/** * eap_mschapv2_process - Process an EAP-MSCHAPv2 request * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() * @priv: Pointer to private EAP method data from eap_mschapv2_init() * @ret: Return values from EAP request validation and processing * @reqData: EAP request to be processed (eapReqData) * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if * no reply available */ static struct wpabuf * eap_mschapv2_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const struct wpabuf *reqData) { struct eap_mschapv2_data *data = priv; struct eap_peer_config *config = eap_get_config(sm); const struct eap_mschapv2_hdr *ms; int using_prev_challenge = 0; const u8 *pos; size_t len; u8 id; if (eap_mschapv2_check_config(sm)) { ret->ignore = TRUE; return NULL; } if (config->mschapv2_retry && data->prev_challenge && data->prev_error == ERROR_AUTHENTICATION_FAILURE) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Replacing pending packet " "with the previous challenge"); reqData = data->prev_challenge; using_prev_challenge = 1; config->mschapv2_retry = 0; } pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqData, &len); if (pos == NULL || len < sizeof(*ms) + 1) { ret->ignore = TRUE; return NULL; } ms = (const struct eap_mschapv2_hdr *) pos; if (eap_mschapv2_check_mslen(sm, len, ms)) { ret->ignore = TRUE; return NULL; } id = eap_get_id(reqData); wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: RX identifier %d mschapv2_id %d", id, ms->mschapv2_id); switch (ms->op_code) { case MSCHAPV2_OP_CHALLENGE: if (!using_prev_challenge) eap_mschapv2_copy_challenge(data, reqData); return eap_mschapv2_challenge(sm, data, ret, ms, len, id); case MSCHAPV2_OP_SUCCESS: return eap_mschapv2_success(sm, data, ret, ms, len, id); case MSCHAPV2_OP_FAILURE: return eap_mschapv2_failure(sm, data, ret, ms, len, id); default: wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Unknown op %d - ignored", ms->op_code); ret->ignore = TRUE; return NULL; } }
static u8 * eap_mschapv2_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, const u8 *reqData, size_t reqDataLen, size_t *respDataLen) { struct eap_mschapv2_data *data = priv; struct wpa_ssid *config = eap_get_config(sm); const struct eap_mschapv2_hdr *req; int using_prev_challenge = 0; const u8 *pos; size_t ms_len, len; if (eap_get_config_identity(sm, &len) == NULL) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Identity not configured"); eap_sm_request_identity(sm); ret->ignore = TRUE; return NULL; } if (eap_get_config_password(sm, &len) == NULL) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured"); eap_sm_request_password(sm); ret->ignore = TRUE; return NULL; } if (config->mschapv2_retry && data->prev_challenge && data->prev_error == ERROR_AUTHENTICATION_FAILURE) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Replacing pending packet " "with the previous challenge"); reqData = data->prev_challenge; reqDataLen = data->prev_challenge_len; using_prev_challenge = 1; config->mschapv2_retry = 0; } pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, reqData, reqDataLen, &len); if (pos == NULL || len < 5) { ret->ignore = TRUE; return NULL; } req = (const struct eap_mschapv2_hdr *) reqData; len = be_to_host16(req->length); ms_len = WPA_GET_BE16(req->ms_length); if (ms_len != len - 5) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid header: len=%lu " "ms_len=%lu", (unsigned long) len, (unsigned long) ms_len); if (sm->workaround) { /* Some authentication servers use invalid ms_len, * ignore it for interoperability. */ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: workaround, ignore" " invalid ms_len"); } else { ret->ignore = TRUE; return NULL; } } wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: RX identifier %d mschapv2_id %d", req->identifier, req->mschapv2_id); switch (req->op_code) { case MSCHAPV2_OP_CHALLENGE: if (!using_prev_challenge) { free(data->prev_challenge); data->prev_challenge = malloc(len); if (data->prev_challenge) { data->prev_challenge_len = len; memcpy(data->prev_challenge, reqData, len); } } return eap_mschapv2_challenge(sm, data, ret, req, respDataLen); case MSCHAPV2_OP_SUCCESS: return eap_mschapv2_success(sm, data, ret, req, respDataLen); case MSCHAPV2_OP_FAILURE: return eap_mschapv2_failure(sm, data, ret, req, respDataLen); default: wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Unknown op %d - ignored", req->op_code); ret->ignore = TRUE; return NULL; } }
static u8 * eap_mschapv2_process(struct eap_sm *sm, void *priv, struct eap_method_ret *ret, u8 *reqData, size_t reqDataLen, size_t *respDataLen) { struct eap_mschapv2_data *data = priv; struct wpa_ssid *config = eap_get_config(sm); struct eap_mschapv2_hdr *req; int ms_len, len; if (config == NULL || config->identity == NULL) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Identity not configured"); eap_sm_request_identity(sm, config); ret->ignore = TRUE; return NULL; } if (config->password == NULL) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Password not configured"); eap_sm_request_password(sm, config); ret->ignore = TRUE; return NULL; } req = (struct eap_mschapv2_hdr *) reqData; len = be_to_host16(req->length); if (len < sizeof(*req) + 2 || req->type != EAP_TYPE_MSCHAPV2) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid frame"); ret->ignore = TRUE; return NULL; } ms_len = ((int) req->ms_length[0] << 8) | req->ms_length[1]; if (ms_len != len - 5) { wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Invalid header: len=%d " "ms_len=%d", len, ms_len); if (sm->workaround) { /* Some authentication servers use invalid ms_len, * ignore it for interoperability. */ wpa_printf(MSG_INFO, "EAP-MSCHAPV2: workaround, ignore" " invalid ms_len"); } else { ret->ignore = TRUE; return NULL; } } switch (req->op_code) { case MSCHAPV2_OP_CHALLENGE: return eap_mschapv2_challenge(sm, data, ret, req, respDataLen); case MSCHAPV2_OP_SUCCESS: return eap_mschapv2_success(sm, data, ret, req, respDataLen); case MSCHAPV2_OP_FAILURE: return eap_mschapv2_failure(sm, data, ret, req, respDataLen); default: wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Unknown op %d - ignored", req->op_code); ret->ignore = TRUE; return NULL; } }