#include "eap-tls.h"
#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
#include "chap_ms.h"
#include "chap-new.h"
extern int chapms_strip_domain;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
eap_state eap_states[NUM_PPP]; /* EAP state; one for each unit */
#ifdef USE_SRP
#ifdef USE_EAPTLS
esp->es_client.ea_using_eaptls = 0;
#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
esp->es_client.digest = chap_find_digest(CHAP_MICROSOFT_V2);
esp->es_server.digest = chap_find_digest(CHAP_MICROSOFT_V2);
#endif
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
#endif
case eapMD5Chall:
#endif /* USE_EAPTLS */
}
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* eap_chap_verify_response - check whether the peer's response matches
* what we think it should be. Returns 1 if it does (authentication
auth_peer_fail(esp->es_unit, PPP_EAP);
}
}
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Format an EAP Request message and send it to the peer. Message
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case eapMSCHAPv2Chall:
esp->es_server.digest->generate_challenge(esp->es_challenge);
challen = esp->es_challenge[0];
esp->es_server.ea_namelen);
INCPTR(esp->es_server.ea_namelen, outp);
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
#ifdef USE_EAPTLS
case eapTlsStart:
}
#endif /* USE_SRP */
-#if CHAPMS
+#if PPP_WITH_CHAPMS
/*
* Format and send an CHAPV2-Challenge EAP Response message.
*/
/* Check if TLS handshake is finished */
if(eaptls_is_init_finished(ets)) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys(ets, 1);
#endif
eaptls_free_session(ets);
break;
#endif /* USE_SRP */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 4) {
error("EAP: received invalid MSCHAPv2 packet, too short");
eap_send_nak(esp, id, EAPT_SRP);
break;
}
+ esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
/* Create the MSCHAPv2 response (and add to cache) */
unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
#ifdef USE_PEAP
case EAPT_PEAP:
- peap_process(esp, id, inp, len, rhostname);
+
+ /* Initialize the PEAP context (if not already initialized) */
+ if (!esp->ea_peap) {
+ rhostname[0] = '\0';
+ if (explicit_remote || (remote_name[0] != '\0')) {
+ strlcpy(rhostname, remote_name, sizeof (rhostname));
+ }
+ if (peap_init(&esp->ea_peap, rhostname)) {
+ eap_send_nak(esp, id, EAPT_TLS);
+ break;
+ }
+ }
+
+ /* Process the PEAP packet */
+ if (peap_process(esp, id, inp, len)) {
+ eap_send_nak(esp, id, EAPT_TLS);
+ }
+
break;
-#endif /* USE_PEAP */
+#endif // USE_PEAP
default:
info("EAP: unknown authentication type %d; Naking", typenum);
struct eaptls_session *ets;
u_char flags;
#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
int (*chap_verifier)(char *, char *, int, struct chap_digest_type *,
unsigned char *, unsigned char *, char *, int);
char response_message[256];
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
/*
* Ignore responses if we're not open
GETCHAR(flags, inp);
if(len == 1 && !flags) { /* Ack = ok */
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
eaptls_gen_mppe_keys( esp->es_server.ea_session, 0 );
#endif
eap_send_success(esp);
break;
#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
info("EAP: peer proposes MSCHAPv2");
/* If MSCHAPv2 digest was not found, NAK the packet */
}
esp->es_server.ea_state = eapMSCHAPv2Chall;
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
default:
dbglog("EAP: peer requesting unknown Type %d", vallen);
TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len < 1) {
error("EAP: received MSCHAPv2 with no data");
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
#ifdef USE_SRP
case EAPT_SRP:
PRINTMSG(inp, len);
}
+#ifdef USE_PEAP
+ peap_finish(&esp->ea_peap);
+#endif
+
esp->es_client.ea_state = eapOpen;
auth_withpeer_success(esp->es_unit, PPP_EAP, 0);
}
esp->es_client.ea_state = eapBadAuth;
error("EAP: peer reports authentication failure");
+
+#ifdef USE_PEAP
+ peap_finish(&esp->ea_peap);
+#endif
+
auth_withpeer_fail(esp->es_unit, PPP_EAP);
}
#ifdef USE_EAPTLS
u_char flags;
#endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
u_char opcode;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
if (inlen < EAP_HEADERLEN)
return (0);
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
#ifdef USE_EAPTLS
case EAPT_TLS:
}
break;
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
case EAPT_MSCHAPV2:
if (len <= 0)
break;
break;
}
break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
#ifdef USE_SRP
case EAPT_SRP: