{
enumerator_t *enumerator;
eap_type_t type;
+ u_int32_t vendor;
entry_t *entry, *pref_entry;
linked_list_t *preferred;
char *method;
enumerator = enumerator_create_token(methods, ",", " ");
while (enumerator->enumerate(enumerator, &method))
{
- type = eap_type_from_string(method);
+ type = eap_type_from_string(method, &vendor);
if (type)
{
INIT(entry,
.type = type,
+ .vendor = vendor,
);
preferred->insert_last(preferred, entry);
}
static status_t start_phase2_auth(private_eap_peap_server_t *this)
{
char *eap_type_str;
+ u_int32_t vendor;
eap_type_t type;
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-peap.phase2_method", "mschapv2",
charon->name);
- type = eap_type_from_string(eap_type_str);
+ type = eap_type_from_string(eap_type_str, &vendor);
if (type == 0)
{
DBG1(DBG_IKE, "unrecognized phase2 method \"%s\"", eap_type_str);
return FAILED;
}
- DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type);
- this->ph2_method = charon->eap->create_instance(charon->eap, type, 0,
- EAP_SERVER, this->server, this->peer);
+ DBG1(DBG_IKE, "phase2 method %N selected", eap_type_get_names(vendor), type);
+ this->ph2_method = charon->eap->create_instance(charon->eap, type,
+ vendor, EAP_SERVER, this->server, this->peer);
if (this->ph2_method == NULL)
{
- DBG1(DBG_IKE, "%N method not available", eap_type_names, type);
+ DBG1(DBG_IKE, "%N method not available",
+ eap_type_get_names(vendor), type);
return FAILED;
}
}
else
{
- DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
+ DBG1(DBG_IKE, "%N method failed", eap_type_get_names(vendor), type);
return FAILED;
}
}
static status_t start_phase2_auth(private_eap_ttls_server_t *this)
{
char *eap_type_str;
+ u_int32_t vendor;
eap_type_t type;
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.eap-ttls.phase2_method", "md5",
charon->name);
- type = eap_type_from_string(eap_type_str);
+ type = eap_type_from_string(eap_type_str, &vendor);
if (type == 0)
{
DBG1(DBG_IKE, "unrecognized phase2 method \"%s\"", eap_type_str);
return FAILED;
}
- DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type);
- this->method = charon->eap->create_instance(charon->eap, type, 0,
+ DBG1(DBG_IKE, "phase2 method %N selected", eap_type_get_names(vendor), type);
+ this->method = charon->eap->create_instance(charon->eap, type, vendor,
EAP_SERVER, this->server, this->peer);
if (this->method == NULL)
{
- DBG1(DBG_IKE, "%N method not available", eap_type_names, type);
+ DBG1(DBG_IKE, "%N method not available",
+ eap_type_get_names(vendor), type);
return FAILED;
}
if (this->method->initiate(this->method, &this->out) == NEED_MORE)
}
else
{
- DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
- return FAILED;
+ DBG1(DBG_IKE, "%N method failed", eap_type_get_names(vendor), type);
+ return FAILED;
}
}
identification_t *id;
auth_class_t class;
eap_type_t type;
+ u_int32_t vendor;
char buf[128];
int rnd = 0;
class = AUTH_CLASS_EAP;
if (*(str + strlen("eap")) == '-')
{
- type = eap_type_from_string(str + strlen("eap-"));
+ type = eap_type_from_string(str + strlen("eap-"), &vendor);
if (type)
{
auth->add(auth, AUTH_RULE_EAP_TYPE, type);
+ if (vendor)
+ {
+ auth->add(auth, AUTH_RULE_EAP_VENDOR, vendor);
+ }
}
}
if (!id)
else if (strneq(auth, "eap", 3))
{
eap_type_t type;
- u_int32_t vendor = 0;
+ u_int32_t vendor;
cfg->add(cfg, AUTH_RULE_AUTH_CLASS, AUTH_CLASS_EAP);
- type = eap_type_from_string(auth);
+ type = eap_type_from_string(auth, &vendor);
if (type)
{
cfg->add(cfg, AUTH_RULE_EAP_TYPE, type);
*/
eap_type_t type;
+ /**
+ * EAP method vendor ID
+ */
+ u_int32_t vendor;
+
/**
* IPv4 RADIUS socket
*/
{
free(data.ptr);
return chunk_empty;
- }
+ }
*a.ptr |= 0x80;
}
while (mppe_key->salt == *salt);
if (eap)
{
data = eap->get_data(eap);
- DBG3(DBG_CFG, "%N payload %B", eap_type_names, this->type, &data);
+ DBG3(DBG_CFG, "%N payload %B",
