eap_mschapv2.c File Reference

EAP MS-CHAPv2 authentication method. More...

#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <byteswap.h>
#include <ipxe/mschapv2.h>
#include <ipxe/eap.h>

Go to the source code of this file.

Data Structures
struct	eap_mschapv2_request
	An EAP MS-CHAPv2 request message. More...
struct	eap_mschapv2_response
	An EAP MS-CHAPv2 response message. More...
struct	eap_mschapv2_success_request
	An EAP MS-CHAPv2 success request message. More...
struct	eap_mschapv2_success_response
	An EAP MS-CHAPv2 success response message. More...

Functions
	FILE_LICENCE (GPL2_OR_LATER_OR_UBDL)
static int	eap_rx_mschapv2_request (struct eap_supplicant *supplicant, const struct eap_mschapv2 *hdr, size_t len)
	Handle EAP MS-CHAPv2 request. More...
static int	eap_rx_mschapv2_success (struct eap_supplicant *supplicant, const struct eap_mschapv2 *hdr, size_t len)
	Handle EAP MS-CHAPv2 success request. More...
static int	eap_rx_mschapv2 (struct eap_supplicant *supplicant, const void *req, size_t req_len)
	Handle EAP MS-CHAPv2. More...

Variables
struct eap_method eap_mschapv2_method	__eap_method
	EAP MS-CHAPv2 method. More...

Detailed Description

EAP MS-CHAPv2 authentication method.

EAP-MSCHAPv2 was described in a draft RFC first published in 2002 (draft-kamath-pppext-eap-mschapv2-02.txt). The draft eventually expired in 2007 without becoming an official RFC, quite possibly because the protocol design was too ugly to be called an IETF standard. It is, however, fairly widely used.

Definition in file eap_mschapv2.c.

Function Documentation

FILE_LICENCE()

FILE_LICENCE

(

GPL2_OR_LATER_OR_UBDL

)

eap_rx_mschapv2_request()

static int eap_rx_mschapv2_request ( struct eap_supplicant *  supplicant, const struct eap_mschapv2 *  hdr, size_t  len  )

static

Handle EAP MS-CHAPv2 request.

Parameters

supplicant	EAP supplicant
hdr	EAP-MSCHAPv2 header
len	Message length

Return values

rc	Return status code

Definition at line 88 of file eap_mschapv2.c.

                                                  {
        struct net_device *netdev = supplicant->netdev;
        struct settings *settings = netdev_settings ( netdev );
        const struct eap_mschapv2_request *msreq =
                container_of ( hdr, struct eap_mschapv2_request, hdr );
        struct eap_mschapv2_response *msrsp;
        struct mschapv2_challenge peer;
        char *username;
        char *password;
        int username_len;
        int password_len;
        size_t msrsp_len;
        unsigned int i;
        int rc;

        /* Sanity check */
        if ( len < sizeof ( *msreq ) ) {
                DBGC ( netdev, "EAP %s underlength MS-CHAPv2 request\n",
                       netdev->name );
                DBGC_HDA ( netdev, 0, hdr, len );
                rc = -EINVAL;
                goto err_sanity;
        }

        /* Fetch username and password */
        username_len = fetch_string_setting_copy ( settings, &username_setting,
                                                   &username );
        if ( username_len < 0 ) {
                rc = username_len;
                DBGC ( netdev, "EAP %s has no username: %s\n",
                       netdev->name, strerror ( rc ) );
                goto err_username;
        }
        password_len = fetch_string_setting_copy ( settings, &password_setting,
                                                   &password );
        if ( password_len < 0 ) {
                rc = password_len;
                DBGC ( netdev, "EAP %s has no password: %s\n",
                       netdev->name, strerror ( rc ) );
                goto err_password;
        }

        /* Construct a peer challenge.  We do not perform mutual
         * authentication, so this does not need to be strong.
         */
        for ( i = 0 ; i < ( sizeof ( peer.byte ) /
                            sizeof ( peer.byte[0] ) ) ; i++ ) {
                peer.byte[i] = random();
        }

        /* Allocate response */
        msrsp_len = ( sizeof ( *msrsp ) + username_len );
        msrsp = malloc ( msrsp_len );
        if ( ! msrsp ) {
                rc = -ENOMEM;
                goto err_alloc;
        }

        /* Construct response */
        msrsp->hdr.code = EAP_CODE_RESPONSE;
        msrsp->hdr.id = msreq->hdr.id;
        msrsp->hdr.len = htons ( msrsp_len );
        msrsp->len = sizeof ( msrsp->msg );
        mschapv2_response ( username, password, &msreq->msg, &peer,
                            &msrsp->msg );
        memcpy ( msrsp->name, username, username_len );

