extern "C" {
#endif
-#define EAP_START 2
-
#define AUTH_VECTOR_LEN 16
#define CHAP_VALUE_LENGTH 16
#define MAX_STRING_LEN 254 /* RFC2138: string 0-253 octets */
void *ref;
} lt_dlmodule_t;
-typedef struct eap_type_t EAP_TYPE;
+typedef struct eap_type_data_t EAP_TYPE;
typedef struct rlm_sql_module_t rlm_sql_module_t;
/*
const char *eaptype_name;
EAP_TYPES *node;
- eaptype_name = eaptype_type2name(eap_type, namebuf, sizeof(namebuf));
+ eaptype_name = eap_type_data_type2name(eap_type, namebuf, sizeof(namebuf));
snprintf(buffer, sizeof(buffer), "rlm_eap_%s", eaptype_name);
/* Make room for the EAP-Type */
{
size_t i;
unsigned int default_eap_type = inst->default_eap_type;
- eaptype_t *eaptype;
+ eap_type_data_t *eaptype;
VALUE_PAIR *vp;
char namebuf[64];
const char *eaptype_name;
* Don't trust anyone.
*/
if ((eaptype->type == 0) ||
- (eaptype->type > PW_EAP_MAX_TYPES)) {
+ (eaptype->type >= PW_EAP_MAX_TYPES)) {
RDEBUG2("Asked to select bad type");
return EAP_INVALID;
}
* Ensure it's valid.
*/
if ((default_eap_type < PW_EAP_MD5) ||
- (default_eap_type > PW_EAP_MAX_TYPES) ||
+ (default_eap_type >= PW_EAP_MAX_TYPES) ||
(inst->types[default_eap_type] == NULL)) {
RDEBUG2("No such EAP type %s",
- eaptype_type2name(default_eap_type,
+ eap_type_data_type2name(default_eap_type,
namebuf, sizeof(namebuf)));
return EAP_INVALID;
}
if (eaptype_call(inst->types[default_eap_type],
handler) == 0) {
RDEBUG2("Default EAP type %s failed in initiate",
- eaptype_type2name(default_eap_type,
+ eap_type_data_type2name(default_eap_type,
namebuf, sizeof(namebuf)));
return EAP_INVALID;
}
return EAP_INVALID;
}
- if ((eaptype->data[i] > PW_EAP_MAX_TYPES) ||
+ if ((eaptype->data[i] >= PW_EAP_MAX_TYPES) ||
!inst->types[eaptype->data[i]]) {
DICT_VALUE *dv;
continue;
}
- eaptype_name = eaptype_type2name(eaptype->data[i],
+ eaptype_name = eap_type_data_type2name(eaptype->data[i],
namebuf,
sizeof(namebuf));
char mynamebuf[64];
RDEBUG2("Client wants %s, while we require %s. Skipping the requested type.",
eaptype_name,
- eaptype_type2name(vp->vp_integer,
+ eap_type_data_type2name(vp->vp_integer,
mynamebuf,
sizeof(mynamebuf)));
continue;
RDEBUG2("No common EAP types found.");
return EAP_INVALID;
}
- eaptype_name = eaptype_type2name(default_eap_type,
+ eaptype_name = eap_type_data_type2name(default_eap_type,
namebuf, sizeof(namebuf));
RDEBUG2("EAP-NAK asked for EAP-Type/%s",
eaptype_name);
* Key off of the configured sub-modules.
