/*
* send an initial eap-leap request
* ie access challenge to the user/peer.
* Frame eap reply packet.
* len = header + type + leap_methoddata
* leap_methoddata = value_size + value
*/
static int CC_HINT(nonnull) mod_session_init(UNUSED void *instance, eap_handler_t *handler)
{
REQUEST *request = handler->request;
leap_session_t *session;
leap_packet_t *reply;
RDEBUG2("Stage 2");
/*
* LEAP requires a User-Name attribute
*/
if (!handler->request->username) {
REDEBUG("User-Name is required for EAP-LEAP authentication");
return 0;
}
reply = eapleap_initiate(request, handler->eap_ds, handler->request->username);
if (!reply) {
return 0;
}
eapleap_compose(request, handler->eap_ds, reply);
handler->opaque = session = talloc(handler, leap_session_t);
if (!handler->opaque) {
talloc_free(reply);
return 0;
}
/*
* Remember which stage we're in, and which challenge
* we sent to the AP. The later stages will take care
* of filling in the peer response.
*/
handler->free_opaque = NULL;
session->stage = 4; /* the next stage we're in */
memcpy(session->peer_challenge, reply->challenge, reply->count);
REDEBUG2("Successfully initiated");
/*
* The next stage to process the packet.
*/
handler->stage = PROCESS;
talloc_free(reply);
return 1;
}
/*
* send an initial eap-leap request
* ie access challenge to the user/peer.
* Frame eap reply packet.
* len = header + type + leap_typedata
* leap_typedata = value_size + value
*/
static int leap_initiate(void *instance, EAP_HANDLER *handler)
{
leap_session_t *session;
LEAP_PACKET *reply;
DEBUG2(" rlm_eap_leap: Stage 2");
/*
* LEAP requires a User-Name attribute
*/
if (!handler->request->username) {
DEBUG2(" rlm_eap_leap: User-Name is required for EAP-LEAP authentication.");
return 0;
}
reply = eapleap_initiate(handler->eap_ds, handler->request->username);
if (reply == NULL)
return 0;
eapleap_compose(handler->eap_ds, reply);
handler->opaque = malloc(sizeof(leap_session_t));
if (!handler->opaque) {
radlog(L_ERR, "rlm_eap_leap: Out of memory");
eapleap_free(&reply);
return 0;
}
/*
* Remember which stage we're in, and which challenge
* we sent to the AP. The later stages will take care
* of filling in the peer response.
*/
session = (leap_session_t *) handler->opaque;
handler->free_opaque = free; /* just malloc'd memory */
session->stage = 4; /* the next stage we're in */
memcpy(session->peer_challenge, reply->challenge, reply->count);
DEBUG2(" rlm_eap_leap: Successfully initiated");
/*
* The next stage to process the packet.
*/
handler->stage = AUTHENTICATE;
eapleap_free(&reply);
return 1;
}
/*
* send an initial eap-leap request
* ie access challenge to the user/peer.
* Frame eap reply packet.
* len = header + type + leap_methoddata
* leap_methoddata = value_size + value
*/
static int leap_initiate(UNUSED void *instance, eap_handler_t *handler)
{
leap_session_t *session;
leap_packet_t *reply;
DEBUG2(" rlm_eap_leap: Stage 2");
/*
* LEAP requires a User-Name attribute
*/
if (!handler->request->username) {
DEBUG2(" rlm_eap_leap: User-Name is required for EAP-LEAP authentication.");
return 0;
}
reply = eapleap_initiate(handler->eap_ds, handler->request->username);
if (!reply)
return 0;
eapleap_compose(handler->eap_ds, reply);
handler->opaque = session = talloc(handler, leap_session_t);
if (!handler->opaque) {
talloc_free(reply);
return 0;
}
/*
* Remember which stage we're in, and which challenge
* we sent to the AP. The later stages will take care
* of filling in the peer response.
*/
handler->free_opaque = NULL;
session->stage = 4; /* the next stage we're in */
memcpy(session->peer_challenge, reply->challenge, reply->count);
DEBUG2(" rlm_eap_leap: Successfully initiated");
/*
* The next stage to process the packet.
*/
handler->stage = AUTHENTICATE;
talloc_free(reply);
return 1;
}
