diff options
author | Jouni Malinen <quic_jouni@quicinc.com> | 2023-08-07 16:15:01 +0000 |
---|---|---|
committer | Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com> | 2023-08-07 16:15:01 +0000 |
commit | b9d60f32d36ad2ad7faf5aec9ffe39d3776a8208 (patch) | |
tree | 7964076baa11a44779888ad274ab7ead3b21207d | |
parent | 4694abf6e6ce5202e3f5f727584b756d59186857 (diff) | |
parent | e45d2dc09a2b0973ded25305ef2d866af138c12b (diff) | |
download | wpa_supplicant_8-b9d60f32d36ad2ad7faf5aec9ffe39d3776a8208.tar.gz |
TTLS client: Support phase2_auth=2 am: e45d2dc09a
Original change: https://googleplex-android-review.googlesource.com/c/platform/external/wpa_supplicant_8/+/24167394
Change-Id: I8a81237ecb136ff5485192b8798197bf63050214
Signed-off-by: Automerger Merge Worker <android-build-automerger-merge-worker@system.gserviceaccount.com>
-rw-r--r-- | src/eap_peer/eap_ttls.c | 28 |
1 files changed, 27 insertions, 1 deletions
diff --git a/src/eap_peer/eap_ttls.c b/src/eap_peer/eap_ttls.c index c8e2de0a..6adc2227 100644 --- a/src/eap_peer/eap_ttls.c +++ b/src/eap_peer/eap_ttls.c @@ -65,9 +65,30 @@ struct eap_ttls_data { int ready_for_tnc; int tnc_started; #endif /* EAP_TNC */ + + enum { NO_AUTH, FOR_INITIAL, ALWAYS } phase2_auth; }; +static void eap_ttls_parse_phase1(struct eap_ttls_data *data, + const char *phase1) +{ + if (os_strstr(phase1, "phase2_auth=0")) { + data->phase2_auth = NO_AUTH; + wpa_printf(MSG_DEBUG, + "EAP-TTLS: Do not require Phase 2 authentication"); + } else if (os_strstr(phase1, "phase2_auth=1")) { + data->phase2_auth = FOR_INITIAL; + wpa_printf(MSG_DEBUG, + "EAP-TTLS: Require Phase 2 authentication for initial connection"); + } else if (os_strstr(phase1, "phase2_auth=2")) { + data->phase2_auth = ALWAYS; + wpa_printf(MSG_DEBUG, + "EAP-TTLS: Require Phase 2 authentication for all cases"); + } +} + + static void * eap_ttls_init(struct eap_sm *sm) { struct eap_ttls_data *data; @@ -82,6 +103,10 @@ static void * eap_ttls_init(struct eap_sm *sm) selected = "EAP"; selected_non_eap = 0; data->phase2_type = EAP_TTLS_PHASE2_EAP; + data->phase2_auth = FOR_INITIAL; + + if (config && config->phase1) + eap_ttls_parse_phase1(data, config->phase1); /* * Either one auth= type or one or more autheap= methods can be @@ -1703,8 +1728,9 @@ static struct wpabuf * eap_ttls_process(struct eap_sm *sm, void *priv, static bool eap_ttls_has_reauth_data(struct eap_sm *sm, void *priv) { struct eap_ttls_data *data = priv; + return tls_connection_established(sm->ssl_ctx, data->ssl.conn) && - data->phase2_success; + data->phase2_success && data->phase2_auth != ALWAYS; } |