]>
Commit | Line | Data |
---|---|---|
6fc6879b JM |
1 | /* |
2 | * Example application showing how EAP server code from hostapd can be used as | |
3 | * a library. | |
4 | * Copyright (c) 2007, Jouni Malinen <j@w1.fi> | |
5 | * | |
6 | * This program is free software; you can redistribute it and/or modify | |
7 | * it under the terms of the GNU General Public License version 2 as | |
8 | * published by the Free Software Foundation. | |
9 | * | |
10 | * Alternatively, this software may be distributed under the terms of BSD | |
11 | * license. | |
12 | * | |
13 | * See README and COPYING for more details. | |
14 | */ | |
15 | ||
16 | #include "includes.h" | |
17 | ||
18 | #include "common.h" | |
19 | #include "eap_server/eap.h" | |
20 | #include "tls.h" | |
21 | #include "wpabuf.h" | |
22 | ||
23 | void eap_example_peer_rx(const u8 *data, size_t data_len); | |
24 | ||
25 | ||
26 | struct eap_server_ctx { | |
27 | struct eap_eapol_interface *eap_if; | |
28 | struct eap_sm *eap; | |
29 | void *tls_ctx; | |
30 | }; | |
31 | ||
32 | static struct eap_server_ctx eap_ctx; | |
33 | ||
34 | ||
35 | static int server_get_eap_user(void *ctx, const u8 *identity, | |
36 | size_t identity_len, int phase2, | |
37 | struct eap_user *user) | |
38 | { | |
39 | os_memset(user, 0, sizeof(*user)); | |
40 | ||
41 | if (!phase2) { | |
42 | /* Only allow EAP-PEAP as the Phase 1 method */ | |
43 | user->methods[0].vendor = EAP_VENDOR_IETF; | |
44 | user->methods[0].method = EAP_TYPE_PEAP; | |
45 | return 0; | |
46 | } | |
47 | ||
48 | if (identity_len != 4 || identity == NULL || | |
49 | os_memcmp(identity, "user", 4) != 0) { | |
50 | printf("Unknown user\n"); | |
51 | return -1; | |
52 | } | |
53 | ||
54 | /* Only allow EAP-MSCHAPv2 as the Phase 2 method */ | |
55 | user->methods[0].vendor = EAP_VENDOR_IETF; | |
56 | user->methods[0].method = EAP_TYPE_MSCHAPV2; | |
57 | user->password = (u8 *) os_strdup("password"); | |
58 | user->password_len = 8; | |
59 | ||
60 | return 0; | |
61 | } | |
62 | ||
63 | ||
64 | static const char * server_get_eap_req_id_text(void *ctx, size_t *len) | |
65 | { | |
66 | *len = 0; | |
67 | return NULL; | |
68 | } | |
69 | ||
70 | ||
71 | static struct eapol_callbacks eap_cb; | |
72 | static struct eap_config eap_conf; | |
73 | ||
74 | static int eap_example_server_init_tls(void) | |
75 | { | |
76 | struct tls_config tconf; | |
77 | struct tls_connection_params tparams; | |
78 | ||
79 | os_memset(&tconf, 0, sizeof(tconf)); | |
80 | eap_ctx.tls_ctx = tls_init(&tconf); | |
81 | if (eap_ctx.tls_ctx == NULL) | |
82 | return -1; | |
83 | ||
84 | os_memset(&tparams, 0, sizeof(tparams)); | |
85 | tparams.ca_cert = "ca.pem"; | |
86 | tparams.client_cert = "server.pem"; | |
87 | tparams.private_key = "server.key"; | |
88 | tparams.private_key_passwd = "whatever"; | |
89 | ||
90 | if (tls_global_set_params(eap_ctx.tls_ctx, &tparams)) { | |
91 | printf("Failed to set TLS parameters\n"); | |
92 | return -1; | |
93 | } | |
