RADIUS: Support last_msk with EAP-TLS

This extends the last_msk testing functionality in the RADIUS server to
work with EAP-TLS based on "cert-<serial_num>" form user names in the
database.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-10-07 16:50:08 +03:00 committed by Jouni Malinen
parent 063cbb87a6
commit 7770a9dd6a

View File

@ -826,18 +826,28 @@ static void db_update_last_msk(struct radius_session *sess, const char *msk)
char *id_str = NULL;
const u8 *id;
size_t id_len;
const char *serial_num;
if (!sess->server->db)
return;
id = eap_get_identity(sess->eap, &id_len);
if (!id)
return;
id_str = os_malloc(id_len + 1);
if (!id_str)
return;
os_memcpy(id_str, id, id_len);
id_str[id_len] = '\0';
serial_num = eap_get_serial_num(sess->eap);
if (serial_num) {
id_len = 5 + os_strlen(serial_num) + 1;
id_str = os_malloc(id_len);
if (!id_str)
return;
os_snprintf(id_str, id_len, "cert-%s", serial_num);
} else {
id = eap_get_identity(sess->eap, &id_len);
if (!id)
return;
id_str = os_malloc(id_len + 1);
if (!id_str)
return;
os_memcpy(id_str, id, id_len);
id_str[id_len] = '\0';
}
sql = sqlite3_mprintf("UPDATE users SET last_msk=%Q WHERE identity=%Q",
msk, id_str);