aboutsummaryrefslogtreecommitdiffstats
path: root/src/radius
diff options
context:
space:
mode:
authorJouni Malinen <jouni@codeaurora.org>2018-10-07 13:50:08 (GMT)
committerJouni Malinen <j@w1.fi>2018-10-11 09:12:30 (GMT)
commit7770a9dd6a6741d600b57bda07ec5b46a3261be4 (patch)
tree847cc3a610b08d80f994736aa1dd96c37c77d545 /src/radius
parent063cbb87a6d29ed6ce0a50888a354a1dd7227a62 (diff)
downloadhostap-7770a9dd6a6741d600b57bda07ec5b46a3261be4.zip
hostap-7770a9dd6a6741d600b57bda07ec5b46a3261be4.tar.gz
hostap-7770a9dd6a6741d600b57bda07ec5b46a3261be4.tar.bz2
RADIUS: Support last_msk with EAP-TLS
This extends the last_msk testing functionality in the RADIUS server to work with EAP-TLS based on "cert-<serial_num>" form user names in the database. Signed-off-by: Jouni Malinen <jouni@codeaurora.org>
Diffstat (limited to 'src/radius')
-rw-r--r--src/radius/radius_server.c26
1 files changed, 18 insertions, 8 deletions
diff --git a/src/radius/radius_server.c b/src/radius/radius_server.c
index b2fd9b7..e3afc0d 100644
--- a/src/radius/radius_server.c
+++ b/src/radius/radius_server.c
@@ -826,18 +826,28 @@ static void db_update_last_msk(struct radius_session *sess, const char *msk)
char *id_str = NULL;
const u8 *id;
size_t id_len;
+ const char *serial_num;
if (!sess->server->db)
return;
- id = eap_get_identity(sess->eap, &id_len);
- if (!id)
- return;
- id_str = os_malloc(id_len + 1);
- if (!id_str)
- return;
- os_memcpy(id_str, id, id_len);
- id_str[id_len] = '\0';
+ serial_num = eap_get_serial_num(sess->eap);
+ if (serial_num) {
+ id_len = 5 + os_strlen(serial_num) + 1;
+ id_str = os_malloc(id_len);
+ if (!id_str)
+ return;
+ os_snprintf(id_str, id_len, "cert-%s", serial_num);
+ } else {
+ id = eap_get_identity(sess->eap, &id_len);
+ if (!id)
+ return;
+ id_str = os_malloc(id_len + 1);
+ if (!id_str)
+ return;
+ os_memcpy(id_str, id, id_len);
+ id_str[id_len] = '\0';
+ }
sql = sqlite3_mprintf("UPDATE users SET last_msk=%Q WHERE identity=%Q",
msk, id_str);