*/
default:
- eaptype_name = eaptype_type2name(eaptype->type,
+ eaptype_name = eap_type_data_type2name(eaptype->type,
namebuf,
sizeof(namebuf));
RDEBUG2("EAP/%s", eaptype_name);
rlm_rcode_t eap_compose(EAP_HANDLER *handler)
{
VALUE_PAIR *vp;
- eap_packet_t *eap_packet;
+ eap_packet_raw_t *eap_packet;
REQUEST *request = handler->request;
EAP_DS *eap_ds = handler->eap_ds;
- EAP_PACKET *reply = eap_ds->request;
+ eap_packet_t *reply = eap_ds->request;
int rcode;
/*
(eap_ds->request->code == PW_EAP_RESPONSE)) &&
(eap_ds->request->type.type == 0)) {
rad_assert(handler->eap_type >= PW_EAP_MD5);
- rad_assert(handler->eap_type <= PW_EAP_MAX_TYPES);
+ rad_assert(handler->eap_type < PW_EAP_MAX_TYPES);
eap_ds->request->type.type = handler->eap_type;
}
if (eap_wireformat(reply) == EAP_INVALID) {
return RLM_MODULE_INVALID;
}
- eap_packet = (eap_packet_t *)reply->packet;
+ eap_packet = (eap_packet_raw_t *)reply->packet;
vp = eap_packet2vp(request->reply, eap_packet);
if (!vp) return RLM_MODULE_INVALID;
* Success, or Failure.
*/
if ((eap_msg->vp_octets[0] == 0) ||
- (eap_msg->vp_octets[0] > PW_EAP_MAX_CODES)) {
+ (eap_msg->vp_octets[0] >= PW_EAP_MAX_CODES)) {
RDEBUG2("Unknown EAP packet");
} else {
RDEBUG2("EAP packet type %s id %d length %d",
if ((eap_msg->vp_octets[4] >= PW_EAP_MD5) &&
inst->ignore_unknown_eap_types &&
((eap_msg->vp_octets[4] == 0) ||
- (eap_msg->vp_octets[4] > PW_EAP_MAX_TYPES) ||
+ (eap_msg->vp_octets[4] >= PW_EAP_MAX_TYPES) ||
(inst->types[eap_msg->vp_octets[4]] == NULL))) {
RDEBUG2(" Ignoring Unknown EAP type");
return EAP_NOOP;
(eap_msg->length >= (EAP_HEADER_LEN + 2)) &&
inst->ignore_unknown_eap_types &&
((eap_msg->vp_octets[5] == 0) ||
- (eap_msg->vp_octets[5] > PW_EAP_MAX_TYPES) ||
+ (eap_msg->vp_octets[5] >= PW_EAP_MAX_TYPES) ||
(inst->types[eap_msg->vp_octets[5]] == NULL))) {
RDEBUG2("Ignoring NAK with request for unknown EAP type");
return EAP_NOOP;
/*
* Basic EAP packet verfications & validations
*/
-static int eap_validation(REQUEST *request, eap_packet_t *eap_packet)
+static int eap_validation(REQUEST *request, eap_packet_raw_t *eap_packet)
{
uint16_t len;
((eap_packet->code != PW_EAP_RESPONSE) &&
(eap_packet->code != PW_EAP_REQUEST)) ||
(eap_packet->data[0] <= 0) ||
- (eap_packet->data[0] > PW_EAP_MAX_TYPES)) {
+ (eap_packet->data[0] >= PW_EAP_MAX_TYPES)) {
radlog_request(L_AUTH, 0, request,
"Badly formatted EAP Message: Ignoring the packet");
/*
* Get the user Identity only from EAP-Identity packets
*/
-static char *eap_identity(REQUEST *request, eap_packet_t *eap_packet)
+static char *eap_identity(REQUEST *request, eap_packet_raw_t *eap_packet)
{
int size;
uint16_t len;
/*
* Create our Request-Response data structure with the eap packet
*/
-static EAP_DS *eap_buildds(eap_packet_t **eap_packet_p)
+static EAP_DS *eap_buildds(eap_packet_raw_t **eap_packet_p)
{
EAP_DS *eap_ds = NULL;
- eap_packet_t *eap_packet = *eap_packet_p;
+ eap_packet_raw_t *eap_packet = *eap_packet_p;
int typelen;
uint16_t len;
* username contains REQUEST->username which might have been stripped.