94 | ||
95 | if (tls_global_set_verify(eap_ctx.tls_ctx, 0)) { | |
96 | printf("Failed to set check_crl\n"); | |
97 | return -1; | |
98 | } | |
99 | ||
100 | return 0; | |
101 | } | |
102 | ||
103 | ||
104 | int eap_example_server_init(void) | |
105 | { | |
106 | if (eap_server_register_methods() < 0) | |
107 | return -1; | |
108 | ||
109 | os_memset(&eap_ctx, 0, sizeof(eap_ctx)); | |
110 | ||
111 | if (eap_example_server_init_tls() < 0) | |
112 | return -1; | |
113 | ||
114 | os_memset(&eap_cb, 0, sizeof(eap_cb)); | |
115 | eap_cb.get_eap_user = server_get_eap_user; | |
116 | eap_cb.get_eap_req_id_text = server_get_eap_req_id_text; | |
117 | ||
118 | os_memset(&eap_conf, 0, sizeof(eap_conf)); | |
119 | eap_conf.eap_server = 1; | |
120 | eap_conf.ssl_ctx = eap_ctx.tls_ctx; | |
121 | ||
122 | eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf); | |
123 | if (eap_ctx.eap == NULL) | |
124 | return -1; | |
125 | ||
126 | eap_ctx.eap_if = eap_get_interface(eap_ctx.eap); | |
127 | ||
128 | /* Enable "port" and request EAP to start authentication. */ | |
129 | eap_ctx.eap_if->portEnabled = TRUE; | |
130 | eap_ctx.eap_if->eapRestart = TRUE; | |
131 | ||
132 | return 0; | |
133 | } | |
134 | ||
135 | ||
136 | void eap_example_server_deinit(void) | |
137 | { | |
138 | eap_server_sm_deinit(eap_ctx.eap); | |
139 | eap_server_unregister_methods(); | |
140 | tls_deinit(eap_ctx.tls_ctx); | |
141 | } | |
142 | ||
143 | ||
144 | int eap_example_server_step(void) | |
145 | { | |
146 | int res, process = 0; | |
147 | ||
148 | res = eap_server_sm_step(eap_ctx.eap); | |
149 | ||
150 | if (eap_ctx.eap_if->eapReq) { | |
151 | printf("==> Request\n"); | |
152 | process = 1; | |
153 | eap_ctx.eap_if->eapReq = 0; | |
154 | } | |
155 | ||
156 | if (eap_ctx.eap_if->eapSuccess) { | |
157 | printf("==> Success\n"); | |
158 | process = 1; | |
159 | res = 0; | |
160 | eap_ctx.eap_if->eapSuccess = 0; | |
161 | ||
162 | if (eap_ctx.eap_if->eapKeyAvailable) { | |
163 | wpa_hexdump(MSG_DEBUG, "EAP keying material", | |
164 | eap_ctx.eap_if->eapKeyData, | |
165 | eap_ctx.eap_if->eapKeyDataLen); | |
166 | } | |
167 | } | |
168 | ||
169 | if (eap_ctx.eap_if->eapFail) { | |
170 | printf("==> Fail\n"); | |
171 | process = 1; | |
172 | eap_ctx.eap_if->eapFail = 0; | |
173 | } | |
174 | ||
175 | if (process && eap_ctx.eap_if->eapReqData) { | |
176 | /* Send EAP response to the server */ | |
177 | eap_example_peer_rx(wpabuf_head(eap_ctx.eap_if->eapReqData), | |
178 | wpabuf_len(eap_ctx.eap_if->eapReqData)); | |
179 | } | |
180 | ||
181 | return res; | |
182 | } | |
183 | ||
184 | ||
185 | void eap_example_server_rx(const u8 *data, size_t data_len) | |
186 | { | |
187 | /* Make received EAP message available to the EAP library */ | |
188 | wpabuf_free(eap_ctx.eap_if->eapRespData); | |
189 | eap_ctx.eap_if->eapRespData = wpabuf_alloc_copy(data, data_len); | |
190 | if (eap_ctx.eap_if->eapRespData) | |
191 | eap_ctx.eap_if->eapResp = TRUE; | |
192 | } |