Remove redundant 'EAP' now were using dictionary values for module names

Add some duplicate dictionary values

More validation of EAP types

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 47381e7aead6fe3be8e9a7bf434bdecf8648f4a3..21e0341a59270496fc3cd4bfcc7545dd47fdc4cb 100644 (file)
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -661,13 +661,14 @@ VALUE     EAP-Type                        Identity                1
 VALUE  EAP-Type                        Notification            2
 VALUE  EAP-Type                        NAK                     3
 VALUE  EAP-Type                        MD5-Challenge           4
+VALUE  EAP-Type                        MD5                     4
 VALUE  EAP-Type                        One-Time-Password       5
 VALUE  EAP-Type                        Generic-Token-Card      6
 VALUE  EAP-Type                        RSA-Public-Key          9
 VALUE  EAP-Type                        DSS-Unilateral          10
 VALUE  EAP-Type                        KEA                     11
 VALUE  EAP-Type                        KEA-Validate            12
-VALUE  EAP-Type                        EAP-TLS                 13
+VALUE  EAP-Type                        TLS                     13
 VALUE  EAP-Type                        Defender-Token          14
 VALUE  EAP-Type                        RSA-SecurID-EAP         15
 VALUE  EAP-Type                        Arcot-Systems-EAP       16
@@ -676,51 +677,45 @@ VALUE     EAP-Type                        Nokia-IP-Smart-Card     18
 VALUE  EAP-Type                        SIM                     18
 VALUE  EAP-Type                        SRP-SHA1                19
 # 20 is unassigned
-VALUE  EAP-Type                        EAP-TTLS                21
+VALUE  EAP-Type                        TTLS                    21
 VALUE  EAP-Type                        Remote-Access-Service   22
 VALUE  EAP-Type                        AKA                     23
-VALUE  EAP-Type                        EAP-3Com-Wireless       24
+VALUE  EAP-Type                        3Com-Wireless           24
 VALUE  EAP-Type                        PEAP                    25
-VALUE  EAP-Type                        MS-EAP-Authentication   26
+VALUE  EAP-Type                        Microsoft-MS-CHAPv2     26
 VALUE  EAP-Type                        MAKE                    27
 VALUE  EAP-Type                        CRYPTOCard              28
-VALUE  EAP-Type                        EAP-MSCHAP-V2           29
+VALUE  EAP-Type                        Cisco-MS-CHAPv2         29
 VALUE  EAP-Type                        DynamID                 30
 VALUE  EAP-Type                        Rob-EAP                 31
 VALUE  EAP-Type                        SecurID-EAP             32
 VALUE  EAP-Type                        MS-Authentication-TLV   33
 VALUE  EAP-Type                        SentriNET               34
-VALUE  EAP-Type                        EAP-Actiontec-Wireless  35
+VALUE  EAP-Type                        Actiontec-Wireless      35
 VALUE  EAP-Type                        Cogent-Biomentric-EAP   36
 VALUE  EAP-Type                        AirFortress-EAP         37
-VALUE  EAP-Type                        EAP-HTTP-Digest         38
+VALUE  EAP-Type                        HTTP-Digest             38
+VALUE  EAP-Type                        TNC                     38
 VALUE  EAP-Type                        SecuriSuite-EAP         39
 VALUE  EAP-Type                        DeviceConnect-EAP       40
-VALUE  EAP-Type                        EAP-SPEKE               41
-VALUE  EAP-Type                        EAP-MOBAC               42
-VALUE  EAP-Type                        EAP-FAST                43
+VALUE  EAP-Type                        SPEKE                   41
+VALUE  EAP-Type                        MOBAC                   42
+VALUE  EAP-Type                        FAST                    43
 VALUE  EAP-Type                        Zonelabs                44
-VALUE  EAP-Type                        EAP-Link                45
-VALUE  EAP-Type                        EAP-PAX                 46
-VALUE  EAP-Type                        EAP-PSK                 47
-VALUE  EAP-Type                        EAP-SAKE                48
-VALUE  EAP-Type                        EAP-IKEv2               49
-VALUE  EAP-Type                        EAP-AKA2                50
-VALUE  EAP-Type                        EAP-GPSK                51
-VALUE  EAP-Type                        EAP-PWD                 52
-VALUE  EAP-Type                        EAP-EVEv1               53
-
-#
-#      These are duplicate values, to get around the problem of
-#      having two MS-CHAPv2 EAP types.
-#
-VALUE  EAP-Type                        Microsoft-MS-CHAPv2     26
-VALUE  EAP-Type                        Cisco-MS-CHAPv2         29
+VALUE  EAP-Type                        Link                    45
+VALUE  EAP-Type                        PAX                     46
+VALUE  EAP-Type                        PSK                     47
+VALUE  EAP-Type                        SAKE                    48
+VALUE  EAP-Type                        IKEv2                   49
+VALUE  EAP-Type                        AKA2                    50
+VALUE  EAP-Type                        GPSK                    51
+VALUE  EAP-Type                        PWD                     52
+VALUE  EAP-Type                        EVEv1                   53
 
 #
 #      And this is what most people mean by MS-CHAPv2
 #
-VALUE  EAP-Type                        MS-CHAP-V2              26
+VALUE  EAP-Type                        MSCHAPv2                26
 
 #
 #      This says TLS, but it's only valid for TTLS & PEAP.

diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c
index 0e5d204a17394014d886c588b4119dc6d855c8a1..24adf1c01a52cd8ab7cbe5b2c80a9f77df86286c 100644 (file)
--- a/src/modules/rlm_eap/libeap/eapcommon.c
+++ b/src/modules/rlm_eap/libeap/eapcommon.c
@@ -76,7 +76,12 @@ const FR_NAME_NUMBER eap_rcode_table[] = {
 };
 
 /** Return an EAP-Type for a particular name
- *     .
+ *
+ * Converts a name into an IANA EAP type.
+ *
+ * @param name to convert.
+ * @return The IANA EAP type or PW_EAP_INVALID if the name doesn't match any
+ * known types.
  */
 eap_type_t eap_name2type(const char *name)
 {
@@ -87,11 +92,12 @@ eap_type_t eap_name2type(const char *name)
                return dv->value;
        }
        
-       return -1;
+       return PW_EAP_INVALID;
 }
 
 /** Return an EAP-name for a particular type
- *     .
+ *
+ * Resolve
  */
 const char *eap_type2name(eap_type_t method)
 {

diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c
index b821aa47c6f29b429f80deefae14195797eb922e..eef6b85254cd9d30f073b13b604bd6d5231d7714 100644 (file)
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -161,6 +161,15 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance)
                        
                        return -1;
                }
+               
+               if ((method < PW_EAP_MD5) (method > PW_EAP_MAX_TYPES)) {
+                       radlog(L_ERR, "rlm_eap: EAP method %s outside of "
+                              "valid range", name);
+
+                       eap_detach(inst);
+                       
+                       return -1;
+               } 
 
 #ifndef HAVE_OPENSSL_SSL_H
                /*