From: Luke Howard <lukeh@padl.com>
Date: Tue, 1 Mar 2011 23:53:18 +0000 (+1100)
Subject: Forward EAP identity response as RADIUS user name
X-Git-Tag: vm/20110310~49
X-Git-Url: http://www.project-moonshot.org/gitweb/?p=mech_eap.orig;a=commitdiff_plain;h=53bff0bda5f75f791773e6a824ecb546856c8215

Forward EAP identity response as RADIUS user name
---

diff --git a/accept_sec_context.c b/accept_sec_context.c
index 5c086e7..bfb6a70 100644
--- a/accept_sec_context.c
+++ b/accept_sec_context.c
@@ -168,6 +168,47 @@ eapGssSmAcceptIdentity(OM_uint32 *minor,
 }
 
 /*
+ * Returns TRUE if the input token contains an EAP identity response.
+ */
+static int
+isIdentityResponseP(gss_buffer_t inputToken)
+{
+    struct wpabuf respData;
+
+    wpabuf_set(&respData, inputToken->value, inputToken->length);
+
+    return (eap_get_type(&respData) == EAP_TYPE_IDENTITY);
+}
+
+/*
+ * Pass the asserted initiator identity to the authentication server.
+ */
+static OM_uint32
+setInitiatorIdentity(OM_uint32 *minor,
+                     gss_buffer_t inputToken,
+                     VALUE_PAIR **vps)
+{
+    struct wpabuf respData;
+    const unsigned char *pos;
+    size_t len;
+    gss_buffer_desc nameBuf;
+
+    wpabuf_set(&respData, inputToken->value, inputToken->length);
+
+    pos = eap_hdr_validate(EAP_VENDOR_IETF, EAP_TYPE_IDENTITY,
+                           &respData, &len);
+    if (pos == NULL) {
+        *minor = GSSEAP_PEER_BAD_MESSAGE;
+        return GSS_S_DEFECTIVE_TOKEN;
+    }
+
+    nameBuf.value = (void *)pos;
+    nameBuf.length = len;
+
+    return gssEapRadiusAddAvp(minor, vps, PW_USER_NAME, 0, &nameBuf);
+}
+
+/*
  * Pass the asserted acceptor identity to the authentication server.
  */
 static OM_uint32
@@ -336,15 +377,13 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor,
     struct rs_request *request = NULL;
     struct rs_packet *req = NULL, *resp = NULL;
     struct radius_packet *frreq, *frresp;
-    int sendAcceptorIdentity = 0;
+    int isIdentityResponse = isIdentityResponseP(inputToken);
 
     if (ctx->acceptorCtx.radContext == NULL) {
         /* May be NULL from an imported partial context */
         major = createRadiusHandle(minor, cred, ctx);
         if (GSS_ERROR(major))
             goto cleanup;
-
-        sendAcceptorIdentity = 1;
     }
 
     rconn = ctx->acceptorCtx.radConn;
@@ -355,7 +394,11 @@ eapGssSmAcceptAuthenticate(OM_uint32 *minor,
     }
     frreq = rs_packet_frpkt(req);
 
-    if (sendAcceptorIdentity) {
+    if (isIdentityResponse) {
+        major = setInitiatorIdentity(minor, inputToken, &frreq->vps);
+        if (GSS_ERROR(major))
+            goto cleanup;
+
         major = setAcceptorIdentity(minor, ctx, &frreq->vps);
         if (GSS_ERROR(major))
             goto cleanup;
diff --git a/gssapiP_eap.h b/gssapiP_eap.h
index bc0dad5..18137a9 100644
--- a/gssapiP_eap.h
+++ b/gssapiP_eap.h
@@ -63,6 +63,7 @@
 #include <eap_peer/eap.h>
 #include <eap_peer/eap_config.h>
 #include <eap_peer/eap_methods.h>
+#include <eap_common/eap_common.h>
 #include <wpabuf.h>
 
 /* FreeRADIUS headers */