← Back to branch summary

~ubuntu-branches/ubuntu/jaunty/freeradius/jaunty-updates

« back to all changes in this revision

Viewing changes to src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c

  • Committer: Bazaar Package Importer
  • Author(s): Chuck Short
  • Date: 2008-09-22 08:42:02 UTC
  • mfrom: (1.1.12 upstream)
  • Revision ID: james.westby@ubuntu.com-20080922084202-eyjprg3z55481ha5
Tags: 2.1.0+dfsg-0ubuntu1
https://launchpad.net/bugs/261809
* New upstream release.
* Fixes FTBFS issue with new libtool.
* Fixes listen on random port. (LP: #261809)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c
1
1
/*
2
2
 * rlm_eap_peap.c  contains the interfaces that are called from eap
3
3
 *
4
 
 * Version:     $Id: rlm_eap_peap.c,v 1.18 2007/11/27 15:05:25 aland Exp $
 
4
 * Version:     $Id$
5
5
 *
6
6
 *   This program is free software; you can redistribute it and/or modify
7
7
 *   it under the terms of the GNU General Public License as published by
22
22
 */
23
23
 
24
24
#include <freeradius-devel/ident.h>
25
 
RCSID("$Id: rlm_eap_peap.c,v 1.18 2007/11/27 15:05:25 aland Exp $")
 
25
RCSID("$Id$")
26
26
 
27
27
#include <freeradius-devel/autoconf.h>
28
28
#include "eap_peap.h"
162
162
        t->use_tunneled_reply = inst->use_tunneled_reply;
163
163
        t->proxy_tunneled_request_as_eap = inst->proxy_tunneled_request_as_eap;
164
164
        t->virtual_server = inst->virtual_server;
 
165
        t->session_resumption_state = PEAP_RESUMPTION_MAYBE;
165
166
 
166
167
        return t;
167
168
}
175
176
        eaptls_status_t status;
176
177
        rlm_eap_peap_t *inst = (rlm_eap_peap_t *) arg;
177
178
        tls_session_t *tls_session = (tls_session_t *) handler->opaque;
178
 
        peap_tunnel_t *peap = NULL;
 
179
        peap_tunnel_t *peap = tls_session->opaque;
 
180
        REQUEST *request = handler->request;
179
181
 
180
 
        DEBUG2("  rlm_eap_peap: Authenticate");
 
182
        /*
 
183
         *      Session resumption requires the storage of data, so
 
184
         *      allocate it if it doesn't already exist.
 
185
         */
 
186
        if (!tls_session->opaque) {
 
187
                peap = tls_session->opaque = peap_alloc(inst);
 
188
                tls_session->free_opaque = peap_free;
 
189
        }
181
190
 
182
191
        status = eaptls_process(handler);
183
 
        DEBUG2("  eaptls_process returned %d\n", status);
 
192
        RDEBUG2("eaptls_process returned %d\n", status);
184
193
        switch (status) {
185
194
                /*
186
195
                 *      EAP-TLS handshake was successful, tell the
190
199
                 *      an EAP-TLS-Success packet here.
191
200
                 */
192
201
        case EAPTLS_SUCCESS:
193
 
                {
 
202
                if (SSL_session_reused(tls_session->ssl)) {
 
203
                        uint8_t tlv_packet[11];
 
204
                        
 
205
                        RDEBUG2("Skipping Phase2 because of session resumption.");
 
206
                        peap->session_resumption_state = PEAP_RESUMPTION_YES;
 
207
                        
 
208
                        tlv_packet[0] = PW_EAP_REQUEST;
 
209
                        tlv_packet[1] = handler->eap_ds->response->id +1;
 
210
                        tlv_packet[2] = 0;
 
211
                        tlv_packet[3] = 11;     /* length of this packet */
 
212
                        tlv_packet[4] = PW_EAP_TLV;
 
213
                        tlv_packet[5] = 0x80;
 
214
                        tlv_packet[6] = EAP_TLV_ACK_RESULT;
 
215
                        tlv_packet[7] = 0;
 
216
                        tlv_packet[8] = 2;      /* length of the data portion */
 
217
                        tlv_packet[9] = 0;
 
218
                        tlv_packet[10] = EAP_TLV_SUCCESS;
 
219
                        
 
220
                        peap->status = PEAP_STATUS_SENT_TLV_SUCCESS;
 
221
 
 
222
                        (tls_session->record_plus)(&tls_session->clean_in, tlv_packet, 11);
 
223
                        tls_handshake_send(tls_session);
 
224
                        (tls_session->record_init)(&tls_session->clean_in);
 
225
 
 
226
                } else {
194
227
                        eap_packet_t eap_packet;
195
228
 
196
229
                        eap_packet.code = PW_EAP_REQUEST;
205
238
                        tls_handshake_send(tls_session);
206
239
                        (tls_session->record_init)(&tls_session->clean_in);
207
240
                }
 
241
 
208
242
                eaptls_request(handler->eap_ds, tls_session);
209
 
                DEBUG2("  rlm_eap_peap: EAPTLS_SUCCESS");
 
243
                RDEBUG2("EAPTLS_SUCCESS");
210
244
                return 1;
211
245
 
212
246
                /*
220
254
           *    and EAP id from the inner tunnel, and update it with
221
255
           *    the expected EAP id!
222
256
           */
223
 
                DEBUG2("  rlm_eap_peap: EAPTLS_HANDLED");
 
257
                RDEBUG2("EAPTLS_HANDLED");
224
258
                return 1;
225
259
 
226
260
                /*
228
262
                 *      data.
229
263
                 */
230
264
        case EAPTLS_OK:
231
 
                DEBUG2("  rlm_eap_peap: EAPTLS_OK");
 
265
                RDEBUG2("EAPTLS_OK");
232
266
                break;
233
267
 
234
268
                /*
235
269
                 *      Anything else: fail.
236
270
                 */
237
271
        default:
238
 
                DEBUG2("  rlm_eap_peap: EAPTLS_OTHERS");
 
272
                RDEBUG2("EAPTLS_OTHERS");
239
273
                return 0;
240
274
        }
241
275
 
243
277
         *      Session is established, proceed with decoding
244
278
         *      tunneled data.
245
279
         */
246
 
        DEBUG2("  rlm_eap_peap: Session established.  Decoding tunneled attributes.");
 
280
        RDEBUG2("Session established.  Decoding tunneled attributes.");
247
281
 
248
282
        /*
249
283
         *      We may need PEAP data associated with the session, so
260
294
        rcode = eappeap_process(handler, tls_session);
261
295
        switch (rcode) {
262
296
        case RLM_MODULE_REJECT:
263
 
                eaptls_fail(handler->eap_ds, 0);
 
297
                eaptls_fail(handler, 0);
264
298
                return 0;
265
299
 
266
300
        case RLM_MODULE_HANDLED:
268
302
                return 1;
269
303
 
270
304
        case RLM_MODULE_OK:
271
 
                eaptls_success(handler->eap_ds, 0);
272
 
 
273
305
                /*
274
306
                 *      Move the saved VP's from the Access-Accept to
275
307
                 *      our Access-Accept.
276
308
                 */
277
309
                peap = tls_session->opaque;
278
310
                if (peap->accept_vps) {
279
 
                        DEBUG2("  Using saved attributes from the original Access-Accept");
 
311
                        RDEBUG2("Using saved attributes from the original Access-Accept");
 
312
                        pairmove(&handler->request->reply->vps, &peap->accept_vps);
 
313
                        pairfree(&peap->accept_vps);
280
314
                }
281
 
                pairmove(&handler->request->reply->vps, &peap->accept_vps);
282
 
                pairfree(&peap->accept_vps);
283
 
 
284
 
                eaptls_gen_mppe_keys(&handler->request->reply->vps,
285
 
                                     tls_session->ssl,
286
 
                                     "client EAP encryption");
287
 
 
288
 
                return 1;
 
315
 
 
316
                /*
 
317
                 *      Success: Automatically return MPPE keys.
 
318
                 */
 
319
                return eaptls_success(handler, 0);
289
320
 
290
321
                /*
291
322
                 *      No response packet, MUST be proxying it.
302
333
                break;
303
334
        }
304
335
 
305
 
        eaptls_fail(handler->eap_ds, 0);
 
336
        eaptls_fail(handler, 0);
306
337
        return 0;
307
338
}
308
339