Patches for EAP-FAST as posted to the list 2010-01-19

by Maja Wolniewicz

diff --git a/raddb/experimental.conf b/raddb/experimental.conf
index 95c8c93..e2488af 100644 (file)
--- a/raddb/experimental.conf
+++ b/raddb/experimental.conf
@@ -438,4 +438,10 @@
                        } 
                }
                }
+
+               fast { 
+                       pac_opaque_encr_key = 000102030405060708090a0b0c0d0e0f 
+                       eap_fast_a_id = xxxxxx 
+                       eap_fast_a_id_info = my_server 
+               } 
        }

diff --git a/src/modules/rlm_eap2/rlm_eap2.c b/src/modules/rlm_eap2/rlm_eap2.c
index 5b19f65..671dd77 100644 (file)
--- a/src/modules/rlm_eap2/rlm_eap2.c
+++ b/src/modules/rlm_eap2/rlm_eap2.c
@@ -71,6 +71,17 @@ typedef struct rlm_eap_t {
 
        struct tls_connection_params tparams;
 
+       /*
+        *      For EAP-FAST
+        */
+       char            *pac_opaque_encr_key; 
+       char            *eap_fast_a_id; 
+       char            *eap_fast_a_id_info; 
+       int             eap_fast_prov; 
+       int             pac_key_lifetime; 
+       int             pac_key_refresh_time; 
+       int             backend_auth; 
+
        int             num_types;
        EapType         methods[EAP_MAX_METHODS];
        int             vendors[EAP_MAX_METHODS];
@@ -444,17 +455,41 @@ static CONF_PARSER tls_config[] = {
          offsetof(rlm_eap_t, tparams.private_key_passwd),
          NULL, "whatever" },
 
+       { "dh_file", PW_TYPE_STRING_PTR, 
+         offsetof(rlm_eap_t, tparams.dh_file), NULL, "whatever" }, 
+
        { NULL, -1, 0, NULL, NULL }           /* end the list */
 };
 
+static CONF_PARSER fast_config[] = { 
+       { "pac_opaque_encr_key", PW_TYPE_STRING_PTR, 
+         offsetof(rlm_eap_t, pac_opaque_encr_key), NULL, NULL }, 
+       { "eap_fast_a_id", PW_TYPE_STRING_PTR, 
+         offsetof(rlm_eap_t, eap_fast_a_id), NULL, NULL }, 
+       { "eap_fast_a_id_info", PW_TYPE_STRING_PTR, 
+         offsetof(rlm_eap_t, eap_fast_a_id_info), NULL, NULL }, 
+       { "eap_fast_prov", PW_TYPE_INTEGER, 
+         offsetof(rlm_eap_t, eap_fast_prov), NULL, "3"}, 
+       { "pac_key_lifetime", PW_TYPE_INTEGER, 
+         offsetof(rlm_eap_t, pac_key_lifetime), NULL, "604800"}, 
+       { "pac_key_refresh_time", PW_TYPE_INTEGER, 
+         offsetof(rlm_eap_t, pac_key_refresh_time), NULL, "86400"}, 
+       { NULL, -1, 0, NULL, NULL } /* end the list */ 
+}; 
+
 static const CONF_PARSER module_config[] = {
        { "timer_expire", PW_TYPE_INTEGER,
          offsetof(rlm_eap_t, timer_limit), NULL, "60"},
        { "cisco_accounting_username_bug", PW_TYPE_BOOLEAN,
          offsetof(rlm_eap_t, cisco_accounting_username_bug), NULL, "no" },
 
+       { "backend_auth", PW_TYPE_BOOLEAN, 
+         offsetof(rlm_eap_t, backend_auth), NULL, "yes" }, 
+
        { "tls", PW_TYPE_SUBSECTION, 0, NULL, (const void *) tls_config },
 
+       { "fast", PW_TYPE_SUBSECTION, 0, NULL, (const void *) fast_config }, 
+
        { NULL, -1, 0, NULL, NULL }           /* end the list */
 };
 
@@ -869,6 +904,18 @@ static int eap_authenticate(void *instance, REQUEST *request)
                handler->eap_conf.eap_server = 1;
                handler->eap_conf.ssl_ctx = inst->tls_ctx;
 
+               /*
+                *      Copy EAP-FAST parameters.
+                */
+               handler->eap_conf.pac_opaque_encr_key = inst->pac_opaque_encr_key; 
+               handler->eap_conf.eap_fast_a_id = inst->eap_fast_a_id; 
+               handler->eap_conf.eap_fast_a_id_len = strlen(inst->eap_fast_a_id); 
+               handler->eap_conf.eap_fast_a_id_info = inst->eap_fast_a_id_info; 
+               handler->eap_conf.eap_fast_prov = inst->eap_fast_prov; 
+               handler->eap_conf.pac_key_lifetime = inst->pac_key_lifetime; 
+               handler->eap_conf.pac_key_refresh_time = inst->pac_key_refresh_time; 
+               handler->eap_conf.backend_auth = inst->backend_auth; 
+               
                handler->server_ctx.eap = eap_server_sm_init(handler,
                                                             &handler->eap_cb,
                                                             &handler->eap_conf);