Implemented PT-EAP protocol (RFC 7171)
This commit is contained in:
parent
ab21875f50
commit
8d59090349
|
@ -1,6 +1,6 @@
|
|||
charon.plugins.eap-tnc.max_message_count = 10
|
||||
Maximum number of processed EAP-TNC packets (0 = no limit).
|
||||
|
||||
charon.plugins.eap-tnc.protocol = tnccs-1.1
|
||||
charon.plugins.eap-tnc.protocol = tnccs-2.0
|
||||
IF-TNCCS protocol version to be used (_tnccs-1.1_, _tnccs-2.0_,
|
||||
_tnccs-dynamic_).
|
||||
|
|
|
@ -16,5 +16,8 @@ charon.plugins.eap-ttls.phase2_piggyback = no
|
|||
charon.plugins.eap-ttls.phase2_tnc = no
|
||||
Start phase2 EAP TNC protocol after successful client authentication.
|
||||
|
||||
charon.plugins.eap-ttls.phase2_tnc_method = pt
|
||||
Phase2 EAP TNC transport protocol (_pt_ as IETF standard or legacy _tnc_)
|
||||
|
||||
charon.plugins.eap-ttls.request_peer_auth = no
|
||||
Request peer authentication based on a client certificate.
|
||||
|
|
|
@ -46,6 +46,11 @@ struct private_eap_tnc_t {
|
|||
*/
|
||||
eap_tnc_t public;
|
||||
|
||||
/**
|
||||
* Inner EAP authentication type
|
||||
*/
|
||||
eap_type_t type;
|
||||
|
||||
/**
|
||||
* Outer EAP authentication type
|
||||
*/
|
||||
|
@ -124,7 +129,7 @@ METHOD(eap_method_t, initiate, status_t,
|
|||
private_eap_tnc_t *this, eap_payload_t **out)
|
||||
{
|
||||
chunk_t data;
|
||||
u_int32_t auth_type;
|
||||
uint32_t auth_type;
|
||||
|
||||
/* Determine TNC Client Authentication Type */
|
||||
switch (this->auth_type)
|
||||
|
@ -175,10 +180,10 @@ METHOD(eap_method_t, process, status_t,
|
|||
}
|
||||
|
||||
METHOD(eap_method_t, get_type, eap_type_t,
|
||||
private_eap_tnc_t *this, u_int32_t *vendor)
|
||||
private_eap_tnc_t *this, uint32_t *vendor)
|
||||
{
|
||||
*vendor = 0;
|
||||
return EAP_TNC;
|
||||
return this->type;
|
||||
}
|
||||
|
||||
METHOD(eap_method_t, get_msk, status_t,
|
||||
|
@ -192,14 +197,14 @@ METHOD(eap_method_t, get_msk, status_t,
|
|||
return FAILED;
|
||||
}
|
||||
|
||||
METHOD(eap_method_t, get_identifier, u_int8_t,
|
||||
METHOD(eap_method_t, get_identifier, uint8_t,
|
||||
private_eap_tnc_t *this)
|
||||
{
|
||||
return this->tls_eap->get_identifier(this->tls_eap);
|
||||
}
|
||||
|
||||
METHOD(eap_method_t, set_identifier, void,
|
||||
private_eap_tnc_t *this, u_int8_t identifier)
|
||||
private_eap_tnc_t *this, uint8_t identifier)
|
||||
{
|
||||
this->tls_eap->set_identifier(this->tls_eap, identifier);
|
||||
}
|
||||
|
@ -214,7 +219,7 @@ METHOD(eap_method_t, destroy, void,
|
|||
private_eap_tnc_t *this)
|
||||
{
|
||||
chunk_t pdp_server;
|
||||
u_int16_t pdp_port;
|
||||
uint16_t pdp_port;
|
||||
tls_t *tls;
|
||||
|
||||
pdp_server = this->tnccs->get_pdp_server(this->tnccs, &pdp_port);
|
||||
|
@ -245,13 +250,14 @@ METHOD(eap_inner_method_t, set_auth_type, void,
|
|||
* Generic private constructor
|
||||
*/
|
||||
static eap_tnc_t *eap_tnc_create(identification_t *server,
|
||||
identification_t *peer, bool is_server)
|
||||
identification_t *peer, bool is_server,
|
||||
eap_type_t type)
|
||||
{
|
||||
private_eap_tnc_t *this;
|
||||
int max_msg_count;
|
||||
char* protocol;
|
||||
tnccs_t *tnccs;
|
||||
tnccs_type_t type;
|
||||
tnccs_type_t tnccs_type;
|
||||
|
||||
INIT(this,
|
||||
.public = {
|
||||
|
@ -270,24 +276,25 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
.set_auth_type = _set_auth_type,
|
||||
},
|
||||
},
|
||||
.type = type,
|
||||
);
|
||||
|
||||
max_msg_count = lib->settings->get_int(lib->settings,
|
||||
"%s.plugins.eap-tnc.max_message_count",
|
||||
EAP_TNC_MAX_MESSAGE_COUNT, lib->ns);
|
||||
protocol = lib->settings->get_str(lib->settings,
|
||||
"%s.plugins.eap-tnc.protocol", "tnccs-1.1", lib->ns);
|
||||
"%s.plugins.eap-tnc.protocol", "tnccs-2.0", lib->ns);
|
||||
if (strcaseeq(protocol, "tnccs-2.0"))
|
||||
{
|
||||
type = TNCCS_2_0;
|
||||
tnccs_type = TNCCS_2_0;
|
||||
}
|
||||
else if (strcaseeq(protocol, "tnccs-1.1"))
|
||||
{
|
||||
type = TNCCS_1_1;
|
||||
tnccs_type = TNCCS_1_1;
|
||||
}
|
||||
else if (strcaseeq(protocol, "tnccs-dynamic") && is_server)
|
||||
{
|
||||
type = TNCCS_DYNAMIC;
|
||||
tnccs_type = TNCCS_DYNAMIC;
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -295,8 +302,9 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
free(this);
|
||||
return NULL;
|
||||
}
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, type,
|
||||
is_server, server, peer, TNC_IFT_EAP_1_1,
|
||||
tnccs = tnc->tnccs->create_instance(tnc->tnccs, tnccs_type,
|
||||
is_server, server, peer,
|
||||
(type == EAP_TNC) ? TNC_IFT_EAP_1_1 : TNC_IFT_EAP_2_0,
|
||||
is_server ? enforce_recommendation : NULL);
|
||||
if (!tnccs)
|
||||
{
|
||||
|
@ -305,7 +313,7 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
return NULL;
|
||||
}
|
||||
this->tnccs = tnccs->get_ref(tnccs);
|
||||
this->tls_eap = tls_eap_create(EAP_TNC, &tnccs->tls,
|
||||
this->tls_eap = tls_eap_create(type, &tnccs->tls,
|
||||
EAP_TNC_MAX_MESSAGE_LEN,
|
||||
max_msg_count, FALSE);
|
||||
if (!this->tls_eap)
|
||||
|
@ -319,11 +327,23 @@ static eap_tnc_t *eap_tnc_create(identification_t *server,
|
|||
eap_tnc_t *eap_tnc_create_server(identification_t *server,
|
||||
identification_t *peer)
|
||||
{
|
||||
return eap_tnc_create(server, peer, TRUE);
|
||||
return eap_tnc_create(server, peer, TRUE, EAP_TNC);
|
||||
}
|
||||
|
||||
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
|
||||
identification_t *peer)
|
||||
{
|
||||
return eap_tnc_create(server, peer, FALSE);
|
||||
return eap_tnc_create(server, peer, FALSE, EAP_TNC);
|
||||
}
|
||||
|
||||
eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
|
||||
identification_t *peer)
|
||||
{
|
||||
return eap_tnc_create(server, peer, TRUE, EAP_PT_EAP);
|
||||
}
|
||||
|
||||
eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
|
||||
identification_t *peer)
|
||||
{
|
||||
return eap_tnc_create(server, peer, FALSE, EAP_PT_EAP);
|
||||
}
|
||||
|
|
|
@ -26,7 +26,7 @@ typedef struct eap_tnc_t eap_tnc_t;
|
|||
#include <sa/eap/eap_inner_method.h>
|
||||
|
||||
/**
|
||||
* Implementation of the eap_method_t interface using EAP-TNC.
