X-Git-Url: https://git.ozlabs.org/?a=blobdiff_plain;f=pppd%2Feap.c;h=6cb595f5b7c57b78cdd22ed790928535f4f29777;hb=4a54e34cf5629f9fed61f0b7d69ee3ba4d874bc6;hp=342d91f0897d341c4ddf6132c507cac2f67b1d97;hpb=d5009960b362f79a77755540780f63d3b13e9007;p=ppp.git

diff --git a/pppd/eap.c b/pppd/eap.c
index 342d91f..6cb595f 100644
--- a/pppd/eap.c
+++ b/pppd/eap.c
@@ -48,6 +48,10 @@
  * Implemented EAP-TLS authentication
  */
 
+#ifdef HAVE_CONFIG_H
+#include "config.h"
+#endif
+
 #include <stdio.h>
 #include <stdlib.h>
 #include <string.h>
@@ -63,8 +67,14 @@
 #include "pathnames.h"
 #include "md5.h"
 #include "eap.h"
+#ifdef USE_PEAP
+#include "peap.h"
+#endif /* USE_PEAP */
 
 #ifdef USE_SRP
+#ifdef HAVE_TIME_H
+#include <time.h>
+#endif
 #include <t_pwd.h>
 #include <t_server.h>
 #include <t_client.h>
@@ -552,7 +562,7 @@ eap_figure_next_state(eap_state *esp, int status)
 			tpw.pebuf.name = esp->es_server.ea_peer;
 			tpw.pebuf.password.len = t_fromb64((char *)tpw.pwbuf,
 			    cp);
-			tpw.pebuf.password.data = tpw.pwbuf;
+			tpw.pebuf.password.data = (char*) tpw.pwbuf;
 			tpw.pebuf.salt.len = t_fromb64((char *)tpw.saltbuf,
 			    cp2);
 			tpw.pebuf.salt.data = tpw.saltbuf;
@@ -2172,6 +2182,7 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 		    eap_send_nak(esp, id, EAPT_SRP);
 		    break;
 		}
+		esp->es_client.ea_namelen = strlen(esp->es_client.ea_name);
 
 		/* Create the MSCHAPv2 response (and add to cache) */
 		unsigned char response[MS_CHAP2_RESPONSE_LEN+1]; // VLEN + VALUE
@@ -2209,6 +2220,28 @@ eap_request(eap_state *esp, u_char *inp, int id, int len)
 
 	    break;
 #endif /* CHAPMS */
+#ifdef USE_PEAP
+	case EAPT_PEAP:
+
+		/* Initialize the PEAP context (if not already initialized) */
+		if (!esp->ea_peap) {
+			rhostname[0] = '\0';
+			if (explicit_remote || (remote_name[0] != '\0')) {
+				strlcpy(rhostname, remote_name, sizeof (rhostname));
+			}
+			if (peap_init(&esp->ea_peap, rhostname)) {
+				eap_send_nak(esp, id, EAPT_TLS);
+				break;
+			}
+		}
+
+		/* Process the PEAP packet */
+		if (peap_process(esp, id, inp, len)) {
+			eap_send_nak(esp, id, EAPT_TLS);
+		}
+
+		break;
+#endif /* USE_PEAP */
 
 	default:
 		info("EAP: unknown authentication type %d; Naking", typenum);
@@ -2253,8 +2286,6 @@ eap_response(eap_state *esp, u_char *inp, int id, int len)
 	struct t_num A;
 	SHA1_CTX ctxt;
 	u_char dig[SHA_DIGESTSIZE];
-	SHA1_CTX ctxt;
-	u_char dig[SHA_DIGESTSIZE];
 #endif /* USE_SRP */
 
 #ifdef USE_EAPTLS
@@ -2764,6 +2795,10 @@ eap_success(eap_state *esp, u_char *inp, int id, int len)
 		PRINTMSG(inp, len);
 	}
 
+#ifdef USE_PEAP
+	peap_finish(&esp->ea_peap);
+#endif
+
 	esp->es_client.ea_state = eapOpen;
 	auth_withpeer_success(esp->es_unit, PPP_EAP, 0);
 }
@@ -2798,6 +2833,11 @@ eap_failure(eap_state *esp, u_char *inp, int id, int len)
 	esp->es_client.ea_state = eapBadAuth;
 
 	error("EAP: peer reports authentication failure");
+
+#ifdef USE_PEAP
+	peap_finish(&esp->ea_peap);
+#endif
+
 	auth_withpeer_fail(esp->es_unit, PPP_EAP);
 }
 
@@ -3021,6 +3061,7 @@ eap_printpkt(u_char *inp, int inlen,
 			break;
 #endif /* USE_EAPTLS */
 
+#ifdef USE_SRP
 		case EAPT_SRP:
 			if (len < 3)
 				goto truncated;
@@ -3108,6 +3149,7 @@ eap_printpkt(u_char *inp, int inlen,
 				break;
 			}
 			break;
+#endif  /* USE_SRP */
 		}
 		break;
 
@@ -3233,6 +3275,7 @@ eap_printpkt(u_char *inp, int inlen,
 			break;
 #endif /* CHAPMS */
 
+#ifdef USE_SRP
 		case EAPT_SRP:
 			if (len < 1)
 				goto truncated;
@@ -3277,6 +3320,7 @@ eap_printpkt(u_char *inp, int inlen,
 				break;
 			}
 			break;
+#endif  /* USE_SRP */
 		}
 		break;