From b94a9ab48f37fa7fd746a4f6a14eccef36dd14db Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 7 Jul 2010 16:50:47 +0200 Subject: [PATCH] Patches for EAP-FAST as posted to the list 2010-01-19 by Maja Wolniewicz --- raddb/experimental.conf | 6 ++++++ src/modules/rlm_eap2/rlm_eap2.c | 47 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 53 insertions(+) diff --git a/raddb/experimental.conf b/raddb/experimental.conf index 95c8c93..e2488af 100644 --- a/raddb/experimental.conf +++ b/raddb/experimental.conf @@ -438,4 +438,10 @@ } } } + + fast { + pac_opaque_encr_key = 000102030405060708090a0b0c0d0e0f + eap_fast_a_id = xxxxxx + eap_fast_a_id_info = my_server + } } diff --git a/src/modules/rlm_eap2/rlm_eap2.c b/src/modules/rlm_eap2/rlm_eap2.c index 5b19f65..671dd77 100644 --- a/src/modules/rlm_eap2/rlm_eap2.c +++ b/src/modules/rlm_eap2/rlm_eap2.c @@ -71,6 +71,17 @@ typedef struct rlm_eap_t { struct tls_connection_params tparams; + /* + * For EAP-FAST + */ + char *pac_opaque_encr_key; + char *eap_fast_a_id; + char *eap_fast_a_id_info; + int eap_fast_prov; + int pac_key_lifetime; + int pac_key_refresh_time; + int backend_auth; + int num_types; EapType methods[EAP_MAX_METHODS]; int vendors[EAP_MAX_METHODS]; @@ -444,17 +455,41 @@ static CONF_PARSER tls_config[] = { offsetof(rlm_eap_t, tparams.private_key_passwd), NULL, "whatever" }, + { "dh_file", PW_TYPE_STRING_PTR, + offsetof(rlm_eap_t, tparams.dh_file), NULL, "whatever" }, + { NULL, -1, 0, NULL, NULL } /* end the list */ }; +static CONF_PARSER fast_config[] = { + { "pac_opaque_encr_key", PW_TYPE_STRING_PTR, + offsetof(rlm_eap_t, pac_opaque_encr_key), NULL, NULL }, + { "eap_fast_a_id", PW_TYPE_STRING_PTR, + offsetof(rlm_eap_t, eap_fast_a_id), NULL, NULL }, + { "eap_fast_a_id_info", PW_TYPE_STRING_PTR, + offsetof(rlm_eap_t, eap_fast_a_id_info), NULL, NULL }, + { "eap_fast_prov", PW_TYPE_INTEGER, + offsetof(rlm_eap_t, eap_fast_prov), NULL, "3"}, + { "pac_key_lifetime", PW_TYPE_INTEGER, + offsetof(rlm_eap_t, pac_key_lifetime), NULL, "604800"}, + { "pac_key_refresh_time", PW_TYPE_INTEGER, + offsetof(rlm_eap_t, pac_key_refresh_time), NULL, "86400"}, + { NULL, -1, 0, NULL, NULL } /* end the list */ +}; + static const CONF_PARSER module_config[] = { { "timer_expire", PW_TYPE_INTEGER, offsetof(rlm_eap_t, timer_limit), NULL, "60"}, { "cisco_accounting_username_bug", PW_TYPE_BOOLEAN, offsetof(rlm_eap_t, cisco_accounting_username_bug), NULL, "no" }, + { "backend_auth", PW_TYPE_BOOLEAN, + offsetof(rlm_eap_t, backend_auth), NULL, "yes" }, + { "tls", PW_TYPE_SUBSECTION, 0, NULL, (const void *) tls_config }, + { "fast", PW_TYPE_SUBSECTION, 0, NULL, (const void *) fast_config }, + { NULL, -1, 0, NULL, NULL } /* end the list */ }; @@ -869,6 +904,18 @@ static int eap_authenticate(void *instance, REQUEST *request) handler->eap_conf.eap_server = 1; handler->eap_conf.ssl_ctx = inst->tls_ctx; + /* + * Copy EAP-FAST parameters. + */ + handler->eap_conf.pac_opaque_encr_key = inst->pac_opaque_encr_key; + handler->eap_conf.eap_fast_a_id = inst->eap_fast_a_id; + handler->eap_conf.eap_fast_a_id_len = strlen(inst->eap_fast_a_id); + handler->eap_conf.eap_fast_a_id_info = inst->eap_fast_a_id_info; + handler->eap_conf.eap_fast_prov = inst->eap_fast_prov; + handler->eap_conf.pac_key_lifetime = inst->pac_key_lifetime; + handler->eap_conf.pac_key_refresh_time = inst->pac_key_refresh_time; + handler->eap_conf.backend_auth = inst->backend_auth; + handler->server_ctx.eap = eap_server_sm_init(handler, &handler->eap_cb, &handler->eap_conf); -- 2.1.4