www.project-moonshot.org Git - mech_eap.orig/blob - libeap/src/eap_server/eap_server_gtc.c

   1 /*
   2  * hostapd / EAP-GTC (RFC 3748)
   3  * Copyright (c) 2004-2006, Jouni Malinen <j@w1.fi>
   4  *
   5  * This program is free software; you can redistribute it and/or modify
   6  * it under the terms of the GNU General Public License version 2 as
   7  * published by the Free Software Foundation.
   8  *
   9  * Alternatively, this software may be distributed under the terms of BSD
  10  * license.
  11  *
  12  * See README and COPYING for more details.
  13  */
  14
  15 #include "includes.h"
  16
  17 #include "common.h"
  18 #include "eap_i.h"
  19
  20
  21 struct eap_gtc_data {
  22         enum { CONTINUE, SUCCESS, FAILURE } state;
  23         int prefix;
  24 };
  25
  26
  27 static void * eap_gtc_init(struct eap_sm *sm)
  28 {
  29         struct eap_gtc_data *data;
  30
  31         data = os_zalloc(sizeof(*data));
  32         if (data == NULL)
  33                 return NULL;
  34         data->state = CONTINUE;
  35
  36 #ifdef EAP_SERVER_FAST
  37         if (sm->m && sm->m->vendor == EAP_VENDOR_IETF &&
  38             sm->m->method == EAP_TYPE_FAST) {
  39                 wpa_printf(MSG_DEBUG, "EAP-GTC: EAP-FAST tunnel - use prefix "
  40                            "with challenge/response");
  41                 data->prefix = 1;
  42         }
  43 #endif /* EAP_SERVER_FAST */
  44
  45         return data;
  46 }
  47
  48
  49 static void eap_gtc_reset(struct eap_sm *sm, void *priv)
  50 {
  51         struct eap_gtc_data *data = priv;
  52         os_free(data);
  53 }
  54
  55
  56 static struct wpabuf * eap_gtc_buildReq(struct eap_sm *sm, void *priv, u8 id)
  57 {
  58         struct eap_gtc_data *data = priv;
  59         struct wpabuf *req;
  60         char *msg;
  61         size_t msg_len;
  62
  63         msg = data->prefix ? "CHALLENGE=Password" : "Password";
  64
  65         msg_len = os_strlen(msg);
  66         req = eap_msg_alloc(EAP_VENDOR_IETF, EAP_TYPE_GTC, msg_len,
  67                             EAP_CODE_REQUEST, id);
  68         if (req == NULL) {
  69                 wpa_printf(MSG_ERROR, "EAP-GTC: Failed to allocate memory for "
  70                            "request");
  71                 data->state = FAILURE;
  72                 return NULL;
  73         }
  74
  75         wpabuf_put_data(req, msg, msg_len);
  76
  77         data->state = CONTINUE;
  78
  79         return req;
  80 }
  81
  82
  83 static Boolean eap_gtc_check(struct eap_sm *sm, void *priv,
  84                              struct wpabuf *respData)
  85 {
  86         const u8 *pos;
  87         size_t len;
  88
  89         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &len);
  90         if (pos == NULL || len < 1) {
  91                 wpa_printf(MSG_INFO, "EAP-GTC: Invalid frame");
  92                 return TRUE;
  93         }
  94
  95         return FALSE;
  96 }
  97
  98
  99 static void eap_gtc_process(struct eap_sm *sm, void *priv,
 100                             struct wpabuf *respData)
 101 {
 102         struct eap_gtc_data *data = priv;
 103         const u8 *pos;
 104         size_t rlen;
 105
 106         pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_GTC, respData, &rlen);
 107         if (pos == NULL || rlen < 1)
 108                 return; /* Should not happen - frame already validated */
 109
 110         wpa_hexdump_ascii_key(MSG_MSGDUMP, "EAP-GTC: Response", pos, rlen);
 111
 112 #ifdef EAP_SERVER_FAST
 113         if (data->prefix) {
 114                 const u8 *pos2, *end;
 115                 /* "RESPONSE=<user>\0<password>" */
 116                 if (rlen < 10) {
 117                         wpa_printf(MSG_DEBUG, "EAP-GTC: Too short response "
 118                                    "for EAP-FAST prefix");
 119                         data->state = FAILURE;
 120                         return;
 121                 }
 122
 123                 end = pos + rlen;
 124                 pos += 9;
 125                 pos2 = pos;
 126                 while (pos2 < end && *pos2)
 127                         pos2++;
 128                 if (pos2 == end) {
 129                         wpa_printf(MSG_DEBUG, "EAP-GTC: No password in "
