← Back to branch summary

~ubuntu-branches/ubuntu/hardy/freeradius/hardy-proposed

« back to all changes in this revision

Viewing changes to src/modules/rlm_eap/types/rlm_eap_peap/peap.c

  • Committer: Bazaar Package Importer
  • Author(s): Mark Hymers
  • Date: 2006-12-16 20:45:11 UTC
  • mfrom: (3.1.10 feisty)
  • Revision ID: james.westby@ubuntu.com-20061216204511-3pbbsu4s8jtehsor
Tags: 1.1.3-3
http://bugs.debian.org/403384
Fix POSIX compliance problem in init script.  Closes: #403384. 

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/modules/rlm_eap/types/rlm_eap_peap/peap.c
1
1
/*
2
2
 * peap.c  contains the interfaces that are called from eap
3
3
 *
4
 
 * Version:     $Id: peap.c,v 1.11 2004/03/12 18:23:14 aland Exp $
 
4
 * Version:     $Id: peap.c,v 1.11.4.2 2006/02/06 16:23:55 nbk Exp $
5
5
 *
6
6
 *   This program is free software; you can redistribute it and/or modify
7
7
 *   it under the terms of the GNU General Public License as published by
19
19
 *
20
20
 *   Copyright 2003 Alan DeKok <aland@freeradius.org>
21
21
 */
22
 
#include "eap_tls.h"
23
22
#include "eap_peap.h"
24
23
 
25
24
/*
45
44
        tlv_packet[9] = 0;
46
45
        tlv_packet[10] = EAP_TLV_FAILURE;
47
46
 
48
 
        record_plus(&tls_session->clean_in, tlv_packet, 11);
 
47
        (tls_session->record_plus)(&tls_session->clean_in, tlv_packet, 11);
49
48
 
50
49
        /*
51
50
         *      FIXME: Check the return code.
52
51
         */
53
52
        tls_handshake_send(tls_session);
54
 
        record_init(&tls_session->clean_in);
55
 
 
 
53
        
56
54
        return 1;
57
55
}
58
56
 
80
78
        tlv_packet[9] = 0;
81
79
        tlv_packet[10] = EAP_TLV_SUCCESS;
82
80
 
83
 
        record_plus(&tls_session->clean_in, tlv_packet, 11);
 
81
        (tls_session->record_plus)(&tls_session->clean_in, tlv_packet, 11);
84
82
 
85
83
        /*
86
84
         *      FIXME: Check the return code.
87
85
         */
88
86
        tls_handshake_send(tls_session);
89
 
        record_init(&tls_session->clean_in);
90
87
 
91
88
        return 1;
92
89
}
216
213
         *      Send the EAP data, WITHOUT the header.
217
214
         */
218
215
#if 1
219
 
        record_plus(&tls_session->clean_in, vp->strvalue + EAP_HEADER_LEN,
 
216
        (tls_session->record_plus)(&tls_session->clean_in, vp->strvalue + EAP_HEADER_LEN,
220
217
                vp->length - EAP_HEADER_LEN);
221
218
#else
222
 
        record_plus(&tls_session->clean_in, vp->strvalue, vp->length);
 
219
        (tls_session->record_plus)(&tls_session->clean_in, vp->strvalue, vp->length);
223
220
#endif
224
221
        tls_handshake_send(tls_session);
225
 
        record_init(&tls_session->clean_in);
226
222
 
227
223
        return 1;
228
224
}
258
254
 *      Use a reply packet to determine what to do.
259
255
 */
260
256
static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session,
261
 
                         REQUEST *request, RADIUS_PACKET *reply)
 
257
                         UNUSED REQUEST *request, RADIUS_PACKET *reply)
262
258
{
263
259
        int rcode = RLM_MODULE_REJECT;
264
260
        VALUE_PAIR *vp;
290
286
                 *      tunneled user!
291
287
                 */
292
288
                if (t->use_tunneled_reply) {
 