* identity contains the one sent in EAP-Identity response
*/
-EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_packet_p,
+EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p,
REQUEST *request)
{
EAP_HANDLER *handler = NULL;
- eap_packet_t *eap_packet = *eap_packet_p;
+ eap_packet_raw_t *eap_packet = *eap_packet_p;
VALUE_PAIR *vp;
/*
* we send EAP-Request/EAP-success/EAP-failure
*/
typedef struct eap_ds {
- EAP_PACKET *response;
- EAP_PACKET *request;
+ eap_packet_t *response;
+ eap_packet_t *request;
int set_request_id;
} EAP_DS;
/*
* Interface to call EAP sub mdoules
*/
-typedef struct eap_type_t {
+typedef struct eap_type_data_t {
const char *name;
int (*attach)(CONF_SECTION *conf, void **type_data);
int (*initiate)(void *type_data, EAP_HANDLER *handler);
/*
* interfaces in eapsimlib.c
*/
-extern int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep);
+extern int map_eapsim_basictypes(RADIUS_PACKET *r, eap_packet_t *ep);
extern const char *sim_state2name(enum eapsim_clientstates state, char *buf, int buflen);
extern const char *sim_subtype2name(enum eapsim_subtype subtype, char *buf, int buflen);
extern int unmap_eapsim_basictypes(RADIUS_PACKET *r,
uint8_t *data;
uint32_t dlen;
- //uint8_t *packet; /* Wired EAP-TLS packet as found in typdedata of EAP_PACKET */
+ //uint8_t *packet; /* Wired EAP-TLS packet as found in typdedata of eap_packet_t */
} EAPTLS_PACKET;
#include <freeradius-devel/radiusd.h>
#include <freeradius-devel/modules.h>
-#define PW_EAP_REQUEST 1
-#define PW_EAP_RESPONSE 2
-#define PW_EAP_SUCCESS 3
-#define PW_EAP_FAILURE 4
-#define PW_EAP_MAX_CODES 4
+/* Field length and other arbitrary things */
+#define EAP_HEADER_LEN 4
/* base for dictionary values */
#define ATTRIBUTE_EAP_ID 1020
#define ATTRIBUTE_EAP_CODE 1021
#define ATTRIBUTE_EAP_BASE 1280
-#define PW_EAP_IDENTITY 1
-#define PW_EAP_NOTIFICATION 2
-#define PW_EAP_NAK 3
-#define PW_EAP_MD5 4
-#define PW_EAP_OTP 5
-#define PW_EAP_GTC 6
-#define PW_EAP_TLS 13
-#define PW_EAP_LEAP 17
-#define PW_EAP_SIM 18
-#define PW_EAP_TTLS 21
-#define PW_EAP_PEAP 25
-#define PW_EAP_MSCHAPV2 26
-#define PW_EAP_CISCO_MSCHAPV2 29
-#define PW_EAP_TNC 38
-#define PW_EAP_IKEV2 49
-#define PW_EAP_PWD 52
- /* same number as last type */
-#define PW_EAP_MAX_TYPES 52
-
-#define EAP_HEADER_LEN 4
+typedef enum eap_code {
+ PW_EAP_REQUEST = 1,
+ PW_EAP_RESPONSE,
+ PW_EAP_SUCCESS,
+ PW_EAP_FAILURE,
+ PW_EAP_MAX_CODES
+} eap_code_t;
-#define EAP_START 2
