← Back to branch summary

~ubuntu-branches/ubuntu/lucid/wpasupplicant/lucid

« back to all changes in this revision

Viewing changes to src/eap_server/eap.c

  • Committer: Bazaar Package Importer
  • Author(s): Kel Modderman
  • Date: 2009-05-16 03:47:08 UTC
  • mfrom: (4.1.5 karmic)
  • Revision ID: james.westby@ubuntu.com-20090516034708-pkqje2dgvhj6tb2i
Tags: 0.6.9-3
http://bugs.debian.org/528639
Drop debian/patches/12_syslog_supplement.patch. It adds code which
attempts to prettify output but doesn't handle large output well.
(Closes: #528639)

Show diffs side-by-side

added added

removed removed

Lines of Context:
src/eap_server/eap.c
573
573
        }
574
574
 
575
575
        sm->eap_if.eapSuccess = TRUE;
 
576
 
 
577
        /*
 
578
         * Start reauthentication with identity request even though we know the
 
579
         * previously used identity. This is needed to get reauthentication
 
580
         * started properly.
 
581
         */
 
582
        sm->start_reauth = TRUE;
576
583
}
577
584
 
578
585
 
792
799
                                   int eapSRTT, int eapRTTVAR,
793
800
                                   int methodTimeout)
794
801
{
795
 
        /* For now, retransmission is done in EAPOL state machines, so make
796
 
         * sure EAP state machine does not end up trying to retransmit packets.
797
 
         */
798
 
        return 1;
 
802
        int rto, i;
 
803
 
 
804
        if (methodTimeout) {
 
805
                /*
 
806
                 * EAP method (either internal or through AAA server, provided
 
807
                 * timeout hint. Use that as-is as a timeout for retransmitting
 
808
                 * the EAP request if no response is received.
 
809
                 */
 
810
                wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
 
811
                           "(from EAP method hint)", methodTimeout);
 
812
                return methodTimeout;
 
813
        }
 
814
 
 
815
        /*
 
816
         * RFC 3748 recommends algorithms described in RFC 2988 for estimation
 
817
         * of the retransmission timeout. This should be implemented once
 
818
         * round-trip time measurements are available. For nowm a simple
 
819
         * backoff mechanism is used instead if there are no EAP method
 
820
         * specific hints.
 
821
         *
 
822
         * SRTT = smoothed round-trip time
 
823
         * RTTVAR = round-trip time variation
 
824
         * RTO = retransmission timeout
 
825
         */
 
826
 
 
827
        /*
 
828
         * RFC 2988, 2.1: before RTT measurement, set RTO to 3 seconds for
 
829
         * initial retransmission and then double the RTO to provide back off
 
830
         * per 5.5. Limit the maximum RTO to 20 seconds per RFC 3748, 4.3
 
831
         * modified RTOmax.
 
832
         */
 
833
        rto = 3;
 
834
        for (i = 0; i < retransCount; i++) {
 
835
                rto *= 2;
 
836
                if (rto >= 20) {
 
837
                        rto = 20;
 
838
                        break;
 
839
                }
 
840
        }
 
841
 
 
842
        wpa_printf(MSG_DEBUG, "EAP: retransmit timeout %d seconds "
 
843
                   "(from dynamic back off; retransCount=%d)",
 
844
                   rto, retransCount);
 
845
 
 
846
        return rto;
799
847
}
800
848
 
801
849
 
1029
1077
 
1030
1078
static int eap_sm_Policy_getDecision(struct eap_sm *sm)
1031
1079
{
1032
 
        if (!sm->eap_server && sm->identity) {
 
1080
        if (!sm->eap_server && sm->identity && !sm->start_reauth) {
1033
1081
                wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
1034
1082
                return DECISION_PASSTHROUGH;
1035
1083
        }
1050
1098
                return DECISION_FAILURE;
1051
1099
        }
1052
1100
 
1053
 
        if ((sm->user == NULL || sm->update_user) && sm->identity) {
 
1101
        if ((sm->user == NULL || sm->update_user) && sm->identity &&
 
1102
            !sm->start_reauth) {
 
1103
                /*
 
1104
                 * Allow Identity method to be started once to allow identity
 
1105
                 * selection hint to be sent from the authentication server,
 
1106
                 * but prevent a loop of Identity requests by only allowing
 
1107
                 * this to happen once.
 
