mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-28 18:28:23 -05:00
EAP server: Use struct eap_config to avoid duplicated definitions
Use struct eap_config as-is within struct eap_sm and EAPOL authenticator to avoid having to duplicate all the configuration variables at each interface. Split the couple of session specific variables into a separate struct to allow a single const struct eap_config to be used. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
8315c1ef5b
commit
822e7c66ae
@ -207,6 +207,8 @@ static int eap_server_register_methods(void)
|
||||
|
||||
int eap_example_server_init(void)
|
||||
{
|
||||
struct eap_session_data eap_sess;
|
||||
|
||||
if (eap_server_register_methods() < 0)
|
||||
return -1;
|
||||
|
||||
@ -223,7 +225,9 @@ int eap_example_server_init(void)
|
||||
eap_conf.eap_server = 1;
|
||||
eap_conf.ssl_ctx = eap_ctx.tls_ctx;
|
||||
|
||||
eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf);
|
||||
os_memset(&eap_sess, 0, sizeof(eap_sess));
|
||||
eap_ctx.eap = eap_server_sm_init(&eap_ctx, &eap_cb, &eap_conf,
|
||||
&eap_sess);
|
||||
if (eap_ctx.eap == NULL)
|
||||
return -1;
|
||||
|
||||
|
@ -186,6 +186,7 @@ struct hostapd_data {
|
||||
|
||||
struct wpa_authenticator *wpa_auth;
|
||||
struct eapol_authenticator *eapol_auth;
|
||||
struct eap_config *eap_cfg;
|
||||
|
||||
struct rsn_preauth_interface *preauth_iface;
|
||||
struct os_reltime michael_mic_failure;
|
||||
|
@ -2403,6 +2403,56 @@ static int ieee802_1x_erp_add_key(void *ctx, struct eap_server_erp_key *erp)
|
||||
#endif /* CONFIG_ERP */
|
||||
|
||||
|
||||
static struct eap_config * ieee802_1x_eap_config(struct hostapd_data *hapd)
|
||||
{
|
||||
struct eap_config *cfg;
|
||||
|
||||
cfg = os_zalloc(sizeof(*cfg));
|
||||
if (!cfg)
|
||||
return NULL;
|
||||
|
||||
cfg->eap_server = hapd->conf->eap_server;
|
||||
cfg->ssl_ctx = hapd->ssl_ctx;
|
||||
cfg->msg_ctx = hapd->msg_ctx;
|
||||
cfg->eap_sim_db_priv = hapd->eap_sim_db_priv;
|
||||
cfg->tls_session_lifetime = hapd->conf->tls_session_lifetime;
|
||||
cfg->tls_flags = hapd->conf->tls_flags;
|
||||
if (hapd->conf->pac_opaque_encr_key)
|
||||
cfg->pac_opaque_encr_key =
|
||||
os_memdup(hapd->conf->pac_opaque_encr_key, 16);
|
||||
if (hapd->conf->eap_fast_a_id) {
|
||||
cfg->eap_fast_a_id = os_memdup(hapd->conf->eap_fast_a_id,
|
||||
hapd->conf->eap_fast_a_id_len);
|
||||
cfg->eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
|
||||
}
|
||||
if (hapd->conf->eap_fast_a_id_info)
|
||||
cfg->eap_fast_a_id_info =
|
||||
os_strdup(hapd->conf->eap_fast_a_id_info);
|
||||
cfg->eap_fast_prov = hapd->conf->eap_fast_prov;
|
||||
cfg->pac_key_lifetime = hapd->conf->pac_key_lifetime;
|
||||
cfg->pac_key_refresh_time = hapd->conf->pac_key_refresh_time;
|
||||
cfg->eap_teap_auth = hapd->conf->eap_teap_auth;
|
||||
cfg->eap_teap_separate_result = hapd->conf->eap_teap_separate_result;
|
||||
cfg->eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
|
||||
cfg->eap_sim_id = hapd->conf->eap_sim_id;
|
||||
cfg->tnc = hapd->conf->tnc;
|
||||
cfg->wps = hapd->wps;
|
||||
cfg->fragment_size = hapd->conf->fragment_size;
|
||||
cfg->pwd_group = hapd->conf->pwd_group;
|
||||
cfg->pbc_in_m1 = hapd->conf->pbc_in_m1;
|
||||
if (hapd->conf->server_id) {
|
||||
cfg->server_id = (u8 *) os_strdup(hapd->conf->server_id);
|
||||
cfg->server_id_len = os_strlen(hapd->conf->server_id);
|
||||
} else {
|
||||
cfg->server_id = (u8 *) os_strdup("hostapd");
|
||||
cfg->server_id_len = 7;
|
||||
}
|
||||
cfg->erp = hapd->conf->eap_server_erp;
|
||||
|
||||
return cfg;
|
||||
}
|
||||
|
||||
|
||||
int ieee802_1x_init(struct hostapd_data *hapd)
|
||||
{
|
||||
int i;
|
||||
@ -2411,45 +2461,19 @@ int ieee802_1x_init(struct hostapd_data *hapd)
|
||||
|
||||
dl_list_init(&hapd->erp_keys);
|
||||
|
||||
hapd->eap_cfg = ieee802_1x_eap_config(hapd);
|
||||
if (!hapd->eap_cfg)
|
||||
return -1;
|
||||
os_memset(&conf, 0, sizeof(conf));
|
||||
conf.eap_cfg = hapd->eap_cfg;
|
||||
conf.ctx = hapd;
|
||||
conf.eap_reauth_period = hapd->conf->eap_reauth_period;
|
||||
conf.wpa = hapd->conf->wpa;
|
||||
conf.individual_wep_key_len = hapd->conf->individual_wep_key_len;
|
||||
conf.eap_server = hapd->conf->eap_server;
|
||||
conf.ssl_ctx = hapd->ssl_ctx;
|
||||
conf.msg_ctx = hapd->msg_ctx;
|
||||
conf.eap_sim_db_priv = hapd->eap_sim_db_priv;
|
||||
conf.eap_req_id_text = hapd->conf->eap_req_id_text;
|
||||
conf.eap_req_id_text_len = hapd->conf->eap_req_id_text_len;
|
||||
conf.erp_send_reauth_start = hapd->conf->erp_send_reauth_start;
|
||||
conf.erp_domain = hapd->conf->erp_domain;
|
||||
conf.erp = hapd->conf->eap_server_erp;
|
||||
conf.tls_session_lifetime = hapd->conf->tls_session_lifetime;
|
||||
conf.tls_flags = hapd->conf->tls_flags;
|
||||
conf.pac_opaque_encr_key = hapd->conf->pac_opaque_encr_key;
|
||||
conf.eap_fast_a_id = hapd->conf->eap_fast_a_id;
|
||||
conf.eap_fast_a_id_len = hapd->conf->eap_fast_a_id_len;
|
||||
conf.eap_fast_a_id_info = hapd->conf->eap_fast_a_id_info;
|
||||
conf.eap_fast_prov = hapd->conf->eap_fast_prov;
|
||||
conf.pac_key_lifetime = hapd->conf->pac_key_lifetime;
|
||||
conf.pac_key_refresh_time = hapd->conf->pac_key_refresh_time;
|
||||
conf.eap_teap_auth = hapd->conf->eap_teap_auth;
|
||||
conf.eap_teap_separate_result = hapd->conf->eap_teap_separate_result;
|
||||
conf.eap_sim_aka_result_ind = hapd->conf->eap_sim_aka_result_ind;
|
||||
conf.eap_sim_id = hapd->conf->eap_sim_id;
|
||||
conf.tnc = hapd->conf->tnc;
|
||||
conf.wps = hapd->wps;
|
||||
conf.fragment_size = hapd->conf->fragment_size;
|
||||
conf.pwd_group = hapd->conf->pwd_group;
|
||||
conf.pbc_in_m1 = hapd->conf->pbc_in_m1;
|
||||
if (hapd->conf->server_id) {
|
||||
conf.server_id = (const u8 *) hapd->conf->server_id;
|
||||
conf.server_id_len = os_strlen(hapd->conf->server_id);
|
||||
} else {
|
||||
conf.server_id = (const u8 *) "hostapd";
|
||||
conf.server_id_len = 7;
|
||||
}
|
||||
|
||||
os_memset(&cb, 0, sizeof(cb));
|
||||
cb.eapol_send = ieee802_1x_eapol_send;
|
||||
@ -2520,6 +2544,9 @@ void ieee802_1x_deinit(struct hostapd_data *hapd)
|
||||
eapol_auth_deinit(hapd->eapol_auth);
|
||||
hapd->eapol_auth = NULL;
|
||||
|
||||
eap_server_config_free(hapd->eap_cfg);
|
||||
hapd->eap_cfg = NULL;
|
||||
|
||||
ieee802_1x_erp_flush(hapd);
|
||||
}
|
||||
|
||||
|
@ -108,39 +108,151 @@ struct eapol_callbacks {
|
||||
};
|
||||
|
||||
struct eap_config {
|
||||
/**
|
||||
* ssl_ctx - TLS context
|
||||
*
|
||||
* This is passed to the EAP server implementation as a callback
|
||||
* context for TLS operations.
|
||||
*/
|
||||
void *ssl_ctx;
|
||||
void *msg_ctx;
|
||||
|
||||
/**
|
||||
* eap_sim_db_priv - EAP-SIM/AKA database context
|
||||
*
|
||||
* This is passed to the EAP-SIM/AKA server implementation as a
|
||||
* callback context.
|
||||
*/
|
||||
void *eap_sim_db_priv;
|
||||
Boolean backend_auth;
|
||||
int eap_server;
|
||||
|
||||
/**
|
||||
* pwd_group - The D-H group assigned for EAP-pwd
|
||||
*
|
||||
* If EAP-pwd is not used it can be set to zero.
|
||||
*/
|
||||
u16 pwd_group;
|
||||
|
||||
/**
|
||||
* pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST
|
||||
*
|
||||
* This parameter is used to set a key for EAP-FAST to encrypt the
|
||||
* PAC-Opaque data. It can be set to %NULL if EAP-FAST is not used. If
|
||||
* set, must point to a 16-octet key.
|
||||
*/
|
||||
u8 *pac_opaque_encr_key;
|
||||
|
||||
/**
|
||||
* eap_fast_a_id - EAP-FAST authority identity (A-ID)
|
||||
*
|
||||
* If EAP-FAST is not used, this can be set to %NULL. In theory, this
|
||||
* is a variable length field, but due to some existing implementations
|
||||
* requiring A-ID to be 16 octets in length, it is recommended to use
|
||||
* that length for the field to provide interoperability with deployed
|
||||
* peer implementations.
|
||||
*/
|
||||
u8 *eap_fast_a_id;
|
||||
|
||||
/**
|
||||
* eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets
|
||||
*/
|
||||
size_t eap_fast_a_id_len;
|
||||
/**
|
||||
* eap_fast_a_id_info - EAP-FAST authority identifier information
|
||||
*
|
||||
* This A-ID-Info contains a user-friendly name for the A-ID. For
|
||||
* example, this could be the enterprise and server names in
|
||||
* human-readable format. This field is encoded as UTF-8. If EAP-FAST
|
||||
* is not used, this can be set to %NULL.
|
||||
*/
|
||||
char *eap_fast_a_id_info;
|
||||
int eap_fast_prov;
|
||||
|
||||
/**
|
||||
* eap_fast_prov - EAP-FAST provisioning modes
|
||||
*
|
||||
* 0 = provisioning disabled, 1 = only anonymous provisioning allowed,
|
||||
* 2 = only authenticated provisioning allowed, 3 = both provisioning
|
||||
* modes allowed.
|
||||
*/
|
||||
enum {
|
||||
NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
|
||||
} eap_fast_prov;
|
||||
|
||||
/**
|
||||
* pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds
|
||||
*
|
||||
* This is the hard limit on how long a provisioned PAC-Key can be
|
||||
* used.
|
||||
*/
|
||||
int pac_key_lifetime;
|
||||
|
||||
/**
|
||||
* pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds
|
||||
*
|
||||
* This is a soft limit on the PAC-Key. The server will automatically
|
||||
* generate a new PAC-Key when this number of seconds (or fewer) of the
|
||||
* lifetime remains.
|
||||
*/
|
||||
int pac_key_refresh_time;
|
||||
int eap_teap_auth;
|
||||
int eap_teap_pac_no_inner;
|
||||
int eap_teap_separate_result;
|
||||
|
||||
/**
|
||||
* eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
|
||||
*
|
||||
* This controls whether the protected success/failure indication
|
||||
* (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.
|
||||
*/
|
||||
int eap_sim_aka_result_ind;
|
||||
int eap_sim_id;
|
||||
|
||||
/**
|
||||
* tnc - Trusted Network Connect (TNC)
|
||||
*
|
||||
* This controls whether TNC is enabled and will be required before the
|
||||
* peer is allowed to connect. Note: This is only used with EAP-TTLS
|
||||
* and EAP-FAST. If any other EAP method is enabled, the peer will be
|
||||
* allowed to connect without TNC.
|
||||
*/
|
||||
int tnc;
|
||||
|
||||
/**
|
||||
* wps - Wi-Fi Protected Setup context
|
||||
*
|
||||
* If WPS is used with an external RADIUS server (which is quite
|
||||
* unlikely configuration), this is used to provide a pointer to WPS
|
||||
* context data. Normally, this can be set to %NULL.
|
||||
*/
|
||||
struct wps_context *wps;
|
||||
const struct wpabuf *assoc_wps_ie;
|
||||
const struct wpabuf *assoc_p2p_ie;
|
||||
const u8 *peer_addr;
|
||||
int fragment_size;
|
||||
|
||||
int pbc_in_m1;
|
||||
|
||||
const u8 *server_id;
|
||||
/**
|
||||
* server_id - Server identity
|
||||
*/
|
||||
u8 *server_id;
|
||||
size_t server_id_len;
|
||||
|
||||
/**
|
||||
* erp - Whether EAP Re-authentication Protocol (ERP) is enabled
|
||||
*
|
||||
* This controls whether the authentication server derives ERP key
|
||||
* hierarchy (rRK and rIK) from full EAP authentication and allows
|
||||
* these keys to be used to perform ERP to derive rMSK instead of full
|
||||
* EAP authentication to derive MSK.
