diff options
Diffstat (limited to 'src/charon/plugins/eap_mschapv2')
| -rw-r--r-- | src/charon/plugins/eap_mschapv2/Makefile.am | 6 | ||||
| -rw-r--r-- | src/charon/plugins/eap_mschapv2/Makefile.in | 171 | ||||
| -rw-r--r-- | src/charon/plugins/eap_mschapv2/eap_mschapv2.c | 317 | ||||
| -rw-r--r-- | src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c | 6 |
4 files changed, 275 insertions, 225 deletions
diff --git a/src/charon/plugins/eap_mschapv2/Makefile.am b/src/charon/plugins/eap_mschapv2/Makefile.am index 179da70fc..4758ad5f3 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.am +++ b/src/charon/plugins/eap_mschapv2/Makefile.am @@ -3,10 +3,10 @@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmschapv2.la +plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la -libstrongswan_eapmschapv2_la_SOURCES = \ +libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c -libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version diff --git a/src/charon/plugins/eap_mschapv2/Makefile.in b/src/charon/plugins/eap_mschapv2/Makefile.in index d6dd74b88..001818481 100644 --- a/src/charon/plugins/eap_mschapv2/Makefile.in +++ b/src/charon/plugins/eap_mschapv2/Makefile.in @@ -1,8 +1,9 @@ -# Makefile.in generated by automake 1.10.2 from Makefile.am. +# Makefile.in generated by automake 1.11 from Makefile.am. # @configure_input@ # Copyright (C) 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001, 2002, -# 2003, 2004, 2005, 2006, 2007, 2008 Free Software Foundation, Inc. +# 2003, 2004, 2005, 2006, 2007, 2008, 2009 Free Software Foundation, +# Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. @@ -16,8 +17,9 @@ VPATH = @srcdir@ pkgdatadir = $(datadir)/@PACKAGE@ -pkglibdir = $(libdir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c @@ -35,32 +37,55 @@ host_triplet = @host@ subdir = src/charon/plugins/eap_mschapv2 DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 -am__aclocal_m4_deps = $(top_srcdir)/configure.in +am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ + $(top_srcdir)/m4/config/ltoptions.m4 \ + $(top_srcdir)/m4/config/ltsugar.m4 \ + $(top_srcdir)/m4/config/ltversion.m4 \ + $(top_srcdir)/m4/config/lt~obsolete.m4 \ + $(top_srcdir)/m4/macros/with.m4 \ + $(top_srcdir)/m4/macros/enable-disable.m4 \ + $(top_srcdir)/configure.in am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; -am__strip_dir = `echo $$p | sed -e 's|^.*/||'`; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__installdirs = "$(DESTDIR)$(plugindir)" -pluginLTLIBRARIES_INSTALL = $(INSTALL) LTLIBRARIES = $(plugin_LTLIBRARIES) -libstrongswan_eapmschapv2_la_LIBADD = -am_libstrongswan_eapmschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \ +libstrongswan_eap_mschapv2_la_LIBADD = +am_libstrongswan_eap_mschapv2_la_OBJECTS = eap_mschapv2_plugin.lo \ eap_mschapv2.lo -libstrongswan_eapmschapv2_la_OBJECTS = \ - $(am_libstrongswan_eapmschapv2_la_OBJECTS) -libstrongswan_eapmschapv2_la_LINK = $(LIBTOOL) --tag=CC \ +libstrongswan_eap_mschapv2_la_OBJECTS = \ + $(am_libstrongswan_eap_mschapv2_la_OBJECTS) +libstrongswan_eap_mschapv2_la_LINK = $(LIBTOOL) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ - $(AM_CFLAGS) $(CFLAGS) $(libstrongswan_eapmschapv2_la_LDFLAGS) \ - $(LDFLAGS) -o $@ + $(AM_CFLAGS) $(CFLAGS) \ + $(libstrongswan_eap_mschapv2_la_LDFLAGS) $(LDFLAGS) -o $@ DEFAULT_INCLUDES = -I.@am__isrc@ depcomp = $(SHELL) $(top_srcdir)/depcomp am__depfiles_maybe = depfiles +am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) LTCOMPILE = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ @@ -70,8 +95,8 @@ CCLD = $(CC) LINK = $(LIBTOOL) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) \ --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) $(AM_LDFLAGS) \ $(LDFLAGS) -o $@ -SOURCES = $(libstrongswan_eapmschapv2_la_SOURCES) -DIST_SOURCES = $(libstrongswan_eapmschapv2_la_SOURCES) +SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) +DIST_SOURCES = $(libstrongswan_eap_mschapv2_la_SOURCES) ETAGS = etags CTAGS = ctags DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) @@ -108,25 +133,22 @@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ -IPSEC_ROUTING_TABLE = @IPSEC_ROUTING_TABLE@ -IPSEC_ROUTING_TABLE_PRIO = @IPSEC_ROUTING_TABLE_PRIO@ LD = @LD@ LDFLAGS = @LDFLAGS@ LEX = @LEX@ LEXLIB = @LEXLIB@ LEX_OUTPUT_ROOT = @LEX_OUTPUT_ROOT@ -LIBGCRYPT_CFLAGS = @LIBGCRYPT_CFLAGS@ -LIBGCRYPT_CONFIG = @LIBGCRYPT_CONFIG@ -LIBGCRYPT_LIBS = @LIBGCRYPT_LIBS@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ -LINUX_HEADERS = @LINUX_HEADERS@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ +MYSQLCFLAG = @MYSQLCFLAG@ +MYSQLCONFIG = @MYSQLCONFIG@ +MYSQLLIB = @MYSQLLIB@ NM = @NM@ NMEDIT = @NMEDIT@ OBJDUMP = @OBJDUMP@ @@ -138,11 +160,14 @@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PATH_SEPARATOR = @PATH_SEPARATOR@ PERL = @PERL@ PKG_CONFIG = @PKG_CONFIG@ +PTHREADLIB = @PTHREADLIB@ RANLIB = @RANLIB@ +RTLIB = @RTLIB@ RUBY = @RUBY@ RUBYINCLUDE = @RUBYINCLUDE@ SED = @SED@ @@ -171,9 +196,9 @@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ -confdir = @confdir@ datadir = @datadir@ datarootdir = @datarootdir@ +default_pkcs11 = @default_pkcs11@ docdir = @docdir@ dvidir = @dvidir@ exec_prefix = @exec_prefix@ @@ -196,7 +221,7 @@ ipsecuser = @ipsecuser@ libdir = @libdir@ libexecdir = @libexecdir@ libstrongswan_plugins = @libstrongswan_plugins@ -linuxdir = @linuxdir@ +linux_headers = @linux_headers@ localedir = @localedir@ localstatedir = @localstatedir@ lt_ECHO = @lt_ECHO@ @@ -204,6 +229,7 @@ mandir = @mandir@ mkdir_p = @mkdir_p@ nm_CFLAGS = @nm_CFLAGS@ nm_LIBS = @nm_LIBS@ +nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ piddir = @piddir@ @@ -212,10 +238,12 @@ pluto_plugins = @pluto_plugins@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ +random_device = @random_device@ resolv_conf = @resolv_conf@ +routing_table = @routing_table@ +routing_table_prio = @routing_table_prio@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ -simreader = @simreader@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ @@ -223,16 +251,17 @@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ +urandom_device = @urandom_device@ xml_CFLAGS = @xml_CFLAGS@ xml_LIBS = @xml_LIBS@ INCLUDES = -I$(top_srcdir)/src/libstrongswan -I$(top_srcdir)/src/charon AM_CFLAGS = -rdynamic -plugin_LTLIBRARIES = libstrongswan-eapmschapv2.la -libstrongswan_eapmschapv2_la_SOURCES = \ +plugin_LTLIBRARIES = libstrongswan-eap-mschapv2.la +libstrongswan_eap_mschapv2_la_SOURCES = \ eap_mschapv2_plugin.h eap_mschapv2_plugin.c \ eap_mschapv2.h eap_mschapv2.c -libstrongswan_eapmschapv2_la_LDFLAGS = -module -avoid-version +libstrongswan_eap_mschapv2_la_LDFLAGS = -module -avoid-version all: all-am .SUFFIXES: @@ -246,9 +275,9 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) exit 1;; \ esac; \ done; \ - echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \ - cd $(top_srcdir) && \ - $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu src/charon/plugins/eap_mschapv2/Makefile .PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ @@ -266,23 +295,28 @@ $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): install-pluginLTLIBRARIES: $(plugin_LTLIBRARIES) @$(NORMAL_INSTALL) test -z "$(plugindir)" || $(MKDIR_P) "$(DESTDIR)$(plugindir)" - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + list2=; for p in $$list; do \ if test -f $$p; then \ - f=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) '$$p' '$(DESTDIR)$(plugindir)/$$f'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(pluginLTLIBRARIES_INSTALL) $(INSTALL_STRIP_FLAG) "$$p" "$(DESTDIR)$(plugindir)/$$f"; \ + list2="$$list2 $$p"; \ else :; fi; \ - done + done; \ + test -z "$$list2" || { \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 '$(DESTDIR)$(plugindir)'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=install $(INSTALL) $(INSTALL_STRIP_FLAG) $$list2 "$(DESTDIR)$(plugindir)"; \ + } uninstall-pluginLTLIBRARIES: @$(NORMAL_UNINSTALL) - @list='$(plugin_LTLIBRARIES)'; for p in $$list; do \ - p=$(am__strip_dir) \ - echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$p'"; \ - $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$p"; \ + @list='$(plugin_LTLIBRARIES)'; test -n "$(plugindir)" || list=; \ + for p in $$list; do \ + $(am__strip_dir) \ + echo " $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f '$(DESTDIR)$(plugindir)/$$f'"; \ + $(LIBTOOL) $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=uninstall rm -f "$(DESTDIR)$(plugindir)/$$f"; \ done clean-pluginLTLIBRARIES: @@ -293,8 +327,8 @@ clean-pluginLTLIBRARIES: echo "rm -f \"$${dir}/so_locations\""; \ rm -f "$${dir}/so_locations"; \ done -libstrongswan-eapmschapv2.la: $(libstrongswan_eapmschapv2_la_OBJECTS) $(libstrongswan_eapmschapv2_la_DEPENDENCIES) - $(libstrongswan_eapmschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eapmschapv2_la_OBJECTS) $(libstrongswan_eapmschapv2_la_LIBADD) $(LIBS) +libstrongswan-eap-mschapv2.la: $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_DEPENDENCIES) + $(libstrongswan_eap_mschapv2_la_LINK) -rpath $(plugindir) $(libstrongswan_eap_mschapv2_la_OBJECTS) $(libstrongswan_eap_mschapv2_la_LIBADD) $(LIBS) mostlyclean-compile: -rm -f *.$(OBJEXT) @@ -307,21 +341,21 @@ distclean-compile: .c.o: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c $< .c.obj: @am__fastdepCC_TRUE@ $(COMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ `$(CYGPATH_W) '$<'` -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Po @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=no @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(COMPILE) -c `$(CYGPATH_W) '$<'` .c.lo: @am__fastdepCC_TRUE@ $(LTCOMPILE) -MT $@ -MD -MP -MF $(DEPDIR)/$*.Tpo -c -o $@ $< -@am__fastdepCC_TRUE@ mv -f $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo +@am__fastdepCC_TRUE@ $(am__mv) $(DEPDIR)/$*.Tpo $(DEPDIR)/$*.Plo @AMDEP_TRUE@@am__fastdepCC_FALSE@ source='$<' object='$@' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(LTCOMPILE) -c -o $@ $< @@ -344,7 +378,7 @@ tags: TAGS TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ + set x; \ here=`pwd`; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ @@ -352,29 +386,34 @@ TAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - if test -z "$(ETAGS_ARGS)$$tags$$unique"; then :; else \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ - $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ - $$tags $$unique; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ fi ctags: CTAGS CTAGS: $(HEADERS) $(SOURCES) $(TAGS_DEPENDENCIES) \ $(TAGS_FILES) $(LISP) - tags=; \ list='$(SOURCES) $(HEADERS) $(LISP) $(TAGS_FILES)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | \ $(AWK) '{ files[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in files) print i; }; }'`; \ - test -z "$(CTAGS_ARGS)$$tags$$unique" \ + test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ - $$tags $$unique + $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ - && cd $(top_srcdir) \ - && gtags -i $(GTAGS_ARGS) $$here + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags @@ -395,13 +434,17 @@ distdir: $(DISTFILES) if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ - cp -pR $(srcdir)/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ - cp -pR $$d/$$file $(distdir)$$dir || exit 1; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ - test -f $(distdir)/$$file \ - || cp -p $$d/$$file $(distdir)/$$file \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @@ -432,6 +475,7 @@ clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -453,6 +497,8 @@ dvi-am: html: html-am +html-am: + info: info-am info-am: @@ -461,18 +507,28 @@ install-data-am: install-pluginLTLIBRARIES install-dvi: install-dvi-am +install-dvi-am: + install-exec-am: install-html: install-html-am +install-html-am: + install-info: install-info-am +install-info-am: + install-man: install-pdf: install-pdf-am +install-pdf-am: + install-ps: install-ps-am +install-ps-am: + installcheck-am: maintainer-clean: maintainer-clean-am @@ -511,6 +567,7 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags uninstall uninstall-am uninstall-pluginLTLIBRARIES + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c index 0e3fac780..f0222840d 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2.c @@ -35,47 +35,47 @@ struct private_eap_mschapv2_t * Public authenticator_t interface. */ eap_mschapv2_t public; - + /** * ID of the server */ identification_t *server; - + /** * ID of the peer */ identification_t *peer; - + /** * challenge sent by the server */ chunk_t challenge; - + /** * generated NT-Response */ chunk_t nt_response; - + /** * generated Authenticator Response */ chunk_t auth_response; - + /** * generated MSK */ chunk_t msk; - + /** * EAP message identifier */ u_int8_t identifier; - + /** * MS-CHAPv2-ID (session ID, increases with each retry) */ u_int8_t mschapv2id; - + /** * Number of retries */ @@ -248,7 +248,7 @@ static chunk_t ExpandDESKey(chunk_t key) int i; u_char carry = 0; chunk_t expanded; - + /* expand the 7 octets