From 4689bec70a20fd0fcb0e9d31b21041485276279e Mon Sep 17 00:00:00 2001
From: Arran Cudbard-Bell <a.cudbardb@freeradius.org>
Date: Sat, 16 Mar 2013 00:39:22 -0400
Subject: [PATCH] Remove redundant 'EAP' now were using dictionary values for
 module names

Add some duplicate dictionary values

More validation of EAP types
---
 share/dictionary.freeradius.internal   | 49 ++++++++++++--------------
 src/modules/rlm_eap/libeap/eapcommon.c | 12 +++++--
 src/modules/rlm_eap/rlm_eap.c          |  9 +++++
 3 files changed, 40 insertions(+), 30 deletions(-)

diff --git a/share/dictionary.freeradius.internal b/share/dictionary.freeradius.internal
index 47381e7aead6..21e0341a5927 100644
--- a/share/dictionary.freeradius.internal
+++ b/share/dictionary.freeradius.internal
@@ -661,13 +661,14 @@ VALUE	EAP-Type			Identity		1
 VALUE	EAP-Type			Notification		2
 VALUE	EAP-Type			NAK			3
 VALUE	EAP-Type			MD5-Challenge		4
+VALUE	EAP-Type			MD5			4
 VALUE	EAP-Type			One-Time-Password	5
 VALUE	EAP-Type			Generic-Token-Card	6
 VALUE	EAP-Type			RSA-Public-Key		9
 VALUE	EAP-Type			DSS-Unilateral		10
 VALUE	EAP-Type			KEA			11
 VALUE	EAP-Type			KEA-Validate		12
-VALUE	EAP-Type			EAP-TLS			13
+VALUE	EAP-Type			TLS			13
 VALUE	EAP-Type			Defender-Token		14
 VALUE	EAP-Type			RSA-SecurID-EAP		15
 VALUE	EAP-Type			Arcot-Systems-EAP	16
@@ -676,51 +677,45 @@ VALUE	EAP-Type			Nokia-IP-Smart-Card	18
 VALUE	EAP-Type			SIM			18
 VALUE	EAP-Type			SRP-SHA1		19
 # 20 is unassigned
-VALUE	EAP-Type			EAP-TTLS		21
+VALUE	EAP-Type			TTLS			21
 VALUE	EAP-Type			Remote-Access-Service	22
 VALUE	EAP-Type			AKA			23
-VALUE	EAP-Type			EAP-3Com-Wireless	24
+VALUE	EAP-Type			3Com-Wireless		24
 VALUE	EAP-Type			PEAP			25
-VALUE	EAP-Type			MS-EAP-Authentication	26
+VALUE	EAP-Type			Microsoft-MS-CHAPv2	26
 VALUE	EAP-Type			MAKE			27
 VALUE	EAP-Type			CRYPTOCard		28
-VALUE	EAP-Type			EAP-MSCHAP-V2		29
+VALUE	EAP-Type			Cisco-MS-CHAPv2		29
 VALUE	EAP-Type			DynamID			30
 VALUE	EAP-Type			Rob-EAP			31
 VALUE	EAP-Type			SecurID-EAP		32
 VALUE	EAP-Type			MS-Authentication-TLV	33
 VALUE	EAP-Type			SentriNET		34
-VALUE	EAP-Type			EAP-Actiontec-Wireless	35
+VALUE	EAP-Type			Actiontec-Wireless	35
 VALUE	EAP-Type			Cogent-Biomentric-EAP	36
 VALUE	EAP-Type			AirFortress-EAP		37
-VALUE	EAP-Type			EAP-HTTP-Digest		38
+VALUE	EAP-Type			HTTP-Digest		38
+VALUE	EAP-Type			TNC			38
 VALUE	EAP-Type			SecuriSuite-EAP		39
 VALUE	EAP-Type			DeviceConnect-EAP	40
-VALUE	EAP-Type			EAP-SPEKE		41
-VALUE	EAP-Type			EAP-MOBAC		42
-VALUE	EAP-Type			EAP-FAST		43
+VALUE	EAP-Type			SPEKE			41
+VALUE	EAP-Type			MOBAC			42
+VALUE	EAP-Type			FAST			43
 VALUE	EAP-Type			Zonelabs		44
-VALUE	EAP-Type			EAP-Link		45
-VALUE	EAP-Type			EAP-PAX			46
-VALUE	EAP-Type			EAP-PSK			47
-VALUE	EAP-Type			EAP-SAKE		48
-VALUE	EAP-Type			EAP-IKEv2		49
-VALUE	EAP-Type			EAP-AKA2		50
-VALUE	EAP-Type			EAP-GPSK		51
-VALUE	EAP-Type			EAP-PWD			52
-VALUE	EAP-Type			EAP-EVEv1		53
-
-#
-#	These are duplicate values, to get around the problem of
-#	having two MS-CHAPv2 EAP types.
-#
-VALUE	EAP-Type			Microsoft-MS-CHAPv2	26
-VALUE	EAP-Type			Cisco-MS-CHAPv2		29
+VALUE	EAP-Type			Link			45
+VALUE	EAP-Type			PAX			46
+VALUE	EAP-Type			PSK			47
+VALUE	EAP-Type			SAKE			48
+VALUE	EAP-Type			IKEv2			49
+VALUE	EAP-Type			AKA2			50
+VALUE	EAP-Type			GPSK			51
+VALUE	EAP-Type			PWD			52
+VALUE	EAP-Type			EVEv1			53
 
 #
 #	And this is what most people mean by MS-CHAPv2
 #
-VALUE	EAP-Type			MS-CHAP-V2		26
+VALUE	EAP-Type			MSCHAPv2		26
 
 #
 #	This says TLS, but it's only valid for TTLS & PEAP.
diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c
index 0e5d204a1739..24adf1c01a52 100644
--- a/src/modules/rlm_eap/libeap/eapcommon.c
+++ b/src/modules/rlm_eap/libeap/eapcommon.c
@@ -76,7 +76,12 @@ const FR_NAME_NUMBER eap_rcode_table[] = {
 };
 
 /** Return an EAP-Type for a particular name
- *	.
+ *
+ * Converts a name into an IANA EAP type.
+ *
+ * @param name to convert.
+ * @return The IANA EAP type or PW_EAP_INVALID if the name doesn't match any
+ * known types.
  */
 eap_type_t eap_name2type(const char *name)
 {
@@ -87,11 +92,12 @@ eap_type_t eap_name2type(const char *name)
 		return dv->value;
 	}
 	
-	return -1;
+	return PW_EAP_INVALID;
 }
 
 /** Return an EAP-name for a particular type
- *	.
+ *
+ * Resolve
  */
 const char *eap_type2name(eap_type_t method)
 {
diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c
index b821aa47c6f2..eef6b85254cd 100644
--- a/src/modules/rlm_eap/rlm_eap.c
+++ b/src/modules/rlm_eap/rlm_eap.c
@@ -161,6 +161,15 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance)
 			
 			return -1;
 		}
+		
+		if ((method < PW_EAP_MD5) (method > PW_EAP_MAX_TYPES)) {
+			radlog(L_ERR, "rlm_eap: EAP method %s outside of "
+			       "valid range", name);
+
+			eap_detach(inst);
+			
+			return -1;
+		} 
 
 #ifndef HAVE_OPENSSL_SSL_H
 		/*