Commit Graph

31 Commits

Author SHA1 Message Date
Jouni Malinen
d85e1fc8a5 Check os_snprintf() result more consistently - automatic 1
This converts os_snprintf() result validation cases to use
os_snprintf_error() where the exact rule used in os_snprintf_error() was
used. These changes were done automatically with spatch using the
following semantic patch:

@@
identifier E1;
expression E2,E3,E4,E5,E6;
statement S1;
@@

(
  E1 = os_snprintf(E2, E3, ...);
|
  int E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = os_snprintf(E2, E3, ...);
|
  if (E5)
	E1 = os_snprintf(E2, E3, ...);
  else if (E6)
	E1 = os_snprintf(E2, E3, ...);
  else
	E1 = 0;
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else if (E6) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	return -1;
  }
|
  if (E5) {
	...
	E1 = os_snprintf(E2, E3, ...);
  } else {
	...
	E1 = os_snprintf(E2, E3, ...);
  }
)
? os_free(E4);
- if (E1 < 0 || \( E1 >= E3 \| (size_t) E1 >= E3 \| (unsigned int) E1 >= E3 \| E1 >= (int) E3 \))
+ if (os_snprintf_error(E3, E1))
(
  S1
|
{ ... }
)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-08 11:42:07 +02:00
Jouni Malinen
41f480005f EAP-SIM DB: Make recv() null termination easier for static analyzers
For some reason, the previous version was not understood to be null
terminating the buffer from recv(). It was doing this fine, though. Try
to use a bit more simpler design in hopes of getting static analyzers to
understand this. (CID 72702)

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-12-06 18:35:53 +02:00
Jouni Malinen
918bd0fe78 EAP-SIM DB: Remove unused assignment
Signed-off-by: Jouni Malinen <j@w1.fi>
2014-10-11 18:13:32 +03:00
Jouni Malinen
a0ac572611 EAP-SIM DB: Remove client socket file on connect() error
If the connection from hostapd authentication server to hlr_auc_gw fails
due to hlr_auc_gw not running yet, the local socket file was left
behind. Delete the socket file on connect() failure path.

Signed-off-by: Jouni Malinen <j@w1.fi>
2014-02-15 21:39:31 +02:00
Johannes Berg
f073fdee7b EAP server: Remove SIM-DB pending timestamp
This should probably have used monotonic time for entry timestamps, but
as those aren't used at all right now, so just remove them entirely.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-12-24 07:15:49 +02:00
Jouni Malinen
61323e70e1 Convert perror/printf calls to wpa_printf
This makes debug and error logging more consistent and allows them to be
directed to a file more easily.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-11-02 12:58:33 +02:00
Jouni Malinen
5e24dc8a4b Add dup_binstr() to help common binary string tasks
There are quite a few places in the current implementation where a nul
terminated string is generated from binary data. Add a helper function
to simplify the code a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2013-04-27 23:44:59 +03:00
Jouni Malinen
50a7755735 EAP-SIM DB: Remove unnecessary username prefix checks
The EAP-SIM/AKA code is already validating the prefix and the following
lookup would not find matches if the prefix is incorrect, so there is no
need for the extra checks here.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 12:03:57 +03:00
Jouni Malinen
68a41bbb44 EAP-AKA server: Skip AKA/Identity exchange if EAP identity recognized
If EAP-Response/Identity includes a known pseudonym or re-auth username,
skip the AKA/Identity exchange since we already know the permanent
username of the peer.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-02 11:27:39 +03:00
Jouni Malinen
f24630d26a EAP-SIM DB: Use pointer to struct eap_sim_db_data instead of void*
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:48:48 +03:00
Jouni Malinen
2c22668c8f EAP-SIM DB: Add debug print for AKA reauth identity addition
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:41:23 +03:00
Jouni Malinen
3e43a8ec4f EAP-SIM DB: Get rid of unnecessary wrapper functions
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:37:17 +03:00
Jouni Malinen
e95ffe0465 EAP-SIM DB: Return pseudonym username instead of structure with it
This cleans up the implemenation a bit.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:32:22 +03:00
Jouni Malinen
741596a817 EAP-SIM DB: Remove unneeded SQLite value copying
These fields are used only as the search key, so the value is already
known and does not need to be copied from the database.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:26:26 +03:00
Jouni Malinen
6d49d9ecb8 EAP-SIM DB: Store permanent username as string in SQLite DB
Store permanent username (i.e., including prefix character) instead of
IMSI in the SQLite DB. Convert the string to a string since the EAP-AKA
prefix can start with zero. This cleans up the field names since the
value was already with the prefix included instead of just IMSI. In
addition, this explicitly removes some theoretical cases where the
different identity types could have been mixed.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:22:15 +03:00
Jouni Malinen
3961dffc13 EAP-SIM DB: Rename valid_pseudonym_string to valid_db_string
This will be used with other strings, too, so use a more generic
function name.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:17:48 +03:00
Jouni Malinen
61e181db86 EAP-SIM DB: Use char* strings instead of u8* pointer and length
Since the EAP-SIM/AKA identities are ASCII strings, there is no need to
use more complex way for storing and passing them. In addition, be more
strict about enforcing username (i.e., no realm part) to be used in the
EAP-SIM DB API. Similarly, require specific username type instead of any
of the types to be used as the key in the pseudonym and reauth
operations. This allows simpler lookup operations to be used.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 21:10:19 +03:00
Jouni Malinen
4e9015a225 EAP-SIM DB: Remove unused eap_sim_db_identity_known()
This function is not used anymore, so remove it.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 20:12:40 +03:00
Jouni Malinen
9bf403b920 EAP-SIM server: Store permanent username in session data
This allows identity use to be cleaned up in various operations.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 19:15:01 +03:00
Jouni Malinen
e87982ea4c EAP-SIM DB: Remove unnecessary aka_prime parameter
The reauth_id prefix can be used to determine which AKA version is used,
so there is no need to store the aka_prime information in a separate
field.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-09-01 18:41:35 +03:00
Jouni Malinen
29813cfdc0 EAP-SIM DB: Optional use of SQLite database for reauth data
If hostapd is built and configured to use SQLite database, store
EAP-SIM/AKA reauth data into the database to allow this to persist
over hostapd restarts.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 16:55:36 +03:00
Jouni Malinen
66979bb833 EAP-SIM DB: Optional use of SQLite database for pseudonyms
This allows hostapd to use an SQLite database for storing EAP-SIM/AKA
pseudonyms over process restarts. CONFIG_SQLITE=y build option adds
support for this and the SQLite database file is specified in eap_sib_db
configuration parameter.