+ eap_type_get_names(this->vendor), this->type, &data);
/* fragment data suitable for RADIUS */
while (data.len > MAX_RADIUS_ATTRIBUTE_SIZE)
eap_identity = chunk_create(message.ptr + 5, message.len - 5);
peer = identification_create_from_data(eap_identity);
method = charon->eap->create_instance(charon->eap, this->type,
- 0, EAP_SERVER, this->server, peer);
+ this->vendor, EAP_SERVER, this->server, peer);
if (!method)
{
peer->destroy(peer);
{
private_tnc_pdp_t *this;
char *secret, *server, *eap_type_str;
+ u_int32_t vendor;
INIT(this,
.public = {
eap_type_str = lib->settings->get_str(lib->settings,
"%s.plugins.tnc-pdp.method", "ttls", charon->name);
- this->type = eap_type_from_string(eap_type_str);
+ this->type = eap_type_from_string(eap_type_str, &this->vendor);
if (this->type == 0)
{
DBG1(DBG_CFG, "unrecognized eap method \"%s\"", eap_type_str);
destroy(this);
return NULL;
}
- DBG1(DBG_IKE, "eap method %N selected", eap_type_names, this->type);
+ DBG1(DBG_IKE, "eap method %N selected",
+ eap_type_get_names(this->vendor), this->type);
lib->processor->queue_job(lib->processor,
(job_t*)callback_job_create_with_prio((callback_job_cb_t)receive, this,
chunk_t user = chunk_empty;
eap_method_t *backend;
eap_type_t type;
+ u_int32_t vendor;
char *name;
bool ok;
name = lib->settings->get_str(lib->settings,
"%s.plugins.xauth-eap.backend", "radius",
charon->name);
- type = eap_type_from_string(name);
+ type = eap_type_from_string(name, &vendor);
if (!type)
{
DBG1(DBG_CFG, "Unknown XAuth-EAP method: %s", name);
return FAILED;
}
- backend = charon->eap->create_instance(charon->eap, type, 0, EAP_SERVER,
+ backend = charon->eap->create_instance(charon->eap, type, vendor, EAP_SERVER,
this->server, this->peer);
if (!backend)
{
/*
* See header
*/
-eap_type_t eap_type_from_string(char *name)
+eap_type_t eap_type_from_string(char *name, u_int32_t *vendor)
{
- int i;
+ enum_name_t *enum_name;
+ int i, type;
static struct {
char *name;
eap_type_t type;
} types[] = {
{"identity", EAP_IDENTITY},
- {"md5", EAP_MD5},
- {"otp", EAP_OTP},
- {"gtc", EAP_GTC},
- {"tls", EAP_TLS},
- {"ttls", EAP_TTLS},
- {"sim", EAP_SIM},
- {"aka", EAP_AKA},
- {"peap", EAP_PEAP},
- {"mschapv2", EAP_MSCHAPV2},
- {"tnc", EAP_TNC},
{"dynamic", EAP_DYNAMIC},
{"radius", EAP_RADIUS},
};
+ static pen_t vendors[] = {
+ PEN_IETF,
+ PEN_MICROSOFT,
+ };
+
+ if (strneq(name, "eap-", strlen("eap-")))
+ { /* skip 'eap-' at the beginning */
+ name += strlen("eap-");
+ }
+ /* check special values not found in enum_names */
for (i = 0; i < countof(types); i++)
{
if (strcaseeq(name, types[i].name))
{
+ *vendor = 0;
return types[i].type;
}
}
- return 0;
+
+ /* check IETF and vendor specific names */
+ for (i = 0; i < countof(vendors); i++)
+ {
+ enum_name = eap_type_get_names(vendors[i]);
+ if (enum_name != eap_vendor_names_unknown)
+ {
+ type = enum_from_name(enum_name, name);
+ if (type != -1)
+ {
+ *vendor = vendors[i];
+ return type;
+ }
+ }
+ }
+
+ /* parse numerical IDs */
+ switch (sscanf(name, "%d-%d", &type, &i))
+ {
+ case 1: /* IETF type */
+ *vendor = 0;
+ return type;
+ case 2: /* type-vendor */
+ *vendor = i;
+ return type;
+ default:
+ return 0;
+ }
}
} eap_packet_t;
/**
- * Lookup the EAP method type from a string.
+ * Lookup the EAP method type/vendor from a string.
*
- * @param name EAP method name (such as "md5", "aka")
+ * The string may optionally have a leading "eap-" prefix. If the string is
+ * unknown, it is interpreted numerically, either as a single IETF number
+ * or a "type-vendor" number pair.
+ *
+ * @param name EAP method name ("eap-md5", "aka", "ms-soh", "33-311")
+ * @param vendor vendor ID to return
* @return method type, 0 if unknown
*/
-eap_type_t eap_type_from_string(char *name);
+eap_type_t eap_type_from_string(char *name, u_int32_t *vendor);
#endif /** EAP_H_ @}*/
projects / thirdparty / strongswan.git / commitdiff