-#define NAME_LEN 32
+typedef enum eap_type {
+ PW_EAP_IDENTITY = 1, /* 1 */
+ PW_EAP_NOTIFICATION, /* 2 */
+ PW_EAP_NAK, /* 3 */
+ PW_EAP_MD5, /* 4 */
+ PW_EAP_OTP, /* 5 */
+ PW_EAP_GTC, /* 6 */
+ PW_EAP_7, /* 7 - unused */
+ PW_EAP_8, /* 8 - unused */
+ PW_EAP_RSA_PUBLIC_KEY, /* 9 */
+ PW_EAP_DSS_UNILATERAL, /* 10 */
+ PW_EAP_KEA, /* 11 */
+ PW_EAP_KEA_VALIDATE, /* 12 */
+ PW_EAP_TLS, /* 13 */
+ PW_EAP_DEFENDER_TOKEN, /* 14 */
+ PW_EAP_RSA_SECURID, /* 15 */
+ PW_EAP_ARCOT_SYSTEMS, /* 16 */
+ PW_EAP_LEAP, /* 17 */
+ PW_EAP_SIM, /* 18 */
+ PW_EAP_SRP_SHA1, /* 19 */
+ PW_EAP_20, /* 20 - unassigned */
+ PW_EAP_TTLS, /* 21 */
+ PW_EAP_REMOTE_ACCESS_SERVICE, /* 22 */
+ PW_EAP_AKA, /* 23 */
+ PW_EAP_3COM, /* 24 - should this be EAP-HP now? */
+ PW_EAP_PEAP, /* 25 */
+ PW_EAP_MSCHAPV2, /* 26 */
+ PW_EAP_MAKE, /* 27 */
+ PW_EAP_CRYPTOCARD, /* 28 */
+ PW_EAP_CISCO_MSCHAPV2, /* 29 */
+ PW_EAP_DYNAMID, /* 30 */
+ PW_EAP_ROB, /* 31 */
+ PW_EAP_POTP, /* 32 */
+ PW_EAP_MS_ATLV, /* 33 */
+ PW_EAP_SENTRINET, /* 34 */
+ PW_EAP_ACTIONTEC, /* 35 */
+ PW_EAP_COGENT_BIOMETRIC, /* 36 */
+ PW_EAP_AIRFORTRESS, /* 37 */
+ PW_EAP_TNC, /* 38 - fixme conflicts with HTTP DIGEST */
+// PW_EAP_HTTP_DIGEST, /* 38 */
+ PW_EAP_SECURISUITE, /* 39 */
+ PW_EAP_DEVICECONNECT, /* 40 */
+ PW_EAP_SPEKE, /* 41 */
+ PW_EAP_MOBAC, /* 42 */
+ PW_EAP_FAST, /* 43 */
+ PW_EAP_ZONELABS, /* 44 */
+ PW_EAP_LINK, /* 45 */
+ PW_EAP_PAX, /* 46 */
+ PW_EAP_PSK, /* 47 */
+ PW_EAP_SAKE, /* 48 */
+ PW_EAP_IKEV2, /* 49 */
+ PW_EAP_AKA2, /* 50 */
+ PW_EAP_GPSK, /* 51 */
+ PW_EAP_PWD, /* 52 */
+ PW_EAP_EKE, /* 53 */
+ PW_EAP_MAX_TYPES /* 54 - for validation */
+} eap_type_t;
-enum {
- EAP_NOTFOUND, /* not found */
- EAP_FOUND, /* found, continue */
- EAP_OK, /* ok, continue */
- EAP_FAIL, /* failed, don't reply */
- EAP_NOOP, /* succeeded without doing anything */
- EAP_INVALID, /* invalid, don't reply */
- EAP_VALID /* valid, continue */
-};
+typedef enum eap_rcode {
+ EAP_NOTFOUND, //!< Not found.
+ EAP_FOUND, //!< Found, continue.
+ EAP_OK, //!< Ok, continue.
+ EAP_FAIL, //!< Failed, don't reply.
+ EAP_NOOP, //!< Succeeded without doing anything.
+ EAP_INVALID, //!< Invalid, don't reply.
+ EAP_VALID, //!< Valid, continue.
+ EAP_MAX_RCODES
+} eap_rcode_t;
/*
* EAP-Type specific data.
*/
-typedef struct eaptype_t {
+typedef struct eap_type_data {
uint8_t type;
size_t length;
uint8_t *data;
-} eaptype_t;
+} eap_type_data_t;
/*
* Structure to hold EAP data.
