EAP-TTLS server: Support vendor EAP types in Phase 2

This was already allowed with EAP-PEAP, but EAP-TTLS was hardcoded to
use only the non-expanded EAP types. Extend that to allow vendor EAP
types to be used.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2019-08-17 12:09:27 +03:00
parent 5f2301a6da
commit 5e94e7f23d

View file

@ -827,15 +827,14 @@ static void eap_ttls_process_phase2_mschapv2(struct eap_sm *sm,
static int eap_ttls_phase2_eap_init(struct eap_sm *sm, static int eap_ttls_phase2_eap_init(struct eap_sm *sm,
struct eap_ttls_data *data, struct eap_ttls_data *data,
enum eap_type eap_type) int vendor, enum eap_type eap_type)
{ {
if (data->phase2_priv && data->phase2_method) { if (data->phase2_priv && data->phase2_method) {
data->phase2_method->reset(sm, data->phase2_priv); data->phase2_method->reset(sm, data->phase2_priv);
data->phase2_method = NULL; data->phase2_method = NULL;
data->phase2_priv = NULL; data->phase2_priv = NULL;
} }
data->phase2_method = eap_server_get_eap_method(EAP_VENDOR_IETF, data->phase2_method = eap_server_get_eap_method(vendor, eap_type);
eap_type);
if (!data->phase2_method) if (!data->phase2_method)
return -1; return -1;
@ -850,7 +849,8 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
struct eap_ttls_data *data, struct eap_ttls_data *data,
u8 *in_data, size_t in_len) u8 *in_data, size_t in_len)
{ {
u8 next_type = EAP_TYPE_NONE; int next_vendor = EAP_VENDOR_IETF;
enum eap_type next_type = EAP_TYPE_NONE;
struct eap_hdr *hdr; struct eap_hdr *hdr;
u8 *pos; u8 *pos;
size_t left; size_t left;
@ -875,14 +875,17 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS && if (sm->user && sm->user_eap_method_index < EAP_MAX_METHODS &&
sm->user->methods[sm->user_eap_method_index].method != sm->user->methods[sm->user_eap_method_index].method !=
EAP_TYPE_NONE) { EAP_TYPE_NONE) {
next_vendor = sm->user->methods[
sm->user_eap_method_index].vendor;
next_type = sm->user->methods[ next_type = sm->user->methods[
sm->user_eap_method_index++].method; sm->user_eap_method_index++].method;
wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u",
next_type); next_vendor, next_type);
if (eap_ttls_phase2_eap_init(sm, data, next_type)) { if (eap_ttls_phase2_eap_init(sm, data, next_vendor,
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to " next_type)) {
"initialize EAP type %d", wpa_printf(MSG_DEBUG,
next_type); "EAP-TTLS: Failed to initialize EAP type %u:%u",
next_vendor, next_type);
eap_ttls_state(data, FAILURE); eap_ttls_state(data, FAILURE);
return; return;
} }
@ -930,12 +933,16 @@ static void eap_ttls_process_phase2_eap_response(struct eap_sm *sm,
} }
eap_ttls_state(data, PHASE2_METHOD); eap_ttls_state(data, PHASE2_METHOD);
next_vendor = sm->user->methods[0].vendor;
next_type = sm->user->methods[0].method; next_type = sm->user->methods[0].method;
sm->user_eap_method_index = 1; sm->user_eap_method_index = 1;
wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %d", next_type); wpa_printf(MSG_DEBUG, "EAP-TTLS: try EAP type %u:%u",
if (eap_ttls_phase2_eap_init(sm, data, next_type)) { next_vendor, next_type);
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize " if (eap_ttls_phase2_eap_init(sm, data, next_vendor,
"EAP type %d", next_type); next_type)) {
wpa_printf(MSG_DEBUG,
"EAP-TTLS: Failed to initialize EAP type %u:%u",
next_vendor, next_type);
eap_ttls_state(data, FAILURE); eap_ttls_state(data, FAILURE);
} }
break; break;
@ -962,8 +969,8 @@ static void eap_ttls_process_phase2_eap(struct eap_sm *sm,
if (data->state == PHASE2_START) { if (data->state == PHASE2_START) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2"); wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: initializing Phase 2");
if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_IDENTITY) < 0) if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF,
{ EAP_TYPE_IDENTITY) < 0) {
wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to " wpa_printf(MSG_DEBUG, "EAP-TTLS/EAP: failed to "
"initialize EAP-Identity"); "initialize EAP-Identity");
return; return;
@ -1116,7 +1123,7 @@ static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
return; return;
wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) { if (eap_ttls_phase2_eap_init(sm, data, EAP_VENDOR_IETF, EAP_TYPE_TNC)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
eap_ttls_state(data, FAILURE); eap_ttls_state(data, FAILURE);
return; return;