289
                        DEBUG2("  Saving tunneled attributes for later");
 
290
 
293
291
                        /*
294
292
                         *      Clean up the tunneled reply.
295
293
                         */
296
294
                        pairdelete(&reply->vps, PW_PROXY_STATE);
297
295
                        pairdelete(&reply->vps, PW_EAP_MESSAGE);
 
296
                        pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR);
298
297
 
299
 
                        pairadd(&request->reply->vps, reply->vps);
 
298
                        t->accept_vps = reply->vps;
300
299
                        reply->vps = NULL;
301
300
                }
302
301
                break;
328
327
                pairmove2(&vp, &(reply->vps), PW_EAP_MESSAGE);
329
328
 
330
329
                /*
 
330
                 *      Handle EAP-MSCHAP-V2, where Access-Accept's
 
331
                 *      from the home server may contain MS-CHAP-Success,
 
332
                 *      which the module turns into challenges, so that
 
333
                 *      the client may respond to the challenge with
 
334
                 *      an "ack" packet.
 
335
                 */
 
336
                if (t->home_access_accept && t->use_tunneled_reply) {
 
337
                        DEBUG2("  Saving tunneled attributes for later");
 
338
 
 
339
                        /*
 
340
                         *      Clean up the tunneled reply.
 
341
                         */
 
342
                        pairdelete(&reply->vps, PW_PROXY_STATE);
 
343
                        pairdelete(&reply->vps, PW_MESSAGE_AUTHENTICATOR);
 
344
                        
 
345
                        t->accept_vps = reply->vps;
 
346
                        reply->vps = NULL;
 
347
                }
 
348
 
 
349
                /*
331
350
                 *      Handle the ACK, by tunneling any necessary reply
332
351
                 *      VP's back to the client.
333
352
                 */
374
393
        if (fake && (handler->request->proxy_reply->code == PW_AUTHENTICATION_ACK)) {
375
394
                VALUE_PAIR *vp;
376
395
                REQUEST *request = handler->request;
 
396
                peap_tunnel_t *t = tls_session->opaque;
 
397
 
 
398
                t->home_access_accept = TRUE;
377
399
 
378
400
                /*
379
401
                 *      Terrible hacks.
393
415
                fake->options &= ~RAD_REQUEST_OPTION_PROXY_EAP;
394
416
                DEBUG2("  PEAP: Passing reply back for EAP-MS-CHAP-V2 %p %d",
395
417
                       fake, fake->reply->code);
396
 
                rcode = module_post_proxy(fake);
 
418
                rcode = module_post_proxy(0, fake);
397
419
 
398
420
                /*
399
421
                 *      FIXME: If rcode returns fail, do something
525
547
         *
526
548
         *      I *really* don't like these 'record_t' things...
527
549
         */
528
 
        data_len = record_minus(&tls_session->dirty_in, buffer, sizeof(buffer));
 
550
        data_len = (tls_session->record_minus)(&tls_session->dirty_in, buffer, sizeof(buffer));
529
551
        data = buffer;
530
552
 
531
553
        /*
540
562
         *      go there, too...
541
563
         */
542
564
        BIO_write(tls_session->into_ssl, buffer, data_len);
543
 
        record_init(&tls_session->clean_out);
 
565
        (tls_session->record_init)(&tls_session->clean_out);
544
566
 
545
567
        /*
546
568
         *      Read (and decrypt) the tunneled data from the SSL session,
604
626
                return RLM_MODULE_REJECT;
605
627
 
606
628
        } else if (t->status == PEAP_STATUS_SENT_TLV_FAILURE) {
607
 
                DEBUG2("  rlm_eap_peap:  Had sent TLV failure, rejecting.");
 
629
                DEBUG2("  rlm_eap_peap:  Had sent TLV failure.  User was rejcted rejected earlier in this session.");
608
630
                return RLM_MODULE_REJECT;
609
631
        }
610
632