Extend radius_msg_get_tunnel_password() to support multiple passwords

The new function parameter can now be used to specify which password to
return.

Signed-hostap: Michael Braun <michael-dev@fami-braun.de>

diff --git a/src/ap/ieee802_11_auth.c b/src/ap/ieee802_11_auth.c
index 63ae3452ad9e12f6f37095a110d8f1d92e8acc57..12b65b59316812c7495d3db635fbe2480e43d09f 100644 (file)
--- a/src/ap/ieee802_11_auth.c
+++ b/src/ap/ieee802_11_auth.c
@@ -482,7 +482,7 @@ hostapd_acl_recv_radius(struct radius_msg *msg, struct radius_msg *req,
                        msg, &passphraselen,
                        hapd->conf->radius->auth_server->shared_secret,
                        hapd->conf->radius->auth_server->shared_secret_len,
-                       req);
+                       req, 0);
                cache->has_psk = passphrase != NULL;
                if (passphrase != NULL) {
                        /* passphrase does not contain the NULL termination.

diff --git a/src/radius/radius.c b/src/radius/radius.c
index d5edfd8c1088c540fbebbd2176035bd7ddf1ace3..d1feec96842f50ab51caa1c7416cdc00eba45b09 100644 (file)
--- a/src/radius/radius.c
+++ b/src/radius/radius.c
@@ -1406,11 +1406,12 @@ int radius_msg_get_vlanid(struct radius_msg *msg)
  * @secret: RADIUS shared secret
  * @secret_len: Length of secret
  * @sent_msg: Sent RADIUS message
- * Returns: pointer to password (free with os_free) or %NULL
+ * @n: Number of password attribute to return (starting with 0)
+ * Returns: Pointer to n-th password (free with os_free) or %NULL
  */
 char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
                                      const u8 *secret, size_t secret_len,
-                                     struct radius_msg *sent_msg)
+                                     struct radius_msg *sent_msg, size_t n)
 {
        u8 *buf = NULL;
        size_t buflen;
@@ -1420,7 +1421,7 @@ char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
        size_t len[3];
        u8 hash[16];
        u8 *pos;
-       size_t i;
+       size_t i, j = 0;
        struct radius_attr_hdr *attr;
        const u8 *data;
        size_t dlen;
@@ -1428,7 +1429,7 @@ char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
        size_t fdlen = -1;
        char *ret = NULL;
 
-       /* find attribute with lowest tag and check it */
+       /* find n-th valid Tunnel-Password attribute */
        for (i = 0; i < msg->attr_used; i++) {
                attr = radius_get_attr_hdr(msg, i);
                if (attr == NULL ||
@@ -1441,11 +1442,13 @@ char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
                dlen = attr->length - sizeof(*attr);
                if (dlen <= 3 || dlen % 16 != 3)
                        continue;
-               if (fdata != NULL && fdata[0] <= data[0])
+               j++;
+               if (j <= n)
                        continue;
 
                fdata = data;
                fdlen = dlen;
+               break;
        }
        if (fdata == NULL)
                goto out;

diff --git a/src/radius/radius.h b/src/radius/radius.h
index 727640b2f4a5dace7409e88ddf4668918150a303..2031054b1d231e5068b2478eb7c2ea839f22cdaf 100644 (file)
--- a/src/radius/radius.h
+++ b/src/radius/radius.h
@@ -242,7 +242,7 @@ int radius_msg_get_attr(struct radius_msg *msg, u8 type, u8 *buf, size_t len);
 int radius_msg_get_vlanid(struct radius_msg *msg);
 char * radius_msg_get_tunnel_password(struct radius_msg *msg, int *keylen,
                                      const u8 *secret, size_t secret_len,
-                                     struct radius_msg *sent_msg);
+                                     struct radius_msg *sent_msg, size_t n);
 
 static inline int radius_msg_add_attr_int32(struct radius_msg *msg, u8 type,
                                            u32 value)