1:48 a.m.
---
src/ap.c | 38 ++++++++++++++++++--------------------
1 file changed, 18 insertions(+), 20 deletions(-)
diff --git a/src/ap.c b/src/ap.c
index f55341e8..31d3dfc2 100644
--- a/src/ap.c
+++ b/src/ap.c
@@ -606,6 +606,20 @@ static void ap_process_wsc_probe_req(struct ap_state *ap, const
uint8_t *from,
}
}
+static void ap_write_authorized_macs(struct ap_state *ap,
+ size_t out_len, uint8_t *out)
+{
+ size_t len = ap->authorized_macs_num * 6;
+
+ if (!len)
+ return;
+
+ if (len > out_len)
+ len = out_len;
+
+ memcpy(out, ap->authorized_macs, len);
+}
+
static size_t ap_get_wsc_ie_len(struct ap_state *ap,
enum mpdu_management_subtype type,
const struct mmpdu_header *client_frame,
@@ -670,16 +684,8 @@ static size_t ap_write_wsc_ie(struct ap_state *ap,
wsc_pr.config_methods =
WSC_CONFIGURATION_METHOD_PUSH_BUTTON;
- if (ap->authorized_macs_num) {
- size_t len = ap->authorized_macs_num * 6;
-
- if (len > sizeof(wsc_pr.authorized_macs))
- len = sizeof(wsc_pr.authorized_macs);
-
- memcpy(wsc_pr.authorized_macs,
- ap->authorized_macs, len);
- }
-
+ ap_write_authorized_macs(ap, sizeof(wsc_pr.authorized_macs),
+ wsc_pr.authorized_macs);
wsc_data = wsc_build_probe_response(&wsc_pr, &wsc_data_size);
} else if (type == MPDU_MANAGEMENT_SUBTYPE_BEACON) {
struct wsc_beacon wsc_beacon = {};
@@ -694,16 +700,8 @@ static size_t ap_write_wsc_ie(struct ap_state *ap,
WSC_CONFIGURATION_METHOD_PUSH_BUTTON;
}
- if (ap->authorized_macs_num) {
- size_t len = ap->authorized_macs_num * 6;
-
- if (len > sizeof(wsc_beacon.authorized_macs))
- len = sizeof(wsc_beacon.authorized_macs);
-
- memcpy(wsc_beacon.authorized_macs,
- ap->authorized_macs, len);
- }
-
+ ap_write_authorized_macs(ap, sizeof(wsc_beacon.authorized_macs),
+ wsc_beacon.authorized_macs);
wsc_data = wsc_build_beacon(&wsc_beacon, &wsc_data_size);
} else if (L_IN_SET(type, MPDU_MANAGEMENT_SUBTYPE_ASSOCIATION_RESPONSE,
MPDU_MANAGEMENT_SUBTYPE_REASSOCIATION_RESPONSE)) {
--
2.27.0
1:48 a.m.
New subject: [PATCH] eap: Print a hint if Identity is likely wrong
---
src/eap.c | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/src/eap.c b/src/eap.c
index bef46e00..0645be47 100644
--- a/src/eap.c
+++ b/src/eap.c
@@ -57,12 +57,15 @@ struct eap_state {
struct eap_method *method;
char *identity;
+ char *identity_setting;
bool authenticator;
int last_id;
void *method_state;
bool method_success;
struct l_timeout *complete_timeout;
+ unsigned int identity_req_count;
+ unsigned int method_req_count;
bool discard_success_and_failure:1;
};
@@ -124,11 +127,31 @@ static void eap_free_common(struct eap_state *eap)
if (eap->identity) {
l_free(eap->identity);
eap->identity = NULL;
+ l_free(eap->identity_setting);
+ eap->identity_setting = NULL;
}
}
void eap_free(struct eap_state *eap)
{
+ /*
+ * In supplicant mode we get here whether the authenticator has
+ * sent an EAP-Failure or interrupted the connection at a higher
+ * layer, or even when the negotiation stalled and we interrupted
+ * it, so use this code path to check if it is the Identity value
+ * that the authenticator may have a problem with. We don't know
+ * whether we're the phase 1 or phase 2 EAP state machine
+ * (eap->set_key_material is a hint but doesn't work with EAP-PEAP
+ * phase2) so print the setting name.
+ */
+ if (!eap->authenticator && !eap->method_success) {
+ if (eap->identity_req_count && !eap->method_req_count)
+ l_info("EAP negotiation stopped after the Identity "
+ "exchange, this can happen when the %s value "
+ "is not what the authenticator expects",
+ eap->identity_setting ?: "identity");
+ }
+
eap_free_common(eap);
l_timeout_remove(eap->complete_timeout);
@@ -286,6 +309,8 @@ void __eap_handle_request(struct eap_state *eap, uint16_t id,
void (*op)(struct eap_state *eap,
const uint8_t *pkt, size_t len);
+ eap->method_req_count++;
+
if (type != eap->method->request_type) {
l_warn("EAP server tried method %i while client was "
"configured for method %i",
@@ -316,6 +341,8 @@ void __eap_handle_request(struct eap_state *eap, uint16_t id,
switch (type) {
case EAP_TYPE_IDENTITY:
+ eap->identity_req_count++;
+
if (len >= 2)
l_debug("Optional EAP server identity prompt: \"%.*s\"",
(int) len - 1, pkt + 1);
@@ -776,6 +803,7 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings
*settings,
snprintf(setting, sizeof(setting), "%sIdentity", prefix);
eap->identity = l_settings_get_string(settings,
"Security", setting);
+ eap->identity_setting = l_strdup(setting);
} else {
eap->identity = l_strdup(eap->method->get_identity(eap));
}
--
2.27.0
508
days inactive
508
days old
3 comments
2 participants
participants (2)
-
Andrew Zaborowski -
Denis Kenzior