eapol_test: Update with src/ap/ieee802_1x.c changes
eapol_test.c contains variants of couple of functions from the hostapd implementation. Those had not been updated for a while and this commit brings in the main changes to keep the implementations closer to each other. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
747c5f2281
commit
b0f016b873
1 changed files with 18 additions and 19 deletions
|
@ -773,20 +773,20 @@ static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
|
||||||
msg = e->last_recv_radius;
|
msg = e->last_recv_radius;
|
||||||
|
|
||||||
eap = radius_msg_get_eap(msg);
|
eap = radius_msg_get_eap(msg);
|
||||||
if (eap == NULL) {
|
if (!eap) {
|
||||||
/* draft-aboba-radius-rfc2869bis-20.txt, Chap. 2.6.3:
|
/* RFC 3579, Chap. 2.6.3:
|
||||||
* RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
|
* RADIUS server SHOULD NOT send Access-Reject/no EAP-Message
|
||||||
* attribute */
|
* attribute */
|
||||||
wpa_printf(MSG_DEBUG, "could not extract "
|
wpa_printf(MSG_DEBUG,
|
||||||
"EAP-Message from RADIUS message");
|
"could not extract EAP-Message from RADIUS message");
|
||||||
wpabuf_free(e->last_eap_radius);
|
wpabuf_free(e->last_eap_radius);
|
||||||
e->last_eap_radius = NULL;
|
e->last_eap_radius = NULL;
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (wpabuf_len(eap) < sizeof(*hdr)) {
|
if (wpabuf_len(eap) < sizeof(*hdr)) {
|
||||||
wpa_printf(MSG_DEBUG, "too short EAP packet "
|
wpa_printf(MSG_DEBUG,
|
||||||
"received from authentication server");
|
"too short EAP packet received from authentication server");
|
||||||
wpabuf_free(eap);
|
wpabuf_free(eap);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -822,11 +822,11 @@ static void ieee802_1x_decapsulate_radius(struct eapol_test_data *e)
|
||||||
wpa_hexdump_buf(MSG_DEBUG, "Decapsulated EAP packet", eap);
|
wpa_hexdump_buf(MSG_DEBUG, "Decapsulated EAP packet", eap);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
wpa_printf(MSG_DEBUG, "decapsulated EAP packet (code=%d "
|
buf[sizeof(buf) - 1] = '\0';
|
||||||
"id=%d len=%d) from RADIUS server: %s",
|
wpa_printf(MSG_DEBUG,
|
||||||
hdr->code, hdr->identifier, ntohs(hdr->length), buf);
|
"decapsulated EAP packet (code=%d id=%d len=%d) from RADIUS server: %s",
|
||||||
|
hdr->code, hdr->identifier, be_to_host16(hdr->length),
|
||||||
/* sta->eapol_sm->be_auth.idFromServer = hdr->identifier; */
|
buf);
|
||||||
|
|
||||||
wpabuf_free(e->last_eap_radius);
|
wpabuf_free(e->last_eap_radius);
|
||||||
e->last_eap_radius = eap;
|
e->last_eap_radius = eap;
|
||||||
|
@ -859,7 +859,7 @@ static void ieee802_1x_get_keys(struct eapol_test_data *e,
|
||||||
|
|
||||||
keys = radius_msg_get_ms_keys(msg, req, shared_secret,
|
keys = radius_msg_get_ms_keys(msg, req, shared_secret,
|
||||||
shared_secret_len);
|
shared_secret_len);
|
||||||
if (keys && keys->send == NULL && keys->recv == NULL) {
|
if (keys && !keys->send && !keys->recv) {
|
||||||
os_free(keys);
|
os_free(keys);
|
||||||
keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
|
keys = radius_msg_get_cisco_keys(msg, req, shared_secret,
|
||||||
shared_secret_len);
|
shared_secret_len);
|
||||||
|
@ -920,20 +920,19 @@ ieee802_1x_receive_auth(struct radius_msg *msg, struct radius_msg *req,
|
||||||
radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
|
radius_msg_get_attr(msg, RADIUS_ATTR_MESSAGE_AUTHENTICATOR, NULL,
|
||||||
0) < 0 &&
|
0) < 0 &&
|
||||||
radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
|
radius_msg_get_attr(msg, RADIUS_ATTR_EAP_MESSAGE, NULL, 0) < 0) {
|
||||||
wpa_printf(MSG_DEBUG, "Allowing RADIUS "
|
wpa_printf(MSG_DEBUG,
|
||||||
"Access-Reject without Message-Authenticator "
|
"Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message");
|
||||||
"since it does not include EAP-Message\n");
|
|
||||||
} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
|
} else if (radius_msg_verify(msg, shared_secret, shared_secret_len,
|
||||||
req, 1)) {
|
req, 1)) {
|
||||||
printf("Incoming RADIUS packet did not have correct "
|
wpa_printf(MSG_INFO,
|
||||||
"Message-Authenticator - dropped\n");
|
"Incoming RADIUS packet did not have correct Message-Authenticator - dropped");
|
||||||
return RADIUS_RX_UNKNOWN;
|
return RADIUS_RX_INVALID_AUTHENTICATOR;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
|
if (hdr->code != RADIUS_CODE_ACCESS_ACCEPT &&
|
||||||
hdr->code != RADIUS_CODE_ACCESS_REJECT &&
|
hdr->code != RADIUS_CODE_ACCESS_REJECT &&
|
||||||
hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
|
hdr->code != RADIUS_CODE_ACCESS_CHALLENGE) {
|
||||||
printf("Unknown RADIUS message code\n");
|
wpa_printf(MSG_INFO, "Unknown RADIUS message code");
|
||||||
return RADIUS_RX_UNKNOWN;
|
return RADIUS_RX_UNKNOWN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue