eapmd5.cpp

source_code 实现无线局域网中的802.1x功能

/**************************************************************************/
/* WIRE1x Version 1.0: A client-side 802.1x implementation                */
/* based on xsupplicant of Open1x for Windows XP, 2000, 98, and Me        */
/*                                                                        */
/* This code is released under both the GPL version 2 and BSD licenses.   */
/* Either license may be used.  The respective licenses are found below.  */
/*                                                                        */
/* Copyright (C) 2004, WIRE Lab, National Tsing Hua Univ., Hsinchu, Taiwan*/
/* All Rights Reserved                                                    */
/**************************************************************************/

/**
 * A client-side 802.1x implementation supporting EAP/MD5
 *
 * This code is released under both the GPL version 2 and BSD licenses.
 * Either license may be used.  The respective licenses are found below.
 *
 * Copyright (C) 2002 Chris Hessing & Terry Simons
 * All Rights Reserved
 *
 * --- GPL Version 2 License ---
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 * --- BSD License ---
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 *
 *  - Redistributions of source code must retain the above copyright notice,
 *    this list of conditions and the following disclaimer.
 *  - Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 *  - All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *       This product includes software developed by the University of
 *       Maryland at College Park and its contributors.
 *  - Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 */
#include <stdafx.h>
#include <string.h>
#include <unistd.h>
#include <stdlib.h>
#include "dot1x_globals.h"
#include "eapmd5.h"
#include "eap.h"
#include "userconf.h"
#include "md5.h"

#ifndef MD5_DEBUG
#define MD5_DEBUG  0
#endif

char *eapmd5_netid;
char *eapmd5_config;

int init_eapmd5(char *config, char *netid)
{

  eapmd5_netid = netid;
  eapmd5_config = config;

  return 0;
}


/*************************************************************
  eapmd5_decode_packet - decode an MD5 challenge, and answer it

  When an MD5 challenge is sent in, the header, up to the actual challenge
  string is stripped off before we get here.  Since the ID is needed to 
  generate the return md5 hash, we need to have it passed in too.

  The way that the MD5 challenge response works is fairly simple.  The
  authenticator sends us a random stream of bytes.  The first byte in this
  stream is the length of the stream.  From this, we build our response by
  building a string that contains ID + password + challenge stream, and then
  MD5 it.   The resulting value, with our username concatinated to the end is
  returned in the response packet.
************************************************************/

int eapmd5_decode_packet(u_char *in, int in_size, u_char *out, int *out_size)
{
  u_char challen = 0;
  int hashlen =0;
  char *chal =NULL;
  u_char *answer =NULL;
  u_char md5_result[16];
  int md5_length=16;       // Should always be 16, but get it anyway.
  MD5_CTX context;
  char *username;
  char *password;

  // Get our username and password out of our configuration structure in memory
  username = get_username();
  password = get_password();
  challen = in[0];
  if (chal == NULL)   //Which it *always* should
  {
      chal = (char *)malloc(challen);
	if (chal == NULL)
	{
	}
  } else {
  }
  memcpy(chal, &in[1], challen);   // We should have our hash info.
  answer = (u_char *)malloc(1+challen+strlen(password)+1);
  if (answer == NULL) 
    {
      return -1;    // Something is wrong.
    }

  answer[0] = get_receivedId();
  memcpy(&answer[1], password, strlen(password));
  memcpy(&answer[1+strlen(password)],chal,challen);
  hashlen = 1+strlen(password)+challen;   // Save us from nulls in answer.
  MD5Init(&context);               //Initialize MD5
  MD5Update(&context, answer, hashlen);
  MD5Final(md5_result, &context);
  if (md5_length != 16)
    {
    }

  free(answer);  // We are done with these values.
  answer = NULL;
  free(chal);
  chal = NULL;

  // Probably shouldn't reuse the same variable....
  // We need to malloc 1 for the length byte,
  // 16 for the MD5 string,
  // strlen(username) for the username,
  // and 1 for a NULL byte for good measure. 8-)
  answer = (u_char *)malloc(1+16+strlen(username));
  if (answer == NULL) 
    {
      free(username);
      username=NULL;
      free(password);
      password=NULL;
      return -1;
    }

  answer[0] = 0x10;
  memcpy(&answer[1],&md5_result,16);
  memcpy(&answer[17],username,strlen(username));

  // We now have an answer!
  memcpy(out, answer, 17+strlen(username));
  *out_size = 17+strlen(username);

  if (answer != NULL) free(answer);
  answer=NULL;
  free(username);
  username = NULL;
  free(password);
  password = NULL;

  return 0;  // Everything is okay.
}

/******************************************************************
 * Get the password for the <nasid:id> found in the config file.
 ******************************************************************/
int eapmd5_auth_setup()
{
  char *temp_username=NULL;
  char *temp_password=NULL;
  char *trash;

  // We may want to ask for the user's password.


  temp_username = get_username();

  // We need to think of a better way to handle this.  Right now, if you
  // put in an incorrect password, you can never fix it.
  trash = get_password();
  if (trash == NULL)
    {
      set_password(temp_password);  // Update our config values.
    } else {
    }
  free(trash);
  free(temp_username);
  temp_username = NULL;
  return 0;
}

// Clean up any memory we have allocated, and destroy anything we need to.
int eapmd5_shutdown()
{
  // Don't free one_x_globals as it is a copy of a pointer to memory, and
  // the shutdown_eap function will free it.
  return 0;
}