peap_phase2.c

可以用作很多客户端的XSUPPLICANT的源代码。比如用在802.1x或者无线AP上

	{
	  debug_printf(DEBUG_NORMAL, "Invalid EAP state data in GTC section of do_peap_version1()!\n");
	  return;
	}

      eapotp_process(thisint, (u_char *)&in[5], (in_size-5), new_frame, &new_frame_size);

      if (thisint->need_password == 0)
	{
	  out[0] = EAP_RESPONSE;
	  out[1] = in[1];

	  i = ntohs(6+new_frame_size); // 6 bytes header, plus out answer
	  memcpy(&out[2], (uint16_t *)&i, 2);
	  out[4] = EAP_TYPE_GTC;  // We have a GTC answer

	  memcpy(&out[5], new_frame, new_frame_size);
	  *out_size = new_frame_size+5;
	} else {
	  *out_size = 0;
	}
      break;
      */

    case EAP_TYPE_MSCHAPV2: 
      debug_printf(DEBUG_AUTHTYPES, "Got a phase 2 request for MS-CHAPv2!\n");
      if (thisint->eap_data == NULL)
	{
	  eapmschapv2_setup(thisint);
	  thisint->eapid = EAP_TYPE_MSCHAPV2;
	  debug_printf(DEBUG_AUTHTYPES, "(PEAP - Phase 2) Initalized MS-CHAPv2..\n");
	}

      /*      if (thisint->tempPwd != NULL)
	{
	  debug_printf(DEBUG_AUTHTYPES, "Temp Password : %s\n", thisint->tempPwd);
	  }*/
      if (!thisint->eap_data)
	{
	  debug_printf(DEBUG_NORMAL, "Invalid EAP state data in MS-CHAPv2 part of do_peap_version1()!\n");
	  return;
	}

      eapmschapv2_process(thisint, (u_char *)&in[5], (in_size-5), new_frame, &new_frame_size);
      
      if ((thisint->need_password == 0) && ((new_frame_size > 0) && 
					    (new_frame_size < 1522)))
	{
	  out[0] = EAP_RESPONSE;
	  out[1] = in[1];

	  i = ntohs(6+new_frame_size); // 6 bytes header, plus out answer
	  memcpy(&out[2], (uint16_t *)&i, 2);
	  out[4] = EAP_TYPE_MSCHAPV2;  // We have an MSCHAPv2 answer

	  memcpy(&out[5], new_frame, new_frame_size);
	  *out_size = new_frame_size+5;
	} else {
	  *out_size = 0;
	}
      break;

    case PEAP_EAP_EXTENSION: // EAP Extension
      debug_printf(DEBUG_AUTHTYPES, "Got an EAP extension frame!\n");
      out[0] = EAP_RESPONSE;
      memcpy(&out[1], &in[1], in_size-1);
      *out_size = in_size;
      break;

      /*    default:
      debug_printf(DEBUG_NORMAL, "Not sure how to handle this request! (%02X)\n", eapvalue);
      *out_size = 0;
      break;
      */
    }
  free(new_frame);
}

void do_peap_version0(struct generic_eap_data *thisint, u_char *in, int in_size, 
		      u_char *out, int *out_size)
{
  char *padded_frame, *new_frame;
  int padded_size, new_frame_size, eframe = 0;

  if (!out_size)
    {
      debug_printf(DEBUG_NORMAL, "Invalid pointer for out size!\n");
      return;
    }

  *out_size = 0;

  if (!in)
    {
      debug_printf(DEBUG_NORMAL, "Input frame was NULL!  Ignoring!\n");
      return;
    }

  if (!out)
    {
      debug_printf(DEBUG_NORMAL, "Invalid return buffer!\n");
      return;
    }

  if (in_size>1520)
    {
      debug_printf(DEBUG_NORMAL, "Input frame is too big! Ignoring!\n");
      *out_size = 0;
      return;
    }

  padded_size = in_size;

  padded_frame = (char *)malloc(in_size+19);  // It is 19 bytes to pad out.
  if (padded_frame == NULL)
    {
      debug_printf(DEBUG_NORMAL, "Unable to allocate memory for padded_frame in do_peap_version0()!\n");
      return;
    }

  if ((in[4] == 0x21) && (in[5] = 0x80))  
    {
      eframe = 1;
      memcpy(padded_frame, in, in_size);
    }

  if (eframe != 1) 
    {
      peap_pad_frame(in, in_size, padded_frame, &padded_size);
    }

  new_frame = (char *)malloc(1024);
  if (new_frame == NULL)
    {
      debug_printf(DEBUG_NORMAL, "ACK!  We can't allocate memory!\n");
      return;
    }
 
  do_peap_version1(thisint, padded_frame, padded_size, new_frame, 
		   &new_frame_size);
  free(padded_frame);
  if (eframe !=1) 
    {
      peap_unpad_frame(new_frame, new_frame_size, out, out_size);
    } else {
      memcpy(out, new_frame, new_frame_size);
      *out_size = new_frame_size;
    }
  free(new_frame);

  eframe = 0;
}


void peap_do_phase2(struct generic_eap_data *thisint, u_char *in, int in_size, 
		    u_char *out, int *out_size)
{
  struct tls_vars *mytls_vars;
  struct phase2_data *p2d;
  u_char *decr_data, *encr_data;
  int encrsize, decrsize;
  struct config_eap_peap *peapconf;
  struct generic_eap_data *eapdata;

  if ((!thisint) || (!in) || (!out))
    {
      debug_printf(DEBUG_NORMAL, "Invalid parameters passed in to peap_do_phase2()!\n");
      return;
    }

