123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247 |
- #include <u.h>
- #include <libc.h>
- #include <ip.h>
- #include "dat.h"
- #include "protos.h"
- typedef struct Hdr Hdr;
- struct Hdr
- {
- uchar code;
- uchar id;
- uchar len[2]; /* length including this header */
- uchar tp; /* optional, only for Request/Response */
- };
- enum
- {
- EAPHDR= 4, /* sizeof(code)+sizeof(id)+sizeof(len) */
- TPHDR= 1, /* sizeof(tp) */
- /* eap types */
- Request = 1,
- Response,
- Success,
- Fail,
- /* eap request/response sub-types */
- Identity = 1, /* Identity */
- Notify, /* Notification */
- Nak, /* Nak (Response only) */
- Md5, /* MD5-challenge */
- Otp, /* one time password */
- Gtc, /* generic token card */
- Ttls = 21, /* tunneled TLS */
- Xpnd = 254, /* expanded types */
- Xprm, /* experimental use */
- };
- enum
- {
- Ot,
- };
- static Mux p_mux[] =
- {
- { "eap_identity", Identity, },
- { "eap_notify", Notify, },
- { "eap_nak", Nak, },
- { "eap_md5", Md5, },
- { "eap_otp", Otp, },
- { "eap_gtc", Gtc, },
- { "ttls", Ttls, },
- { "eap_xpnd", Xpnd, },
- { "eap_xprm", Xprm, },
- { 0 }
- };
- static char *eapsubtype[256] =
- {
- [Identity] "Identity",
- [Notify] "Notify",
- [Nak] "Nak",
- [Md5] "Md5",
- [Otp] "Otp",
- [Gtc] "Gtc",
- [Ttls] "Ttls",
- [Xpnd] "Xpnd",
- [Xprm] "Xprm",
- };
- static void
- p_compile(Filter *f)
- {
- Mux *m;
- for(m = p_mux; m->name != nil; m++)
- if(strcmp(f->s, m->name) == 0){
- f->pr = m->pr;
- f->ulv = m->val;
- f->subop = Ot;
- return;
- }
- sysfatal("unknown eap field or type: %s", f->s);
- }
- static int
- p_filter(Filter *f, Msg *m)
- {
- Hdr *h;
- int len;
- if(f->subop != Ot)
- return 0;
- if(m->pe - m->ps < EAPHDR)
- return -1;
- h = (Hdr*)m->ps;
- /* truncate the message if there's extra */
- /* len includes header */
- len = NetS(h->len);
- if(m->ps+len < m->pe)
- m->pe = m->ps+len;
- else if(m->ps+len > m->pe)
- return -1;
- m->ps += EAPHDR;
- if(h->code != Request && h->code != Response)
- return 0;
- m->ps += TPHDR;
- if(h->tp == f->ulv)
- return 1;
- return 0;
- }
- static char*
- op(int i)
- {
- static char x[20];
- switch(i){
- case Request:
- return "Request";
- case Response:
- return "Response";
- case Success:
- return "Success";
- case Fail:
- return "Fail";
- default:
- sprint(x, "%1d", i);
- return x;
- }
- }
- static char*
- subop(uchar val)
- {
- static char x[20], *p;
- p = eapsubtype[val];
- if(p != nil)
- return p;
- else {
- sprint(x, "%1d", val);
- return x;
- }
- }
- static int
- p_seprint(Msg *m)
- {
- Hdr *h;
- int len;
- char *p, *e;
- if(m->pe - m->ps < EAPHDR)
- return -1;
- p = m->p;
- e = m->e;
- h = (Hdr*)m->ps;
- /* resize packet (should already be done by eapol) */
- /* len includes header */
- len = NetS(h->len);
- if(m->ps+len < m->pe)
- m->pe = m->ps+len;
- else if(m->ps+len > m->pe)
- return -1;
- m->ps += EAPHDR;
- p = seprint(p, e, "id=%1d code=%s", h->id, op(h->code));
- switch(h->code) {
- case Request:
- case Response:
- m->ps += TPHDR;
- p = seprint(p, e, " type=%s", subop(h->tp));
- /* special case needed to print eap_notify notification as unicode */
- demux(p_mux, h->tp, h->tp, m, &dump);
- break;
- default:
- demux(p_mux, 0, 0, m, &dump);
- break;
- }
- m->p = seprint(p, e, " len=%1d", len);
- return 0;
- }
- static int
- p_seprintidentity(Msg *m)
- {
- char *ps, *pe, *z;
- int len;
- m->pr = nil;
- ps = (char*)m->ps;
- pe = (char*)m->pe;
- /* we would like to do this depending on the 'context':
- * - one for eap_identity request and
- * - one for eap_identity response
- * but we've lost the context, or haven't we?
- * so we treat them the same, so we might erroneously
- * print a response as if it was a request. too bad. - axel
- */
- for (z=ps; *z != '\0' && z+1 < pe; z++)
- ;
- if (*z == '\0' && z+1 < pe) {
- m->p = seprint(m->p, m->e, "prompt=(%s)", ps);
- len = pe - (z+1);
- m->p = seprint(m->p, m->e, " options=(%.*s)", len, z+1);
- } else {
- len = pe - ps;
- m->p = seprint(m->p, m->e, "%.*s", len, ps);
- }
- return 0;
- }
- Proto eap =
- {
- "eap",
- p_compile,
- p_filter,
- p_seprint,
- p_mux,
- "%lud",
- nil,
- defaultframer,
- };
- Proto eap_identity =
- {
- "eap_identity",
- p_compile,
- p_filter,
- p_seprintidentity,
- nil,
- nil,
- nil,
- defaultframer,
- };
|