diff options
Diffstat (limited to 'src/libcharon/plugins/eap_ttls')
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/Makefile.in | 3 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls.c | 22 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls_peer.c | 49 | ||||
| -rw-r--r-- | src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c | 7 |
4 files changed, 49 insertions, 32 deletions
diff --git a/src/libcharon/plugins/eap_ttls/Makefile.in b/src/libcharon/plugins/eap_ttls/Makefile.in index ff67686b2..d0d5341e2 100644 --- a/src/libcharon/plugins/eap_ttls/Makefile.in +++ b/src/libcharon/plugins/eap_ttls/Makefile.in @@ -246,6 +246,8 @@ nm_ca_dir = @nm_ca_dir@ oldincludedir = @oldincludedir@ openac_plugins = @openac_plugins@ p_plugins = @p_plugins@ +pcsclite_CFLAGS = @pcsclite_CFLAGS@ +pcsclite_LIBS = @pcsclite_LIBS@ pdfdir = @pdfdir@ piddir = @piddir@ pki_plugins = @pki_plugins@ @@ -269,6 +271,7 @@ soup_LIBS = @soup_LIBS@ srcdir = @srcdir@ strongswan_conf = @strongswan_conf@ sysconfdir = @sysconfdir@ +systemdsystemunitdir = @systemdsystemunitdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls.c b/src/libcharon/plugins/eap_ttls/eap_ttls.c index a62af6ea4..7193bc9f0 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls.c @@ -93,6 +93,18 @@ METHOD(eap_method_t, get_msk, status_t, return FAILED; } +METHOD(eap_method_t, get_identifier, u_int8_t, + private_eap_ttls_t *this) +{ + return this->tls_eap->get_identifier(this->tls_eap); +} + +METHOD(eap_method_t, set_identifier, void, + private_eap_ttls_t *this, u_int8_t identifier) +{ + this->tls_eap->set_identifier(this->tls_eap, identifier); +} + METHOD(eap_method_t, is_mutual, bool, private_eap_ttls_t *this) { @@ -116,6 +128,7 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, private_eap_ttls_t *this; size_t frag_size; int max_msg_count; + bool include_length; tls_t *tls; INIT(this, @@ -125,6 +138,8 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, .process = _process, .get_type = _get_type, .is_mutual = _is_mutual, + .get_identifier = _get_identifier, + .set_identifier = _set_identifier, .get_msk = _get_msk, .destroy = _destroy, }, @@ -139,8 +154,11 @@ static eap_ttls_t *eap_ttls_create(identification_t *server, "charon.plugins.eap-ttls.fragment_size", MAX_FRAGMENT_LEN); max_msg_count = lib->settings->get_int(lib->settings, "charon.plugins.eap-ttls.max_message_count", MAX_MESSAGE_COUNT); - tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application); - this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count); + include_length = lib->settings->get_bool(lib->settings, + "charon.plugins.eap-ttls.include_length", TRUE); + tls = tls_create(is_server, server, peer, TLS_PURPOSE_EAP_TTLS, application); + this->tls_eap = tls_eap_create(EAP_TTLS, tls, frag_size, max_msg_count, + include_length); if (!this->tls_eap) { application->destroy(application); diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c index 29b0a9303..931eb2e89 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_peer.c @@ -64,17 +64,6 @@ struct private_eap_ttls_peer_t { eap_ttls_avp_t *avp; }; -/** - * EAP packet format - */ -typedef struct __attribute__((packed)) { - u_int8_t code; - u_int8_t identifier; - u_int16_t length; - u_int8_t type; - u_int8_t data; -} eap_packet_t; - #define MAX_RADIUS_ATTRIBUTE_SIZE 253 METHOD(tls_application_t, process, status_t, @@ -174,17 +163,30 @@ METHOD(tls_application_t, process, status_t, return FAILED; } + /* yet another phase2 authentication? */ + if (this->method) + { + type = this->method->get_type(this->method, &vendor); + + if (type != received_type || vendor != received_vendor) + { + this->method->destroy(this->method); + this->method = NULL; + } + } + if (this->method == NULL) { if (received_vendor) { - DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d", - received_type, received_vendor); + DBG1(DBG_IKE, "server requested vendor specific EAP method %d-%d " + "(id 0x%02X)", received_type, received_vendor, + in->get_identifier(in)); } else { - DBG1(DBG_IKE, "server requested %N authentication", - eap_type_names, received_type); + DBG1(DBG_IKE, "server requested %N authentication (id 0x%02X)", + eap_type_names, received_type, in->get_identifier(in)); } this->method = charon->eap->create_instance(charon->eap, received_type, received_vendor, @@ -196,18 +198,10 @@ METHOD(tls_application_t, process, status_t, in->destroy(in); return NEED_MORE; } + type = this->method->get_type(this->method, &vendor); this->start_phase2 = FALSE; } - type = this->method->get_type(this->method, &vendor); - - if (type != received_type || vendor != received_vendor) - { - DBG1(DBG_IKE, "received invalid EAP request"); - in->destroy(in); - return FAILED; - } - status = this->method->process(this->method, in, &this->out); in->destroy(in); @@ -216,13 +210,8 @@ METHOD(tls_application_t, process, status_t, case SUCCESS: this->method->destroy(this->method); this->method = NULL; - return NEED_MORE; + /* fall through to NEED_MORE */ case NEED_MORE: - if (type != EAP_TNC) - { - this->method->destroy(this->method); - this->method = NULL; - } return NEED_MORE; case FAILED: default: diff --git a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c index 48e759dcc..cbc3929bb 100644 --- a/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c +++ b/src/libcharon/plugins/eap_ttls/eap_ttls_plugin.c @@ -19,6 +19,11 @@ #include <daemon.h> +METHOD(plugin_t, get_name, char*, + eap_ttls_plugin_t *this) +{ + return "eap-ttls"; +} METHOD(plugin_t, destroy, void, eap_ttls_plugin_t *this) @@ -39,6 +44,8 @@ plugin_t *eap_ttls_plugin_create() INIT(this, .plugin = { + .get_name = _get_name, + .reload = (void*)return_false, .destroy = _destroy, }, ); |