TNC: Integrated TNC support into EAP-TTLS server

If TNC is enabled, EAP-TTLS will run a second EAP (TNC) inside the tunnel
after a successful authentication.
This commit is contained in:
Jouni Malinen 2008-03-09 12:05:06 +02:00
parent 35f39ac4c9
commit c80a74d70c

View file

@ -55,6 +55,7 @@ struct eap_ttls_data {
u8 mschapv2_ident; u8 mschapv2_ident;
int tls_ia_configured; int tls_ia_configured;
struct wpabuf *pending_phase2_eap_resp; struct wpabuf *pending_phase2_eap_resp;
int tnc_started;
}; };
@ -1244,6 +1245,15 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
} }
} }
#ifdef EAP_TNC
if (data->tnc_started && parse.eap == NULL) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: TNC started but no EAP "
"response from peer");
eap_ttls_state(data, FAILURE);
goto done;
}
#endif /* EAP_TNC */
if (parse.eap) { if (parse.eap) {
eap_ttls_process_phase2_eap(sm, data, parse.eap, eap_ttls_process_phase2_eap(sm, data, parse.eap,
parse.eap_len); parse.eap_len);
@ -1276,6 +1286,25 @@ done:
} }
static void eap_ttls_start_tnc(struct eap_sm *sm, struct eap_ttls_data *data)
{
#ifdef EAP_TNC
if (!sm->tnc || data->state != SUCCESS || data->tnc_started)
return;
wpa_printf(MSG_DEBUG, "EAP-TTLS: Initialize TNC");
if (eap_ttls_phase2_eap_init(sm, data, EAP_TYPE_TNC)) {
wpa_printf(MSG_DEBUG, "EAP-TTLS: Failed to initialize TNC");
eap_ttls_state(data, FAILURE);
return;
}
data->tnc_started = 1;
eap_ttls_state(data, PHASE2_METHOD);
#endif /* EAP_TNC */
}
static void eap_ttls_process(struct eap_sm *sm, void *priv, static void eap_ttls_process(struct eap_sm *sm, void *priv,
struct wpabuf *respData) struct wpabuf *respData)
{ {
@ -1348,6 +1377,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv,
case PHASE_FINISHED: case PHASE_FINISHED:
/* FIX: get rid of const->non-const typecast */ /* FIX: get rid of const->non-const typecast */
eap_ttls_process_phase2(sm, data, (u8 *) pos, left); eap_ttls_process_phase2(sm, data, (u8 *) pos, left);
eap_ttls_start_tnc(sm, data);
break; break;
case PHASE2_MSCHAPV2_RESP: case PHASE2_MSCHAPV2_RESP:
if (data->mschapv2_resp_ok && left == 0) { if (data->mschapv2_resp_ok && left == 0) {
@ -1366,6 +1396,7 @@ static void eap_ttls_process(struct eap_sm *sm, void *priv,
(unsigned long) left); (unsigned long) left);
eap_ttls_state(data, FAILURE); eap_ttls_state(data, FAILURE);
} }
eap_ttls_start_tnc(sm, data);
break; break;
default: default:
wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s", wpa_printf(MSG_DEBUG, "EAP-TTLS: Unexpected state %d in %s",