 130                                    "response to EAP-FAST prefix");
 131                         data->state = FAILURE;
 132                         return;
 133                 }
 134
 135                 wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Response user",
 136                                   pos, pos2 - pos);
 137                 if (sm->identity && sm->require_identity_match &&
 138                     (pos2 - pos != (int) sm->identity_len ||
 139                      os_memcmp(pos, sm->identity, sm->identity_len))) {
 140                         wpa_printf(MSG_DEBUG, "EAP-GTC: Phase 2 Identity did "
 141                                    "not match with required Identity");
 142                         wpa_hexdump_ascii(MSG_MSGDUMP, "EAP-GTC: Expected "
 143                                           "identity",
 144                                           sm->identity, sm->identity_len);
 145                         data->state = FAILURE;
 146                         return;
 147                 } else {
 148                         os_free(sm->identity);
 149                         sm->identity_len = pos2 - pos;
 150                         sm->identity = os_malloc(sm->identity_len);
 151                         if (sm->identity == NULL) {
 152                                 data->state = FAILURE;
 153                                 return;
 154                         }
 155                         os_memcpy(sm->identity, pos, sm->identity_len);
 156                 }
 157
 158                 if (eap_user_get(sm, sm->identity, sm->identity_len, 1) != 0) {
 159                         wpa_hexdump_ascii(MSG_DEBUG, "EAP-GTC: Phase2 "
 160                                           "Identity not found in the user "
 161                                           "database",
 162                                           sm->identity, sm->identity_len);
 163                         data->state = FAILURE;
 164                         return;
 165                 }
 166
 167                 pos = pos2 + 1;
 168                 rlen = end - pos;
 169                 wpa_hexdump_ascii_key(MSG_MSGDUMP,
 170                                       "EAP-GTC: Response password",
 171                                       pos, rlen);
 172         }
 173 #endif /* EAP_SERVER_FAST */
 174
 175         if (sm->user == NULL || sm->user->password == NULL ||
 176             sm->user->password_hash) {
 177                 wpa_printf(MSG_INFO, "EAP-GTC: Plaintext password not "
 178                            "configured");
 179                 data->state = FAILURE;
 180                 return;
 181         }
 182
 183         if (rlen != sm->user->password_len ||
 184             os_memcmp(pos, sm->user->password, rlen) != 0) {
 185                 wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Failure");
 186                 data->state = FAILURE;
 187         } else {
 188                 wpa_printf(MSG_DEBUG, "EAP-GTC: Done - Success");
 189                 data->state = SUCCESS;
 190         }
 191 }
 192
 193
 194 static Boolean eap_gtc_isDone(struct eap_sm *sm, void *priv)
 195 {
 196         struct eap_gtc_data *data = priv;
 197         return data->state != CONTINUE;
 198 }
 199
 200
 201 static Boolean eap_gtc_isSuccess(struct eap_sm *sm, void *priv)
 202 {
 203         struct eap_gtc_data *data = priv;
 204         return data->state == SUCCESS;
 205 }
 206
 207
 208 int eap_server_gtc_register(void)
 209 {
 210         struct eap_method *eap;
 211         int ret;
 212
 213         eap = eap_server_method_alloc(EAP_SERVER_METHOD_INTERFACE_VERSION,
 214                                       EAP_VENDOR_IETF, EAP_TYPE_GTC, "GTC");
 215         if (eap == NULL)
 216                 return -1;
 217
 218         eap->init = eap_gtc_init;
 219         eap->reset = eap_gtc_reset;
 220         eap->buildReq = eap_gtc_buildReq;
 221         eap->check = eap_gtc_check;
 222         eap->process = eap_gtc_process;
 223         eap->isDone = eap_gtc_isDone;
 224         eap->isSuccess = eap_gtc_isSuccess;
 225
 226         ret = eap_server_method_register(eap);
 227         if (ret)
 228                 eap_server_method_free(eap);
 229         return ret;
 230 }