|
||||
* Implementation of the eap_method_t interface using EAP-TNC or PT-EAP.
|
||||
*/
|
||||
struct eap_tnc_t {
|
||||
|
||||
|
@ -43,7 +43,8 @@ struct eap_tnc_t {
|
|||
* @param peer ID of the EAP client
|
||||
* @return eap_tnc_t object
|
||||
*/
|
||||
eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *peer);
|
||||
eap_tnc_t *eap_tnc_create_server(identification_t *server,
|
||||
identification_t *peer);
|
||||
|
||||
/**
|
||||
* Creates the EAP method EAP-TNC acting as peer.
|
||||
|
@ -52,6 +53,27 @@ eap_tnc_t *eap_tnc_create_server(identification_t *server, identification_t *pee
|
|||
* @param peer ID of the EAP client
|
||||
* @return eap_tnc_t object
|
||||
*/
|
||||
eap_tnc_t *eap_tnc_create_peer(identification_t *server, identification_t *peer);
|
||||
eap_tnc_t *eap_tnc_create_peer(identification_t *server,
|
||||
identification_t *peer);
|
||||
|
||||
/**
|
||||
* Creates the EAP method PT-EAP acting as server.
|
||||
*
|
||||
* @param server ID of the EAP server
|
||||
* @param peer ID of the EAP client
|
||||
* @return eap_tnc_t object
|
||||
*/
|
||||
eap_tnc_t *eap_tnc_pt_create_server(identification_t *server,
|
||||
identification_t *peer);
|
||||
|
||||
/**
|
||||
* Creates the EAP method PT-EAP acting as peer.
|
||||
*
|
||||
* @param server ID of the EAP server
|
||||
* @param peer ID of the EAP client
|
||||
* @return eap_tnc_t object
|
||||
*/
|
||||
eap_tnc_t *eap_tnc_pt_create_peer(identification_t *server,
|
||||
identification_t *peer);
|
||||
|
||||
#endif /** EAP_TNC_H_ @}*/
|
||||
|
|
|
@ -36,6 +36,14 @@ METHOD(plugin_t, get_features, int,
|
|||
PLUGIN_PROVIDE(EAP_PEER, EAP_TNC),
|
||||
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
|
||||
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||
PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_server),
|
||||
PLUGIN_PROVIDE(EAP_SERVER, EAP_PT_EAP),
|
||||
PLUGIN_DEPENDS(EAP_SERVER, EAP_TTLS),
|
||||
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||
PLUGIN_CALLBACK(eap_method_register, eap_tnc_pt_create_peer),
|
||||
PLUGIN_PROVIDE(EAP_PEER, EAP_PT_EAP),
|
||||
PLUGIN_DEPENDS(EAP_PEER, EAP_TTLS),
|
||||
PLUGIN_DEPENDS(CUSTOM, "tnccs-manager"),
|
||||
};
|
||||
*features = f;
|
||||
return countof(f);
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
/*
|
||||
* Copyright (C) 2010 Andreas Steffen
|
||||
* Copyright (C) 2010 HSR Hochschule fuer Technik Rapperswil
|
||||
* Copyright (C) 2010-2014 Andreas Steffen
|
||||
* HSR Hochschule fuer Technik Rapperswil
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify it
|
||||
* under the terms of the GNU General Public License as published by the
|
||||
|
@ -107,22 +107,34 @@ static status_t start_phase2_auth(private_eap_ttls_server_t *this)
|
|||
}
|
||||
|
||||
/**
|
||||
* If configured, start EAP-TNC protocol
|
||||
* If configured, start PT-EAP or legacy EAP-TNC protocol
|
||||
*/
|
||||
static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
|
||||