|
||||
*/
|
||||
int erp;
|
||||
unsigned int tls_session_lifetime;
|
||||
unsigned int tls_flags;
|
||||
};
|
||||
|
||||
struct eap_session_data {
|
||||
const struct wpabuf *assoc_wps_ie;
|
||||
const struct wpabuf *assoc_p2p_ie;
|
||||
const u8 *peer_addr;
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
u32 tls_test_flags;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
@ -149,7 +261,8 @@ struct eap_config {
|
||||
|
||||
struct eap_sm * eap_server_sm_init(void *eapol_ctx,
|
||||
const struct eapol_callbacks *eapol_cb,
|
||||
struct eap_config *eap_conf);
|
||||
const struct eap_config *conf,
|
||||
const struct eap_session_data *sess);
|
||||
void eap_server_sm_deinit(struct eap_sm *sm);
|
||||
int eap_server_sm_step(struct eap_sm *sm);
|
||||
void eap_sm_notify_cached(struct eap_sm *sm);
|
||||
@ -166,5 +279,6 @@ void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
|
||||
const u8 *challenge, const u8 *response);
|
||||
void eap_erp_update_identity(struct eap_sm *sm, const u8 *eap, size_t len);
|
||||
void eap_user_free(struct eap_user *user);
|
||||
void eap_server_config_free(struct eap_config *cfg);
|
||||
|
||||
#endif /* EAP_H */
|
||||
|
@ -154,7 +154,7 @@ struct eap_sm {
|
||||
const struct eap_method *m; /* selected EAP method */
|
||||
/* not defined in RFC 4137 */
|
||||
Boolean changed;
|
||||
void *eapol_ctx, *msg_ctx;
|
||||
void *eapol_ctx;
|
||||
const struct eapol_callbacks *eapol_cb;
|
||||
void *eap_method_priv;
|
||||
u8 *identity;
|
||||
@ -167,11 +167,9 @@ struct eap_sm {
|
||||
struct eap_user *user;
|
||||
int user_eap_method_index;
|
||||
int init_phase2;
|
||||
void *ssl_ctx;
|
||||
struct eap_sim_db_data *eap_sim_db_priv;
|
||||
Boolean backend_auth;
|
||||
const struct eap_config *cfg;
|
||||
struct eap_config cfg_buf;
|
||||
Boolean update_user;
|
||||
int eap_server;
|
||||
|
||||
int num_rounds;
|
||||
enum {
|
||||
@ -181,23 +179,6 @@ struct eap_sm {
|
||||
u8 *auth_challenge;
|
||||
u8 *peer_challenge;
|
||||
|
||||
u8 *pac_opaque_encr_key;
|
||||
u8 *eap_fast_a_id;
|
||||
size_t eap_fast_a_id_len;
|
||||
char *eap_fast_a_id_info;
|
||||
enum {
|
||||
NO_PROV, ANON_PROV, AUTH_PROV, BOTH_PROV
|
||||
} eap_fast_prov;
|
||||
int pac_key_lifetime;
|
||||
int pac_key_refresh_time;
|
||||
int eap_teap_auth;
|
||||
int eap_teap_pac_no_inner;
|
||||
int eap_teap_separate_result;
|
||||
int eap_sim_aka_result_ind;
|
||||
int eap_sim_id;
|
||||
int tnc;
|
||||
u16 pwd_group;
|
||||
struct wps_context *wps;
|
||||
struct wpabuf *assoc_wps_ie;
|
||||
struct wpabuf *assoc_p2p_ie;
|
||||
|
||||
@ -205,19 +186,8 @@ struct eap_sm {
|
||||
|
||||
u8 peer_addr[ETH_ALEN];
|
||||
|
||||
/* Fragmentation size for EAP method init() handler */
|
||||
int fragment_size;
|
||||
|
||||
int pbc_in_m1;
|
||||
|
||||
const u8 *server_id;
|
||||
size_t server_id_len;
|
||||
|
||||
Boolean initiate_reauth_start_sent;
|
||||
Boolean try_initiate_reauth;
|
||||
int erp;
|
||||
unsigned int tls_session_lifetime;
|
||||
unsigned int tls_flags;
|
||||
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
u32 tls_test_flags;
|
||||
|
@ -223,7 +223,7 @@ SM_STATE(EAP, INITIALIZE)
|
||||
{
|
||||
SM_ENTRY(EAP, INITIALIZE);
|
||||
|
||||
if (sm->eap_if.eapRestart && !sm->eap_server && sm->identity) {
|
||||
if (sm->eap_if.eapRestart && !sm->cfg->eap_server && sm->identity) {
|
||||
/*
|
||||
* Need to allow internal Identity method to be used instead
|
||||
* of passthrough at the beginning of reauthentication.
|
||||
@ -257,7 +257,7 @@ SM_STATE(EAP, INITIALIZE)
|
||||
sm->m = NULL;
|
||||
sm->user_eap_method_index = 0;
|
||||
|
||||
if (sm->backend_auth) {
|
||||
if (sm->cfg->backend_auth) {
|
||||
sm->currentMethod = EAP_TYPE_NONE;
|
||||
/* parse rxResp, respId, respMethod */
|
||||
eap_sm_parseEapResp(sm, sm->eap_if.eapRespData);
|
||||
@ -268,7 +268,7 @@ SM_STATE(EAP, INITIALIZE)
|
||||
sm->num_rounds = 0;
|
||||
sm->method_pending = METHOD_PENDING_NONE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_STARTED
|
||||
MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -300,7 +300,7 @@ SM_STATE(EAP, PICK_UP_METHOD)
|
||||
}
|
||||
}
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
||||
"method=%u", sm->currentMethod);
|
||||
}
|
||||
|
||||
@ -325,7 +325,7 @@ SM_STATE(EAP, RETRANSMIT)
|
||||
sm->eap_if.eapReq = TRUE;
|
||||
}
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR,
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -530,7 +530,7 @@ SM_STATE(EAP, METHOD_RESPONSE)
|
||||
sm->eap_if.eapSessionId,
|
||||
sm->eap_if.eapSessionIdLen);
|
||||
}
|
||||
if (sm->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
|
||||
if (sm->cfg->erp && sm->m->get_emsk && sm->eap_if.eapSessionId)
|
||||
eap_server_erp_init(sm);
|
||||
sm->methodState = METHOD_END;
|
||||
} else {
|
||||
@ -580,7 +580,7 @@ try_another_method:
|
||||
else
|
||||
sm->methodState = METHOD_PROPOSED;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_PROPOSED_METHOD
|
||||
"vendor=%u method=%u", vendor, sm->currentMethod);
|
||||
eap_log_msg(sm, "Propose EAP method vendor=%u method=%u",
|
||||
vendor, sm->currentMethod);
|
||||
@ -636,8 +636,8 @@ SM_STATE(EAP, TIMEOUT_FAILURE)
|
||||
|
||||
sm->eap_if.eapTimeout = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
|
||||
WPA_EVENT_EAP_TIMEOUT_FAILURE MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
|
||||
@ -651,7 +651,7 @@ SM_STATE(EAP, FAILURE)
|
||||
sm->lastReqData = NULL;
|
||||
sm->eap_if.eapFail = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||
MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -668,7 +668,7 @@ SM_STATE(EAP, SUCCESS)
|
||||
sm->eap_if.eapKeyAvailable = TRUE;
|
||||
sm->eap_if.eapSuccess = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
|
||||
MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -755,7 +755,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm,
|
||||
|
||||
if ((flags & 0x80) || !erp) {
|
||||
sm->eap_if.eapFail = TRUE;
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE
|
||||
MACSTR, MAC2STR(sm->peer_addr));
|
||||
return;
|
||||
}
|
||||
@ -783,7 +783,7 @@ static void erp_send_finish_reauth(struct eap_sm *sm,
|
||||
sm->eap_if.eapKeyData, sm->eap_if.eapKeyDataLen);
|
||||
sm->eap_if.eapSuccess = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS
|
||||
MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -855,7 +855,7 @@ SM_STATE(EAP, INITIATE_RECEIVED)
|
||||
os_memcpy(nai, parse.keyname, parse.keyname_len);
|
||||
nai[parse.keyname_len] = '\0';
|
||||
|
||||
if (!sm->eap_server) {
|
||||
if (!sm->cfg->eap_server) {
|
||||
/*
|
||||
* In passthrough case, EAP-Initiate/Re-auth replaces
|
||||
* EAP Identity exchange. Use keyName-NAI as the user identity
|
||||
@ -1018,7 +1018,7 @@ SM_STATE(EAP, RETRANSMIT2)
|
||||
sm->eap_if.eapReq = TRUE;
|
||||
}
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR,
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_RETRANSMIT2 MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -1111,8 +1111,8 @@ SM_STATE(EAP, TIMEOUT_FAILURE2)
|
||||
|
||||
sm->eap_if.eapTimeout = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO,
|
||||
WPA_EVENT_EAP_TIMEOUT_FAILURE2 MACSTR, MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
|
||||
@ -1123,7 +1123,7 @@ SM_STATE(EAP, FAILURE2)
|
||||
eap_copy_buf(&sm->eap_if.eapReqData, sm->eap_if.aaaEapReqData);
|
||||
sm->eap_if.eapFail = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR,
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_FAILURE2 MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -1152,7 +1152,7 @@ SM_STATE(EAP, SUCCESS2)
|
||||
*/
|
||||
sm->start_reauth = TRUE;
|
||||
|
||||
wpa_msg(sm->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR,
|
||||
wpa_msg(sm->cfg->msg_ctx, MSG_INFO, WPA_EVENT_EAP_SUCCESS2 MACSTR,
|
||||
MAC2STR(sm->peer_addr));
|
||||
}
|
||||
|
||||
@ -1173,7 +1173,7 @@ SM_STEP(EAP)
|
||||
}
|
||||
} else switch (sm->EAP_state) {
|
||||
case EAP_INITIALIZE:
|
||||
if (sm->backend_auth) {
|
||||
if (sm->cfg->backend_auth) {
|
||||
if (!sm->rxResp)
|
||||
SM_ENTER(EAP, SELECT_ACTION);
|
||||
else if (sm->rxResp &&
|
||||
@ -1336,7 +1336,7 @@ SM_STEP(EAP)
|
||||
else if (sm->decision == DECISION_INITIATE_REAUTH_START)
|
||||
SM_ENTER(EAP, INITIATE_REAUTH_START);
|
||||
#ifdef CONFIG_ERP
|
||||
else if (sm->eap_server && sm->erp && sm->rxInitiate)
|
||||
else if (sm->cfg->eap_server && sm->cfg->erp && sm->rxInitiate)
|
||||
SM_ENTER(EAP, INITIATE_RECEIVED);
|
||||
#endif /* CONFIG_ERP */
|
||||
else
|
||||
@ -1346,7 +1346,7 @@ SM_STEP(EAP)
|
||||
SM_ENTER(EAP, SEND_REQUEST);
|
||||
break;
|
||||
case EAP_INITIATE_RECEIVED:
|
||||
if (!sm->eap_server)
|
||||
if (!sm->cfg->eap_server)
|
||||
SM_ENTER(EAP, SELECT_ACTION);
|
||||
break;
|
||||
case EAP_TIMEOUT_FAILURE:
|
||||
@ -1706,7 +1706,7 @@ static enum eap_type eap_sm_Policy_getNextMethod(struct eap_sm *sm, int *vendor)
|
||||
|
||||
static int eap_sm_Policy_getDecision(struct eap_sm *sm)
|
||||
{
|
||||
if (!sm->eap_server && sm->identity && !sm->start_reauth) {
|
||||
if (!sm->cfg->eap_server && sm->identity && !sm->start_reauth) {
|
||||
wpa_printf(MSG_DEBUG, "EAP: getDecision: -> PASSTHROUGH");
|
||||
return DECISION_PASSTHROUGH;
|
||||
}
|
||||
@ -1837,7 +1837,8 @@ void eap_user_free(struct eap_user *user)
|
||||
*/
|
||||
struct eap_sm * eap_server_sm_init(void *eapol_ctx,
|
||||
const struct eapol_callbacks *eapol_cb,
|
||||
struct eap_config *conf)
|
||||
const struct eap_config *conf,
|
||||
const struct eap_session_data *sess)
|
||||
{
|
||||
struct eap_sm *sm;
|
||||
|
||||
@ -1847,55 +1848,15 @@ struct eap_sm * eap_server_sm_init(void *eapol_ctx,
|
||||
sm->eapol_ctx = eapol_ctx;
|
||||
sm->eapol_cb = eapol_cb;
|
||||
sm->MaxRetrans = 5; /* RFC 3748: max 3-5 retransmissions suggested */
|
||||
sm->ssl_ctx = conf->ssl_ctx;
|
||||
sm->msg_ctx = conf->msg_ctx;
|
||||
sm->eap_sim_db_priv = conf->eap_sim_db_priv;
|
||||
sm->backend_auth = conf->backend_auth;
|
||||
sm->eap_server = conf->eap_server;
|
||||
if (conf->pac_opaque_encr_key) {
|
||||
sm->pac_opaque_encr_key = os_malloc(16);
|
||||
if (sm->pac_opaque_encr_key) {
|
||||
os_memcpy(sm->pac_opaque_encr_key,
|
||||
conf->pac_opaque_encr_key, 16);
|
||||
}
|
||||
}
|
||||
if (conf->eap_fast_a_id) {
|
||||
sm->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
|
||||
if (sm->eap_fast_a_id) {
|
||||
os_memcpy(sm->eap_fast_a_id, conf->eap_fast_a_id,
|
||||
conf->eap_fast_a_id_len);
|
||||
sm->eap_fast_a_id_len = conf->eap_fast_a_id_len;
|
||||
}
|
||||
}
|
||||
if (conf->eap_fast_a_id_info)
|
||||
sm->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
|
||||
sm->eap_fast_prov = conf->eap_fast_prov;
|
||||
sm->pac_key_lifetime = conf->pac_key_lifetime;
|
||||
sm->pac_key_refresh_time = conf->pac_key_refresh_time;
|
||||
sm->eap_teap_auth = conf->eap_teap_auth;
|
||||
sm->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
|
||||
sm->eap_teap_separate_result = conf->eap_teap_separate_result;
|
||||
sm->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
|
||||
sm->eap_sim_id = conf->eap_sim_id;
|
||||
sm->tnc = conf->tnc;
|
||||
sm->wps = conf->wps;
|
||||
if (conf->assoc_wps_ie)
|
||||
sm->assoc_wps_ie = wpabuf_dup(conf->assoc_wps_ie);
|
||||
if (conf->assoc_p2p_ie)
|
||||
sm->assoc_p2p_ie = wpabuf_dup(conf->assoc_p2p_ie);
|
||||
if (conf->peer_addr)
|
||||
os_memcpy(sm->peer_addr, conf->peer_addr, ETH_ALEN);
|
||||
sm->fragment_size = conf->fragment_size;
|
||||
sm->pwd_group = conf->pwd_group;
|
||||
sm->pbc_in_m1 = conf->pbc_in_m1;
|
||||
sm->server_id = conf->server_id;
|
||||
sm->server_id_len = conf->server_id_len;
|
||||
sm->erp = conf->erp;
|
||||
sm->tls_session_lifetime = conf->tls_session_lifetime;
|
||||
sm->tls_flags = conf->tls_flags;
|
||||
|
||||
sm->cfg = conf;
|
||||
if (sess->assoc_wps_ie)
|
||||
sm->assoc_wps_ie = wpabuf_dup(sess->assoc_wps_ie);
|
||||
if (sess->assoc_p2p_ie)
|
||||
sm->assoc_p2p_ie = wpabuf_dup(sess->assoc_p2p_ie);
|
||||
if (sess->peer_addr)
|
||||
os_memcpy(sm->peer_addr, sess->peer_addr, ETH_ALEN);
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
sm->tls_test_flags = conf->tls_test_flags;
|
||||
sm->tls_test_flags = sess->tls_test_flags;
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP: Server state machine created");
|
||||
@ -1925,9 +1886,6 @@ void eap_server_sm_deinit(struct eap_sm *sm)
|
||||
wpabuf_free(sm->eap_if.eapRespData);
|
||||
os_free(sm->identity);
|
||||
os_free(sm->serial_num);
|
||||
os_free(sm->pac_opaque_encr_key);
|
||||
os_free(sm->eap_fast_a_id);
|
||||
os_free(sm->eap_fast_a_id_info);
|
||||
wpabuf_free(sm->eap_if.aaaEapReqData);
|
||||
wpabuf_free(sm->eap_if.aaaEapRespData);
|
||||
bin_clear_free(sm->eap_if.aaaEapKeyData, sm->eap_if.aaaEapKeyDataLen);
|
||||
@ -2117,3 +2075,15 @@ void eap_server_mschap_rx_callback(struct eap_sm *sm, const char *source,
|
||||
source, user, hex_challenge, hex_response);
|
||||
}
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
|
||||
void eap_server_config_free(struct eap_config *cfg)
|
||||
{
|
||||
if (!cfg)
|
||||
return;
|
||||
os_free(cfg->pac_opaque_encr_key);
|
||||
os_free(cfg->eap_fast_a_id);
|
||||
os_free(cfg->eap_fast_a_id_info);
|
||||
os_free(cfg->server_id);
|
||||
os_free(cfg);
|
||||
}
|
||||
|
@ -100,7 +100,7 @@ static int eap_aka_check_identity_reauth(struct eap_sm *sm,
|
||||
return 0;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Reauth username '%s'", username);
|
||||
data->reauth = eap_sim_db_get_reauth_entry(sm->eap_sim_db_priv,
|
||||
data->reauth = eap_sim_db_get_reauth_entry(sm->cfg->eap_sim_db_priv,
|
||||
username);
|
||||
if (data->reauth == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown reauth identity - "
|
||||
@ -157,7 +157,7 @@ static void eap_aka_check_identity(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
|
||||
username);
|
||||
permanent = eap_sim_db_get_permanent(
|
||||
sm->eap_sim_db_priv, username);
|
||||
sm->cfg->eap_sim_db_priv, username);
|
||||
if (permanent == NULL) {
|
||||
os_free(username);
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
|
||||
@ -182,7 +182,7 @@ static void * eap_aka_init(struct eap_sm *sm)
|
||||
{
|
||||
struct eap_aka_data *data;
|
||||
|
||||
if (sm->eap_sim_db_priv == NULL) {
|
||||
if (!sm->cfg->eap_sim_db_priv) {
|
||||
wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
|
||||
return NULL;
|
||||
}
|
||||
@ -208,7 +208,7 @@ static void * eap_aka_prime_init(struct eap_sm *sm)
|
||||
/* TODO: make ANID configurable; see 3GPP TS 24.302 */
|
||||
char *network_name = "WLAN";
|
||||
|
||||
if (sm->eap_sim_db_priv == NULL) {
|
||||
if (sm->cfg->eap_sim_db_priv == NULL) {
|
||||
wpa_printf(MSG_WARNING, "EAP-AKA: eap_sim_db not configured");
|
||||
return NULL;
|
||||
}
|
||||
@ -393,13 +393,13 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
|
||||
const u8 *nonce_s)
|
||||
{
|
||||
os_free(data->next_pseudonym);
|
||||
if (!(sm->eap_sim_id & 0x01)) {
|
||||
if (!(sm->cfg->eap_sim_id & 0x01)) {
|
||||
/* Use of pseudonyms disabled in configuration */
|
||||
data->next_pseudonym = NULL;
|
||||
} else if (!nonce_s) {
|
||||
data->next_pseudonym =
|
||||
eap_sim_db_get_next_pseudonym(
|
||||
sm->eap_sim_db_priv,
|
||||
sm->cfg->eap_sim_db_priv,
|
||||
data->eap_method == EAP_TYPE_AKA_PRIME ?
|
||||
EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
|
||||
} else {
|
||||
@ -407,13 +407,13 @@ static int eap_aka_build_encr(struct eap_sm *sm, struct eap_aka_data *data,
|
||||
data->next_pseudonym = NULL;
|
||||
}
|
||||
os_free(data->next_reauth_id);
|
||||
if (!(sm->eap_sim_id & 0x02)) {
|
||||
if (!(sm->cfg->eap_sim_id & 0x02)) {
|
||||
/* Use of fast reauth disabled in configuration */
|
||||
data->next_reauth_id = NULL;
|
||||
} else if (data->counter <= EAP_AKA_MAX_FAST_REAUTHS) {
|
||||
data->next_reauth_id =
|
||||
eap_sim_db_get_next_reauth_id(
|
||||
sm->eap_sim_db_priv,
|
||||
sm->cfg->eap_sim_db_priv,
|
||||
data->eap_method == EAP_TYPE_AKA_PRIME ?
|
||||
EAP_SIM_DB_AKA_PRIME : EAP_SIM_DB_AKA);
|
||||
} else {
|
||||
@ -505,7 +505,7 @@ static struct wpabuf * eap_aka_build_challenge(struct eap_sm *sm,
|
||||
|
||||
eap_aka_add_checkcode(data, msg);
|
||||
|
||||
if (sm->eap_sim_aka_result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind) {
|
||||
wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
|
||||
eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
|
||||
}
|
||||
@ -582,7 +582,7 @@ static struct wpabuf * eap_aka_build_reauth(struct eap_sm *sm,
|
||||
|
||||
eap_aka_add_checkcode(data, msg);
|
||||
|
||||
if (sm->eap_sim_aka_result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind) {
|
||||
wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
|
||||
eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
|
||||
}
|
||||
@ -767,7 +767,7 @@ static void eap_aka_determine_identity(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Pseudonym username '%s'",
|
||||
username);
|
||||
permanent = eap_sim_db_get_permanent(
|
||||
sm->eap_sim_db_priv, username);
|
||||
sm->cfg->eap_sim_db_priv, username);
|
||||
os_free(username);
|
||||
if (permanent == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Unknown pseudonym "
|
||||
@ -803,7 +803,7 @@ static void eap_aka_fullauth(struct eap_sm *sm, struct eap_aka_data *data)
|
||||
size_t identity_len;
|
||||
int res;
|
||||
|
||||
res = eap_sim_db_get_aka_auth(sm->eap_sim_db_priv, data->permanent,
|
||||
res = eap_sim_db_get_aka_auth(sm->cfg->eap_sim_db_priv, data->permanent,
|
||||
data->rand, data->autn, data->ik,
|
||||
data->ck, data->res, &data->res_len, sm);
|
||||
if (res == EAP_SIM_DB_PENDING) {
|
||||
@ -998,7 +998,7 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-AKA: Challenge response includes the "
|
||||
"correct AT_MAC");
|
||||
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
data->use_result_ind = 1;
|
||||
data->notification = EAP_SIM_SUCCESS;
|
||||
eap_aka_state(data, NOTIFICATION);
|
||||
@ -1006,14 +1006,15 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
|
||||
eap_aka_state(data, SUCCESS);
|
||||
|
||||
if (data->next_pseudonym) {
|
||||
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
|
||||
eap_sim_db_add_pseudonym(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_pseudonym);
|
||||
data->next_pseudonym = NULL;
|
||||
}
|
||||
if (data->next_reauth_id) {
|
||||
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
|
||||
#ifdef EAP_SERVER_AKA_PRIME
|
||||
eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
|
||||
eap_sim_db_add_reauth_prime(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_reauth_id,
|
||||
data->counter + 1,
|
||||
@ -1021,7 +1022,7 @@ static void eap_aka_process_challenge(struct eap_sm *sm,
|
||||
data->k_re);
|
||||
#endif /* EAP_SERVER_AKA_PRIME */
|
||||
} else {
|
||||
eap_sim_db_add_reauth(sm->eap_sim_db_priv,
|
||||
eap_sim_db_add_reauth(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_reauth_id,
|
||||
data->counter + 1,
|
||||
@ -1051,7 +1052,7 @@ static void eap_aka_process_sync_failure(struct eap_sm *sm,
|
||||
* maintaining a local flag stating whether this AUTS has already been
|
||||
* reported. */
|
||||
if (!data->auts_reported &&
|
||||
eap_sim_db_resynchronize(sm->eap_sim_db_priv, data->permanent,
|
||||
eap_sim_db_resynchronize(sm->cfg->eap_sim_db_priv, data->permanent,
|
||||
attr->auts, data->rand)) {
|
||||
wpa_printf(MSG_WARNING, "EAP-AKA: Resynchronization failed");
|
||||
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
|
||||
@ -1118,7 +1119,7 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
data->use_result_ind = 1;
|
||||
data->notification = EAP_SIM_SUCCESS;
|
||||
eap_aka_state(data, NOTIFICATION);
|
||||
@ -1128,7 +1129,7 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
||||
if (data->next_reauth_id) {
|
||||
if (data->eap_method == EAP_TYPE_AKA_PRIME) {
|
||||
#ifdef EAP_SERVER_AKA_PRIME
|
||||
eap_sim_db_add_reauth_prime(sm->eap_sim_db_priv,
|
||||
eap_sim_db_add_reauth_prime(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_reauth_id,
|
||||
data->counter + 1,
|
||||
@ -1136,7 +1137,7 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
||||
data->k_re);
|
||||
#endif /* EAP_SERVER_AKA_PRIME */
|
||||
} else {
|
||||
eap_sim_db_add_reauth(sm->eap_sim_db_priv,
|
||||
eap_sim_db_add_reauth(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_reauth_id,
|
||||
data->counter + 1,
|
||||
@ -1144,7 +1145,8 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
||||
}
|
||||
data->next_reauth_id = NULL;
|
||||
} else {
|
||||
eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
|
||||
eap_sim_db_remove_reauth(sm->cfg->eap_sim_db_priv,
|
||||
data->reauth);
|
||||
data->reauth = NULL;
|
||||
}
|
||||
|
||||
@ -1153,7 +1155,7 @@ static void eap_aka_process_reauth(struct eap_sm *sm,
|
||||
fail:
|
||||
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
|
||||
eap_aka_state(data, NOTIFICATION);
|
||||
eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
|
||||
eap_sim_db_remove_reauth(sm->cfg->eap_sim_db_priv, data->reauth);
|
||||
data->reauth = NULL;
|
||||
os_free(decrypted);
|
||||
}
|
||||
|
@ -84,11 +84,11 @@ static void * eap_eke_init(struct eap_sm *sm)
|
||||
eap_eke_state(data, IDENTITY);
|
||||
|
||||
data->serverid_type = EAP_EKE_ID_OPAQUE;
|
||||
for (i = 0; i < sm->server_id_len; i++) {
|
||||
if (sm->server_id[i] == '.' &&
|
||||
for (i = 0; i < sm->cfg->server_id_len; i++) {
|
||||
if (sm->cfg->server_id[i] == '.' &&
|
||||
data->serverid_type == EAP_EKE_ID_OPAQUE)
|
||||
data->serverid_type = EAP_EKE_ID_FQDN;
|
||||
if (sm->server_id[i] == '@')
|
||||
if (sm->cfg->server_id[i] == '@')
|
||||
data->serverid_type = EAP_EKE_ID_NAI;
|
||||
}
|
||||
|
||||
@ -186,7 +186,7 @@ static struct wpabuf * eap_eke_build_identity(struct eap_sm *sm,
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-EKE: Request/Identity");
|
||||
|
||||
plen = 2 + 4 * 4 + 1 + sm->server_id_len;
|
||||
plen = 2 + 4 * 4 + 1 + sm->cfg->server_id_len;
|
||||
msg = eap_eke_build_msg(data, id, plen, EAP_EKE_ID);
|
||||
if (msg == NULL)
|
||||
return NULL;
|
||||
@ -223,7 +223,7 @@ static struct wpabuf * eap_eke_build_identity(struct eap_sm *sm,
|
||||
|
||||
/* Server IDType + Identity */
|
||||
wpabuf_put_u8(msg, data->serverid_type);
|
||||
wpabuf_put_data(msg, sm->server_id, sm->server_id_len);
|
||||
wpabuf_put_data(msg, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
|
||||
wpabuf_free(data->msgs);
|
||||
data->msgs = wpabuf_dup(msg);
|
||||
@ -252,7 +252,7 @@ static struct wpabuf * eap_eke_build_commit(struct eap_sm *sm,
|
||||
|
||||
if (eap_eke_derive_key(&data->sess, sm->user->password,
|
||||
sm->user->password_len,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len, data->key) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive key");
|
||||
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
@ -338,7 +338,7 @@ static struct wpabuf * eap_eke_build_confirm(struct eap_sm *sm,
|
||||
wpabuf_put(msg, prot_len);
|
||||
|
||||
if (eap_eke_derive_ka(&data->sess,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len,
|
||||
data->nonce_p, data->nonce_s) < 0) {
|
||||
wpabuf_free(msg);
|
||||
@ -552,7 +552,7 @@ static void eap_eke_process_commit(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (eap_eke_derive_ke_ki(&data->sess,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-EKE: Failed to derive Ke/Ki");
|
||||
eap_eke_fail(data, EAP_EKE_FAIL_PRIVATE_INTERNAL_ERROR);
|
||||
@ -641,7 +641,8 @@ static void eap_eke_process_confirm(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
if (eap_eke_derive_msk(&data->sess, sm->server_id, sm->server_id_len,
|
||||
if (eap_eke_derive_msk(&data->sess, sm->cfg->server_id,
|
||||
sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len,
|
||||
data->nonce_s, data->nonce_p,
|
||||
data->msk, data->emsk) < 0) {
|
||||
|
@ -278,7 +278,7 @@ static void eap_fast_derive_key_auth(struct eap_sm *sm,
|
||||
* Extra key material after TLS key_block: session_key_seed[40]
|
||||
*/
|
||||
|
||||
sks = eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
|
||||
sks = eap_fast_derive_key(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
EAP_FAST_SKS_LEN);
|
||||
if (sks == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive "
|
||||
@ -304,7 +304,7 @@ static void eap_fast_derive_key_provisioning(struct eap_sm *sm,
|
||||
{
|
||||
os_free(data->key_block_p);
|
||||
data->key_block_p = (struct eap_fast_key_block_provisioning *)
|
||||
eap_fast_derive_key(sm->ssl_ctx, data->ssl.conn,
|
||||
eap_fast_derive_key(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
sizeof(*data->key_block_p));
|
||||
if (data->key_block_p == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to derive key block");
|
||||
@ -440,7 +440,7 @@ static void * eap_fast_init(struct eap_sm *sm)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (tls_connection_set_cipher_list(sm->ssl_ctx, data->ssl.conn,
|
||||
if (tls_connection_set_cipher_list(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
ciphers) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: Failed to set TLS cipher "
|
||||
"suites");
|
||||
@ -448,7 +448,8 @@ static void * eap_fast_init(struct eap_sm *sm)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
|
||||
if (tls_connection_set_session_ticket_cb(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn,
|
||||
eap_fast_session_ticket_cb,
|
||||
data) < 0) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: Failed to set SessionTicket "
|
||||
@ -457,47 +458,48 @@ static void * eap_fast_init(struct eap_sm *sm)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (sm->pac_opaque_encr_key == NULL) {
|
||||
if (sm->cfg->pac_opaque_encr_key == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: No PAC-Opaque encryption key "
|
||||
"configured");
|
||||
eap_fast_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
|
||||
os_memcpy(data->pac_opaque_encr, sm->cfg->pac_opaque_encr_key,
|
||||
sizeof(data->pac_opaque_encr));
|
||||
|
||||
if (sm->eap_fast_a_id == NULL) {
|
||||
if (sm->cfg->eap_fast_a_id == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: No A-ID configured");
|
||||
eap_fast_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->srv_id = os_memdup(sm->eap_fast_a_id, sm->eap_fast_a_id_len);
|
||||
data->srv_id = os_memdup(sm->cfg->eap_fast_a_id,
|
||||
sm->cfg->eap_fast_a_id_len);
|
||||
if (data->srv_id == NULL) {
|
||||
eap_fast_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->srv_id_len = sm->eap_fast_a_id_len;
|
||||
data->srv_id_len = sm->cfg->eap_fast_a_id_len;
|
||||
|
||||
if (sm->eap_fast_a_id_info == NULL) {
|
||||
if (sm->cfg->eap_fast_a_id_info == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: No A-ID-Info configured");
|
||||
eap_fast_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
|
||||
data->srv_id_info = os_strdup(sm->cfg->eap_fast_a_id_info);
|
||||
if (data->srv_id_info == NULL) {
|
||||
eap_fast_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* PAC-Key lifetime in seconds (hard limit) */
|
||||
data->pac_key_lifetime = sm->pac_key_lifetime;
|
||||
data->pac_key_lifetime = sm->cfg->pac_key_lifetime;
|
||||
|
||||
/*
|
||||
* PAC-Key refresh time in seconds (soft limit on remaining hard
|
||||
* limit). The server will generate a new PAC-Key when this number of
|
||||
* seconds (or fewer) of the lifetime remains.
|
||||
*/
|
||||
data->pac_key_refresh_time = sm->pac_key_refresh_time;
|
||||
data->pac_key_refresh_time = sm->cfg->pac_key_refresh_time;
|
||||
|
||||
return data;
|
||||
}
|
||||
@ -552,8 +554,8 @@ static int eap_fast_phase1_done(struct eap_sm *sm, struct eap_fast_data *data)
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Phase1 done, starting Phase2");
|
||||
|
||||
if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
|
||||
< 0) {
|
||||
if (tls_get_cipher(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
cipher, sizeof(cipher)) < 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Failed to get cipher "
|
||||
"information");
|
||||
eap_fast_state(data, FAILURE);
|
||||
@ -872,7 +874,8 @@ static struct wpabuf * eap_fast_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
case START:
|
||||
return eap_fast_build_start(sm, data, id);
|
||||
case PHASE1:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
if (tls_connection_established(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn)) {
|
||||
if (eap_fast_phase1_done(sm, data) < 0)
|
||||
return NULL;
|
||||
if (data->state == PHASE2_START) {
|
||||
@ -1082,7 +1085,7 @@ static void eap_fast_process_phase2_response(struct eap_sm *sm,
|
||||
next_vendor = EAP_VENDOR_IETF;
|
||||
next_type = EAP_TYPE_NONE;
|
||||
#ifdef EAP_SERVER_TNC
|
||||
if (sm->tnc && !data->tnc_started) {
|
||||
if (sm->cfg->tnc && !data->tnc_started) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Initialize TNC");
|
||||
next_vendor = EAP_VENDOR_IETF;
|
||||
next_type = EAP_TYPE_TNC;
|
||||
@ -1346,8 +1349,8 @@ static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (data->anon_provisioning &&
|
||||
sm->eap_fast_prov != ANON_PROV &&
|
||||
sm->eap_fast_prov != BOTH_PROV) {
|
||||
sm->cfg->eap_fast_prov != ANON_PROV &&
|
||||
sm->cfg->eap_fast_prov != BOTH_PROV) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-FAST: Client is trying to "
|
||||
"use unauthenticated provisioning which is "
|
||||
"disabled");
|
||||
@ -1355,8 +1358,8 @@ static void eap_fast_process_phase2_tlvs(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
if (sm->eap_fast_prov != AUTH_PROV &&
|
||||
sm->eap_fast_prov != BOTH_PROV &&
|
||||
if (sm->cfg->eap_fast_prov != AUTH_PROV &&
|
||||
sm->cfg->eap_fast_prov != BOTH_PROV &&
|
||||
tlv.request_action == EAP_TLV_ACTION_PROCESS_TLV &&
|
||||
eap_fast_pac_type(tlv.pac, tlv.pac_len,
|
||||
PAC_TYPE_TUNNEL_PAC)) {
|
||||
@ -1408,7 +1411,7 @@ static void eap_fast_process_phase2(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
|
||||
in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
in_buf);
|
||||
if (in_decrypted == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-FAST: Failed to decrypt Phase 2 "
|
||||
@ -1468,7 +1471,7 @@ static int eap_fast_process_phase1(struct eap_sm *sm,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
|
||||
wpabuf_len(data->ssl.tls_out) > 0)
|
||||
return 1;
|
||||
|
||||
|
@ -117,7 +117,7 @@ static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm,
|
||||
wpa_hexdump(MSG_MSGDUMP, "EAP-GPSK: RAND_Server",
|
||||
data->rand_server, EAP_GPSK_RAND_LEN);
|
||||
|
||||
len = 1 + 2 + sm->server_id_len + EAP_GPSK_RAND_LEN + 2 +
|
||||
len = 1 + 2 + sm->cfg->server_id_len + EAP_GPSK_RAND_LEN + 2 +
|
||||
data->csuite_count * sizeof(struct eap_gpsk_csuite);
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len,
|
||||
EAP_CODE_REQUEST, id);
|
||||
@ -129,8 +129,8 @@ static struct wpabuf * eap_gpsk_build_gpsk_1(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
wpabuf_put_u8(req, EAP_GPSK_OPCODE_GPSK_1);
|
||||
wpabuf_put_be16(req, sm->server_id_len);
|
||||
wpabuf_put_data(req, sm->server_id, sm->server_id_len);
|
||||
wpabuf_put_be16(req, sm->cfg->server_id_len);
|
||||
wpabuf_put_data(req, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
wpabuf_put_data(req, data->rand_server, EAP_GPSK_RAND_LEN);
|
||||
wpabuf_put_be16(req,
|
||||
data->csuite_count * sizeof(struct eap_gpsk_csuite));
|
||||
@ -152,7 +152,7 @@ static struct wpabuf * eap_gpsk_build_gpsk_3(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Request/GPSK-3");
|
||||
|
||||
miclen = eap_gpsk_mic_len(data->vendor, data->specifier);
|
||||
len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + sm->server_id_len +
|
||||
len = 1 + 2 * EAP_GPSK_RAND_LEN + 2 + sm->cfg->server_id_len +
|
||||
sizeof(struct eap_gpsk_csuite) + 2 + miclen;
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GPSK, len,
|
||||
EAP_CODE_REQUEST, id);
|
||||
@ -168,8 +168,8 @@ static struct wpabuf * eap_gpsk_build_gpsk_3(struct eap_sm *sm,
|
||||
|
||||
wpabuf_put_data(req, data->rand_peer, EAP_GPSK_RAND_LEN);
|
||||
wpabuf_put_data(req, data->rand_server, EAP_GPSK_RAND_LEN);
|
||||
wpabuf_put_be16(req, sm->server_id_len);
|
||||
wpabuf_put_data(req, sm->server_id, sm->server_id_len);
|
||||
wpabuf_put_be16(req, sm->cfg->server_id_len);
|
||||
wpabuf_put_data(req, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
csuite = wpabuf_put(req, sizeof(*csuite));
|
||||
WPA_PUT_BE32(csuite->vendor, data->vendor);
|
||||
WPA_PUT_BE16(csuite->specifier, data->specifier);
|
||||
@ -294,8 +294,8 @@ static void eap_gpsk_process_gpsk_2(struct eap_sm *sm,
|
||||
eap_gpsk_state(data, FAILURE);
|
||||
return;
|
||||
}
|
||||
if (alen != sm->server_id_len ||
|
||||
os_memcmp(pos, sm->server_id, alen) != 0) {
|
||||
if (alen != sm->cfg->server_id_len ||
|
||||
os_memcmp(pos, sm->cfg->server_id, alen) != 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: ID_Server in GPSK-1 and "
|
||||
"GPSK-2 did not match");
|
||||
eap_gpsk_state(data, FAILURE);
|
||||
@ -409,7 +409,7 @@ static void eap_gpsk_process_gpsk_2(struct eap_sm *sm,
|
||||
data->vendor, data->specifier,
|
||||
data->rand_peer, data->rand_server,
|
||||
data->id_peer, data->id_peer_len,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->msk, data->emsk,
|
||||
data->sk, &data->sk_len,
|
||||
data->pk, &data->pk_len) < 0) {
|
||||
@ -423,7 +423,8 @@ static void eap_gpsk_process_gpsk_2(struct eap_sm *sm,
|
||||
data->vendor, data->specifier,
|
||||
data->rand_peer, data->rand_server,
|
||||
data->id_peer, data->id_peer_len,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id,
|
||||
sm->cfg->server_id_len,
|
||||
EAP_TYPE_GPSK,
|
||||
data->session_id, &data->id_len) < 0) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-GPSK: Failed to derive Session-Id");
|
||||
|
@ -87,8 +87,8 @@ static void * eap_ikev2_init(struct eap_sm *sm)
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
data->state = MSG;
|
||||
data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
|
||||
IKEV2_FRAGMENT_SIZE;
|
||||
data->fragment_size = sm->cfg->fragment_size > 0 ?
|
||||
sm->cfg->fragment_size : IKEV2_FRAGMENT_SIZE;
|
||||
data->ikev2.state = SA_INIT;
|
||||
data->ikev2.peer_auth = PEER_AUTH_SECRET;
|
||||
data->ikev2.key_pad = (u8 *) os_strdup("Key Pad for EAP-IKEv2");
|
||||
@ -103,10 +103,10 @@ static void * eap_ikev2_init(struct eap_sm *sm)
|
||||
data->ikev2.proposal.encr = ENCR_AES_CBC;
|
||||
data->ikev2.proposal.dh = DH_GROUP2_1024BIT_MODP;
|
||||
|
||||
data->ikev2.IDi = os_memdup(sm->server_id, sm->server_id_len);
|
||||
data->ikev2.IDi = os_memdup(sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
if (data->ikev2.IDi == NULL)
|
||||
goto failed;
|
||||
data->ikev2.IDi_len = sm->server_id_len;
|
||||
data->ikev2.IDi_len = sm->cfg->server_id_len;
|
||||
|
||||
data->ikev2.get_shared_secret = eap_ikev2_get_shared_secret;
|
||||
data->ikev2.cb_ctx = sm;
|
||||
|
@ -109,7 +109,7 @@ static struct wpabuf * eap_mschapv2_build_challenge(
|
||||
return NULL;
|
||||
}
|
||||
|
||||
ms_len = sizeof(*ms) + 1 + CHALLENGE_LEN + sm->server_id_len;
|
||||
ms_len = sizeof(*ms) + 1 + CHALLENGE_LEN + sm->cfg->server_id_len;
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_MSCHAPV2, ms_len,
|
||||
EAP_CODE_REQUEST, id);
|
||||
if (req == NULL) {
|
||||
@ -131,7 +131,7 @@ static struct wpabuf * eap_mschapv2_build_challenge(
|
||||
wpabuf_put(req, CHALLENGE_LEN);
|
||||
wpa_hexdump(MSG_MSGDUMP, "EAP-MSCHAPV2: Challenge",
|
||||
data->auth_challenge, CHALLENGE_LEN);
|
||||
wpabuf_put_data(req, sm->server_id, sm->server_id_len);
|
||||
wpabuf_put_data(req, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
|
||||
return req;
|
||||
}
|
||||
|
@ -105,8 +105,8 @@ static void eap_peap_valid_session(struct eap_sm *sm,
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
|
||||
if (!sm->tls_session_lifetime ||
|
||||
tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
|
||||
if (!sm->cfg->tls_session_lifetime ||
|
||||
tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
|
||||
return;
|
||||
|
||||
buf = wpabuf_alloc(1 + 1 + sm->identity_len);
|
||||
@ -336,7 +336,7 @@ static int eap_peap_derive_cmk(struct eap_sm *sm, struct eap_peap_data *data)
|
||||
return -1;
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: TK", tk, 60);
|
||||
|
||||
if (tls_connection_resumed(sm->ssl_ctx, data->ssl.conn)) {
|
||||
if (tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn)) {
|
||||
/* Fast-connect: IPMK|CMK = TK */
|
||||
os_memcpy(data->ipmk, tk, 40);
|
||||
wpa_hexdump_key(MSG_DEBUG, "EAP-PEAP: IPMK from TK",
|
||||
@ -521,7 +521,8 @@ static struct wpabuf * eap_peap_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
return eap_peap_build_start(sm, data, id);
|
||||
case PHASE1:
|
||||
case PHASE1_ID2:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
if (tls_connection_established(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Phase1 done, "
|
||||
"starting Phase2");
|
||||
eap_peap_state(data, PHASE2_START);
|
||||
@ -1020,7 +1021,7 @@ static void eap_peap_process_phase2_response(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
#ifdef EAP_SERVER_TNC
|
||||
if (data->state != PHASE2_SOH && sm->tnc &&
|
||||
if (data->state != PHASE2_SOH && sm->cfg->tnc &&
|
||||
data->peap_version == 0) {
|
||||
eap_peap_state(data, PHASE2_SOH);
|
||||
wpa_printf(MSG_DEBUG, "EAP-PEAP: Try to initialize "
|
||||
@ -1077,7 +1078,7 @@ static void eap_peap_process_phase2(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
|
||||
in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
in_buf);
|
||||
if (in_decrypted == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-PEAP: Failed to decrypt Phase 2 "
|
||||
@ -1237,8 +1238,8 @@ static void eap_peap_process(struct eap_sm *sm, void *priv,
|
||||
}
|
||||
|
||||
if (data->state == SUCCESS ||
|
||||
!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
|
||||
!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
|
||||
return;
|
||||
|
||||
buf = tls_connection_get_success_data(data->ssl.conn);
|
||||
|
@ -68,7 +68,7 @@ static struct wpabuf * eap_psk_build_1(struct eap_sm *sm,
|
||||
data->rand_s, EAP_PSK_RAND_LEN);
|
||||
|
||||
req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_PSK,
|
||||
sizeof(*psk) + sm->server_id_len,
|
||||
sizeof(*psk) + sm->cfg->server_id_len,
|
||||
EAP_CODE_REQUEST, id);
|
||||
if (req == NULL) {
|
||||
wpa_printf(MSG_ERROR, "EAP-PSK: Failed to allocate memory "
|
||||
@ -80,7 +80,7 @@ static struct wpabuf * eap_psk_build_1(struct eap_sm *sm,
|
||||
psk = wpabuf_put(req, sizeof(*psk));
|
||||
psk->flags = EAP_PSK_FLAGS_SET_T(0); /* T=0 */
|
||||
os_memcpy(psk->rand_s, data->rand_s, EAP_PSK_RAND_LEN);
|
||||
wpabuf_put_data(req, sm->server_id, sm->server_id_len);
|
||||
wpabuf_put_data(req, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
|
||||
return req;
|
||||
}
|
||||
@ -110,13 +110,13 @@ static struct wpabuf * eap_psk_build_3(struct eap_sm *sm,
|
||||
os_memcpy(psk->rand_s, data->rand_s, EAP_PSK_RAND_LEN);
|
||||
|
||||
/* MAC_S = OMAC1-AES-128(AK, ID_S||RAND_P) */
|
||||
buflen = sm->server_id_len + EAP_PSK_RAND_LEN;
|
||||
buflen = sm->cfg->server_id_len + EAP_PSK_RAND_LEN;
|
||||
buf = os_malloc(buflen);
|
||||
if (buf == NULL)
|
||||
goto fail;
|
||||
|
||||
os_memcpy(buf, sm->server_id, sm->server_id_len);
|
||||
os_memcpy(buf + sm->server_id_len, data->rand_p, EAP_PSK_RAND_LEN);
|
||||
os_memcpy(buf, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
os_memcpy(buf + sm->cfg->server_id_len, data->rand_p, EAP_PSK_RAND_LEN);
|
||||
if (omac1_aes_128(data->ak, buf, buflen, psk->mac_s)) {
|
||||
os_free(buf);
|
||||
goto fail;
|
||||
@ -293,7 +293,7 @@ static void eap_psk_process_2(struct eap_sm *sm,
|
||||
os_memcpy(data->rand_p, resp->rand_p, EAP_PSK_RAND_LEN);
|
||||
|
||||
/* MAC_P = OMAC1-AES-128(AK, ID_P||ID_S||RAND_S||RAND_P) */
|
||||
buflen = data->id_p_len + sm->server_id_len + 2 * EAP_PSK_RAND_LEN;
|
||||
buflen = data->id_p_len + sm->cfg->server_id_len + 2 * EAP_PSK_RAND_LEN;
|
||||
buf = os_malloc(buflen);
|
||||
if (buf == NULL) {
|
||||
data->state = FAILURE;
|
||||
@ -301,8 +301,8 @@ static void eap_psk_process_2(struct eap_sm *sm,
|
||||
}
|
||||
os_memcpy(buf, data->id_p, data->id_p_len);
|
||||
pos = buf + data->id_p_len;
|
||||
os_memcpy(pos, sm->server_id, sm->server_id_len);
|
||||
pos += sm->server_id_len;
|
||||
os_memcpy(pos, sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
pos += sm->cfg->server_id_len;
|
||||
os_memcpy(pos, data->rand_s, EAP_PSK_RAND_LEN);
|
||||
pos += EAP_PSK_RAND_LEN;
|
||||
os_memcpy(pos, data->rand_p, EAP_PSK_RAND_LEN);
|
||||
|
@ -97,7 +97,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
|
||||
data->group_num = sm->pwd_group;
|
||||
data->group_num = sm->cfg->pwd_group;
|
||||
wpa_printf(MSG_DEBUG, "EAP-pwd: Selected group number %d",
|
||||
data->group_num);
|
||||
data->state = PWD_ID_Req;
|
||||
@ -134,7 +134,7 @@ static void * eap_pwd_init(struct eap_sm *sm)
|
||||
data->in_frag_pos = data->out_frag_pos = 0;
|
||||
data->inbuf = data->outbuf = NULL;
|
||||
/* use default MTU from RFC 5931 if not configured otherwise */
|
||||
data->mtu = sm->fragment_size > 0 ? sm->fragment_size : 1020;
|
||||
data->mtu = sm->cfg->fragment_size > 0 ? sm->cfg->fragment_size : 1020;
|
||||
|
||||
return data;
|
||||
}
|
||||
|
@ -123,7 +123,7 @@ static struct wpabuf * eap_sake_build_identity(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-SAKE: Request/Identity");
|
||||
|
||||
plen = 4;
|
||||
plen += 2 + sm->server_id_len;
|
||||
plen += 2 + sm->cfg->server_id_len;
|
||||
msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_IDENTITY);
|
||||
if (msg == NULL) {
|
||||
data->state = FAILURE;
|
||||
@ -135,7 +135,7 @@ static struct wpabuf * eap_sake_build_identity(struct eap_sm *sm,
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
|
||||
eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
|
||||
sm->server_id, sm->server_id_len);
|
||||
sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
|
||||
return msg;
|
||||
}
|
||||
@ -158,7 +158,7 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
|
||||
wpa_hexdump(MSG_MSGDUMP, "EAP-SAKE: RAND_S (server rand)",
|
||||
data->rand_s, EAP_SAKE_RAND_LEN);
|
||||
|
||||
plen = 2 + EAP_SAKE_RAND_LEN + 2 + sm->server_id_len;
|
||||
plen = 2 + EAP_SAKE_RAND_LEN + 2 + sm->cfg->server_id_len;
|
||||
msg = eap_sake_build_msg(data, id, plen, EAP_SAKE_SUBTYPE_CHALLENGE);
|
||||
if (msg == NULL) {
|
||||
data->state = FAILURE;
|
||||
@ -171,7 +171,7 @@ static struct wpabuf * eap_sake_build_challenge(struct eap_sm *sm,
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-SAKE: * AT_SERVERID");
|
||||
eap_sake_add_attr(msg, EAP_SAKE_AT_SERVERID,
|
||||
sm->server_id, sm->server_id_len);
|
||||
sm->cfg->server_id, sm->cfg->server_id_len);
|
||||
|
||||
return msg;
|
||||
}
|
||||
@ -198,7 +198,7 @@ static struct wpabuf * eap_sake_build_confirm(struct eap_sm *sm,
|
||||
wpabuf_put_u8(msg, 2 + EAP_SAKE_MIC_LEN);
|
||||
mic = wpabuf_put(msg, EAP_SAKE_MIC_LEN);
|
||||
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len, 0,
|
||||
wpabuf_head(msg), wpabuf_len(msg), mic, mic))
|
||||
{
|
||||
@ -351,7 +351,7 @@ static void eap_sake_process_challenge(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len, 1,
|
||||
wpabuf_head(respData), wpabuf_len(respData),
|
||||
attr.mic_p, mic_p) < 0) {
|
||||
@ -392,7 +392,7 @@ static void eap_sake_process_confirm(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (eap_sake_compute_mic(data->tek.auth, data->rand_s, data->rand_p,
|
||||
sm->server_id, sm->server_id_len,
|
||||
sm->cfg->server_id, sm->cfg->server_id_len,
|
||||
data->peerid, data->peerid_len, 1,
|
||||
wpabuf_head(respData), wpabuf_len(respData),
|
||||
attr.mic_p, mic_p) < 0) {
|
||||
|
@ -76,7 +76,7 @@ static void * eap_sim_init(struct eap_sm *sm)
|
||||
{
|
||||
struct eap_sim_data *data;
|
||||
|
||||
if (sm->eap_sim_db_priv == NULL) {
|
||||
if (!sm->cfg->eap_sim_db_priv) {
|
||||
wpa_printf(MSG_WARNING, "EAP-SIM: eap_sim_db not configured");
|
||||
return NULL;
|
||||
}
|
||||
@ -150,24 +150,24 @@ static int eap_sim_build_encr(struct eap_sm *sm, struct eap_sim_data *data,
|
||||
const u8 *nonce_s)
|
||||
{
|
||||
os_free(data->next_pseudonym);
|
||||
if (!(sm->eap_sim_id & 0x01)) {
|
||||
if (!(sm->cfg->eap_sim_id & 0x01)) {
|
||||
/* Use of pseudonyms disabled in configuration */
|
||||
data->next_pseudonym = NULL;
|
||||
} else if (!nonce_s) {
|
||||
data->next_pseudonym =
|
||||
eap_sim_db_get_next_pseudonym(sm->eap_sim_db_priv,
|
||||
eap_sim_db_get_next_pseudonym(sm->cfg->eap_sim_db_priv,
|
||||
EAP_SIM_DB_SIM);
|
||||
} else {
|
||||
/* Do not update pseudonym during re-authentication */
|
||||
data->next_pseudonym = NULL;
|
||||
}
|
||||
os_free(data->next_reauth_id);
|
||||
if (!(sm->eap_sim_id & 0x02)) {
|
||||
if (!(sm->cfg->eap_sim_id & 0x02)) {
|
||||
/* Use of fast reauth disabled in configuration */
|
||||
data->next_reauth_id = NULL;
|
||||
} else if (data->counter <= EAP_SIM_MAX_FAST_REAUTHS) {
|
||||
data->next_reauth_id =
|
||||
eap_sim_db_get_next_reauth_id(sm->eap_sim_db_priv,
|
||||
eap_sim_db_get_next_reauth_id(sm->cfg->eap_sim_db_priv,
|
||||
EAP_SIM_DB_SIM);
|
||||
} else {
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Max fast re-authentication "
|
||||
@ -240,7 +240,7 @@ static struct wpabuf * eap_sim_build_challenge(struct eap_sm *sm,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (sm->eap_sim_aka_result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind) {
|
||||
wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
|
||||
eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
|
||||
}
|
||||
@ -279,7 +279,7 @@ static struct wpabuf * eap_sim_build_reauth(struct eap_sm *sm,
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (sm->eap_sim_aka_result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind) {
|
||||
wpa_printf(MSG_DEBUG, " AT_RESULT_IND");
|
||||
eap_sim_msg_add(msg, EAP_SIM_AT_RESULT_IND, 0, NULL, 0);
|
||||
}
|
||||
@ -475,7 +475,7 @@ static void eap_sim_process_start(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Reauth username '%s'",
|
||||
username);
|
||||
data->reauth = eap_sim_db_get_reauth_entry(
|
||||
sm->eap_sim_db_priv, username);
|
||||
sm->cfg->eap_sim_db_priv, username);
|
||||
os_free(username);
|
||||
if (data->reauth == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown reauth "
|
||||
@ -497,7 +497,7 @@ static void eap_sim_process_start(struct eap_sm *sm,
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Pseudonym username '%s'",
|
||||
username);
|
||||
permanent = eap_sim_db_get_permanent(
|
||||
sm->eap_sim_db_priv, username);
|
||||
sm->cfg->eap_sim_db_priv, username);
|
||||
os_free(username);
|
||||
if (permanent == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Unknown pseudonym "
|
||||
@ -538,7 +538,7 @@ skip_id_update:
|
||||
data->reauth = NULL;
|
||||
|
||||
data->num_chal = eap_sim_db_get_gsm_triplets(
|
||||
sm->eap_sim_db_priv, data->permanent, EAP_SIM_MAX_CHAL,
|
||||
sm->cfg->eap_sim_db_priv, data->permanent, EAP_SIM_MAX_CHAL,
|
||||
(u8 *) data->rand, (u8 *) data->kc, (u8 *) data->sres, sm);
|
||||
if (data->num_chal == EAP_SIM_DB_PENDING) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: GSM authentication triplets "
|
||||
@ -599,7 +599,7 @@ static void eap_sim_process_challenge(struct eap_sm *sm,
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-SIM: Challenge response includes the "
|
||||
"correct AT_MAC");
|
||||
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
data->use_result_ind = 1;
|
||||
data->notification = EAP_SIM_SUCCESS;
|
||||
eap_sim_state(data, NOTIFICATION);
|
||||
@ -607,12 +607,13 @@ static void eap_sim_process_challenge(struct eap_sm *sm,
|
||||
eap_sim_state(data, SUCCESS);
|
||||
|
||||
if (data->next_pseudonym) {
|
||||
eap_sim_db_add_pseudonym(sm->eap_sim_db_priv, data->permanent,
|
||||
eap_sim_db_add_pseudonym(sm->cfg->eap_sim_db_priv,
|
||||
data->permanent,
|
||||
data->next_pseudonym);
|
||||
data->next_pseudonym = NULL;
|
||||
}
|
||||
if (data->next_reauth_id) {
|
||||
eap_sim_db_add_reauth(sm->eap_sim_db_priv, data->permanent,
|
||||
eap_sim_db_add_reauth(sm->cfg->eap_sim_db_priv, data->permanent,
|
||||
data->next_reauth_id, data->counter + 1,
|
||||
data->mk);
|
||||
data->next_reauth_id = NULL;
|
||||
@ -672,7 +673,7 @@ static void eap_sim_process_reauth(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
if (sm->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
if (sm->cfg->eap_sim_aka_result_ind && attr->result_ind) {
|
||||
data->use_result_ind = 1;
|
||||
data->notification = EAP_SIM_SUCCESS;
|
||||
eap_sim_state(data, NOTIFICATION);
|
||||
@ -680,12 +681,13 @@ static void eap_sim_process_reauth(struct eap_sm *sm,
|
||||
eap_sim_state(data, SUCCESS);
|
||||
|
||||
if (data->next_reauth_id) {
|
||||
eap_sim_db_add_reauth(sm->eap_sim_db_priv, data->permanent,
|
||||
eap_sim_db_add_reauth(sm->cfg->eap_sim_db_priv, data->permanent,
|
||||
data->next_reauth_id,
|
||||
data->counter + 1, data->mk);
|
||||
data->next_reauth_id = NULL;
|
||||
} else {
|
||||
eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
|
||||
eap_sim_db_remove_reauth(sm->cfg->eap_sim_db_priv,
|
||||
data->reauth);
|
||||
data->reauth = NULL;
|
||||
}
|
||||
|
||||
@ -694,7 +696,7 @@ static void eap_sim_process_reauth(struct eap_sm *sm,
|
||||
fail:
|
||||
data->notification = EAP_SIM_GENERAL_FAILURE_BEFORE_AUTH;
|
||||
eap_sim_state(data, NOTIFICATION);
|
||||
eap_sim_db_remove_reauth(sm->eap_sim_db_priv, data->reauth);
|
||||
eap_sim_db_remove_reauth(sm->cfg->eap_sim_db_priv, data->reauth);
|
||||
data->reauth = NULL;
|
||||
os_free(decrypted);
|
||||
}
|
||||
|
@ -287,7 +287,7 @@ static int eap_teap_derive_key_auth(struct eap_sm *sm,
|
||||
int res;
|
||||
|
||||
/* RFC 7170, Section 5.1 */
|
||||
res = tls_connection_export_key(sm->ssl_ctx, data->ssl.conn,
|
||||
res = tls_connection_export_key(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
TEAP_TLS_EXPORTER_LABEL_SKS, NULL, 0,
|
||||
data->simck_msk, EAP_TEAP_SIMCK_LEN);
|
||||
if (res)
|
||||
@ -310,7 +310,7 @@ static int eap_teap_update_icmk(struct eap_sm *sm, struct eap_teap_data *data)
|
||||
wpa_printf(MSG_DEBUG, "EAP-TEAP: Deriving ICMK[%d] (S-IMCK and CMK)",
|
||||
data->simck_idx + 1);
|
||||
|
||||
if (sm->eap_teap_auth == 1)
|
||||
if (sm->cfg->eap_teap_auth == 1)
|
||||
return eap_teap_derive_cmk_basic_pw_auth(data->tls_cs,
|
||||
data->simck_msk,
|
||||
data->cmk_msk);
|
||||
@ -370,7 +370,8 @@ static void * eap_teap_init(struct eap_sm *sm)
|
||||
/* TODO: Add anon-DH TLS cipher suites (and if one is negotiated,
|
||||
* enforce inner EAP with mutual authentication to be used) */
|
||||
|
||||
if (tls_connection_set_session_ticket_cb(sm->ssl_ctx, data->ssl.conn,
|
||||
if (tls_connection_set_session_ticket_cb(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn,
|
||||
eap_teap_session_ticket_cb,
|
||||
data) < 0) {
|
||||
wpa_printf(MSG_INFO,
|
||||
@ -379,48 +380,49 @@ static void * eap_teap_init(struct eap_sm *sm)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!sm->pac_opaque_encr_key) {
|
||||
if (!sm->cfg->pac_opaque_encr_key) {
|
||||
wpa_printf(MSG_INFO,
|
||||
"EAP-TEAP: No PAC-Opaque encryption key configured");
|
||||
eap_teap_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
os_memcpy(data->pac_opaque_encr, sm->pac_opaque_encr_key,
|
||||
os_memcpy(data->pac_opaque_encr, sm->cfg->pac_opaque_encr_key,
|
||||
sizeof(data->pac_opaque_encr));
|
||||
|
||||
if (!sm->eap_fast_a_id) {
|
||||
if (!sm->cfg->eap_fast_a_id) {
|
||||
wpa_printf(MSG_INFO, "EAP-TEAP: No A-ID configured");
|
||||
eap_teap_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->srv_id = os_malloc(sm->eap_fast_a_id_len);
|
||||
data->srv_id = os_malloc(sm->cfg->eap_fast_a_id_len);
|
||||
if (!data->srv_id) {
|
||||
eap_teap_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
os_memcpy(data->srv_id, sm->eap_fast_a_id, sm->eap_fast_a_id_len);
|
||||
data->srv_id_len = sm->eap_fast_a_id_len;
|
||||
os_memcpy(data->srv_id, sm->cfg->eap_fast_a_id,
|
||||
sm->cfg->eap_fast_a_id_len);
|
||||
data->srv_id_len = sm->cfg->eap_fast_a_id_len;
|
||||
|
||||
if (!sm->eap_fast_a_id_info) {
|
||||
if (!sm->cfg->eap_fast_a_id_info) {
|
||||
wpa_printf(MSG_INFO, "EAP-TEAP: No A-ID-Info configured");
|
||||
eap_teap_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
data->srv_id_info = os_strdup(sm->eap_fast_a_id_info);
|
||||
data->srv_id_info = os_strdup(sm->cfg->eap_fast_a_id_info);
|
||||
if (!data->srv_id_info) {
|
||||
eap_teap_reset(sm, data);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
/* PAC-Key lifetime in seconds (hard limit) */
|
||||
data->pac_key_lifetime = sm->pac_key_lifetime;
|
||||
data->pac_key_lifetime = sm->cfg->pac_key_lifetime;
|
||||
|
||||
/*
|
||||
* PAC-Key refresh time in seconds (soft limit on remaining hard
|
||||
* limit). The server will generate a new PAC-Key when this number of
|
||||
* seconds (or fewer) of the lifetime remains.
