From c80a74d70c9a2a21ab7dc0626ed7f1b0eff19520 Mon Sep 17 00:00:00 2001 From: Jouni Malinen Date: Sun, 9 Mar 2008 12:05:06 +0200 Subject: [PATCH] TNC: Integrated TNC support into EAP-TTLS server If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel after a successful authentication. --- src/eap_server/eap_ttls.c | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/src/eap_server/eap_ttls.c b/src/eap_server/eap_ttls.c index 63b274552..545958dfa 100644 --- a/src/eap_server/eap_ttls.c +++ b/src/eap_server/eap_ttls.c @@ -55,6 +55,7 @@ struct eap_ttls_data { u8 mschapv2_ident; int tls_ia_configured; struct wpabuf *pending_phase2_eap_resp; + int tnc_started; }; @@ -1244,6 +1245,15 @@ static void eap_ttls_process_phase2(struct eap_sm *sm, } } +#ifdef EAP_TNC + if (data->tnc_started && parse.eap == NULL) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP " + "response from peer"); + eap_ttls_state(data, FAILURE); + goto done; + } +#endif /* EAP_TNC */ + if (parse.eap) { eap_ttls_process_phase2_eap(sm, data, parse.eap, parse.eap_len); @@ -1276,6 +1286,25 @@ done: } +static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data) +{ +#ifdef EAP_TNC + if (!sm->tnc || data->state != SUCCESS || data->tnc_started) + return; + + wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC"); + if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) { + wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC"); + eap_ttls_state(data, FAILURE); + return; + } + + data->tnc_started = 1; + eap_ttls_state(data, PHASE2_METHOD); +#endif /* EAP_TNC */ +} + + static void eap_ttls_process(struct eap_sm *sm, void *priv, struct wpabuf *respData) { @@ -1348,6 +1377,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, case PHASE_FINISHED: /* FIX: get rid of const->non-const typecast */ eap_ttls_process_phase2(sm, data, (u8 *) pos, left); + eap_ttls_start_tnc(sm, data); break; case PHASE2_MSCHAPV2_RESP: if (data->mschapv2_resp_ok && left == 0) { @@ -1366,6 +1396,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv, (unsigned long) left); eap_ttls_state(data, FAILURE); } + eap_ttls_start_tnc(sm, data); break; default: wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",