eap_type_t auth_type)
|
||||
{
|
||||
eap_inner_method_t *inner_method;
|
||||
eap_type_t type;
|
||||
char *eap_type_str;
|
||||
|
||||
if (this->start_phase2_tnc && lib->settings->get_bool(lib->settings,
|
||||
"%s.plugins.eap-ttls.phase2_tnc", FALSE, lib->ns))
|
||||
{
|
||||
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, EAP_TNC);
|
||||
this->method = charon->eap->create_instance(charon->eap, EAP_TNC,
|
||||
eap_type_str = lib->settings->get_str(lib->settings,
|
||||
"%s.plugins.eap-ttls.phase2_tnc_method", "pt",
|
||||
lib->ns);
|
||||
type = eap_type_from_string(eap_type_str);
|
||||
if (type == 0)
|
||||
{
|
||||
DBG1(DBG_IKE, "unrecognized phase2 EAP TNC method \"%s\"",
|
||||
eap_type_str);
|
||||
return FAILED;
|
||||
}
|
||||
DBG1(DBG_IKE, "phase2 method %N selected", eap_type_names, type);
|
||||
this->method = charon->eap->create_instance(charon->eap, type,
|
||||
0, EAP_SERVER, this->server, this->peer);
|
||||
if (this->method == NULL)
|
||||
{
|
||||
DBG1(DBG_IKE, "%N method not available", eap_type_names, EAP_TNC);
|
||||
DBG1(DBG_IKE, "%N method not available", eap_type_names, type);
|
||||
return FAILED;
|
||||
}
|
||||
inner_method = (eap_inner_method_t *)this->method;
|
||||
|
@ -135,7 +147,7 @@ static status_t start_phase2_tnc(private_eap_ttls_server_t *this,
|
|||
}
|
||||
else
|
||||
{
|
||||
DBG1(DBG_IKE, "%N method failed", eap_type_names, EAP_TNC);
|
||||
DBG1(DBG_IKE, "%N method failed", eap_type_names, type);
|
||||
return FAILED;
|
||||
}
|
||||
}
|
||||
|
@ -151,7 +163,7 @@ METHOD(tls_application_t, process, status_t,
|
|||
eap_payload_t *in;
|
||||
eap_code_t code;
|
||||
eap_type_t type = EAP_NAK, received_type;
|
||||
u_int32_t vendor, received_vendor;
|
||||
uint32_t vendor, received_vendor;
|
||||
|
||||
status = this->avp->process(this->avp, reader, &data);
|
||||
switch (status)
|
||||
|
@ -297,7 +309,7 @@ METHOD(tls_application_t, build, status_t,
|
|||
chunk_t data;
|
||||
eap_code_t code;
|
||||
eap_type_t type;
|
||||
u_int32_t vendor;
|
||||
uint32_t vendor;
|
||||
|
||||
if (this->method == NULL && this->start_phase2 &&
|
||||
lib->settings->get_bool(lib->settings,
|
||||
|
|
|
@ -57,7 +57,9 @@ ENUM_NEXT(eap_type_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2,
|
|||
"EAP_MSTLV");
|
||||
ENUM_NEXT(eap_type_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
||||
"EAP_TNC");
|
||||
ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
|
||||
ENUM_NEXT(eap_type_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
|
||||
"EAP_PT_EAP");
|
||||
ENUM_NEXT(eap_type_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
|
||||
"EAP_EXPANDED",
|
||||
"EAP_EXPERIMENTAL",
|
||||
"EAP_RADIUS",
|
||||
|
@ -86,7 +88,9 @@ ENUM_NEXT(eap_type_short_names, EAP_MSTLV, EAP_MSTLV, EAP_MSCHAPV2,
|
|||
"MSTLV");
|
||||
ENUM_NEXT(eap_type_short_names, EAP_TNC, EAP_TNC, EAP_MSTLV,
|
||||
"TNC");
|
||||
ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_TNC,
|
||||
