DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

RADIUS: Support last_msk with EAP-TLS

Browse source 
This extends the last_msk testing functionality in the RADIUS server to
work with EAP-TLS based on "cert-<serial_num>" form user names in the
database.

Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
This commit is contained in:
Jouni Malinen 2018-10-07 16:50:08 +03:00 committed by Jouni Malinen
parent 063cbb87a6
commit 7770a9dd6a
1 changed files with 18 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
src/radius/radius_server.c
View file

@ -826,18 +826,28 @@ static void db_update_last_msk(struct radius_session *sess, const char *msk)
char *id_str = NULL; char *id_str = NULL;
const u8 *id; const u8 *id;
size_t id_len; size_t id_len;
const char *serial_num;
if (!sess->server->db) if (!sess->server->db)
return; return;
id = eap_get_identity(sess->eap, &id_len); serial_num = eap_get_serial_num(sess->eap);
if (!id) if (serial_num) {
return; id_len = 5 + os_strlen(serial_num) + 1;
id_str = os_malloc(id_len + 1); id_str = os_malloc(id_len);
if (!id_str) if (!id_str)
return; return;
os_memcpy(id_str, id, id_len); os_snprintf(id_str, id_len, "cert-%s", serial_num);
id_str[id_len] = '\0'; } else {
id = eap_get_identity(sess->eap, &id_len);
if (!id)
return;
id_str = os_malloc(id_len + 1);
if (!id_str)
return;
os_memcpy(id_str, id, id_len);
id_str[id_len] = '\0';
}
sql = sqlite3_mprintf("UPDATE users SET last_msk=%Q WHERE identity=%Q", sql = sqlite3_mprintf("UPDATE users SET last_msk=%Q WHERE identity=%Q",
msk, id_str); msk, id_str);