static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
struct radius_client *client,
struct radius_session *sess,
struct radius_msg *request)
{
struct radius_msg *msg;
int code;
unsigned int sess_id;
if (sess->eapFail) {
code = RADIUS_CODE_ACCESS_REJECT;
} else if (sess->eapSuccess) {
code = RADIUS_CODE_ACCESS_ACCEPT;
} else {
code = RADIUS_CODE_ACCESS_CHALLENGE;
}
msg = radius_msg_new(code, request->hdr->identifier);
if (msg == NULL) {
return NULL;
}
sess_id = htonl(sess->sess_id);
if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
!radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
(u8 *) &sess_id, sizeof(sess_id))) {
RADIUS_DEBUG("Failed to add State attribute");
}
if (sess->eapReqData &&
!radius_msg_add_eap(msg, sess->eapReqData, sess->eapReqDataLen)) {
RADIUS_DEBUG("Failed to add EAP-Message attribute");
}
if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eapKeyData) {
int len;
if (sess->eapKeyDataLen > 64) {
len = 32;
} else {
len = sess->eapKeyDataLen / 2;
}
if (!radius_msg_add_mppe_keys(msg, request->hdr->authenticator,
(u8 *) client->shared_secret,
client->shared_secret_len,
sess->eapKeyData + len, len,
sess->eapKeyData, len)) {
RADIUS_DEBUG("Failed to add MPPE key attributes");
}
}
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
request->hdr->authenticator) < 0) {
RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
}
return msg;
}
static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
struct radius_client *client,
struct radius_session *sess,
struct radius_msg *request)
{
struct radius_msg *msg;
int code;
unsigned int sess_id;
struct radius_hdr *hdr = radius_msg_get_hdr(request);
if (sess->eap_if->eapFail) {
sess->eap_if->eapFail = FALSE;
code = RADIUS_CODE_ACCESS_REJECT;
} else if (sess->eap_if->eapSuccess) {
sess->eap_if->eapSuccess = FALSE;
code = RADIUS_CODE_ACCESS_ACCEPT;
} else {
sess->eap_if->eapReq = FALSE;
code = RADIUS_CODE_ACCESS_CHALLENGE;
}
msg = radius_msg_new(code, hdr->identifier);
if (msg == NULL) {
RADIUS_DEBUG("Failed to allocate reply message");
return NULL;
}
sess_id = htonl(sess->sess_id);
if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
!radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
(u8 *) &sess_id, sizeof(sess_id))) {
RADIUS_DEBUG("Failed to add State attribute");
}
if (sess->eap_if->eapReqData &&
!radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData),
wpabuf_len(sess->eap_if->eapReqData))) {
RADIUS_DEBUG("Failed to add EAP-Message attribute");
}
if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) {
int len;
#ifdef CONFIG_RADIUS_TEST
if (data->dump_msk_file) {
FILE *f;
char buf[2 * 64 + 1];
f = fopen(data->dump_msk_file, "a");
if (f) {
len = sess->eap_if->eapKeyDataLen;
if (len > 64)
len = 64;
len = wpa_snprintf_hex(
buf, sizeof(buf),
sess->eap_if->eapKeyData, len);
buf[len] = '\0';
fprintf(f, "%s\n", buf);
fclose(f);
}
}
#endif /* CONFIG_RADIUS_TEST */
if (sess->eap_if->eapKeyDataLen > 64) {
len = 32;
} else {
len = sess->eap_if->eapKeyDataLen / 2;
}
if (!radius_msg_add_mppe_keys(msg, hdr->authenticator,
(u8 *) client->shared_secret,
client->shared_secret_len,
sess->eap_if->eapKeyData + len,
len, sess->eap_if->eapKeyData,
len)) {
RADIUS_DEBUG("Failed to add MPPE key attributes");
}
}
if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
radius_msg_free(msg);
return NULL;
}
if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
client->shared_secret_len,
hdr->authenticator) < 0) {
RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
}
return msg;
}
