0;
eap_append_secret(out_missing, EAP_SECRET_REMOTE_PASSWORD,
password_key, NULL, identity,
EAP_CACHE_TEMPORARY);
} else
explicit_bzero(password, strlen(password));
return 0;
}
static bool eap_gtc_load_settings(struct eap_state *eap,
struct l_settings *settings,
const char *prefix)
{
struct eap_gtc_state *gtc;
char password_key[72];
char *password;
snprintf(password_key, sizeof(password_key), "%sPassword", prefix);
password = l_settings_get_string(settings, "Security", password_key);
if (!password) {
snprintf(password_key, sizeof(password_key), "%sGTC-Secret",
prefix);
password = l_settings_get_string(settings, "Security",
password_key);
if (!password)
return false;
}
/*
* Limit length to prevent a stack overflow
*/
if (strlen(password) > EAP_GTC_MAX_PASSWORD_LEN) {
l_free(password);
return false;
}
gtc = l_new(struct eap_gtc_state, 1);
gtc->password = password;
eap_set_data(eap, gtc);
return true;
}
static struct eap_method eap_gtc = {
.request_type = EAP_TYPE_GTC,
.exports_msk = false,
.name = "GTC",
.free = eap_gtc_free,
.handle_request = eap_gtc_handle_request,
.check_settings = eap_gtc_check_settings,
.load_settings = eap_gtc_load_settings,
};
static int eap_gtc_init(void)
{
l_debug("");
return eap_register_method(&eap_gtc);
}
static void eap_gtc_exit(void)
{
l_debug("");
eap_unregister_method(&eap_gtc);
}
EAP_METHOD_BUILTIN(eap_gtc, eap_gtc_init, eap_gtc_exit)