ENUM_NEXT(eap_type_short_names, EAP_PT_EAP, EAP_PT_EAP, EAP_TNC,
|
||||
"PT");
|
||||
ENUM_NEXT(eap_type_short_names, EAP_EXPANDED, EAP_DYNAMIC, EAP_PT_EAP,
|
||||
"EXP",
|
||||
"XP",
|
||||
"RAD",
|
||||
|
@ -114,6 +118,7 @@ eap_type_t eap_type_from_string(char *name)
|
|||
{"peap", EAP_PEAP},
|
||||
{"mschapv2", EAP_MSCHAPV2},
|
||||
{"tnc", EAP_TNC},
|
||||
{"pt", EAP_PT_EAP},
|
||||
{"dynamic", EAP_DYNAMIC},
|
||||
{"radius", EAP_RADIUS},
|
||||
};
|
||||
|
@ -136,7 +141,7 @@ eap_vendor_type_t *eap_vendor_type_from_string(char *str)
|
|||
enumerator_t *enumerator;
|
||||
eap_vendor_type_t *result = NULL;
|
||||
eap_type_t type = 0;
|
||||
u_int32_t vendor = 0;
|
||||
uint32_t vendor = 0;
|
||||
char *part, *end;
|
||||
|
||||
/* parse EAP method string of the form: [eap-]type[-vendor] */
|
||||
|
|
|
@ -67,6 +67,7 @@ enum eap_type_t {
|
|||
EAP_MSCHAPV2 = 26,
|
||||
EAP_MSTLV = 33,
|
||||
EAP_TNC = 38,
|
||||
EAP_PT_EAP = 54,
|
||||
EAP_EXPANDED = 254,
|
||||
EAP_EXPERIMENTAL = 255,
|
||||
/** not a method, but an implementation providing different methods */
|
||||
|
|
|
@ -47,7 +47,7 @@ struct private_tls_eap_t {
|
|||
/**
|
||||
* Current value of EAP identifier
|
||||
*/
|
||||
u_int8_t identifier;
|
||||
uint8_t identifier;
|
||||
|
||||
/**
|
||||
* TLS stack
|
||||
|
@ -59,6 +59,11 @@ struct private_tls_eap_t {
|
|||
*/
|
||||
bool is_server;
|
||||
|
||||
/**
|
||||
* Supported version of the EAP tunnel protocol
|
||||
*/
|
||||
uint8_t supported_version;
|
||||
|
||||
/**
|
||||
* If FALSE include the total length of an EAP message
|
||||
* in the first fragment of fragmented messages only.
|
||||
|
@ -94,22 +99,24 @@ typedef enum {
|
|||
EAP_TLS_LENGTH = (1<<7), /* shared with EAP-TTLS/TNC/PEAP */
|
||||
EAP_TLS_MORE_FRAGS = (1<<6), /* shared with EAP-TTLS/TNC/PEAP */
|
||||
EAP_TLS_START = (1<<5), /* shared with EAP-TTLS/TNC/PEAP */
|
||||
EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP */
|
||||
EAP_TTLS_VERSION = (0x07), /* shared with EAP-TNC/PEAP/PT-EAP */
|
||||
EAP_PT_START = (1<<7) /* PT-EAP only */
|
||||
} eap_tls_flags_t;
|
||||
|
||||
#define EAP_TTLS_SUPPORTED_VERSION 0
|
||||
#define EAP_TNC_SUPPORTED_VERSION 1
|
||||
#define EAP_PEAP_SUPPORTED_VERSION 0
|
||||
#define EAP_TTLS_SUPPORTED_VERSION 0
|
||||
#define EAP_TNC_SUPPORTED_VERSION 1
|
||||
#define EAP_PEAP_SUPPORTED_VERSION 0
|
||||
#define EAP_PT_EAP_SUPPORTED_VERSION 1
|
||||
|
||||
/**
|
||||
* EAP-TLS/TTLS packet format
|
||||
*/
|
||||
typedef struct __attribute__((packed)) {
|
||||
u_int8_t code;
|
||||
u_int8_t identifier;
|
||||
u_int16_t length;
|
||||
u_int8_t type;
|
||||
u_int8_t flags;
|
||||
uint8_t code;
|
||||
uint8_t identifier;
|
||||
uint16_t length;
|
||||
uint8_t type;
|
||||
uint8_t flags;
|
||||
} eap_tls_packet_t;
|
||||
|
||||
METHOD(tls_eap_t, initiate, status_t,
|
||||
|
@ -120,18 +127,18 @@ METHOD(tls_eap_t, initiate, status_t,
|
|||
eap_tls_packet_t pkt = {
|
||||
.type = this->type,
|
||||
.code = EAP_REQUEST,
