/* * Authenticate a previously sent challenge. */ static int mod_process(UNUSED void *arg, eap_handler_t *handler) { MD5_PACKET *packet; MD5_PACKET *reply; VALUE_PAIR *password; REQUEST *request = handler->request; /* * Get the Cleartext-Password for this user. */ rad_assert(handler->request != NULL); rad_assert(handler->stage == PROCESS); password = fr_pair_find_by_num(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); if (!password) { REDEBUG2("Cleartext-Password is required for EAP-MD5 authentication"); return 0; } /* * Extract the EAP-MD5 packet. */ if (!(packet = eapmd5_extract(handler->eap_ds))) return 0; /* * Create a reply, and initialize it. */ reply = talloc(packet, MD5_PACKET); if (!reply) { talloc_free(packet); return 0; } reply->id = handler->eap_ds->request->id; reply->length = 0; /* * Verify the received packet against the previous packet * (i.e. challenge) which we sent out. */ if (eapmd5_verify(packet, password, handler->opaque)) { reply->code = PW_MD5_SUCCESS; } else { reply->code = PW_MD5_FAILURE; } /* * Compose the EAP-MD5 packet out of the data structure, * and free it. */ eapmd5_compose(handler->eap_ds, reply); talloc_free(packet); return 1; }
/* * Authenticate a previously sent challenge. */ static int md5_authenticate(UNUSED void *arg, EAP_HANDLER *handler) { MD5_PACKET *packet; MD5_PACKET *reply; VALUE_PAIR *password; /* * Get the Cleartext-Password for this user. */ rad_assert(handler->request != NULL); rad_assert(handler->stage == AUTHENTICATE); password = pairfind(handler->request->config_items, PW_CLEARTEXT_PASSWORD); if (password == NULL) { DEBUG2("rlm_eap_md5: Cleartext-Password is required for EAP-MD5 authentication"); return 0; } /* * Extract the EAP-MD5 packet. */ if (!(packet = eapmd5_extract(handler->eap_ds))) return 0; /* * Create a reply, and initialize it. */ reply = eapmd5_alloc(); if (!reply) { eapmd5_free(&packet); return 0; } reply->id = handler->eap_ds->request->id; reply->length = 0; /* * Verify the received packet against the previous packet * (i.e. challenge) which we sent out. */ if (eapmd5_verify(packet, password, handler->opaque)) { reply->code = PW_MD5_SUCCESS; } else { reply->code = PW_MD5_FAILURE; } /* * Compose the EAP-MD5 packet out of the data structure, * and free it. */ eapmd5_compose(handler->eap_ds, reply); eapmd5_free(&packet); return 1; }
/* * Identify whether the response that you got is either the * response to the challenge that we sent or a new one. * If it is a response to the request then issue success/failure * else issue a challenge */ MD5_PACKET *eapmd5_process(MD5_PACKET *packet, int id, VALUE_PAIR *username, VALUE_PAIR* password, md5_packet_t *request) { unsigned char output[MAX_STRING_LEN]; MD5_PACKET *reply; if (!username || !password || !packet) return NULL; reply = eapmd5_alloc(); if (!reply) return NULL; memset(output, 0, MAX_STRING_LEN); reply->id = id; if (request) { /* verify and issue Success/failure */ if (eapmd5_verify(packet, password, request) == 0) { radlog(L_INFO, "rlm_eap_md5: Challenge failed"); reply->code = PW_MD5_FAILURE; } else { reply->code = PW_MD5_SUCCESS; } } else { /* * Previous request not found. * Probably it is timed out. * So send another challenge. * TODO: Later Send these challenges for the configurable * number of times for each user & stop. */ /* * Ensure that the challenge is always of the correct * length. i.e. Don't take value size from data * supplied by the client. */ if (reply->value_size != MD5_LEN) { free(reply->value); reply->value_size = MD5_LEN; reply->value = malloc(reply->value_size); } eapmd5_challenge(reply->value, reply->value_size); reply->code = PW_MD5_CHALLENGE; radlog(L_INFO, "rlm_eap_md5: Previous request not found"); radlog(L_INFO, "rlm_eap_md5: Issuing Challenge to the user - %s", (char *)username->strvalue); } /* fill reply packet */ if (reply->code == PW_MD5_CHALLENGE) { reply->value_size = packet->value_size; reply->value = malloc(reply->value_size); if (reply->value == NULL) { radlog(L_ERR, "rlm_eap_md5: out of memory"); eapmd5_free(&reply); return NULL; } memcpy(reply->value, output, reply->value_size); reply->length = packet->length; } else { reply->length = MD5_HEADER_LEN; } return reply; }