unsigned char code;
unsigned char id;
unsigned int length;
- eaptype_t type;
+ eap_type_data_t type;
unsigned char *packet;
-} EAP_PACKET;
+} eap_packet_t;
/*
* Structure to represent packet format of eap *on wire*
*/
-typedef struct eap_packet_t {
+typedef struct eap_packet_raw {
uint8_t code;
uint8_t id;
uint8_t length[2];
uint8_t data[1];
-} eap_packet_t;
+} eap_packet_raw_t;
/*
* interfaces in eapcommon.c
*/
extern int eaptype_name2type(const char *name);
-extern const char *eaptype_type2name(unsigned int type, char *buffer, size_t buflen);
-extern int eap_wireformat(EAP_PACKET *reply);
-extern int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply);
+extern const char *eap_type_data_type2name(unsigned int type, char *buffer, size_t buflen);
+extern int eap_wireformat(eap_packet_t *reply);
+extern int eap_basic_compose(RADIUS_PACKET *packet, eap_packet_t *reply);
extern VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet,
- const eap_packet_t *reply);
-extern eap_packet_t *eap_vp2packet(VALUE_PAIR *vps);
+ const eap_packet_raw_t *reply);
+extern eap_packet_raw_t *eap_vp2packet(VALUE_PAIR *vps);
#endif /* _EAP_TYPES_H */
"ikev2",
"50",
"51",
- "pwd"
+ "pwd",
+ "eke"
}; /* MUST have PW_EAP_MAX_TYPES */
/*
{
int i;
- for (i = 0; i <= PW_EAP_MAX_TYPES; i++) {
+ for (i = 0; i < PW_EAP_MAX_TYPES; i++) {
if (strcmp(name, eap_types[i]) == 0) {
return i;
}
/*
* Returns a text string containing the name of the EAP type.
*/
-const char *eaptype_type2name(unsigned int type, char *buffer, size_t buflen)
+const char *eap_type_data_type2name(unsigned int type, char *buffer, size_t buflen)
{
DICT_VALUE *dval;
- if (type > PW_EAP_MAX_TYPES) {
+ if (type >= PW_EAP_MAX_TYPES) {
/*
* Prefer the dictionary name over a number,
* if it exists.
* be malloc()'ed to the right size.
*
*/
-int eap_wireformat(EAP_PACKET *reply)
+int eap_wireformat(eap_packet_t *reply)
{
- eap_packet_t *hdr;
+ eap_packet_raw_t *hdr;
uint16_t total_length = 0;
if (reply == NULL) return EAP_INVALID;
}
reply->packet = (unsigned char *)malloc(total_length);
- hdr = (eap_packet_t *)reply->packet;
+ hdr = (eap_packet_raw_t *)reply->packet;
if (!hdr) {
radlog(L_ERR, "rlm_eap: out of memory");
return EAP_INVALID;
* compose EAP reply packet in EAP-Message attr of RADIUS. If
* EAP exceeds 253, frame it in multiple EAP-Message attrs.
*/
-int eap_basic_compose(RADIUS_PACKET *packet, EAP_PACKET *reply)
+int eap_basic_compose(RADIUS_PACKET *packet, eap_packet_t *reply)
{
VALUE_PAIR *vp;
- eap_packet_t *eap_packet;
+ eap_packet_raw_t *eap_packet;
int rcode;
if (eap_wireformat(reply) == EAP_INVALID) {
return RLM_MODULE_INVALID;
}
- eap_packet = (eap_packet_t *)reply->packet;
+ eap_packet = (eap_packet_raw_t *)reply->packet;
pairdelete(&(packet->vps), PW_EAP_MESSAGE, 0, TAG_ANY);
}
-VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet, const eap_packet_t *eap)
+VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet, const eap_packet_raw_t *eap)
{
int total, size;
const uint8_t *ptr;
* NOTE: Sometimes Framed-MTU might contain the length of EAP-Message,
* refer fragmentation in rfc2869.
*/
-eap_packet_t *eap_vp2packet(VALUE_PAIR *vps)
+eap_packet_raw_t *eap_vp2packet(VALUE_PAIR *vps)
{
VALUE_PAIR *first, *vp;
- eap_packet_t *eap_packet;
+ eap_packet_raw_t *eap_packet;
unsigned char *ptr;
uint16_t len;
int total_len;
/*
* Now that we know the lengths are OK, allocate memory.
*/
- eap_packet = (eap_packet_t *) malloc(len);
+ eap_packet = (eap_packet_raw_t *) malloc(len);
if (eap_packet == NULL) {
radlog(L_ERR, "rlm_eap: out of memory");
return NULL;
* them all into a single EAP-SIM body.
