*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2003 Alan DeKok <aland@freeradius.org>
+ * Copyright 2006 The FreeRADIUS server project
*/
-#include "autoconf.h"
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
+
+#include <freeradius-devel/autoconf.h>
#include "eap_ttls.h"
{
rlm_eap_ttls_t *inst = (rlm_eap_ttls_t *) arg;
- if (inst->default_eap_type_name) free(inst->default_eap_type_name);
free(inst);
if (t->username) {
DEBUG2(" TTLS: Freeing handler for user %s",
- t->username->strvalue);
+ t->username->vp_strvalue);
}
pairfree(&t->username);
pairfree(&t->state);
+ pairfree(&t->reply);
free(t);
}
/*
- * Free the TTLS per-session data
+ * Allocate the TTLS per-session data
*/
static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst)
{
*/
case EAPTLS_SUCCESS:
if (t->authenticated) {
+ if (t->reply) {
+ pairadd(&handler->request->reply->vps, t->reply);
+ t->reply = NULL;
+ }
eaptls_success(handler->eap_ds, 0);
eaptls_gen_mppe_keys(&handler->request->reply->vps,
tls_session->ssl,
"ttls keying material");
} else {
- eaptls_request(handler->eap_ds, tls_session);
+ eaptls_request(handler->eap_ds, tls_session);
}
return 1;
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
- * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*
* Copyright 2003 Alan DeKok <aland@freeradius.org>
+ * Copyright 2006 The FreeRADIUS server project
*/
+
+#include <freeradius-devel/ident.h>
+RCSID("$Id$")
+
#include "eap_ttls.h"
/*
*/
default:
vp->length = size;
- memcpy(vp->strvalue, data, vp->length);
+ memcpy(vp->vp_strvalue, data, vp->length);
break;
}
* If the password is exactly 16 octets,
* it won't be zero-terminated.
*/
- vp->strvalue[vp->length] = '\0';
- vp->length = strlen(vp->strvalue);
+ vp->vp_strvalue[vp->length] = '\0';
+ vp->length = strlen(vp->vp_strvalue);
break;
/*
sizeof(challenge));
for (i = 0; i < vp->length; i++) {
- if (challenge[i] != vp->strvalue[i]) {
+ if (challenge[i] != vp->vp_strvalue[i]) {
DEBUG2(" TTLS: Tunneled challenge is incorrect");
pairfree(&first);
return NULL;
case PW_TYPE_STRING:
case PW_TYPE_OCTETS:
default:
- memcpy(p, vp->strvalue, vp->length);
+ memcpy(p, vp->vp_strvalue, vp->length);
length = vp->length;
break;
}
DEBUG2(" TTLS: Got MS-CHAP2-Success, tunneling it to the client in a challenge.");
rcode = RLM_MODULE_HANDLED;
t->authenticated = TRUE;
+
+ /*
+ * Delete MPPE keys & encryption policy. We don't
+ * want these here.
+ */
+ pairdelete(&reply->vps, ((311 << 16) | 7));
+ pairdelete(&reply->vps, ((311 << 16) | 8));
+ pairdelete(&reply->vps, ((311 << 16) | 16));
+ pairdelete(&reply->vps, ((311 << 16) | 17));
+
+ /*
+ * Use the tunneled reply, but not now.
+ */
+ if (t->use_tunneled_reply) {
+ t->reply = reply->vps;
+ reply->vps = NULL;
+ }
+
} else { /* no MS-CHAP2-Success */
/*
* Can only have EAP-Message if there's
* Update other items in the REQUEST data structure.
*/
fake->username = pairfind(fake->packet->vps, PW_USER_NAME);
- fake->password = pairfind(fake->packet->vps, PW_PASSWORD);
+ fake->password = pairfind(fake->packet->vps, PW_USER_PASSWORD);
/*
* No User-Name, try to create one from stored data.
vp = pairfind(fake->packet->vps, PW_EAP_MESSAGE);
if (vp &&
(vp->length >= EAP_HEADER_LEN + 2) &&
- (vp->strvalue[0] == PW_EAP_RESPONSE) &&
- (vp->strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) &&
- (vp->strvalue[EAP_HEADER_LEN + 1] != 0)) {
+ (vp->vp_strvalue[0] == PW_EAP_RESPONSE) &&
+ (vp->vp_strvalue[EAP_HEADER_LEN] == PW_EAP_IDENTITY) &&
+ (vp->vp_strvalue[EAP_HEADER_LEN + 1] != 0)) {
/*
* Create & remember a User-Name
*/
t->username = pairmake("User-Name", "", T_OP_EQ);
rad_assert(t->username != NULL);
- memcpy(t->username->strvalue, vp->strvalue + 5,
+ memcpy(t->username->vp_strvalue, vp->vp_strvalue + 5,
vp->length - 5);
t->username->length = vp->length - 5;
- t->username->strvalue[t->username->length] = 0;
+ t->username->vp_strvalue[t->username->length] = 0;
DEBUG2(" TTLS: Got tunneled identity of %s",
- t->username->strvalue);
+ t->username->vp_strvalue);
/*
* If there's a default EAP type,
*/
if (t->state) {
DEBUG2(" TTLS: Adding old state with %02x %02x",
- t->state->strvalue[0], t->state->strvalue[1]);
+ t->state->vp_strvalue[0], t->state->vp_strvalue[1]);
vp = paircopy(t->state);
if (vp) pairadd(&fake->packet->vps, vp);
}
vp = pairfind(fake->config_items, PW_PROXY_TO_REALM);
if (vp) {
eap_tunnel_data_t *tunnel;
- DEBUG2(" TTLS: Tunneled authentication will be proxied to %s", vp->strvalue);
+ DEBUG2(" TTLS: Tunneled authentication will be proxied to %s", vp->vp_strvalue);
/*
* Tell the original request that it's going