Signed-hostap: Jouni Malinen <jouni@qca.qualcomm.com>
2012-08-30 16:04:52 +03:00
Jouni Malinen
c13f0a3e00 EAP-SIM DB: Fix a memory leak on DB connection re-opening
Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 21:17:26 +03:00
Jouni Malinen
704b8762a2 EAP-SIM DB: Do not require external program at startup
The previous implementation was able to re-open the connection to an
external program (e.g., hlr_auc_gw) when needed, but required the
connection to be available during startup. Extend this to allow the
initial failure, so that hlr_auc_gw can be started after hostapd.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-08-19 20:51:21 +03:00
Jouni Malinen
762e4ce620 EAP-AKA': Update to RFC 5448
There was a technical change between the last IETF draft version
(draft-arkko-eap-aka-kdf-10) and RFC 5448 in the leading characters
used in the username (i.e., use unique characters for EAP-AKA' instead
of reusing the EAP-AKA ones). This commit updates EAP-AKA' server and
peer implementations to use the leading characters based on the final
RFC.

Note: This will make EAP-AKA' not interoperate between the earlier
draft version and the new version.

Signed-hostap: Jouni Malinen <j@w1.fi>
intended-for: hostap-1
2012-05-02 20:45:01 +03:00
Jouni Malinen
0f3d578efc Remove the GPL notification from files contributed by Jouni Malinen
Remove the GPL notification text from the files that were
initially contributed by myself.

Signed-hostap: Jouni Malinen <j@w1.fi>
2012-02-11 19:39:36 +02:00
Jouni Malinen
3642c4313a Annotate places depending on strong random numbers
This commit adds a new wrapper, random_get_bytes(), that is currently
defined to use os_get_random() as is. The places using
random_get_bytes() depend on the returned value being strong random
number, i.e., something that is infeasible for external device to
figure out. These values are used either directly as a key or as
nonces/challenges that are used as input for key derivation or
authentication.

The remaining direct uses of os_get_random() do not need as strong
random numbers to function correctly.
2010-11-24 01:05:20 +02:00
Jouni Malinen
1e5839e06f Rename EAP server defines from EAP_* to EAP_SERVER_*
This allows separate set of EAP server and peer methods to be built into
a single binary.
2009-03-25 12:06:19 +02:00
Jouni Malinen
a17df5fb8b Fixed number of doxygen warnings 2009-01-02 22:28:04 +02:00
Jouni Malinen
9881795e2c EAP-AKA': Derive keys using the new KDF (PRF') 2008-12-03 19:22:20 +02:00
Jouni Malinen
6fc6879bd5 Re-initialize hostapd/wpa_supplicant git repository based on 0.6.3 release 2008-02-27 17:34:43 -08:00