*
*/
-int map_eapsim_basictypes(RADIUS_PACKET *r, EAP_PACKET *ep)
+int map_eapsim_basictypes(RADIUS_PACKET *r, eap_packet_t *ep)
{
VALUE_PAIR *vp;
int encoded_size;
if(macspace != NULL && vp != NULL)
{
unsigned char *buffer;
- eap_packet_t *hdr;
+ eap_packet_raw_t *hdr;
uint16_t hmaclen, total_length = 0;
unsigned char sha1digest[20];
total_length = EAP_HEADER_LEN + 1 + encoded_size;
hmaclen = total_length + appendlen;
buffer = (unsigned char *)malloc(hmaclen);
- hdr = (eap_packet_t *)buffer;
+ hdr = (eap_packet_raw_t *)buffer;
if (!hdr) {
radlog(L_ERR, "rlm_eap: out of memory");
free(encodedmsg);
uint8_t calcmac[20])
{
int ret;
- eap_packet_t *e;
+ eap_packet_raw_t *e;
uint8_t *buffer;
int elen,len;
VALUE_PAIR *mac;
#endif
/*
- * Allocate a new EAP_PACKET
+ * Allocate a new eap_packet_t
*/
-EAP_PACKET *eap_packet_alloc(void)
+eap_packet_t *eap_packet_alloc(void)
{
- EAP_PACKET *rp;
+ eap_packet_t *rp;
- rp = rad_malloc(sizeof(EAP_PACKET));
- memset(rp, 0, sizeof(EAP_PACKET));
+ rp = rad_malloc(sizeof(eap_packet_t));
+ memset(rp, 0, sizeof(eap_packet_t));
return rp;
}
/*
- * Free EAP_PACKET
+ * Free eap_packet_t
*/
-void eap_packet_free(EAP_PACKET **eap_packet_ptr)
+void eap_packet_free(eap_packet_t **eap_packet_ptr)
{
- EAP_PACKET *eap_packet;
+ eap_packet_t *eap_packet;
if (!eap_packet_ptr) return;
eap_packet = *eap_packet_ptr;
}
/*
- * Allocate a new EAP_PACKET
+ * Allocate a new eap_packet_t
*/
EAP_DS *eap_ds_alloc(void)
{
* got to free the prev_eapds & move the eap_ds to prev_eapds
*/
EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request,
- eap_packet_t *eap_packet)
+ eap_packet_raw_t *eap_packet)
{
VALUE_PAIR *state;
EAP_HANDLER *handler, myHandler;
{
VALUE_PAIR *vp, *vpnext;
int id, eapcode;
- EAP_PACKET ep;
+ eap_packet_t ep;
int eap_type;
vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY);
static void unmap_eap_types(RADIUS_PACKET *rep)
{
VALUE_PAIR *eap1;
- eap_packet_t *e;
+ eap_packet_raw_t *e;
int len;
int type;
static int map_eapsim_types(RADIUS_PACKET *r)
{
- EAP_PACKET ep;
+ eap_packet_t ep;
int ret;
memset(&ep, 0, sizeof(ep));
{
rlm_eap_t *inst;
EAP_HANDLER *handler;
- eap_packet_t *eap_packet;
+ eap_packet_raw_t *eap_packet;
int rcode;
rlm_rcode_t module_rcode;
rlm_eap_t *inst = instance;
VALUE_PAIR *vp;
EAP_HANDLER *handler;
- eap_packet_t *eap_packet;
+ eap_packet_raw_t *eap_packet;
/*
* Only build a failure message if something previously rejected the request
rbtree_t *session_tree;
EAP_HANDLER *session_head, *session_tail;
rbtree_t *handler_tree; /* for debugging only */
- EAP_TYPES *types[PW_EAP_MAX_TYPES + 1];
+ EAP_TYPES *types[PW_EAP_MAX_TYPES];
/*
* Configuration items.