  *out_size = 0;

  mytls_vars = (struct tls_vars *)thisint->eap_data;

  if (mytls_vars == NULL)
    {
      debug_printf(DEBUG_NORMAL, "mytls_vars (thisint->eap_data) == NULL!\n");
      return;
    }

  peapconf = (struct config_eap_peap *)thisint->eap_conf_data;

  if (peapconf == NULL)
    {
      debug_printf(DEBUG_NORMAL, "peapconf == NULL!\n");
      return;
    }

  p2d = (struct phase2_data *)mytls_vars->phase2data;

  if (p2d->eapdata == NULL)
    {
      p2d->eapdata = (struct generic_eap_data *)malloc(sizeof(struct generic_eap_data));
      if (p2d->eapdata == NULL)
	{
	  *out_size = 0;
	  return;
	}
      memset(p2d->eapdata, 0, sizeof(struct generic_eap_data));
      
      p2d->eapdata->eap_data = NULL;
    }

  p2d->eapdata->eap_conf_data = peapconf->phase2->method_data;
  p2d->eapdata->identity = thisint->identity;

  decr_data = (char *)malloc(1550);
  if (decr_data == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for decryption buffer!\n");
      return;
    }

  encr_data = (char *)malloc(1550);
  if (encr_data == NULL) 
    {
      debug_printf(DEBUG_NORMAL, "Couldn't allocate memory for encryption buffer!\n");
      free(decr_data);
      return;
    }

  if (in_size > 0)
    {
      tls_crypt_decrypt(thisint, in, in_size, decr_data, &decrsize);
    } else {
      free(decr_data);
      decr_data = NULL;
    }

  // We need to check this.  I don't think it is needed anymore.
  if (decrsize <=0)
    {
      debug_printf(DEBUG_AUTHTYPES, "Sending ACK!\n");
      bzero(out,10);
      *out_size = 1;
      free(decr_data);
      free(encr_data);
      return;
    }

  debug_printf(DEBUG_AUTHTYPES, "Decrypted packet returned %d byte(s)\n", decrsize);

  if (thisint->tempPwd != NULL)
    {
      eapdata = p2d->eapdata;

      if (eapdata != NULL)
	{
	  eapdata->tempPwd = thisint->tempPwd;
	}
    }

  bzero(out, 100);
  switch (p2d->peap_version)
    {
    case 0:
      debug_printf(DEBUG_AUTHTYPES, "Doing PEAP v0!\n");
      do_peap_version0(p2d->eapdata, decr_data, decrsize, encr_data, &encrsize);
      break;
    case 1:
      debug_printf(DEBUG_AUTHTYPES, "Doing PEAP v1!\n");
      do_peap_version1(p2d->eapdata, decr_data, decrsize, encr_data, &encrsize);
      break;
    default:
      debug_printf(DEBUG_NORMAL, "Unknown PEAP version!  (%d)\n",p2d->peap_version);
      break;
    }

  eapdata = p2d->eapdata;
  
  if (eapdata->need_password == 1)
    {
      thisint->need_password = 1;
      thisint->eaptype = eapdata->eaptype;
      thisint->eapchallenge = eapdata->eapchallenge;
      *out_size = 0;
    }

  if (encrsize > 0)
    {
      debug_printf(DEBUG_AUTHTYPES, "Unencrypted return frame : \n");
      debug_hex_dump(DEBUG_AUTHTYPES, encr_data, encrsize);
      tls_crypt_encrypt_nolen(thisint, encr_data, encrsize, out, out_size);
      debug_printf(DEBUG_AUTHTYPES, "Encrypted return frame : \n");
      debug_hex_dump(DEBUG_AUTHTYPES, out, *out_size);
    }

  free(encr_data);
  free(decr_data);
}


void peap_phase2_failed(struct generic_eap_data *thisint)
{
  struct tls_vars *mytls_vars;
  struct phase2_data *p2d;

  if (!thisint)
    {
      debug_printf(DEBUG_NORMAL, "Invalid data passed to peap_phase2_failed()!\n");
      return;
    }

  mytls_vars = (struct tls_vars *)thisint->eap_data;

  if (mytls_vars == NULL)
    {
      debug_printf(DEBUG_NORMAL, "mytls_vars (thisint->eap_data) == NULL!\n");
      return;
    }

  p2d = (struct phase2_data *)mytls_vars->phase2data;

  if (p2d->eapdata == NULL)
    {
      // We didn't get to phase 2, so just bail.
      return;
    }

  // For now, we only support MS-CHAPv2, so we can call this.
  eapmschapv2_failed(p2d->eapdata);
}