mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
EAP-TLS server: Update user information based on serial number
This allows EAP user database entries for "cert-<serial number>" to be used for client certificate based parameters when using EAP-TLS. This commit addresses only the full authentication case and TLS session resumption is not yet covered. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
parent
9da196adf9
commit
11adf76a71
@ -22,6 +22,7 @@ struct eap_tls_data {
|
||||
enum { START, CONTINUE, SUCCESS, FAILURE } state;
|
||||
int established;
|
||||
u8 eap_type;
|
||||
int phase2;
|
||||
};
|
||||
|
||||
|
||||
@ -85,6 +86,8 @@ static void * eap_tls_init(struct eap_sm *sm)
|
||||
|
||||
data->eap_type = EAP_TYPE_TLS;
|
||||
|
||||
data->phase2 = sm->init_phase2;
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
@ -202,6 +205,20 @@ check_established:
|
||||
wpa_printf(MSG_DEBUG, "EAP-TLS: Done");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
eap_tls_valid_session(sm, data);
|
||||
if (sm->serial_num) {
|
||||
char user[128];
|
||||
int user_len;
|
||||
|
||||
user_len = os_snprintf(user, sizeof(user), "cert-%s",
|
||||
sm->serial_num);
|
||||
if (eap_user_get(sm, (const u8 *) user, user_len,
|
||||
data->phase2) < 0)
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: No user entry found based on the serial number of the client certificate ");
|
||||
else
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TLS: Updated user entry based on the serial number of the client certificate ");
|
||||
}
|
||||
}
|
||||
|
||||
return res;
|
||||
@ -288,6 +305,8 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
|
||||
"EAP-TLS: Resuming previous session");
|
||||
eap_tls_state(data, SUCCESS);
|
||||
tls_connection_set_success_data_resumed(data->ssl.conn);
|
||||
/* TODO: Cache serial number with session and update EAP user
|
||||
* information based on the cached serial number */
|
||||
}
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user