|
||||
.flags = EAP_TLS_START,
|
||||
.flags = this->supported_version
|
||||
};
|
||||
switch (this->type)
|
||||
{
|
||||
case EAP_TLS:
|
||||
case EAP_TTLS:
|
||||
pkt.flags |= EAP_TTLS_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_TNC:
|
||||
pkt.flags |= EAP_TNC_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_PEAP:
|
||||
pkt.flags |= EAP_PEAP_SUPPORTED_VERSION;
|
||||
pkt.flags |= EAP_TLS_START;
|
||||
break;
|
||||
case EAP_PT_EAP:
|
||||
pkt.flags |= EAP_PT_START;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
|
@ -153,13 +160,25 @@ METHOD(tls_eap_t, initiate, status_t,
|
|||
*/
|
||||
static status_t process_pkt(private_tls_eap_t *this, eap_tls_packet_t *pkt)
|
||||
{
|
||||
u_int16_t pkt_len;
|
||||
u_int32_t msg_len;
|
||||
uint8_t version;
|
||||
uint16_t pkt_len;
|
||||
uint32_t msg_len;
|
||||
size_t msg_len_offset = 0;
|
||||
|
||||
/* EAP-TLS doesn't have a version field */
|
||||
if (this->type != EAP_TLS)
|
||||
{
|
||||
version = pkt->flags & EAP_TTLS_VERSION;
|
||||
if (version != this->supported_version)
|
||||
{
|
||||
DBG1(DBG_TLS, "received %N packet with unsupported version v%u",
|
||||
eap_type_names, this->type, version);
|
||||
return FAILED;
|
||||
}
|
||||
}
|
||||
pkt_len = untoh16(&pkt->length);
|
||||
|
||||
if (pkt->flags & EAP_TLS_LENGTH)
|
||||
if (this->type != EAP_PT_EAP && (pkt->flags & EAP_TLS_LENGTH))
|
||||
{
|
||||
if (pkt_len < sizeof(eap_tls_packet_t) + sizeof(msg_len))
|
||||
{
|
||||
|
@ -200,27 +219,12 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
|||
pkt->code = this->is_server ? EAP_REQUEST : EAP_RESPONSE;
|
||||
pkt->identifier = this->identifier;
|
||||
pkt->type = this->type;
|
||||
pkt->flags = 0;
|
||||
|
||||
switch (this->type)
|
||||
{
|
||||
case EAP_TTLS:
|
||||
pkt->flags |= EAP_TTLS_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_TNC:
|
||||
pkt->flags |= EAP_TNC_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_PEAP:
|
||||
pkt->flags |= EAP_PEAP_SUPPORTED_VERSION;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
pkt->flags = this->supported_version;
|
||||
|
||||
if (this->first_fragment)
|
||||
{
|
||||
len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(u_int32_t);
|
||||
msg_len_offset = sizeof(u_int32_t);
|
||||
len = sizeof(buf) - sizeof(eap_tls_packet_t) - sizeof(uint32_t);
|
||||
msg_len_offset = sizeof(uint32_t);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
@ -251,7 +255,7 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
|||
}
|
||||
kind = "packet";
|
||||
}
|
||||
else if (this->type != EAP_TNC)
|
||||
else if (this->type != EAP_TNC && this->type != EAP_PT_EAP)
|
||||
{
|
||||
this->first_fragment = TRUE;
|
||||
kind = "final fragment";
|
||||
|
@ -269,14 +273,14 @@ static status_t build_pkt(private_tls_eap_t *this, chunk_t *out)
|
|||
if (pkt->flags & EAP_TLS_LENGTH)
|
||||
{
|
||||
htoun32(pkt + 1, reclen);
|
||||
len += sizeof(u_int32_t);
|
||||
len += sizeof(uint32_t);
|
||||