to 8 octets */ expanded = chunk_alloc(8); for (i = 0; i < 7; i++) @@ -257,7 +257,7 @@ static chunk_t ExpandDESKey(chunk_t key) carry = key.ptr[i] & ~bitmask[i]; } expanded.ptr[7] = carry << 1; - + /* add parity bits to each octet */ for (i = 0; i < 8; i++) { @@ -269,7 +269,7 @@ static chunk_t ExpandDESKey(chunk_t key) } /** - * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) + * Calculate the NT password hash (i.e. hash the (unicode) password with MD4) */ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) { @@ -277,7 +277,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD4); if (hasher == NULL) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, MD4 not supported"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, no MD4 hasher available"); return FAILED; } hasher->allocate_hash(hasher, password, password_hash); @@ -287,7 +287,7 @@ static status_t NtPasswordHash(chunk_t password, chunk_t *password_hash) /** * Calculate the challenge hash (i.e. hash [peer_challenge | server_challenge | - * username (without domain part)] with SHA1) + * username (without domain part)] with SHA1) */ static status_t ChallengeHash(chunk_t peer_challenge, chunk_t server_challenge, chunk_t username, chunk_t *challenge_hash) @@ -331,7 +331,7 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, memset(z_password_hash.ptr, 0, z_password_hash.len); memcpy(z_password_hash.ptr, password_hash.ptr, password_hash.len); chunk_split(z_password_hash, "mmm", 7, &keys[0], 7, &keys[1], 7, &keys[2]); - + *response = chunk_alloc(24); for (i = 0; i < 3; i++) { @@ -353,35 +353,32 @@ static status_t ChallengeResponse(chunk_t challenge_hash, chunk_t password_hash, static status_t AuthenticatorResponse(chunk_t password_hash_hash, chunk_t challenge_hash, chunk_t nt_response, chunk_t *response) { - static u_int8_t magic1_data[] = - { 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, - 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, - 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, - 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74 }; - static u_int8_t magic2_data[] = - { 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, - 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, - 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, - 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, - 0x6E }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - + chunk_t magic1 = chunk_from_chars( + 0x4D, 0x61, 0x67, 0x69, 0x63, 0x20, 0x73, 0x65, 0x72, 0x76, + 0x65, 0x72, 0x20, 0x74, 0x6F, 0x20, 0x63, 0x6C, 0x69, 0x65, + 0x6E, 0x74, 0x20, 0x73, 0x69, 0x67, 0x6E, 0x69, 0x6E, 0x67, + 0x20, 0x63, 0x6F, 0x6E, 0x73, 0x74, 0x61, 0x6E, 0x74); + chunk_t magic2 = chunk_from_chars( + 0x50, 0x61, 0x64, 0x20, 0x74, 0x6F, 0x20, 0x6D, 0x61, 0x6B, + 0x65, 0x20, 0x69, 0x74, 0x20, 0x64, 0x6F, 0x20, 0x6D, 0x6F, + 0x72, 0x65, 0x20, 0x74, 0x68, 0x61, 0x6E, 0x20, 0x6F, 0x6E, + 0x65, 0x20, 0x69, 0x74, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6F, + 0x6E); chunk_t digest = chunk_empty, concat; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &digest); concat = chunk_cata("ccc", digest, challenge_hash, magic2); hasher->allocate_hash(hasher, concat, response); - + hasher->destroy(hasher); chunk_free(&digest); return SUCCESS; @@ -393,71 +390,67 @@ static status_t AuthenticatorResponse(chunk_t password_hash_hash, static status_t GenerateMSK(chunk_t password_hash_hash, chunk_t nt_response, chunk_t *msk) { - static u_int8_t magic1_data[] = - { 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, - 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, - 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79 }; - static u_int8_t magic2_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, - 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, - 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, - 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t magic3_data[] = - { 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, - 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, - 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, - 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, - 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, - 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, - 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, - 