1108
                 */
 
1109
                int id_req = 0;
 
1110
                if (sm->user && sm->currentMethod == EAP_TYPE_IDENTITY &&
 
1111
                    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
 
1112
                    sm->user->methods[0].method == EAP_TYPE_IDENTITY)
 
1113
                        id_req = 1;
1054
1114
                if (eap_user_get(sm, sm->identity, sm->identity_len, 0) != 0) {
1055
1115
                        wpa_printf(MSG_DEBUG, "EAP: getDecision: user not "
1056
1116
                                   "found from database -> FAILURE");
1057
1117
                        return DECISION_FAILURE;
1058
1118
                }
 
1119
                if (id_req && sm->user &&
 
1120
                    sm->user->methods[0].vendor == EAP_VENDOR_IETF &&
 
1121
                    sm->user->methods[0].method == EAP_TYPE_IDENTITY) {
 
1122
                        wpa_printf(MSG_DEBUG, "EAP: getDecision: stop "
 
1123
                                   "identity request loop -> FAILURE");
 
1124
                        sm->update_user = TRUE;
 
1125
                        return DECISION_FAILURE;
 
1126
                }
1059
1127
                sm->update_user = FALSE;
1060
1128
        }
 
1129
        sm->start_reauth = FALSE;
1061
1130
 
1062
1131
        if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
1063
1132
            (sm->user->methods[sm->user_eap_method_index].vendor !=
1139
1208
                return NULL;
1140
1209
        sm->eapol_ctx = eapol_ctx;
1141
1210
        sm->eapol_cb = eapol_cb;
1142
 
        sm->MaxRetrans = 10;
 
1211
        sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
1143
1212
        sm->ssl_ctx = conf->ssl_ctx;
1144
1213
        sm->eap_sim_db_priv = conf->eap_sim_db_priv;
1145
1214
        sm->backend_auth = conf->backend_auth;
1151
1220
                                  conf->pac_opaque_encr_key, 16);
1152
1221
                }
1153
1222
        }
1154
 
        if (conf->eap_fast_a_id)
1155
 
                sm->eap_fast_a_id = os_strdup(conf->eap_fast_a_id);
 
1223
        if (conf->eap_fast_a_id) {
 
1224
                sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
 
1225
                if (sm->eap_fast_a_id) {
 
1226
                        os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
 
1227
                                  conf->eap_fast_a_id_len);
 
1228
                        sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
 
1229
                }
 
1230
        }
 
1231
        if (conf->eap_fast_a_id_info)
 
1232
                sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
 
1233
        sm->eap_fast_prov = conf->eap_fast_prov;
 
1234
        sm->pac_key_lifetime = conf->pac_key_lifetime;
 
1235
        sm->pac_key_refresh_time = conf->pac_key_refresh_time;
1156
1236
        sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
1157
1237
        sm->tnc = conf->tnc;
 
1238
        sm->wps = conf->wps;
 
1239
        if (conf->assoc_wps_ie)
 
1240
                sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
1158
1241
 
1159
1242
        wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
1160
1243
 
1183
1266
        os_free(sm->identity);
1184
1267
        os_free(sm->pac_opaque_encr_key);
1185
1268
        os_free(sm->eap_fast_a_id);
 
1269
        os_free(sm->eap_fast_a_id_info);
1186
1270
        wpabuf_free(sm->eap_if.aaaEapReqData);
1187
1271
        wpabuf_free(sm->eap_if.aaaEapRespData);
1188
1272
        os_free(sm->eap_if.aaaEapKeyData);
1189
1273
        eap_user_free(sm->user);
 
1274
        wpabuf_free(sm->assoc_wps_ie);
1190
1275
        os_free(sm);
1191
1276
}
1192
1277