void eap_fail(EAP_HANDLER *handler);
void eap_success(EAP_HANDLER *handler);
rlm_rcode_t eap_compose(EAP_HANDLER *handler);
-EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_t **eap_msg, REQUEST *request);
+EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_msg, REQUEST *request);
/* Memory Management */
-EAP_PACKET *eap_packet_alloc(void);
+eap_packet_t *eap_packet_alloc(void);
EAP_DS *eap_ds_alloc(void);
EAP_HANDLER *eap_handler_alloc(rlm_eap_t *inst);
-void eap_packet_free(EAP_PACKET **eap_packet);
+void eap_packet_free(eap_packet_t **eap_packet);
void eap_ds_free(EAP_DS **eap_ds);
void eap_opaque_free(EAP_HANDLER *handler);
void eap_handler_free(rlm_eap_t *inst, EAP_HANDLER *handler);
int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler);
EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request,
- eap_packet_t *eap_packet);
+ eap_packet_raw_t *eap_packet);
void eaplist_free(rlm_eap_t *inst);
/* State */
#include "eap_leap.h"
/*
- * Allocate a new LEAP_PACKET
+ * Allocate a new Leap_packet_t
*/
-LEAP_PACKET *eapleap_alloc(void)
+Leap_packet_t *eapleap_alloc(void)
{
- LEAP_PACKET *rp;
+ Leap_packet_t *rp;
- if ((rp = malloc(sizeof(LEAP_PACKET))) == NULL) {
+ if ((rp = malloc(sizeof(Leap_packet_t))) == NULL) {
radlog(L_ERR, "rlm_eap_leap: out of memory");
return NULL;
}
- memset(rp, 0, sizeof(LEAP_PACKET));
+ memset(rp, 0, sizeof(Leap_packet_t));
return rp;
}
/*
- * Free LEAP_PACKET
+ * Free Leap_packet_t
*/
-void eapleap_free(LEAP_PACKET **leap_packet_ptr)
+void eapleap_free(Leap_packet_t **leap_packet_ptr)
{
- LEAP_PACKET *leap_packet;
+ Leap_packet_t *leap_packet;
if (!leap_packet_ptr) return;
leap_packet = *leap_packet_ptr;
/*
* Extract the data from the LEAP packet.
*/
-LEAP_PACKET *eapleap_extract(EAP_DS *eap_ds)
+Leap_packet_t *eapleap_extract(EAP_DS *eap_ds)
{
- leap_packet_t *data;
- LEAP_PACKET *packet;
+ leap_packet_raw_t *data;
+ Leap_packet_t *packet;
int name_len;
/*
/*
* Hmm... this cast isn't the best thing to do.
*/
- data = (leap_packet_t *)eap_ds->response->type.data;
+ data = (leap_packet_raw_t *)eap_ds->response->type.data;
/*
* Some simple sanity checks on the incoming packet.
/*
* Verify the MS-CHAP response from the user.
*/
-int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
+int eapleap_stage4(Leap_packet_t *packet, VALUE_PAIR* password,
leap_session_t *session)
{
unsigned char ntpwdhash[16];
/*
* Verify ourselves to the AP
*/
-LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
+Leap_packet_t *eapleap_stage6(Leap_packet_t *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session, VALUE_PAIR **reply_vps)
{
size_t i;
unsigned char ntpwdhash[16], ntpwdhashhash[16];
unsigned char buffer[256];
- LEAP_PACKET *reply;
+ Leap_packet_t *reply;
unsigned char *p;
VALUE_PAIR *vp;
* If an EAP LEAP request needs to be initiated then
* create such a packet.
*/
-LEAP_PACKET *eapleap_initiate(UNUSED EAP_DS *eap_ds, VALUE_PAIR *user_name)
+Leap_packet_t *eapleap_initiate(UNUSED EAP_DS *eap_ds, VALUE_PAIR *user_name)
{
int i;
- LEAP_PACKET *reply;
+ Leap_packet_t *reply;
reply = eapleap_alloc();
if (reply == NULL) {
/*
* compose the LEAP reply packet in the EAP reply typedata
*/
-int eapleap_compose(EAP_DS *eap_ds, LEAP_PACKET *reply)
+int eapleap_compose(EAP_DS *eap_ds, Leap_packet_t *reply)
{
- leap_packet_t *data;
+ leap_packet_raw_t *data;
/*
* We need the name and the challenge.
radlog(L_ERR, "rlm_eap_leap: out of memory");
return 0;
}
- data = (leap_packet_t *) eap_ds->request->type.data;
+ data = (leap_packet_raw_t *) eap_ds->request->type.data;
data->version = 0x01;
data->unused = 0;
data->count = reply->count;
*/
/* eap packet structure */
-typedef struct leap_packet_t {
+typedef struct leap_packet_raw_t {
/*
* EAP header, followed by type comes before this.
