git.ipfire.org Git - thirdparty/ipxe.git/commit

author	Michael Brown <mcb30@ipxe.org>
	Fri, 23 Feb 2024 14:15:22 +0000 (14:15 +0000)
committer	Michael Brown <mcb30@ipxe.org>
	Fri, 23 Feb 2024 16:37:07 +0000 (16:37 +0000)
commit	43e385091a36af34e495ac8c6595bddab55665bb
tree	ac7aa27b06906a47859cb8cfd078a7744a2765bf	tree
parent	25ffcd79bfd38da96f9905b78e3d5c3cab33dad3	commit \| diff

[eap] Add support for the MS-CHAPv2 authentication method

Add support for EAP-MSCHAPv2 (note that this is not the same as
PEAP-MSCHAPv2), controllable via the build configuration option
EAP_METHOD_MSCHAPV2 in config/general.h.

Our model for EAP does not encompass mutual authentication: we will
starting sending plaintext packets (e.g. DHCP requests) over the link
even before EAP completes, and our only use for an EAP success is to
mark the link as unblocked.

We therefore ignore the content of the EAP-MSCHAPv2 success request
(containing the MS-CHAPv2 authenticator response) and just send back
an EAP-MSCHAPv2 success response, so that the EAP authenticator will
complete the process and send through the real EAP success packet
(which will, in turn, cause us to unblock the link).

Signed-off-by: Michael Brown <mcb30@ipxe.org>

src/config/config_eap.c		diff \| blob \| blame \| history
src/config/general.h		diff \| blob \| blame \| history
src/include/ipxe/eap.h		diff \| blob \| blame \| history
src/include/ipxe/errfile.h		diff \| blob \| blame \| history
src/net/eap_mschapv2.c	[new file with mode: 0644]	blob