X-Git-Url: http://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Feap.c;h=0944d7a81749e2f7b49c375730c057cf1d48fac2;hb=898d3f4b437ca1348abc1bbd036b0106c66a7ba6;hp=b758711117948eb29c6b0a0ce6221f5c2e641e41;hpb=4e2c49755175d05f7f4a3c1c70a42d2eef9d7839;p=ppp.git

diff --git a/pppd/eap.c b/pppd/eap.c
index b758711..0944d7a 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -89,12 +89,12 @@
 #include "eap-tls.h"
 #endif /* USE_EAPTLS */
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 #include "chap_ms.h"
 #include "chap-new.h"
 
 extern int chapms_strip_domain;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 eap_state eap_states[NUM_PPP];		/* EAP state; one for each unit */
 #ifdef USE_SRP
@@ -230,7 +230,7 @@ eap_init(int unit)
 #ifdef USE_EAPTLS
 	esp->es_client.ea_using_eaptls = 0;
 #endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	esp->es_client.digest = chap_find_digest(CHAP_MICROSOFT_V2);
 	esp->es_server.digest = chap_find_digest(CHAP_MICROSOFT_V2);
 #endif
@@ -704,7 +704,7 @@ eap_figure_next_state(eap_state *esp, int status)
 		}
 		break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	case eapMSCHAPv2Chall:
 #endif
 	case eapMD5Chall:
@@ -727,7 +727,7 @@ eap_figure_next_state(eap_state *esp, int status)
 #endif /* USE_EAPTLS */
 }
 
-#if CHAPMS
+#if PPP_WITH_CHAPMS
 /*
  * eap_chap_verify_response - check whether the peer's response matches
  * what we think it should be.  Returns 1 if it does (authentication
@@ -795,7 +795,7 @@ eap_chapms2_send_request(eap_state *esp, u_char id,
 		auth_peer_fail(esp->es_unit, PPP_EAP);
 	}
 }
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 /*
  * Format an EAP Request message and send it to the peer.  Message
@@ -882,7 +882,7 @@ eap_send_request(eap_state *esp)
 		INCPTR(esp->es_server.ea_namelen, outp);
 		break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	case eapMSCHAPv2Chall:
 		esp->es_server.digest->generate_challenge(esp->es_challenge);
 		challen = esp->es_challenge[0];
@@ -903,7 +903,7 @@ eap_send_request(eap_state *esp)
 				esp->es_server.ea_namelen);
 		INCPTR(esp->es_server.ea_namelen, outp);
 		break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 #ifdef USE_EAPTLS
 	case eapTlsStart:
@@ -1598,7 +1598,7 @@ write_pseudonym(eap_state *esp, u_char *inp, int len, int id)
 }
 #endif /* USE_SRP */
 
-#if CHAPMS
+#if PPP_WITH_CHAPMS
 /*
  * Format and send an CHAPV2-Challenge EAP Response message.
  */
@@ -1859,7 +1859,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 
 			/* Check if TLS handshake is finished */
 			if(eaptls_is_init_finished(ets)) {
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 				eaptls_gen_mppe_keys(ets, 1);
 #endif
 				eaptls_free_session(ets);
@@ -2113,7 +2113,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 		break;
 #endif /* USE_SRP */
     
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
         case EAPT_MSCHAPV2:
 	    if (len < 4) {
 		error("EAP: received invalid MSCHAPv2 packet, too short");
@@ -2182,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 		    eap_send_nak(esp, id, EAPT_SRP);
 		    break;
 		}
+		esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
 
 		/* Create the MSCHAPv2 response (and add to cache) */
 		unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
@@ -2218,12 +2219,29 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 	    }
 
 	    break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 #ifdef USE_PEAP
 	case EAPT_PEAP:
-		peap_process(esp, id, inp, len, rhostname);
+
+		/* Initialize the PEAP context (if not already initialized) */
+		if (!esp->ea_peap) {
+			rhostname[0] = '\0';
+			if (explicit_remote || (remote_name[0] != '\0')) {
+				strlcpy(rhostname, remote_name, sizeof (rhostname));
+			}
+			if (peap_init(&esp->ea_peap, rhostname)) {
+				eap_send_nak(esp, id, EAPT_TLS);
+				break;
+			}
+		}
+
+		/* Process the PEAP packet */
+		if (peap_process(esp, id, inp, len)) {
+			eap_send_nak(esp, id, EAPT_TLS);
+		}
+
 		break;
-#endif /* USE_PEAP */
+#endif // USE_PEAP
 