0x6b, 0x65, 0x79, 0x2e }; - static u_int8_t shapad1_data[] = - { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; - static u_int8_t shapad2_data[] = - { 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, - 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2 }; - static const chunk_t magic1 = chunk_from_buf(magic1_data); - static const chunk_t magic2 = chunk_from_buf(magic2_data); - static const chunk_t magic3 = chunk_from_buf(magic3_data); - static const chunk_t shapad1 = chunk_from_buf(shapad1_data); - static const chunk_t shapad2 = chunk_from_buf(shapad2_data); - static const chunk_t keypad = { shapad1_data, 16 }; - + chunk_t magic1 = chunk_from_chars( + 0x54, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, + 0x68, 0x65, 0x20, 0x4d, 0x50, 0x50, 0x45, 0x20, 0x4d, + 0x61, 0x73, 0x74, 0x65, 0x72, 0x20, 0x4b, 0x65, 0x79); + chunk_t magic2 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, 0x6b, 0x65, 0x79, + 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, 0x69, 0x64, 0x65, + 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t magic3 = chunk_from_chars( + 0x4f, 0x6e, 0x20, 0x74, 0x68, 0x65, 0x20, 0x63, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x20, 0x73, 0x69, 0x64, 0x65, 0x2c, 0x20, + 0x74, 0x68, 0x69, 0x73, 0x20, 0x69, 0x73, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x72, 0x65, 0x63, 0x65, 0x69, 0x76, 0x65, 0x20, + 0x6b, 0x65, 0x79, 0x3b, 0x20, 0x6f, 0x6e, 0x20, 0x74, 0x68, + 0x65, 0x20, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x20, 0x73, + 0x69, 0x64, 0x65, 0x2c, 0x20, 0x69, 0x74, 0x20, 0x69, 0x73, + 0x20, 0x74, 0x68, 0x65, 0x20, 0x73, 0x65, 0x6e, 0x64, 0x20, + 0x6b, 0x65, 0x79, 0x2e); + chunk_t shapad1 = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); + chunk_t shapad2 = chunk_from_chars( + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, + 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2, 0xf2); + chunk_t keypad = chunk_from_chars( + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00); chunk_t concat, master_key, master_receive_key, master_send_key; hasher_t *hasher; - + hasher = lib->crypto->create_hasher(lib->crypto, HASH_SHA1); if (hasher == NULL) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed, SHA1 not supported"); return FAILED; } - + concat = chunk_cata("ccc", password_hash_hash, nt_response, magic1); hasher->allocate_hash(hasher, concat, &master_key); master_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic2, shapad2); hasher->allocate_hash(hasher, concat, &master_receive_key); master_receive_key.len = 16; - + concat = chunk_cata("cccc", master_key, shapad1, magic3, shapad2); hasher->allocate_hash(hasher, concat, &master_send_key); master_send_key.len = 16; - + *msk = chunk_cat("cccc", master_receive_key, master_send_key, keypad, keypad); - + hasher->destroy(hasher); chunk_free(&master_key); chunk_free(&master_receive_key); @@ -472,7 +465,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, status_t status = FAILED; chunk_t password_hash = chunk_empty, password_hash_hash = chunk_empty, challenge_hash = chunk_empty; - + if (NtPasswordHash(password, &password_hash) != SUCCESS) { goto error; @@ -486,7 +479,7 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + if (ChallengeResponse(challenge_hash, password_hash, &this->nt_response) != SUCCESS) { @@ -501,9 +494,9 @@ static status_t GenerateStuff(private_eap_mschapv2_t *this, { goto error; } - + status = SUCCESS; - + error: chunk_free(&password_hash); chunk_free(&password_hash_hash); @@ -532,7 +525,7 @@ static chunk_t ascii_to_unicode(chunk_t ascii) static char* sanitize(char *str) { char *pos = str; - + while (pos && *pos) { if (!isprint(*pos)) @@ -592,7 +585,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap_mschapv2_challenge_t *cha; const char *name = MSCHAPV2_HOST_NAME; u_int16_t len = CHALLENGE_PAYLOAD_LEN + sizeof(MSCHAPV2_HOST_NAME) - 1; - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -601,7 +594,7 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou } rng->allocate_bytes(rng, CHALLENGE_LEN, &this->challenge); rng->destroy(rng); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = this->identifier; @@ -610,12 +603,12 @@ static status_t initiate_server(private_eap_mschapv2_t *this, eap_payload_t **ou eap->opcode = MSCHAPV2_CHALLENGE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + cha = (eap_mschapv2_challenge_t*)eap->data; cha->value_size = CHALLENGE_LEN; memcpy(cha->challenge, this->challenge.ptr, this->challenge.len); memcpy(cha->name, name, sizeof(MSCHAPV2_HOST_NAME) - 1); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -634,29 +627,29 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, shared_key_t *shared; chunk_t data, peer_challenge, username, password; u_int16_t len = RESPONSE_PAYLOAD_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + /* the name MUST be at least one octet long */ if (data.len < CHALLENGE_PAYLOAD_LEN + 1) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + cha = (eap_mschapv2_challenge_t*)eap->data; - + if (cha->value_size != CHALLENGE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "invalid challenge size"); return FAILED; } - + this->mschapv2id = eap->ms_chapv2_id; this->challenge = chunk_clone(chunk_create(cha->challenge, CHALLENGE_LEN)); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -666,7 +659,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, peer_challenge = chunk_alloca(CHALLENGE_LEN); rng->get_bytes(rng, CHALLENGE_LEN, peer_challenge.ptr); rng->destroy(rng); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->peer, this->server); if (shared == NULL) @@ -675,13 +668,13 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, this->server, this->peer); return NOT_FOUND; } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + username = extract_username(this->peer); len += username.len; - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 generating NT-Response failed"); @@ -689,7 +682,7 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, return FAILED; } chunk_clear(&password); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; @@ -698,16 +691,16 @@ static status_t process_peer_challenge(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_RESPONSE; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + res = (eap_mschapv2_response_t*)eap->data; res->value_size = RESPONSE_LEN; memset(&res->response, 0, RESPONSE_LEN); memcpy(res->response.peer_challenge, peer_challenge.ptr, peer_challenge.len); memcpy(res->response.nt_response, this->nt_response.ptr, this->nt_response.len); - + username = this->peer->get_encoding(this->peer); memcpy(res->name, username.ptr, username.len); - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); return NEED_MORE; } @@ -725,21 +718,21 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len; u_int16_t len = SHORT_HEADER_LEN; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < AUTH_RESPONSE_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* S=<auth_string> M=<msg> */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -764,32 +757,32 @@ static status_t process_peer_success(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - - if (auth_string.ptr == NULL) + + if (auth_string.ptr == NULL) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "auth string missing"); goto error; } - + if (!chunk_equals(this->auth_response, auth_string)) { DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); goto error; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 succeeded: '%s'", sanitize(msg)); - + eap = alloca(len); eap->code = EAP_RESPONSE; eap->identifier = this->identifier; eap->length = htons(len); eap->type = EAP_MSCHAPV2; eap->opcode = MSCHAPV2_SUCCESS; - + *out = eap_payload_create_data(chunk_create((void*) eap, len)); status = NEED_MORE; - + error: chunk_free(&auth_string); free(message); @@ -807,21 +800,21 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, char *message, *token, *msg = NULL; int message_len, error, retryable; chunk_t challenge = chunk_empty; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < 3) /* we want at least an error code: E=e */ { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + message_len = data.len - HEADER_LEN; message = malloc(message_len + 1); memcpy(message, eap->data, message_len); message[message_len] = '\0'; - + /* E=eeeeeeeeee R=r C=cccccccccccccccccccccccccccccccc V=vvvvvvvvvv M=<msg> */ enumerator = enumerator_create_token(message, " ", " "); while (enumerator->enumerate(enumerator, &token)) @@ -862,28 +855,28 @@ static status_t process_peer_failure(private_eap_mschapv2_t *this, } } enumerator->destroy(enumerator); - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 