diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:00 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-13 14:11:00 +0000 |
commit | af754e596a8dbb05ed8580c342e7fe02e08b28e0 (patch) | |
tree | b2f334c2b55ede42081aa6710a72da784547d8ea /src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c | |
parent | Initial commit. (diff) | |
download | freeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.tar.xz freeradius-af754e596a8dbb05ed8580c342e7fe02e08b28e0.zip |
Adding upstream version 3.2.3+dfsg.upstream/3.2.3+dfsg
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c')
-rw-r--r-- | src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c | 168 |
1 files changed, 168 insertions, 0 deletions
diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c new file mode 100644 index 0000000..2fa0077 --- /dev/null +++ b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c @@ -0,0 +1,168 @@ +/* + * rlm_eap_md5.c Handles that are called from eap + * + * Version: $Id$ + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA + * + * Copyright 2000,2001,2006 The FreeRADIUS server project + * Copyright 2001 hereUare Communications, Inc. <raghud@hereuare.com> + */ + +RCSID("$Id$") + +#include <stdio.h> +#include <stdlib.h> + +#include "eap_md5.h" + +#include <freeradius-devel/rad_assert.h> +#include <freeradius-devel/md5.h> + +/* + * Initiate the EAP-MD5 session by sending a challenge to the peer. + */ +static int mod_session_init(UNUSED void *instance, eap_handler_t *handler) +{ + int i; + MD5_PACKET *reply; + REQUEST *request = handler->request; + + /* + * Allocate an EAP-MD5 packet. + */ + reply = talloc(handler, MD5_PACKET); + if (!reply) { + return 0; + } + + /* + * Fill it with data. + */ + reply->code = PW_MD5_CHALLENGE; + reply->length = 1 + MD5_CHALLENGE_LEN; /* one byte of value size */ + reply->value_size = MD5_CHALLENGE_LEN; + + /* + * Allocate user data. + */ + reply->value = talloc_array(reply, uint8_t, reply->value_size); + if (!reply->value) { + talloc_free(reply); + return 0; + } + + /* + * Get a random challenge. + */ + for (i = 0; i < reply->value_size; i++) { + reply->value[i] = fr_rand(); + } + RDEBUG2("Issuing MD5 Challenge"); + + /* + * Keep track of the challenge. + */ + handler->opaque = talloc_array(handler, uint8_t, reply->value_size); + rad_assert(handler->opaque != NULL); + memcpy(handler->opaque, reply->value, reply->value_size); + handler->free_opaque = NULL; + + /* + * Compose the EAP-MD5 packet out of the data structure, + * and free it. + */ + eapmd5_compose(handler->eap_ds, reply); + + /* + * We don't need to authorize the user at this point. + * + * We also don't need to keep the challenge, as it's + * stored in 'handler->eap_ds', which will be given back + * to us... + */ + handler->stage = PROCESS; + + return 1; +} + +/* + * Authenticate a previously sent challenge. + */ +static int mod_process(UNUSED void *arg, eap_handler_t *handler) +{ + MD5_PACKET *packet; + MD5_PACKET *reply; + VALUE_PAIR *password; + REQUEST *request = handler->request; + + /* + * Get the Cleartext-Password for this user. + */ + rad_assert(handler->request != NULL); + rad_assert(handler->stage == PROCESS); + + password = fr_pair_find_by_num(handler->request->config, PW_CLEARTEXT_PASSWORD, 0, TAG_ANY); + if (!password) { + REDEBUG2("Cleartext-Password is required for EAP-MD5 authentication"); + return 0; + } + + /* + * Extract the EAP-MD5 packet. + */ + if (!(packet = eapmd5_extract(handler->eap_ds))) + return 0; + + /* + * Create a reply, and initialize it. + */ + reply = talloc(packet, MD5_PACKET); + if (!reply) { + talloc_free(packet); + return 0; + } + reply->id = handler->eap_ds->request->id; + reply->length = 0; + + /* + * Verify the received packet against the previous packet + * (i.e. challenge) which we sent out. + */ + if (eapmd5_verify(packet, password, handler->opaque)) { + reply->code = PW_MD5_SUCCESS; + } else { + reply->code = PW_MD5_FAILURE; + } + + /* + * Compose the EAP-MD5 packet out of the data structure, + * and free it. + */ + eapmd5_compose(handler->eap_ds, reply); + talloc_free(packet); + return 1; +} + +/* + * The module name should be the only globally exported symbol. + * That is, everything else should be 'static'. + */ +extern rlm_eap_module_t rlm_eap_md5; +rlm_eap_module_t rlm_eap_md5 = { + .name = "eap_md5", + .session_init = mod_session_init, /* Initialise a new EAP session */ + .process = mod_process /* Process next round of EAP method */ +}; |