Esempio n. 1
0
static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
			      struct radius_client *client,
			      struct radius_session *sess,
			      struct radius_msg *request)
{
	struct radius_msg *msg;
	int code;
	unsigned int sess_id;

	if (sess->eapFail) {
		code = RADIUS_CODE_ACCESS_REJECT;
	} else if (sess->eapSuccess) {
		code = RADIUS_CODE_ACCESS_ACCEPT;
	} else {
		code = RADIUS_CODE_ACCESS_CHALLENGE;
	}

	msg = radius_msg_new(code, request->hdr->identifier);
	if (msg == NULL) {
		return NULL;
	}

	sess_id = htonl(sess->sess_id);
	if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
	    !radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
				 (u8 *) &sess_id, sizeof(sess_id))) {
		RADIUS_DEBUG("Failed to add State attribute");
	}

	if (sess->eapReqData &&
	    !radius_msg_add_eap(msg, sess->eapReqData, sess->eapReqDataLen)) {
		RADIUS_DEBUG("Failed to add EAP-Message attribute");
	}

	if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eapKeyData) {
		int len;
		if (sess->eapKeyDataLen > 64) {
			len = 32;
		} else {
			len = sess->eapKeyDataLen / 2;
		}
		if (!radius_msg_add_mppe_keys(msg, request->hdr->authenticator,
					      (u8 *) client->shared_secret,
					      client->shared_secret_len,
					      sess->eapKeyData + len, len,
					      sess->eapKeyData, len)) {
			RADIUS_DEBUG("Failed to add MPPE key attributes");
		}
	}

	if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
				  client->shared_secret_len,
				  request->hdr->authenticator) < 0) {
		RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
	}

	return msg;
}
Esempio n. 2
0
static struct radius_msg *
radius_server_encapsulate_eap(struct radius_server_data *data,
			      struct radius_client *client,
			      struct radius_session *sess,
			      struct radius_msg *request)
{
	struct radius_msg *msg;
	int code;
	unsigned int sess_id;
	struct radius_hdr *hdr = radius_msg_get_hdr(request);

	if (sess->eap_if->eapFail) {
		sess->eap_if->eapFail = FALSE;
		code = RADIUS_CODE_ACCESS_REJECT;
	} else if (sess->eap_if->eapSuccess) {
		sess->eap_if->eapSuccess = FALSE;
		code = RADIUS_CODE_ACCESS_ACCEPT;
	} else {
		sess->eap_if->eapReq = FALSE;
		code = RADIUS_CODE_ACCESS_CHALLENGE;
	}

	msg = radius_msg_new(code, hdr->identifier);
	if (msg == NULL) {
		RADIUS_DEBUG("Failed to allocate reply message");
		return NULL;
	}

	sess_id = htonl(sess->sess_id);
	if (code == RADIUS_CODE_ACCESS_CHALLENGE &&
	    !radius_msg_add_attr(msg, RADIUS_ATTR_STATE,
				 (u8 *) &sess_id, sizeof(sess_id))) {
		RADIUS_DEBUG("Failed to add State attribute");
	}

	if (sess->eap_if->eapReqData &&
	    !radius_msg_add_eap(msg, wpabuf_head(sess->eap_if->eapReqData),
				wpabuf_len(sess->eap_if->eapReqData))) {
		RADIUS_DEBUG("Failed to add EAP-Message attribute");
	}

	if (code == RADIUS_CODE_ACCESS_ACCEPT && sess->eap_if->eapKeyData) {
		int len;
#ifdef CONFIG_RADIUS_TEST
		if (data->dump_msk_file) {
			FILE *f;
			char buf[2 * 64 + 1];
			f = fopen(data->dump_msk_file, "a");
			if (f) {
				len = sess->eap_if->eapKeyDataLen;
				if (len > 64)
					len = 64;
				len = wpa_snprintf_hex(
					buf, sizeof(buf),
					sess->eap_if->eapKeyData, len);
				buf[len] = '\0';
				fprintf(f, "%s\n", buf);
				fclose(f);
			}
		}
#endif /* CONFIG_RADIUS_TEST */
		if (sess->eap_if->eapKeyDataLen > 64) {
			len = 32;
		} else {
			len = sess->eap_if->eapKeyDataLen / 2;
		}
		if (!radius_msg_add_mppe_keys(msg, hdr->authenticator,
					      (u8 *) client->shared_secret,
					      client->shared_secret_len,
					      sess->eap_if->eapKeyData + len,
					      len, sess->eap_if->eapKeyData,
					      len)) {
			RADIUS_DEBUG("Failed to add MPPE key attributes");
		}
	}

	if (radius_msg_copy_attr(msg, request, RADIUS_ATTR_PROXY_STATE) < 0) {
		RADIUS_DEBUG("Failed to copy Proxy-State attribute(s)");
		radius_msg_free(msg);
		return NULL;
	}

	if (radius_msg_finish_srv(msg, (u8 *) client->shared_secret,
				  client->shared_secret_len,
				  hdr->authenticator) < 0) {
		RADIUS_DEBUG("Failed to add Message-Authenticator attribute");
	}

	return msg;
}