pkt->flags |= EAP_TLS_LENGTH;
|
||||
}
|
||||
else
|
||||
{
|
||||
/* get rid of the reserved length field */
|
||||
memmove(buf + sizeof(eap_tls_packet_t),
|
||||
buf + sizeof(eap_tls_packet_t) + sizeof(u_int32_t), len);
|
||||
buf + sizeof(eap_tls_packet_t) + sizeof(uint32_t), len);
|
||||
}
|
||||
}
|
||||
len += sizeof(eap_tls_packet_t);
|
||||
|
@ -352,10 +356,11 @@ METHOD(tls_eap_t, process, status_t,
|
|||
}
|
||||
DBG3(DBG_TLS, "%N payload %B", eap_type_names, this->type, &in);
|
||||
|
||||
if (pkt->flags & EAP_TLS_START)
|
||||
if ((this->type == EAP_PT_EAP && (pkt->flags & EAP_PT_START)) ||
|
||||
(pkt->flags & EAP_TLS_START))
|
||||
{
|
||||
if (this->type == EAP_TTLS || this->type == EAP_TNC ||
|
||||
this->type == EAP_PEAP)
|
||||
this->type == EAP_PEAP || this->type == EAP_PT_EAP)
|
||||
{
|
||||
DBG1(DBG_TLS, "%N version is v%u", eap_type_names, this->type,
|
||||
pkt->flags & EAP_TTLS_VERSION);
|
||||
|
@ -409,14 +414,14 @@ METHOD(tls_eap_t, get_msk, chunk_t,
|
|||
return this->tls->get_eap_msk(this->tls);
|
||||
}
|
||||
|
||||
METHOD(tls_eap_t, get_identifier, u_int8_t,
|
||||
METHOD(tls_eap_t, get_identifier, uint8_t,
|
||||
private_tls_eap_t *this)
|
||||
{
|
||||
return this->identifier;
|
||||
}
|
||||
|
||||
METHOD(tls_eap_t, set_identifier, void,
|
||||
private_tls_eap_t *this, u_int8_t identifier)
|
||||
private_tls_eap_t *this, uint8_t identifier)
|
||||
{
|
||||
this->identifier = identifier;
|
||||
}
|
||||
|
@ -452,13 +457,31 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size,
|
|||
},
|
||||
.type = type,
|
||||
.is_server = tls->is_server(tls),
|
||||
.first_fragment = (type != EAP_TNC),
|
||||
.first_fragment = (type != EAP_TNC && type != EAP_PT_EAP),
|
||||
.frag_size = frag_size,
|
||||
.max_msg_count = max_msg_count,
|
||||
.include_length = include_length,
|
||||
.tls = tls,
|
||||
);
|
||||
|
||||
switch (type)
|
||||
{
|
||||
case EAP_TTLS:
|
||||
this->supported_version = EAP_TTLS_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_TNC:
|
||||
this->supported_version = EAP_TNC_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_PEAP:
|
||||
this->supported_version = EAP_PEAP_SUPPORTED_VERSION;
|
||||
break;
|
||||
case EAP_PT_EAP:
|
||||
this->supported_version = EAP_PT_EAP_SUPPORTED_VERSION;
|
||||
break;
|
||||
default:
|
||||
break;
|
||||
}
|
||||
|
||||
if (this->is_server)
|
||||
{
|
||||
do
|
||||
|
|
|
@ -66,7 +66,7 @@ struct tls_eap_t {
|
|||
*
|
||||
* @return identifier
|
||||
*/
|
||||
u_int8_t (*get_identifier)(tls_eap_t *this);
|
||||
uint8_t (*get_identifier)(tls_eap_t *this);
|
||||
|
||||
/**
|
||||
* Set the EAP identifier to a deterministic value, overwriting
|
||||
|
@ -74,7 +74,7 @@ struct tls_eap_t {
|
|||
*
|
||||
* @param identifier EAP identifier
|
||||
*/
|
||||
void (*set_identifier) (tls_eap_t *this, u_int8_t identifier);
|
||||
void (*set_identifier) (tls_eap_t *this, uint8_t identifier);
|
||||
|
||||
/**
|
||||
* Destroy a tls_eap_t.