*/
uint8_t unused;
uint8_t count;
uint8_t challenge[1]; /* 8 or 24, followed by user name */
-} leap_packet_t;
+} leap_packet_raw_t;
/*
* Which is decoded into this.
unsigned char *challenge;
int name_len;
char *name;
-} LEAP_PACKET;
+} Leap_packet_t;
/*
* The information which must be kept around
/* function declarations here */
-LEAP_PACKET *eapleap_alloc(void);
-void eapleap_free(LEAP_PACKET **leap_packet_ptr);
+Leap_packet_t *eapleap_alloc(void);
+void eapleap_free(Leap_packet_t **leap_packet_ptr);
-int eapleap_compose(EAP_DS *auth, LEAP_PACKET *reply);
-LEAP_PACKET *eapleap_extract(EAP_DS *auth);
-LEAP_PACKET *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
-int eapleap_stage4(LEAP_PACKET *packet, VALUE_PAIR* password,
+int eapleap_compose(EAP_DS *auth, Leap_packet_t *reply);
+Leap_packet_t *eapleap_extract(EAP_DS *auth);
+Leap_packet_t *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name);
+int eapleap_stage4(Leap_packet_t *packet, VALUE_PAIR* password,
leap_session_t *session);
-LEAP_PACKET *eapleap_stage6(LEAP_PACKET *packet, REQUEST *request,
+Leap_packet_t *eapleap_stage6(Leap_packet_t *packet, REQUEST *request,
VALUE_PAIR *user_name, VALUE_PAIR* password,
leap_session_t *session,
VALUE_PAIR **reply_vps);
static int leap_initiate(UNUSED void *instance, EAP_HANDLER *handler)
{
leap_session_t *session;
- LEAP_PACKET *reply;
+ Leap_packet_t *reply;
DEBUG2(" rlm_eap_leap: Stage 2");
{
int rcode;
leap_session_t *session;
- LEAP_PACKET *packet;
- LEAP_PACKET *reply;
+ Leap_packet_t *packet;
+ Leap_packet_t *reply;
VALUE_PAIR *password;
if (!handler->opaque) {
static int eappeap_identity(EAP_HANDLER *handler, tls_session_t *tls_session)
{
- eap_packet_t eap_packet;
+ eap_packet_raw_t eap_packet;
eap_packet.code = PW_EAP_REQUEST;
eap_packet.id = handler->eap_ds->response->id + 1;
static int eapmessage_verify(REQUEST *request,
const uint8_t *data, unsigned int data_len)
{
- const eap_packet_t *eap_packet = (const eap_packet_t *) data;
+ const eap_packet_raw_t *eap_packet = (const eap_packet_raw_t *) data;
uint8_t eap_type;
char buffer[256];
case PW_EAP_MSCHAPV2:
default:
RDEBUG2("EAP type %s",
- eaptype_type2name(eap_type,
+ eap_type_data_type2name(eap_type,
buffer, sizeof(buffer)));
return 1;
break;
static int eappeap_check_tlv(REQUEST *request, const uint8_t *data,
size_t data_len)
{
- const eap_packet_t *eap_packet = (const eap_packet_t *) data;
+ const eap_packet_raw_t *eap_packet = (const eap_packet_raw_t *) data;
if (data_len < 11) return 0;
pwd_session_t *pwd_session;
pwd_hdr *hdr;
pwd_id_packet *id;
- EAP_PACKET *response;
+ eap_packet_t *response;
REQUEST *request, *fake;
VALUE_PAIR *pw, **outvps, *vp;
EAP_DS *eap_ds;
projects / thirdparty / freeradius-server.git / commitdiff