 	default:
 		info("EAP: unknown authentication type %d; Naking", typenum);
@@ -2274,12 +2292,12 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 	struct eaptls_session *ets;
 	u_char flags;
 #endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	u_char opcode;
 	int (*chap_verifier)(char *, char *, int, struct chap_digest_type *,
 		unsigned char *, unsigned char *, char *, int);
 	char response_message[256];
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 	/*
 	 * Ignore responses if we're not open
@@ -2356,7 +2374,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 				GETCHAR(flags, inp);
 
 				if(len == 1 && !flags) {	/* Ack = ok */
-#ifdef MPPE
+#ifdef PPP_WITH_MPPE
 					eaptls_gen_mppe_keys( esp->es_server.ea_session, 0 );
 #endif
 					eap_send_success(esp);
@@ -2422,7 +2440,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 			break;
 #endif /* USE_EAPTLS */
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 		case EAPT_MSCHAPV2:
 			info("EAP: peer proposes MSCHAPv2");
 			/* If MSCHAPv2 digest was not found, NAK the packet */
@@ -2433,7 +2451,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 			}
 			esp->es_server.ea_state = eapMSCHAPv2Chall;
 			break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 		default:
 			dbglog("EAP: peer requesting unknown Type %d", vallen);
@@ -2516,7 +2534,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 			TIMEOUT(eap_rechallenge, esp, esp->es_rechallenge);
 		break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	case EAPT_MSCHAPV2:
 		if (len < 1) {
 			error("EAP: received MSCHAPv2 with no data");
@@ -2619,7 +2637,7 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 		}
 
 		break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 #ifdef USE_SRP
 	case EAPT_SRP:
@@ -2777,6 +2795,10 @@ eap_success(eap_state *esp, u_char *inp, int id, int len)
 		PRINTMSG(inp, len);
 	}
 
+#ifdef USE_PEAP
+	peap_finish(&esp->ea_peap);
+#endif
+
 	esp->es_client.ea_state = eapOpen;
 	auth_withpeer_success(esp->es_unit, PPP_EAP, 0);
 }
@@ -2811,6 +2833,11 @@ eap_failure(eap_state *esp, u_char *inp, int id, int len)
 	esp->es_client.ea_state = eapBadAuth;
 
 	error("EAP: peer reports authentication failure");
+
+#ifdef USE_PEAP
+	peap_finish(&esp->ea_peap);
+#endif
+
 	auth_withpeer_fail(esp->es_unit, PPP_EAP);
 }
 
@@ -2894,9 +2921,9 @@ eap_printpkt(u_char *inp, int inlen,
 #ifdef USE_EAPTLS
 	u_char flags;
 #endif /* USE_EAPTLS */
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 	u_char opcode;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 	if (inlen < EAP_HEADERLEN)
 		return (0);
@@ -2961,7 +2988,7 @@ eap_printpkt(u_char *inp, int inlen,
 			}
 			break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 		case EAPT_MSCHAPV2:
 			if (len <= 0)
 				break;
@@ -3014,7 +3041,7 @@ eap_printpkt(u_char *inp, int inlen,
 				break;
 			}
 			break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 #ifdef USE_EAPTLS
 		case EAPT_TLS:
@@ -3203,7 +3230,7 @@ eap_printpkt(u_char *inp, int inlen,
 			}
 			break;
 
-#ifdef CHAPMS
+#ifdef PPP_WITH_CHAPMS
 		case EAPT_MSCHAPV2:
 			if (len <= 0)
 				break;
@@ -3246,7 +3273,7 @@ eap_printpkt(u_char *inp, int inlen,
 				break;
 			}
 			break;
-#endif /* CHAPMS */
+#endif /* PPP_WITH_CHAPMS */
 
 #ifdef USE_SRP
 		case EAPT_SRP: