size = len;
if (size > 247) size = 247;
- vp = paircreate(PW_VENDOR_SPECIFIC, VENDORPEC_UKERNA,
+ vp = paircreate(PW_UKERNA_CHBIND, VENDORPEC_UKERNA,
PW_TYPE_OCTETS);
if (!vp) {
pairfree(&head);
return NULL;
}
- vp->vp_octets[0] = PW_UKERNA_CHBIND;
- vp->vp_octets[1] = size;
- memcpy(&vp->vp_octets[2], ptr, size);
- vp->length = size + 2;
+ memcpy(vp->vp_octets, ptr, size);
+ vp->length = size;
*tail = vp;
tail = &(vp->next);
/*
- * Find the next EAP-CHANNEL-BINDING message in the
- * pair list
- */
-static VALUE_PAIR *eap_chbind_find_pair(VALUE_PAIR *vps)
-{
- VALUE_PAIR *result = pairfind(vps, PW_VENDOR_SPECIFIC,
- VENDORPEC_UKERNA);
- while (result && (result->vp_octets[0] != PW_UKERNA_CHBIND))
- result = result->next;
- return result;
-}
-
-/*
* Handles multiple EAP-channel-binding Message attrs
* ie concatenates all to get the complete EAP-channel-binding packet.
*/
unsigned char *ptr;
size_t len;
- first = eap_chbind_find_pair(vps);
+ first = pairfind(vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA);
/*
- * Sanity check the length, BEFORE malloc'ing memory.
+ * Compute total length
*/
len = 0;
- for (vp = first; vp; vp = eap_chbind_find_pair(vp)) {
- if ((vp->length < 2) ||
- (vp->length != vp->vp_octets[1]+2)) {
- DEBUG("rlm_eap: Malformed EAP channel binding value pair. Length in pair header does not match actual length");
- return 0;
- }
- len += vp->vp_octets[1];
+ for (vp = first; vp;
+ vp = pairfind(vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA)) {
+ len += vp->length;
}
/*
- * Now that we know the lengths are OK, allocate memory.
+ * Now that we know the length, allocate memory.
*/
eap_chbind_packet = (eap_chbind_packet_t *) malloc(len);
if (eap_chbind_packet == NULL) {
ptr = (unsigned char *)eap_chbind_packet;
/* RADIUS ensures order of attrs, so just concatenate all */
- for (vp = first; vp; vp = eap_chbind_find_pair(vp->next)) {
- memcpy(ptr, vp->vp_octets+2, vp->length-2);
- ptr += vp->length-2;
+ for (vp = first; vp;
+ vp = pairfind(vps, PW_UKERNA_CHBIND, VENDORPEC_UKERNA)) {
+ memcpy(ptr, vp->vp_octets, vp->length);
+ ptr += vp->length;
}
*result = eap_chbind_packet;
RCSID("$Id$")
#include "eap_ttls.h"
+#include "eap_chbind.h"
/*
* 0 1 2 3
pairfree(&first);
return NULL;
}
+ if (vendor == VENDORPEC_UKERNA) {
+ RDEBUG("Received UKERNA attr %d!", attr);
+ }
/*
* If it's a type from our dictionary, then
*/
chbind_len = eap_chbind_vp2packet(fake->packet->vps, &chbind_packet);
if (chbind_len > 0) {
- /*CHBIND_REQ *req = chbind_allocate();
- req->chbind_req = chbind_packet;
+ CHBIND_REQ *req = chbind_allocate();
+ RDEBUG("received chbind request");
+ req->chbind_req_pkt = (uint8_t *)chbind_packet;
req->chbind_req_len = chbind_len;
if (fake->username) {
req->username = fake->username->vp_octets;
req->username_len = 0;
}
chbind_process(request, req);
- */
/* free the chbind packet; we're done with it */
free(chbind_packet);
/* encapsulate response here */
- /*pairadd(replyvps, eap_chbind_packet2vp(req->chbind_resp,
- req->chbind_resp_len));
- */
+ if (req->chbind_resp_len > 0) {
+ RDEBUG("sending chbind response");
+ pairadd(&fake->reply->vps,
+ eap_chbind_packet2vp((eap_chbind_packet_t *)req->chbind_resp,
+ req->chbind_resp_len));
+ } else {
+ RDEBUG("no chbind response");
+ }
/* clean up chbind req */
- /*chbind_free(req);*/
+ chbind_free(req);
}
/*