|
||||
*/
|
||||
data->pac_key_refresh_time = sm->pac_key_refresh_time;
|
||||
data->pac_key_refresh_time = sm->cfg->pac_key_refresh_time;
|
||||
|
||||
return data;
|
||||
}
|
||||
@ -500,8 +502,8 @@ static int eap_teap_phase1_done(struct eap_sm *sm, struct eap_teap_data *data)
|
||||
wpa_printf(MSG_DEBUG, "EAP-TEAP: TLS cipher suite 0x%04x",
|
||||
data->tls_cs);
|
||||
|
||||
if (tls_get_cipher(sm->ssl_ctx, data->ssl.conn, cipher, sizeof(cipher))
|
||||
< 0) {
|
||||
if (tls_get_cipher(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
cipher, sizeof(cipher)) < 0) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Failed to get cipher information");
|
||||
eap_teap_state(data, FAILURE);
|
||||
@ -529,7 +531,7 @@ static struct wpabuf * eap_teap_build_phase2_req(struct eap_sm *sm,
|
||||
{
|
||||
struct wpabuf *req;
|
||||
|
||||
if (sm->eap_teap_auth == 1) {
|
||||
if (sm->cfg->eap_teap_auth == 1) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TEAP: Initiate Basic-Password-Auth");
|
||||
req = wpabuf_alloc(sizeof(struct teap_tlv_hdr));
|
||||
if (!req)
|
||||
@ -567,7 +569,7 @@ static struct wpabuf * eap_teap_build_crypto_binding(
|
||||
return NULL;
|
||||
|
||||
if (data->send_new_pac || data->anon_provisioning ||
|
||||
data->phase2_method || sm->eap_teap_separate_result)
|
||||
data->phase2_method || sm->cfg->eap_teap_separate_result)
|
||||
data->final_result = 0;
|
||||
else
|
||||
data->final_result = 1;
|
||||
@ -846,7 +848,8 @@ static struct wpabuf * eap_teap_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
case START:
|
||||
return eap_teap_build_start(sm, data, id);
|
||||
case PHASE1B:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
if (tls_connection_established(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn)) {
|
||||
if (eap_teap_phase1_done(sm, data) < 0)
|
||||
return NULL;
|
||||
if (data->state == PHASE2_START) {
|
||||
@ -1072,7 +1075,7 @@ static void eap_teap_process_phase2_response(struct eap_sm *sm,
|
||||
next_vendor = EAP_VENDOR_IETF;
|
||||
next_type = EAP_TYPE_NONE;
|
||||
#ifdef EAP_SERVER_TNC
|
||||
if (sm->tnc && !data->tnc_started) {
|
||||
if (sm->cfg->tnc && !data->tnc_started) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TEAP: Initialize TNC");
|
||||
next_vendor = EAP_VENDOR_IETF;
|
||||
next_type = EAP_TYPE_TNC;
|
||||
@ -1463,7 +1466,7 @@ static void eap_teap_process_phase2_tlvs(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
if (sm->eap_teap_auth != 1 &&
|
||||
if (sm->cfg->eap_teap_auth != 1 &&
|
||||
tlv.iresult != TEAP_STATUS_SUCCESS) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Crypto-Binding TLV without intermediate Success Result");
|
||||
@ -1485,16 +1488,16 @@ static void eap_teap_process_phase2_tlvs(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (data->anon_provisioning &&
|
||||
sm->eap_fast_prov != ANON_PROV &&
|
||||
sm->eap_fast_prov != BOTH_PROV) {
|
||||
sm->cfg->eap_fast_prov != ANON_PROV &&
|
||||
sm->cfg->eap_fast_prov != BOTH_PROV) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Client is trying to use unauthenticated provisioning which is disabled");
|
||||
eap_teap_state(data, FAILURE);
|
||||
return;
|
||||
}
|
||||
|
||||
if (sm->eap_fast_prov != AUTH_PROV &&
|
||||
sm->eap_fast_prov != BOTH_PROV &&
|
||||
if (sm->cfg->eap_fast_prov != AUTH_PROV &&
|
||||
sm->cfg->eap_fast_prov != BOTH_PROV &&
|
||||
tlv.request_action == TEAP_REQUEST_ACTION_PROCESS_TLV &&
|
||||
eap_teap_pac_type(tlv.pac, tlv.pac_len,
|
||||
PAC_TYPE_TUNNEL_PAC)) {
|
||||
@ -1517,13 +1520,13 @@ static void eap_teap_process_phase2_tlvs(struct eap_sm *sm,
|
||||
eap_teap_state(data, REQUEST_PAC);
|
||||
} else if (data->final_result) {
|
||||
eap_teap_state(data, SUCCESS);
|
||||
} else if (sm->eap_teap_separate_result) {
|
||||
} else if (sm->cfg->eap_teap_separate_result) {
|
||||
eap_teap_state(data, SUCCESS_SEND_RESULT);
|
||||
}
|
||||
}
|
||||
|
||||
if (tlv.basic_auth_resp) {
|
||||
if (sm->eap_teap_auth != 1) {
|
||||
if (sm->cfg->eap_teap_auth != 1) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Unexpected Basic-Password-Auth-Resp when trying to use inner EAP");
|
||||
eap_teap_state(data, FAILURE);
|
||||
@ -1534,7 +1537,7 @@ static void eap_teap_process_phase2_tlvs(struct eap_sm *sm,
|
||||
}
|
||||
|
||||
if (tlv.eap_payload_tlv) {
|
||||
if (sm->eap_teap_auth == 1) {
|
||||
if (sm->cfg->eap_teap_auth == 1) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Unexpected EAP Payload TLV when trying to use Basic-Password-Auth");
|
||||
eap_teap_state(data, FAILURE);
|
||||
@ -1573,7 +1576,7 @@ static void eap_teap_process_phase2(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
|
||||
in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
in_buf);
|
||||
if (!in_decrypted) {
|
||||
wpa_printf(MSG_INFO,
|
||||
@ -1634,7 +1637,7 @@ static int eap_teap_process_phase1(struct eap_sm *sm,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
|
||||
wpabuf_len(data->ssl.tls_out) > 0)
|
||||
return 1;
|
||||
|
||||
@ -1668,7 +1671,7 @@ static int eap_teap_process_phase2_start(struct eap_sm *sm,
|
||||
next_vendor = EAP_VENDOR_IETF;
|
||||
next_type = EAP_TYPE_NONE;
|
||||
eap_teap_state(data, PHASE2_METHOD);
|
||||
} else if (sm->eap_teap_pac_no_inner) {
|
||||
} else if (sm->cfg->eap_teap_pac_no_inner) {
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-TEAP: Used PAC and identity already known - skip inner auth");
|
||||
/* FIX: Need to derive CMK here. However, how is that
|
||||
@ -1679,7 +1682,7 @@ static int eap_teap_process_phase2_start(struct eap_sm *sm,
|
||||
data->cmk_msk);
|
||||
eap_teap_state(data, CRYPTO_BINDING);
|
||||
return 1;
|
||||
} else if (sm->eap_teap_auth == 1) {
|
||||
} else if (sm->cfg->eap_teap_auth == 1) {
|
||||
eap_teap_state(data, PHASE2_BASIC_AUTH);
|
||||
return 1;
|
||||
} else {
|
||||
@ -1691,7 +1694,7 @@ static int eap_teap_process_phase2_start(struct eap_sm *sm,
|
||||
eap_teap_state(data, PHASE2_METHOD);
|
||||
}
|
||||
|
||||
} else if (sm->eap_teap_auth == 1) {
|
||||
} else if (sm->cfg->eap_teap_auth == 1) {
|
||||
eap_teap_state(data, PHASE2_BASIC_AUTH);
|
||||
return 0;
|
||||
} else {
|
||||
|
@ -58,7 +58,7 @@ static void eap_tls_valid_session(struct eap_sm *sm, struct eap_tls_data *data)
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
|
||||
if (!sm->tls_session_lifetime)
|
||||
if (!sm->cfg->tls_session_lifetime)
|
||||
return;
|
||||
|
||||
buf = wpabuf_alloc(1);
|
||||
@ -187,7 +187,8 @@ static struct wpabuf * eap_tls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
case START:
|
||||
return eap_tls_build_start(sm, data, id);
|
||||
case CONTINUE:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn))
|
||||
if (tls_connection_established(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn))
|
||||
data->established = 1;
|
||||
break;
|
||||
default:
|
||||
@ -267,7 +268,7 @@ static void eap_tls_process_msg(struct eap_sm *sm, void *priv,
|
||||
}
|
||||
|
||||
if (data->ssl.tls_v13 &&
|
||||
tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn)) {
|
||||
struct wpabuf *plain, *encr;
|
||||
|
||||
wpa_printf(MSG_DEBUG,
|
||||
@ -315,8 +316,8 @@ static void eap_tls_process(struct eap_sm *sm, void *priv,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
|
||||
if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
|
||||
return;
|
||||
|
||||
buf = tls_connection_get_success_data(data->ssl.conn);
|
||||
|
@ -47,9 +47,9 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
int verify_peer, int eap_type)
|
||||
{
|
||||
u8 session_ctx[8];
|
||||
unsigned int flags = sm->tls_flags;
|
||||
unsigned int flags = sm->cfg->tls_flags;
|
||||
|
||||
if (sm->ssl_ctx == NULL) {
|
||||
if (!sm->cfg->ssl_ctx) {
|
||||
wpa_printf(MSG_ERROR, "TLS context not initialized - cannot use TLS-based EAP method");
|
||||
return -1;
|
||||
}
|
||||
@ -57,7 +57,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
data->eap = sm;
|
||||
data->phase2 = sm->init_phase2;
|
||||
|
||||
data->conn = tls_connection_init(sm->ssl_ctx);
|
||||
data->conn = tls_connection_init(sm->cfg->ssl_ctx);
|
||||
if (data->conn == NULL) {
|
||||
wpa_printf(MSG_INFO, "SSL: Failed to initialize new TLS "
|
||||
"connection");
|
||||
@ -75,17 +75,18 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
flags |= TLS_CONN_DISABLE_SESSION_TICKET;
|
||||
os_memcpy(session_ctx, "hostapd", 7);
|
||||
session_ctx[7] = (u8) eap_type;
|
||||
if (tls_connection_set_verify(sm->ssl_ctx, data->conn, verify_peer,
|
||||
if (tls_connection_set_verify(sm->cfg->ssl_ctx, data->conn, verify_peer,
|
||||
flags, session_ctx,
|
||||
sizeof(session_ctx))) {
|
||||
wpa_printf(MSG_INFO, "SSL: Failed to configure verification "
|
||||
"of TLS peer certificate");
|
||||
tls_connection_deinit(sm->ssl_ctx, data->conn);
|
||||
tls_connection_deinit(sm->cfg->ssl_ctx, data->conn);
|
||||
data->conn = NULL;
|
||||
return -1;
|
||||
}
|
||||
|
||||
data->tls_out_limit = sm->fragment_size > 0 ? sm->fragment_size : 1398;
|
||||
data->tls_out_limit = sm->cfg->fragment_size > 0 ?
|
||||
sm->cfg->fragment_size : 1398;
|
||||
if (data->phase2) {
|
||||
/* Limit the fragment size in the inner TLS authentication
|
||||
* since the outer authentication with EAP-PEAP does not yet
|
||||
@ -99,7 +100,7 @@ int eap_server_tls_ssl_init(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
|
||||
void eap_server_tls_ssl_deinit(struct eap_sm *sm, struct eap_ssl_data *data)
|
||||
{
|
||||
tls_connection_deinit(sm->ssl_ctx, data->conn);
|
||||
tls_connection_deinit(sm->cfg->ssl_ctx, data->conn);
|
||||
eap_server_tls_free_in_buf(data);
|
||||
wpabuf_free(data->tls_out);
|
||||
data->tls_out = NULL;
|
||||
@ -116,7 +117,7 @@ u8 * eap_server_tls_derive_key(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
if (out == NULL)
|
||||
return NULL;
|
||||
|
||||
if (tls_connection_export_key(sm->ssl_ctx, data->conn, label,
|
||||
if (tls_connection_export_key(sm->cfg->ssl_ctx, data->conn, label,
|
||||
context, context_len, out, len)) {
|
||||
os_free(out);
|
||||
return NULL;
|
||||
@ -170,7 +171,7 @@ u8 * eap_server_tls_derive_session_id(struct eap_sm *sm,
|
||||
return id;
|
||||
}
|
||||
|
||||
if (tls_connection_get_random(sm->ssl_ctx, data->conn, &keys))
|
||||
if (tls_connection_get_random(sm->cfg->ssl_ctx, data->conn, &keys))
|
||||
return NULL;
|
||||
|
||||
if (keys.client_random == NULL || keys.server_random == NULL)
|
||||
@ -340,29 +341,30 @@ int eap_server_tls_phase1(struct eap_sm *sm, struct eap_ssl_data *data)
|
||||
WPA_ASSERT(data->tls_out == NULL);
|
||||
}
|
||||
|
||||
data->tls_out = tls_connection_server_handshake(sm->ssl_ctx,
|
||||
data->tls_out = tls_connection_server_handshake(sm->cfg->ssl_ctx,
|
||||
data->conn,
|
||||
data->tls_in, NULL);
|
||||
if (data->tls_out == NULL) {
|
||||
wpa_printf(MSG_INFO, "SSL: TLS processing failed");
|
||||
return -1;
|
||||
}
|
||||
if (tls_connection_get_failed(sm->ssl_ctx, data->conn)) {
|
||||
if (tls_connection_get_failed(sm->cfg->ssl_ctx, data->conn)) {
|
||||
/* TLS processing has failed - return error */
|
||||
wpa_printf(MSG_DEBUG, "SSL: Failed - tls_out available to "
|
||||
"report error");
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (tls_get_version(sm->ssl_ctx, data->conn, buf, sizeof(buf)) == 0) {
|
||||
if (tls_get_version(sm->cfg->ssl_ctx, data->conn,
|
||||
buf, sizeof(buf)) == 0) {
|
||||
wpa_printf(MSG_DEBUG, "SSL: Using TLS version %s", buf);
|
||||
data->tls_v13 = os_strcmp(buf, "TLSv1.3") == 0;
|
||||
}
|
||||
|
||||
if (!sm->serial_num &&
|
||||
tls_connection_established(sm->ssl_ctx, data->conn))
|
||||
sm->serial_num = tls_connection_peer_serial_num(sm->ssl_ctx,
|
||||
data->conn);
|
||||
tls_connection_established(sm->cfg->ssl_ctx, data->conn))
|
||||
sm->serial_num = tls_connection_peer_serial_num(
|
||||
sm->cfg->ssl_ctx, data->conn);
|
||||
|
||||
return 0;
|
||||
}
|
||||
@ -451,8 +453,7 @@ struct wpabuf * eap_server_tls_encrypt(struct eap_sm *sm,
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
|
||||
buf = tls_connection_encrypt(sm->ssl_ctx, data->conn,
|
||||
plain);
|
||||
buf = tls_connection_encrypt(sm->cfg->ssl_ctx, data->conn, plain);
|
||||
if (buf == NULL) {
|
||||
wpa_printf(MSG_INFO, "SSL: Failed to encrypt Phase 2 data");
|
||||
return NULL;
|
||||
@ -506,7 +507,7 @@ int eap_server_tls_process(struct eap_sm *sm, struct eap_ssl_data *data,
|
||||
if (proc_msg)
|
||||
proc_msg(sm, priv, respData);
|
||||
|
||||
if (tls_connection_get_write_alerts(sm->ssl_ctx, data->conn) > 1) {
|
||||
if (tls_connection_get_write_alerts(sm->cfg->ssl_ctx, data->conn) > 1) {
|
||||
wpa_printf(MSG_INFO, "SSL: Locally detected fatal error in "
|
||||
"TLS processing");
|
||||
res = -1;
|
||||
|
@ -84,8 +84,8 @@ static void * eap_tnc_init(struct eap_sm *sm)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
data->fragment_size = sm->fragment_size > 100 ?
|
||||
sm->fragment_size - 98 : 1300;
|
||||
data->fragment_size = sm->cfg->fragment_size > 100 ?
|
||||
sm->cfg->fragment_size - 98 : 1300;
|
||||
|
||||
return data;
|
||||
}
|
||||
|
@ -81,7 +81,7 @@ static void eap_ttls_valid_session(struct eap_sm *sm,
|
||||
{
|
||||
struct wpabuf *buf;
|
||||
|
||||
if (!sm->tls_session_lifetime)
|
||||
if (!sm->cfg->tls_session_lifetime)
|
||||
return;
|
||||
|
||||
buf = wpabuf_alloc(1 + 1 + sm->identity_len);
|
||||
@ -480,7 +480,8 @@ static struct wpabuf * eap_ttls_buildReq(struct eap_sm *sm, void *priv, u8 id)
|
||||
case START:
|
||||
return eap_ttls_build_start(sm, data, id);
|
||||
case PHASE1:
|
||||
if (tls_connection_established(sm->ssl_ctx, data->ssl.conn)) {
|
||||
if (tls_connection_established(sm->cfg->ssl_ctx,
|
||||
data->ssl.conn)) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Phase1 done, "
|
||||
"starting Phase2");
|
||||
eap_ttls_state(data, PHASE2_START);
|
||||
@ -1029,7 +1030,7 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
|
||||
return;
|
||||
}
|
||||
|
||||
in_decrypted = tls_connection_decrypt(sm->ssl_ctx, data->ssl.conn,
|
||||
in_decrypted = tls_connection_decrypt(sm->cfg->ssl_ctx, data->ssl.conn,
|
||||
in_buf);
|
||||
if (in_decrypted == NULL) {
|
||||
wpa_printf(MSG_INFO, "EAP-TTLS: Failed to decrypt Phase 2 "
|
||||
@ -1119,7 +1120,7 @@ done:
|
||||
static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
|
||||
{
|
||||
#ifdef EAP_SERVER_TNC
|
||||
if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
|
||||
if (!sm->cfg->tnc || data->state != SUCCESS || data->tnc_started)
|
||||
return;
|
||||
|
||||
wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
|
||||
@ -1209,8 +1210,8 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv,
|
||||
return;
|
||||
}
|
||||
|
||||
if (!tls_connection_established(sm->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->ssl_ctx, data->ssl.conn))
|
||||
if (!tls_connection_established(sm->cfg->ssl_ctx, data->ssl.conn) ||
|
||||
!tls_connection_resumed(sm->cfg->ssl_ctx, data->ssl.conn))
|
||||
return;
|
||||
|
||||
buf = tls_connection_get_success_data(data->ssl.conn);
|
||||
|
@ -103,10 +103,10 @@ static void * eap_wsc_init(struct eap_sm *sm)
|
||||
data->registrar = registrar;
|
||||
|
||||
os_memset(&cfg, 0, sizeof(cfg));
|
||||
cfg.wps = sm->wps;
|
||||
cfg.wps = sm->cfg->wps;
|
||||
cfg.registrar = registrar;
|
||||
if (registrar) {
|
||||
if (sm->wps == NULL || sm->wps->registrar == NULL) {
|
||||
if (!sm->cfg->wps || !sm->cfg->wps->registrar) {
|
||||
wpa_printf(MSG_INFO, "EAP-WSC: WPS Registrar not "
|
||||
"initialized");
|
||||
os_free(data);
|
||||
@ -138,14 +138,14 @@ static void * eap_wsc_init(struct eap_sm *sm)
|
||||
cfg.p2p_dev_addr = p2p_get_go_dev_addr(sm->assoc_p2p_ie);
|
||||
}
|
||||
#endif /* CONFIG_P2P */
|
||||
cfg.pbc_in_m1 = sm->pbc_in_m1;
|
||||
cfg.pbc_in_m1 = sm->cfg->pbc_in_m1;
|
||||
data->wps = wps_init(&cfg);
|
||||
if (data->wps == NULL) {
|
||||
os_free(data);
|
||||
return NULL;
|
||||
}
|
||||
data->fragment_size = sm->fragment_size > 0 ? sm->fragment_size :
|
||||
WSC_FRAGMENT_SIZE;
|
||||
data->fragment_size = sm->cfg->fragment_size > 0 ?
|
||||
sm->cfg->fragment_size : WSC_FRAGMENT_SIZE;
|
||||
|
||||
return data;
|
||||
}
|
||||
|
@ -775,7 +775,7 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
|
||||
const char *identity, const char *radius_cui)
|
||||
{
|
||||
struct eapol_state_machine *sm;
|
||||
struct eap_config eap_conf;
|
||||
struct eap_session_data eap_sess;
|
||||
|
||||
if (eapol == NULL)
|
||||
return NULL;
|
||||
@ -823,38 +823,12 @@ eapol_auth_alloc(struct eapol_authenticator *eapol, const u8 *addr,
|
||||
else
|
||||
sm->portValid = TRUE;
|
||||
|
||||
os_memset(&eap_conf, 0, sizeof(eap_conf));
|
||||
eap_conf.eap_server = eapol->conf.eap_server;
|
||||
eap_conf.ssl_ctx = eapol->conf.ssl_ctx;
|
||||
eap_conf.msg_ctx = eapol->conf.msg_ctx;
|
||||
eap_conf.eap_sim_db_priv = eapol->conf.eap_sim_db_priv;
|
||||
eap_conf.pac_opaque_encr_key = eapol->conf.pac_opaque_encr_key;
|
||||
eap_conf.eap_fast_a_id = eapol->conf.eap_fast_a_id;
|
||||
eap_conf.eap_fast_a_id_len = eapol->conf.eap_fast_a_id_len;
|
||||
eap_conf.eap_fast_a_id_info = eapol->conf.eap_fast_a_id_info;
|
||||
eap_conf.eap_fast_prov = eapol->conf.eap_fast_prov;
|
||||
eap_conf.pac_key_lifetime = eapol->conf.pac_key_lifetime;
|
||||
eap_conf.pac_key_refresh_time = eapol->conf.pac_key_refresh_time;
|
||||
eap_conf.eap_teap_auth = eapol->conf.eap_teap_auth;
|
||||
eap_conf.eap_teap_pac_no_inner = eapol->conf.eap_teap_pac_no_inner;
|
||||
eap_conf.eap_teap_separate_result =
|
||||
eapol->conf.eap_teap_separate_result;
|
||||
eap_conf.eap_sim_aka_result_ind = eapol->conf.eap_sim_aka_result_ind;
|
||||
eap_conf.eap_sim_id = eapol->conf.eap_sim_id;
|
||||
eap_conf.tnc = eapol->conf.tnc;
|
||||
eap_conf.wps = eapol->conf.wps;
|
||||
eap_conf.assoc_wps_ie = assoc_wps_ie;
|
||||
eap_conf.assoc_p2p_ie = assoc_p2p_ie;
|
||||
eap_conf.peer_addr = addr;
|
||||
eap_conf.fragment_size = eapol->conf.fragment_size;
|
||||
eap_conf.pwd_group = eapol->conf.pwd_group;
|
||||
eap_conf.pbc_in_m1 = eapol->conf.pbc_in_m1;
|
||||
eap_conf.server_id = eapol->conf.server_id;
|
||||
eap_conf.server_id_len = eapol->conf.server_id_len;
|
||||
eap_conf.erp = eapol->conf.erp;
|
||||
eap_conf.tls_session_lifetime = eapol->conf.tls_session_lifetime;
|
||||
eap_conf.tls_flags = eapol->conf.tls_flags;
|
||||
sm->eap = eap_server_sm_init(sm, &eapol_cb, &eap_conf);
|
||||
os_memset(&eap_sess, 0, sizeof(eap_sess));
|
||||
eap_sess.assoc_wps_ie = assoc_wps_ie;
|
||||
eap_sess.assoc_p2p_ie = assoc_p2p_ie;
|
||||
eap_sess.peer_addr = addr;
|
||||
sm->eap = eap_server_sm_init(sm, &eapol_cb, eapol->conf.eap_cfg,
|
||||
&eap_sess);
|
||||
if (sm->eap == NULL) {
|
||||
eapol_auth_free(sm);
|
||||
return NULL;
|
||||
@ -1189,19 +1163,12 @@ int eapol_auth_set_conf(struct eapol_state_machine *sm, const char *param,
|
||||
static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
|
||||
struct eapol_auth_config *src)
|
||||
{
|
||||
dst->eap_cfg = src->eap_cfg;
|
||||
dst->ctx = src->ctx;
|
||||
dst->eap_reauth_period = src->eap_reauth_period;
|
||||
dst->wpa = src->wpa;
|
||||
dst->individual_wep_key_len = src->individual_wep_key_len;
|
||||
dst->eap_server = src->eap_server;
|
||||
dst->ssl_ctx = src->ssl_ctx;
|
||||
dst->msg_ctx = src->msg_ctx;
|
||||
dst->eap_sim_db_priv = src->eap_sim_db_priv;
|
||||
os_free(dst->eap_req_id_text);
|
||||
dst->pwd_group = src->pwd_group;
|
||||
dst->pbc_in_m1 = src->pbc_in_m1;
|
||||
dst->server_id = src->server_id;
|
||||
dst->server_id_len = src->server_id_len;
|
||||
if (src->eap_req_id_text) {
|
||||
dst->eap_req_id_text = os_memdup(src->eap_req_id_text,
|
||||
src->eap_req_id_text_len);
|
||||
@ -1212,38 +1179,6 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
|
||||
dst->eap_req_id_text = NULL;
|
||||
dst->eap_req_id_text_len = 0;
|
||||
}
|
||||
if (src->pac_opaque_encr_key) {
|
||||
dst->pac_opaque_encr_key = os_memdup(src->pac_opaque_encr_key,
|
||||
16);
|
||||
if (dst->pac_opaque_encr_key == NULL)
|
||||
goto fail;
|
||||
} else
|
||||
dst->pac_opaque_encr_key = NULL;
|
||||
if (src->eap_fast_a_id) {
|
||||
dst->eap_fast_a_id = os_memdup(src->eap_fast_a_id,
|
||||
src->eap_fast_a_id_len);
|
||||
if (dst->eap_fast_a_id == NULL)
|
||||
goto fail;
|
||||
dst->eap_fast_a_id_len = src->eap_fast_a_id_len;
|
||||
} else
|
||||
dst->eap_fast_a_id = NULL;
|
||||
if (src->eap_fast_a_id_info) {
|
||||
dst->eap_fast_a_id_info = os_strdup(src->eap_fast_a_id_info);
|
||||
if (dst->eap_fast_a_id_info == NULL)
|
||||
goto fail;
|
||||
} else
|
||||
dst->eap_fast_a_id_info = NULL;
|
||||
dst->eap_fast_prov = src->eap_fast_prov;
|
||||
dst->pac_key_lifetime = src->pac_key_lifetime;
|
||||
dst->pac_key_refresh_time = src->pac_key_refresh_time;
|
||||
dst->eap_teap_auth = src->eap_teap_auth;
|
||||
dst->eap_teap_pac_no_inner = src->eap_teap_pac_no_inner;
|
||||
dst->eap_teap_separate_result = src->eap_teap_separate_result;
|
||||
dst->eap_sim_aka_result_ind = src->eap_sim_aka_result_ind;
|
||||
dst->eap_sim_id = src->eap_sim_id;
|
||||
dst->tnc = src->tnc;
|
||||
dst->wps = src->wps;
|
||||
dst->fragment_size = src->fragment_size;
|
||||
|
||||
os_free(dst->erp_domain);
|
||||
if (src->erp_domain) {
|
||||
@ -1254,9 +1189,6 @@ static int eapol_auth_conf_clone(struct eapol_auth_config *dst,
|
||||
dst->erp_domain = NULL;
|
||||
}
|
||||
dst->erp_send_reauth_start = src->erp_send_reauth_start;
|
||||
dst->erp = src->erp;
|
||||
dst->tls_session_lifetime = src->tls_session_lifetime;
|
||||
dst->tls_flags = src->tls_flags;
|
||||
|
||||
return 0;
|
||||
|
||||
@ -1270,12 +1202,6 @@ static void eapol_auth_conf_free(struct eapol_auth_config *conf)
|
||||
{
|
||||
os_free(conf->eap_req_id_text);
|
||||
conf->eap_req_id_text = NULL;
|
||||
os_free(conf->pac_opaque_encr_key);
|
||||
conf->pac_opaque_encr_key = NULL;
|
||||
os_free(conf->eap_fast_a_id);
|
||||
conf->eap_fast_a_id = NULL;
|
||||
os_free(conf->eap_fast_a_id_info);
|
||||
conf->eap_fast_a_id_info = NULL;
|
||||
os_free(conf->erp_domain);
|
||||
conf->erp_domain = NULL;
|
||||
}
|
||||
|
@ -15,39 +15,14 @@
|
||||
#define EAPOL_SM_FROM_PMKSA_CACHE BIT(3)
|
||||
|
||||
struct eapol_auth_config {
|
||||
const struct eap_config *eap_cfg;
|
||||
int eap_reauth_period;
|
||||
int wpa;
|
||||
int individual_wep_key_len;
|
||||
int eap_server;
|
||||
void *ssl_ctx;
|
||||
void *msg_ctx;
|
||||
void *eap_sim_db_priv;
|
||||
char *eap_req_id_text; /* a copy of this will be allocated */
|
||||
size_t eap_req_id_text_len;
|
||||
int erp_send_reauth_start;
|
||||
char *erp_domain; /* a copy of this will be allocated */
|
||||
int erp; /* Whether ERP is enabled on authentication server */
|
||||
unsigned int tls_session_lifetime;
|
||||
unsigned int tls_flags;
|
||||
u8 *pac_opaque_encr_key;
|
||||
u8 *eap_fast_a_id;
|
||||
size_t eap_fast_a_id_len;
|
||||
char *eap_fast_a_id_info;
|
||||
int eap_fast_prov;
|
||||
int pac_key_lifetime;
|
||||
int pac_key_refresh_time;
|
||||
int eap_teap_auth;
|
||||
int eap_teap_pac_no_inner;
|
||||
int eap_teap_separate_result;
|
||||
int eap_sim_aka_result_ind;
|
||||
int eap_sim_id;
|
||||
int tnc;
|
||||
struct wps_context *wps;
|
||||
int fragment_size;
|
||||
u16 pwd_group;
|
||||
int pbc_in_m1;
|
||||
const u8 *server_id;
|
||||
size_t server_id_len;
|
||||
|
||||
/* Opaque context pointer to owner data for callback functions */
|
||||
void *ctx;
|
||||
|
@ -161,146 +161,10 @@ struct radius_server_data {
|
||||
*/
|
||||
int num_sess;
|
||||
|
||||
/**
|
||||
* eap_sim_db_priv - EAP-SIM/AKA database context
|
||||
*
|
||||
* This is passed to the EAP-SIM/AKA server implementation as a
|
||||
* callback context.
|
||||
*/
|
||||
void *eap_sim_db_priv;
|
||||
|
||||
/**
|
||||
* ssl_ctx - TLS context
|
||||
*
|
||||
* This is passed to the EAP server implementation as a callback
|
||||
* context for TLS operations.
|
||||
*/
|
||||
void *ssl_ctx;
|
||||
|
||||
/**
|
||||
* pac_opaque_encr_key - PAC-Opaque encryption key for EAP-FAST
|
||||
*
|
||||
* This parameter is used to set a key for EAP-FAST to encrypt the
|
||||
* PAC-Opaque data. It can be set to %NULL if EAP-FAST is not used. If
|
||||
* set, must point to a 16-octet key.
|
||||
*/
|
||||
u8 *pac_opaque_encr_key;
|
||||
|
||||
/**
|
||||
* eap_fast_a_id - EAP-FAST authority identity (A-ID)
|
||||
*
|
||||
* If EAP-FAST is not used, this can be set to %NULL. In theory, this
|
||||
* is a variable length field, but due to some existing implementations
|
||||
* requiring A-ID to be 16 octets in length, it is recommended to use
|
||||
* that length for the field to provide interoperability with deployed
|
||||
* peer implementations.
|
||||
*/
|
||||
u8 *eap_fast_a_id;
|
||||
|
||||
/**
|
||||
* eap_fast_a_id_len - Length of eap_fast_a_id buffer in octets
|
||||
*/
|
||||
size_t eap_fast_a_id_len;
|
||||
|
||||
/**
|
||||
* eap_fast_a_id_info - EAP-FAST authority identifier information
|
||||
*
|
||||
* This A-ID-Info contains a user-friendly name for the A-ID. For
|
||||
* example, this could be the enterprise and server names in
|
||||
* human-readable format. This field is encoded as UTF-8. If EAP-FAST
|
||||
* is not used, this can be set to %NULL.