failed with error %N: '%s'", mschapv2_error_names, error, sanitize(msg)); - + /** * at this point, if the error is retryable, we MAY retry the authentication * or MAY send a Change Password packet. - * + * * if the error is not retryable (or if we do neither of the above), we * SHOULD send a Failure Response packet. * windows clients don't do that, and since windows server 2008 r2 behaves * pretty odd if we do send a Failure Response, we just don't send one * either. windows 7 actually sends a delete notify (which, according to the - * logs, results in an error on windows server 2008 r2). - * + * logs, results in an error on windows server 2008 r2). + * * btw, windows server 2008 r2 does not send non-retryable errors for e.g. * a disabled account but returns the windows error code in a notify payload * of type 12345. */ - + status = FAILED; - + error: chunk_free(&challenge); free(message); @@ -899,7 +892,7 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, { chunk_t data; eap_mschapv2_header_t *eap; - + this->identifier = in->get_identifier(in); data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) @@ -907,9 +900,9 @@ static status_t process_peer(private_eap_mschapv2_t *this, eap_payload_t *in, DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_CHALLENGE: @@ -945,7 +938,7 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, chunk_t hex; char msg[FAILURE_MESSAGE_LEN]; u_int16_t len = HEADER_LEN + FAILURE_MESSAGE_LEN - 1; /* no null byte */ - + if (++this->retries > MAX_RETRIES) { /* we MAY send a Failure Request with R=0, but windows 7 does not @@ -957,9 +950,9 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, "maximum number of retries reached"); return FAILED; } - + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed, retry (%d)", this->retries); - + rng = lib->crypto->create_rng(lib->crypto, RNG_WEAK); if (!rng) { @@ -968,11 +961,11 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, } rng->get_bytes(rng, CHALLENGE_LEN, this->challenge.ptr); rng->destroy(rng); - + chunk_free(&this->nt_response); chunk_free(&this->auth_response); chunk_free(&this->msk); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -981,16 +974,16 @@ static status_t process_server_retry(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_FAILURE; eap->ms_chapv2_id = this->mschapv2id++; /* increase for each retry */ set_ms_length(eap, len); - + hex = chunk_to_hex(this->challenge, NULL, TRUE); snprintf(msg, FAILURE_MESSAGE_LEN, "%s%s", FAILURE_MESSAGE, hex.ptr); chunk_free(&hex); memcpy(eap->data, msg, FAILURE_MESSAGE_LEN - 1); /* no null byte */ *out = eap_payload_create_data(chunk_create((void*) eap, len)); - + /* delay the response for some time to make brute-force attacks harder */ sleep(RETRY_DELAY); - + return NEED_MORE; } @@ -1007,25 +1000,25 @@ static status_t process_server_response(private_eap_mschapv2_t *this, shared_key_t *shared; int name_len; char buf[256]; - + data = in->get_data(in); eap = (eap_mschapv2_header_t*)data.ptr; - + if (data.len < RESPONSE_PAYLOAD_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + res = (eap_mschapv2_response_t*)eap->data; peer_challenge = chunk_create(res->response.peer_challenge, CHALLENGE_LEN); - + name_len = min(data.len - RESPONSE_PAYLOAD_LEN, 255); snprintf(buf, sizeof(buf), "%.*s", name_len, res->name); userid = identification_create_from_string(buf); DBG2(DBG_IKE, "EAP-MS-CHAPv2 username: '%Y'", userid); username = extract_username(userid); - + shared = charon->credentials->get_shared(charon->credentials, SHARED_EAP, this->server, userid); if (shared == NULL) @@ -1035,33 +1028,33 @@ static status_t process_server_response(private_eap_mschapv2_t *this, /* FIXME: windows 7 always sends the username that is first entered in * the username box, even, if the user changes it during retries (probably * to keep consistent with the EAP-Identity). - * thus, we could actually fail here, because retries do not make much - * sense. on the other hand, an attacker could guess usernames, if the - * error messages were different. */ + * thus, we could actually fail here, because retries do not make much + * sense. on the other hand, an attacker could guess usernames, if the + * error messages were different. */ userid->destroy(userid); return process_server_retry(this, out); } - + password = ascii_to_unicode(shared->get_key(shared)); shared->destroy(shared); - + if (GenerateStuff(this, this->challenge, peer_challenge, username, password) != SUCCESS) { - DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); + DBG1(DBG_IKE, "EAP-MS-CHAPv2 verification failed"); userid->destroy(userid); chunk_clear(&password); return FAILED; } userid->destroy(userid); chunk_clear(&password); - + if (memeq(res->response.nt_response, this->nt_response.ptr, this->nt_response.len)) { chunk_t hex; char msg[AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE)]; u_int16_t len = HEADER_LEN + AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE); - + eap = alloca(len); eap->code = EAP_REQUEST; eap->identifier = ++this->identifier; @@ -1070,7 +1063,7 @@ static status_t process_server_response(private_eap_mschapv2_t *this, eap->opcode = MSCHAPV2_SUCCESS; eap->ms_chapv2_id = this->mschapv2id; set_ms_length(eap, len); - + hex = chunk_to_hex(this->auth_response, NULL, TRUE); snprintf(msg, AUTH_RESPONSE_LEN + sizeof(SUCCESS_MESSAGE), "S=%s%s", hex.ptr, SUCCESS_MESSAGE); @@ -1091,23 +1084,23 @@ static status_t process_server(private_eap_mschapv2_t *this, eap_payload_t *in, { eap_mschapv2_header_t *eap; chunk_t data; - + if (this->identifier != in->get_identifier(in)) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: " "unexpected identifier"); return FAILED; } - + data = in->get_data(in); if (data.len < SHORT_HEADER_LEN) { DBG1(DBG_IKE, "received invalid EAP-MS-CHAPv2 message: too short"); return FAILED; } - + eap = (eap_mschapv2_header_t*)data.ptr; - + switch (eap->opcode) { case MSCHAPV2_RESPONSE: @@ -1159,7 +1152,7 @@ static status_t get_msk(private_eap_mschapv2_t *this, chunk_t *msk) */ static bool is_mutual(private_eap_mschapv2_t *this) { - return TRUE; + return FALSE; } /** @@ -1182,14 +1175,14 @@ static void destroy(private_eap_mschapv2_t *this) static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = malloc_thing(private_eap_mschapv2_t); - + this->public.eap_method_interface.initiate = NULL; this->public.eap_method_interface.process = NULL; this->public.eap_method_interface.get_type = (eap_type_t(*)(eap_method_t*,u_int32_t*))get_type; this->public.eap_method_interface.is_mutual = (bool(*)(eap_method_t*))is_mutual; this->public.eap_method_interface.get_msk = (status_t(*)(eap_method_t*,chunk_t*))get_msk; this->public.eap_method_interface.destroy = (void(*)(eap_method_t*))destroy; - + /* private data */ this->peer = peer->clone(peer); this->server = server->clone(server); @@ -1200,7 +1193,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser this->identifier = 0; this->mschapv2id = 0; this->retries = 0; - + return this; } @@ -1210,7 +1203,7 @@ static private_eap_mschapv2_t *eap_mschapv2_create_generic(identification_t *ser eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_server; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_server; @@ -1219,9 +1212,9 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat { this->identifier = random(); } while (!this->identifier); - + this->mschapv2id = this->identifier; - + return &this->public; } @@ -1231,10 +1224,10 @@ eap_mschapv2_t *eap_mschapv2_create_server(identification_t *server, identificat eap_mschapv2_t *eap_mschapv2_create_peer(identification_t *server, identification_t *peer) { private_eap_mschapv2_t *this = eap_mschapv2_create_generic(server, peer); - + this->public.eap_method_interface.initiate = (status_t(*)(eap_method_t*,eap_payload_t**))initiate_peer; this->public.eap_method_interface.process = (status_t(*)(eap_method_t*,eap_payload_t*, eap_payload_t**))process_peer; - + return &this->public; } diff --git a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c index d0995c477..404cecb20 100644 --- a/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c +++ b/src/charon/plugins/eap_mschapv2/eap_mschapv2_plugin.c @@ -37,14 +37,14 @@ static void destroy(eap_mschapv2_plugin_t *this) plugin_t *plugin_create() { eap_mschapv2_plugin_t *this = malloc_thing(eap_mschapv2_plugin_t); - + this->plugin.destroy = (void(*)(plugin_t*))destroy; - + charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_SERVER, (eap_constructor_t)eap_mschapv2_create_server); charon->eap->add_method(charon->eap, EAP_MSCHAPV2, 0, EAP_PEER, (eap_constructor_t)eap_mschapv2_create_peer); - + return &this->plugin; } |