|
||||
|
|
|
@ -2,5 +2,12 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,5 +2,12 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,12 +2,18 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
phase2_tnc_method = tnc
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,7 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-11 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,12 +2,18 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-11 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
phase2_tnc_method = tnc
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-1.1
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = de, en
|
||||
}
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
|
||||
multiple_authentication=no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = ru, fr, en
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imv {
|
||||
recommendation_policy = all
|
||||
}
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = ru , de, en
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,10 +2,6 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
|
|
@ -2,10 +2,6 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
|
|
@ -2,15 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = de
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = de
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac socket-default kernel-netlink stroke eap-identity eap-ttls eap-md5 eap-tnc tnc-pdp tnc-imv tnc-tnccs tnccs-20 sqlite
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
|
@ -10,7 +11,6 @@ charon {
|
|||
max_message_count = 0
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
max_message_count = 20
|
||||
}
|
||||
tnc-pdp {
|
||||
|
|
|
@ -8,7 +8,6 @@ charon {
|
|||
max_message_count = 0
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
max_message_count = 20
|
||||
}
|
||||
tnccs-20 {
|
||||
|
|
|
@ -8,7 +8,6 @@ charon {
|
|||
max_message_count = 0
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
max_message_count = 20
|
||||
}
|
||||
tnccs-20 {
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = de
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes md5 sha1 sha2 hmac gmp pem pkcs1 random nonce x509 revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,9 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = de
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl openssl pem pkcs1 random nonce revocation stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown sqlite
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = ru , de, en
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,25 +2,14 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-tnccs tnccs-20 tnc-imv updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
request_peer_auth = yes
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
libimcv {
|
||||
plugins {
|
||||
imv-scanner {
|
||||
closed_port_policy = no
|
||||
tcp_ports = 80 443
|
||||
udp_ports =
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2,12 +2,8 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-tnccs tnc-imc tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
|
||||
multiple_authentication = no
|
||||
}
|
||||
|
||||
libimcv {
|
||||
|
|
|
@ -2,11 +2,10 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-md5 eap-ttls eap-tnc tnc-imc tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
tnc-imc {
|
||||
preferred_language = ru, pl , de
|
||||
}
|
||||
|
|
|
@ -2,16 +2,15 @@
|
|||
|
||||
charon {
|
||||
load = curl aes des sha1 sha2 md5 pem pkcs1 gmp random nonce x509 revocation hmac stroke kernel-netlink socket-default eap-identity eap-ttls eap-md5 eap-tnc tnc-imv tnc-tnccs tnccs-20 updown
|
||||
multiple_authentication=no
|
||||
|
||||
multiple_authentication = no
|
||||
|
||||
plugins {
|
||||
eap-ttls {
|
||||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-2.0
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -11,6 +11,7 @@ charon {
|
|||
phase2_method = md5
|
||||
phase2_piggyback = yes
|
||||
phase2_tnc = yes
|
||||
phase2_tnc_method = tnc
|
||||
}
|
||||
eap-tnc {
|
||||
protocol = tnccs-dynamic
|
||||
|
|
Loading…
Reference in New Issue