        /* Send response */
        if ( ( rc = eap_tx_response ( supplicant, msrsp, msrsp_len ) ) != 0 )
                goto err_tx;

 err_tx:
        free ( msrsp );
 err_alloc:
        free ( password );
 err_password:
        free ( username );
 err_username:
 err_sanity:
        return rc;
}

References mschapv2_challenge::byte, eap_mschapv2::code, container_of, DBGC, DBGC_HDA, EAP_CODE_RESPONSE, eap_tx_response(), EINVAL, ENOMEM, fetch_string_setting_copy(), free, eap_mschapv2_response::hdr, eap_mschapv2_request::hdr, hdr, htons, eap_mschapv2::id, len, eap_mschapv2_response::len, eap_mschapv2::len, malloc(), memcpy(), mschapv2_response(), eap_mschapv2_request::msg, eap_mschapv2_response::msg, eap_mschapv2_response::name, net_device::name, netdev, eap_supplicant::netdev, netdev_settings(), password, peer, random(), rc, strerror(), and username.

Referenced by eap_rx_mschapv2().

eap_rx_mschapv2_success()

static int eap_rx_mschapv2_success ( struct eap_supplicant *  supplicant, const struct eap_mschapv2 *  hdr, size_t  len  )

static

Handle EAP MS-CHAPv2 success request.

Parameters

supplicant	EAP supplicant
hdr	EAP-MSCHAPv2 header
len	Message length

Return values

rc	Return status code

Definition at line 180 of file eap_mschapv2.c.

                                                  {
        const struct eap_mschapv2_success_request *msreq =
                container_of ( hdr, struct eap_mschapv2_success_request, hdr );
        static const struct eap_mschapv2_success_response msrsp = {
                .code = EAP_CODE_SUCCESS,
        };

        /* Sanity check */
        assert ( len >= sizeof ( *msreq ) );

        /* The success request contains the MS-CHAPv2 authenticator
         * response, which could potentially be used to verify that
         * the EAP authenticator also knew the password (or, at least,
         * the MD4 hash of the password).
         *
         * Our model for EAP does not encompass mutual authentication:
         * we will starting sending plaintext packets (e.g. DHCP
         * requests) over the link even before EAP completes, and our
         * only use for an EAP success is to mark the link as
         * unblocked.
         *
         * We therefore ignore the content of the success request and
         * just send back a success response, so that the EAP
         * authenticator will complete the process and send through
         * the real EAP success packet (which will, in turn, cause us
         * to unblock the link).
         */
        return eap_tx_response ( supplicant, &msrsp, sizeof ( msrsp ) );
}

References assert(), eap_mschapv2_success_response::code, container_of, EAP_CODE_SUCCESS, eap_tx_response(), hdr, and len.

Referenced by eap_rx_mschapv2().

eap_rx_mschapv2()

static int eap_rx_mschapv2 ( struct eap_supplicant *  supplicant, const void *  req, size_t  req_len  )

static

Handle EAP MS-CHAPv2.

Parameters

supplicant	EAP supplicant
req	Request type data
req_len	Length of request type data

Return values

rc	Return status code

Definition at line 220 of file eap_mschapv2.c.

                                                               {
        struct net_device *netdev = supplicant->netdev;
        const struct eap_mschapv2 *hdr = req;

        /* Sanity check */
        if ( req_len < sizeof ( *hdr ) ) {
                DBGC ( netdev, "EAP %s underlength MS-CHAPv2:\n",
                       netdev->name );
                DBGC_HDA ( netdev, 0, req, req_len );
                return -EINVAL;
        }

        /* Handle according to opcode */
        switch ( hdr->code ) {
        case EAP_CODE_REQUEST:
                return eap_rx_mschapv2_request ( supplicant, hdr, req_len );
        case EAP_CODE_SUCCESS:
                return eap_rx_mschapv2_success ( supplicant, hdr, req_len );
        default:
                DBGC ( netdev, "EAP %s unsupported MS-CHAPv2 opcode %d\n",
                       netdev->name, hdr->code );
                DBGC_HDA ( netdev, 0, req, req_len );
                return -ENOTSUP;
        }
}

References DBGC, DBGC_HDA, EAP_CODE_REQUEST, EAP_CODE_SUCCESS, eap_rx_mschapv2_request(), eap_rx_mschapv2_success(), EINVAL, ENOTSUP, hdr, net_device::name, netdev, and eap_supplicant::netdev.

Variable Documentation

__eap_method

struct eap_method eap_mschapv2_method __eap_method

Initial value:

= {
        .type = EAP_TYPE_MSCHAPV2,
        .rx = eap_rx_mschapv2,
}

EAP MS-CHAPv2 method.

Definition at line 248 of file eap_mschapv2.c.