|
||||
*/
|
||||
char *eap_fast_a_id_info;
|
||||
|
||||
/**
|
||||
* eap_fast_prov - EAP-FAST provisioning modes
|
||||
*
|
||||
* 0 = provisioning disabled, 1 = only anonymous provisioning allowed,
|
||||
* 2 = only authenticated provisioning allowed, 3 = both provisioning
|
||||
* modes allowed.
|
||||
*/
|
||||
int eap_fast_prov;
|
||||
|
||||
/**
|
||||
* pac_key_lifetime - EAP-FAST PAC-Key lifetime in seconds
|
||||
*
|
||||
* This is the hard limit on how long a provisioned PAC-Key can be
|
||||
* used.
|
||||
*/
|
||||
int pac_key_lifetime;
|
||||
|
||||
/**
|
||||
* pac_key_refresh_time - EAP-FAST PAC-Key refresh time in seconds
|
||||
*
|
||||
* This is a soft limit on the PAC-Key. The server will automatically
|
||||
* generate a new PAC-Key when this number of seconds (or fewer) of the
|
||||
* lifetime remains.
|
||||
*/
|
||||
int pac_key_refresh_time;
|
||||
|
||||
int eap_teap_auth;
|
||||
int eap_teap_pac_no_inner;
|
||||
int eap_teap_separate_result;
|
||||
|
||||
/**
|
||||
* eap_sim_aka_result_ind - EAP-SIM/AKA protected success indication
|
||||
*
|
||||
* This controls whether the protected success/failure indication
|
||||
* (AT_RESULT_IND) is used with EAP-SIM and EAP-AKA.
|
||||
*/
|
||||
int eap_sim_aka_result_ind;
|
||||
|
||||
int eap_sim_id;
|
||||
|
||||
/**
|
||||
* tnc - Trusted Network Connect (TNC)
|
||||
*
|
||||
* This controls whether TNC is enabled and will be required before the
|
||||
* peer is allowed to connect. Note: This is only used with EAP-TTLS
|
||||
* and EAP-FAST. If any other EAP method is enabled, the peer will be
|
||||
* allowed to connect without TNC.
|
||||
*/
|
||||
int tnc;
|
||||
|
||||
/**
|
||||
* pwd_group - The D-H group assigned for EAP-pwd
|
||||
*
|
||||
* If EAP-pwd is not used it can be set to zero.
|
||||
*/
|
||||
u16 pwd_group;
|
||||
|
||||
/**
|
||||
* server_id - Server identity
|
||||
*/
|
||||
const char *server_id;
|
||||
|
||||
/**
|
||||
* erp - Whether EAP Re-authentication Protocol (ERP) is enabled
|
||||
*
|
||||
* This controls whether the authentication server derives ERP key
|
||||
* hierarchy (rRK and rIK) from full EAP authentication and allows
|
||||
* these keys to be used to perform ERP to derive rMSK instead of full
|
||||
* EAP authentication to derive MSK.
|
||||
*/
|
||||
int erp;
|
||||
|
||||
const char *erp_domain;
|
||||
|
||||
struct dl_list erp_keys; /* struct eap_server_erp_key */
|
||||
|
||||
unsigned int tls_session_lifetime;
|
||||
|
||||
unsigned int tls_flags;
|
||||
|
||||
/**
|
||||
* wps - Wi-Fi Protected Setup context
|
||||
*
|
||||
* If WPS is used with an external RADIUS server (which is quite
|
||||
* unlikely configuration), this is used to provide a pointer to WPS
|
||||
* context data. Normally, this can be set to %NULL.
|
||||
*/
|
||||
struct wps_context *wps;
|
||||
|
||||
/**
|
||||
* ipv6 - Whether to enable IPv6 support in the RADIUS server
|
||||
*/
|
||||
@ -352,11 +216,6 @@ struct radius_server_data {
|
||||
*/
|
||||
size_t eap_req_id_text_len;
|
||||
|
||||
/*
|
||||
* msg_ctx - Context data for wpa_msg() calls
|
||||
*/
|
||||
void *msg_ctx;
|
||||
|
||||
#ifdef CONFIG_RADIUS_TEST
|
||||
char *dump_msk_file;
|
||||
#endif /* CONFIG_RADIUS_TEST */
|
||||
@ -370,6 +229,8 @@ struct radius_server_data {
|
||||
#ifdef CONFIG_SQLITE
|
||||
sqlite3 *db;
|
||||
#endif /* CONFIG_SQLITE */
|
||||
|
||||
struct eap_config *eap_cfg;
|
||||
};
|
||||
|
||||
|
||||
@ -620,7 +481,7 @@ radius_server_new_session(struct radius_server_data *data,
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
static void radius_server_testing_options_tls(struct radius_session *sess,
|
||||
const char *tls,
|
||||
struct eap_config *eap_conf)
|
||||
struct eap_session_data *eap_conf)
|
||||
{
|
||||
int test = atoi(tls);
|
||||
|
||||
@ -665,7 +526,7 @@ static void radius_server_testing_options_tls(struct radius_session *sess,
|
||||
#endif /* CONFIG_TESTING_OPTIONS */
|
||||
|
||||
static void radius_server_testing_options(struct radius_session *sess,
|
||||
struct eap_config *eap_conf)
|
||||
struct eap_session_data *eap_conf)
|
||||
{
|
||||
#ifdef CONFIG_TESTING_OPTIONS
|
||||
const char *pos;
|
||||
@ -708,7 +569,7 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
size_t user_len, id_len;
|
||||
int res;
|
||||
struct radius_session *sess;
|
||||
struct eap_config eap_conf;
|
||||
struct eap_session_data eap_sess;
|
||||
struct eap_user *tmp;
|
||||
|
||||
RADIUS_DEBUG("Creating a new session");
|
||||
@ -726,7 +587,7 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
|
||||
res = data->get_eap_user(data->conf_ctx, user, user_len, 0, tmp);
|
||||
#ifdef CONFIG_ERP
|
||||
if (res != 0 && data->erp) {
|
||||
if (res != 0 && data->eap_cfg->erp) {
|
||||
char *username;
|
||||
|
||||
username = os_zalloc(user_len + 1);
|
||||
@ -785,35 +646,10 @@ radius_server_get_new_session(struct radius_server_data *data,
|
||||
|
||||
srv_log(sess, "New session created");
|
||||
|
||||
os_memset(&eap_conf, 0, sizeof(eap_conf));
|
||||
eap_conf.ssl_ctx = data->ssl_ctx;
|
||||
eap_conf.msg_ctx = data->msg_ctx;
|
||||
eap_conf.eap_sim_db_priv = data->eap_sim_db_priv;
|
||||
eap_conf.backend_auth = TRUE;
|
||||
eap_conf.eap_server = 1;
|
||||
eap_conf.pac_opaque_encr_key = data->pac_opaque_encr_key;
|
||||
eap_conf.eap_fast_a_id = data->eap_fast_a_id;
|
||||
eap_conf.eap_fast_a_id_len = data->eap_fast_a_id_len;
|
||||
eap_conf.eap_fast_a_id_info = data->eap_fast_a_id_info;
|
||||
eap_conf.eap_fast_prov = data->eap_fast_prov;
|
||||
eap_conf.pac_key_lifetime = data->pac_key_lifetime;
|
||||
eap_conf.pac_key_refresh_time = data->pac_key_refresh_time;
|
||||
eap_conf.eap_teap_auth = data->eap_teap_auth;
|
||||
eap_conf.eap_teap_pac_no_inner = data->eap_teap_pac_no_inner;
|
||||
eap_conf.eap_teap_separate_result = data->eap_teap_separate_result;
|
||||
eap_conf.eap_sim_aka_result_ind = data->eap_sim_aka_result_ind;
|
||||
eap_conf.eap_sim_id = data->eap_sim_id;
|
||||
eap_conf.tnc = data->tnc;
|
||||
eap_conf.wps = data->wps;
|
||||
eap_conf.pwd_group = data->pwd_group;
|
||||
eap_conf.server_id = (const u8 *) data->server_id;
|
||||
eap_conf.server_id_len = os_strlen(data->server_id);
|
||||
eap_conf.erp = data->erp;
|
||||
eap_conf.tls_session_lifetime = data->tls_session_lifetime;
|
||||
eap_conf.tls_flags = data->tls_flags;
|
||||
radius_server_testing_options(sess, &eap_conf);
|
||||
os_memset(&eap_sess, 0, sizeof(eap_sess));
|
||||
radius_server_testing_options(sess, &eap_sess);
|
||||
sess->eap = eap_server_sm_init(sess, &radius_server_eapol_cb,
|
||||
&eap_conf);
|
||||
data->eap_cfg, &eap_sess);
|
||||
if (sess->eap == NULL) {
|
||||
RADIUS_DEBUG("Failed to initialize EAP state machine for the "
|
||||
"new session");
|
||||
@ -2353,6 +2189,7 @@ struct radius_server_data *
|
||||
radius_server_init(struct radius_server_conf *conf)
|
||||
{
|
||||
struct radius_server_data *data;
|
||||
struct eap_config *eap_cfg;
|
||||
|
||||
#ifndef CONFIG_IPV6
|
||||
if (conf->ipv6) {
|
||||
@ -2365,45 +2202,56 @@ radius_server_init(struct radius_server_conf *conf)
|
||||
if (data == NULL)
|
||||
return NULL;
|
||||
|
||||
eap_cfg = data->eap_cfg = os_zalloc(sizeof(*eap_cfg));
|
||||
if (!eap_cfg) {
|
||||
os_free(data);
|
||||
return NULL;
|
||||
}
|
||||
data->auth_sock = -1;
|
||||
data->acct_sock = -1;
|
||||
dl_list_init(&data->erp_keys);
|
||||
os_get_reltime(&data->start_time);
|
||||
data->conf_ctx = conf->conf_ctx;
|
||||
data->eap_sim_db_priv = conf->eap_sim_db_priv;
|
||||
data->ssl_ctx = conf->ssl_ctx;
|
||||
data->msg_ctx = conf->msg_ctx;
|
||||
eap_cfg->backend_auth = TRUE;
|
||||
eap_cfg->eap_server = 1;
|
||||
eap_cfg->eap_sim_db_priv = conf->eap_sim_db_priv;
|
||||
eap_cfg->ssl_ctx = conf->ssl_ctx;
|
||||
eap_cfg->msg_ctx = conf->msg_ctx;
|
||||
data->ipv6 = conf->ipv6;
|
||||
if (conf->pac_opaque_encr_key) {
|
||||
data->pac_opaque_encr_key = os_malloc(16);
|
||||
if (data->pac_opaque_encr_key) {
|
||||
os_memcpy(data->pac_opaque_encr_key,
|
||||
eap_cfg->pac_opaque_encr_key = os_malloc(16);
|
||||
if (eap_cfg->pac_opaque_encr_key) {
|
||||
os_memcpy(eap_cfg->pac_opaque_encr_key,
|
||||
conf->pac_opaque_encr_key, 16);
|
||||
}
|
||||
}
|
||||
if (conf->eap_fast_a_id) {
|
||||
data->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
|
||||
if (data->eap_fast_a_id) {
|
||||
os_memcpy(data->eap_fast_a_id, conf->eap_fast_a_id,
|
||||
eap_cfg->eap_fast_a_id = os_malloc(conf->eap_fast_a_id_len);
|
||||
if (eap_cfg->eap_fast_a_id) {
|
||||
os_memcpy(eap_cfg->eap_fast_a_id, conf->eap_fast_a_id,
|
||||
conf->eap_fast_a_id_len);
|
||||
data->eap_fast_a_id_len = conf->eap_fast_a_id_len;
|
||||
eap_cfg->eap_fast_a_id_len = conf->eap_fast_a_id_len;
|
||||
}
|
||||
}
|
||||
if (conf->eap_fast_a_id_info)
|
||||
data->eap_fast_a_id_info = os_strdup(conf->eap_fast_a_id_info);
|
||||
data->eap_fast_prov = conf->eap_fast_prov;
|
||||
data->pac_key_lifetime = conf->pac_key_lifetime;
|
||||
data->pac_key_refresh_time = conf->pac_key_refresh_time;
|
||||
data->eap_teap_auth = conf->eap_teap_auth;
|
||||
data->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
|
||||
data->eap_teap_separate_result = conf->eap_teap_separate_result;
|
||||
eap_cfg->eap_fast_a_id_info =
|
||||
os_strdup(conf->eap_fast_a_id_info);
|
||||
eap_cfg->eap_fast_prov = conf->eap_fast_prov;
|
||||
eap_cfg->pac_key_lifetime = conf->pac_key_lifetime;
|
||||
eap_cfg->pac_key_refresh_time = conf->pac_key_refresh_time;
|
||||
eap_cfg->eap_teap_auth = conf->eap_teap_auth;
|
||||
eap_cfg->eap_teap_pac_no_inner = conf->eap_teap_pac_no_inner;
|
||||
eap_cfg->eap_teap_separate_result = conf->eap_teap_separate_result;
|
||||
data->get_eap_user = conf->get_eap_user;
|
||||
data->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
|
||||
data->eap_sim_id = conf->eap_sim_id;
|
||||
data->tnc = conf->tnc;
|
||||
data->wps = conf->wps;
|
||||
data->pwd_group = conf->pwd_group;
|
||||
data->server_id = conf->server_id;
|
||||
eap_cfg->eap_sim_aka_result_ind = conf->eap_sim_aka_result_ind;
|
||||
eap_cfg->eap_sim_id = conf->eap_sim_id;
|
||||
eap_cfg->tnc = conf->tnc;
|
||||
eap_cfg->wps = conf->wps;
|
||||
eap_cfg->pwd_group = conf->pwd_group;
|
||||
if (conf->server_id) {
|
||||
eap_cfg->server_id = (u8 *) os_strdup(conf->server_id);
|
||||
eap_cfg->server_id_len = os_strlen(conf->server_id);
|
||||
}
|
||||
if (conf->eap_req_id_text) {
|
||||
data->eap_req_id_text = os_malloc(conf->eap_req_id_text_len);
|
||||
if (data->eap_req_id_text) {
|
||||
@ -2412,10 +2260,10 @@ radius_server_init(struct radius_server_conf *conf)
|
||||
data->eap_req_id_text_len = conf->eap_req_id_text_len;
|
||||
}
|
||||
}
|
||||
data->erp = conf->erp;
|
||||
eap_cfg->erp = conf->erp;
|
||||
data->erp_domain = conf->erp_domain;
|
||||
data->tls_session_lifetime = conf->tls_session_lifetime;
|
||||
data->tls_flags = conf->tls_flags;
|
||||
eap_cfg->tls_session_lifetime = conf->tls_session_lifetime;
|
||||
eap_cfg->tls_flags = conf->tls_flags;
|
||||
|
||||
if (conf->subscr_remediation_url) {
|
||||
data->subscr_remediation_url =
|
||||
@ -2537,9 +2385,6 @@ void radius_server_deinit(struct radius_server_data *data)
|
||||
|
||||
radius_server_free_clients(data, data->clients);
|
||||
|
||||
os_free(data->pac_opaque_encr_key);
|
||||
os_free(data->eap_fast_a_id);
|
||||
os_free(data->eap_fast_a_id_info);
|
||||
os_free(data->eap_req_id_text);
|
||||
#ifdef CONFIG_RADIUS_TEST
|
||||
os_free(data->dump_msk_file);
|
||||
@ -2554,6 +2399,7 @@ void radius_server_deinit(struct radius_server_data *data)
|
||||
#endif /* CONFIG_SQLITE */
|
||||
|
||||
radius_server_erp_flush(data);
|
||||
eap_server_config_free(data->eap_cfg);
|
||||
|
||||
os_free(data);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user