/** * eap_mschapv2_process - Process an EAP-MSCHAPv2 success message * @sm: Pointer to EAP state machine allocated with eap_peer_sm_init() * @data: Pointer to private EAP method data from eap_mschapv2_init() * @ret: Return values from EAP request validation and processing * @req: Pointer to EAP-MSCHAPv2 header from the request * @req_len: Length of the EAP-MSCHAPv2 data * @id: EAP identifier used in th erequest * Returns: Pointer to allocated EAP response packet (eapRespData) or %NULL if * no reply available */ static struct wpabuf * eap_mschapv2_success(struct eap_sm *sm, struct eap_mschapv2_data *data, struct eap_method_ret *ret, const struct eap_mschapv2_hdr *req, size_t req_len, u8 id) { struct wpabuf *resp; const u8 *pos; size_t len; wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Received success"); len = req_len - sizeof(*req); pos = (const u8 *) (req + 1); /*if (!data->auth_response_valid || mschapv2_verify_auth_response(data->auth_response, pos, len)) { wpa_printf(MSG_WARNING, "EAP-MSCHAPV2: Invalid authenticator " "response in success request"); ret->methodState = METHOD_DONE; ret->decision = DECISION_FAIL; return NULL; }*/ // Skip this check :). pos += 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN; len -= 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN; while (len > 0 && *pos == ' ') { pos++; len--; } wpa_hexdump_ascii(MSG_DEBUG, "EAP-MSCHAPV2: Success message", pos, len); wpa_printf(MSG_INFO, "EAP-MSCHAPV2: Authentication succeeded"); /* Note: Only op_code of the EAP-MSCHAPV2 header is included in success * message. */ resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, 1, EAP_CODE_RESPONSE, id); if (resp == NULL) { wpa_printf(MSG_DEBUG, "EAP-MSCHAPV2: Failed to allocate " "buffer for success response"); ret->ignore = TRUE; return NULL; } wpabuf_put_u8(resp, MSCHAPV2_OP_SUCCESS); /* op_code */ ret->methodState = METHOD_DONE; ret->decision = DECISION_UNCOND_SUCC; ret->allowNotifications = FALSE; data->success = 1; if (data->prev_error == ERROR_PASSWD_EXPIRED) eap_mschapv2_password_changed(sm, data); return resp; }
static struct wpabuf * eap_mschapv2_success(struct eap_sm *sm, struct eap_mschapv2_data *data, struct eap_method_ret *ret, const struct eap_mschapv2_hdr *req, size_t req_len, u8 id) { struct wpabuf *resp; const u8 *pos; size_t len; len = req_len - sizeof(*req); pos = (const u8 *)(req + 1); if (!data->auth_response_valid || mschapv2_verify_auth_response(data->auth_response, pos, len)) { ret->methodState = METHOD_NONE; ret->decision = DECISION_FAIL; return NULL; } pos += 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN; len -= 2 + 2 * MSCHAPV2_AUTH_RESPONSE_LEN; while (len > 0 && *pos == ' ') { pos++; len--; } resp = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, 1, EAP_CODE_RESPONSE, id); if (resp == NULL) { ret->ignore = true; return NULL; } wpabuf_put_u8(resp, MSCHAPV2_OP_SUCCESS); ret->methodState = METHOD_DONE; ret->decision = DECISION_UNCOND_SUCC; ret->allowNotifications = false; data->success = 1; if (data->prev_error == ERROR_PASSWD_EXPIRED) eap_mschapv2_password_changed(sm, data); return resp; }