24 RCSID(
"$Id: 0385c516187f4fac97c55749a98a05afbee5bb67 $")
112 ERROR(
"rlm_eap_ttls: Unknown EAP type %s",
124 ERROR(
"rlm_eap_ttls: Failed initializing SSL context");
154 tls_session_t *tls_session;
161 eap_session->tls =
true;
169 client_cert = vp->vp_integer ?
true :
false;
175 if (!tls_session)
return 0;
177 eap_session->opaque = ((
void *)tls_session);
182 tls_session->prf_label =
"ttls keying material";
189 talloc_free(tls_session);
205 fr_tls_status_t status;
207 tls_session_t *tls_session = (tls_session_t *) eap_session->
opaque;
219 if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) {
220 REDEBUG(
"[eap-tls process] = %s",
fr_int2str(fr_tls_status_table, status,
"<INVALID>"));
222 RDEBUG2(
"[eap-tls process] = %s",
fr_int2str(fr_tls_status_table, status,
"<INVALID>"));
234 if (SSL_session_reused(tls_session->ssl)) {
235 RDEBUG(
"Skipping Phase2 due to session resumption");
239 if (t && t->authenticated) {
241 RDEBUG2(
"Using saved attributes from the original Access-Accept");
246 }
else if (t->use_tunneled_reply) {
247 RDEBUG2(
"No saved attributes in the original Access-Accept");
273 case FR_TLS_RECORD_COMPLETE:
287 RDEBUG2(
"Session established. Proceeding to decode tunneled attributes");
293 if (!tls_session->opaque) tls_session->opaque =
ttls_alloc(tls_session, inst);
bool copy_request_to_tunnel
2nd highest priority debug messages (-xx | -X).
static int mod_instantiate(CONF_SECTION *cs, void **instance)
RFC2865 - Access-Challenge.
PW_CODE eap_ttls_process(eap_session_t *eap_session, tls_session_t *tls_session) CC_HINT(nonnull)
void fr_pair_list_mcopy_by_num(TALLOC_CTX *ctx, VALUE_PAIR **to, VALUE_PAIR **from, unsigned int vendor, unsigned int attr, int8_t tag)
Copy / delete matching pairs between VALUE_PAIR lists.
char const * virtual_server
eap_type_t eap_name2type(char const *name)
Return an EAP-Type for a particular name.
char const * tls_conf_name
VALUE_PAIR * vps
Result of decoding the packet into VALUE_PAIRs.
#define CONF_PARSER_TERMINATOR
void * opaque
Opaque data used by EAP methods.
Defines a CONF_PAIR to C data type mapping.
REQUEST * request
Request that contains the response we're processing.
static int mod_session_init(void *instance, eap_session_t *eap_session)
RADIUS_PACKET * proxy
Outgoing request to proxy server.
static int CC_HINT(nonnull)
rlm_eap_module_t rlm_eap_ttls
char const * default_method_name
int eap_tls_success(eap_session_t *eap_session)
Send an EAP-TLS success.
Tracks the progress of a single session of any EAP method.
int cf_section_parse(CONF_SECTION *, void *base, CONF_PARSER const *variables)
Parse a configuration section into user-supplied variables.
Stores an attribute, a value and various bits of other data.
RADIUS_PACKET * reply
Outgoing response.
fr_tls_status_t eap_tls_process(eap_session_t *eap_session)
Process an EAP TLS request.
static int mod_process(void *arg, eap_session_t *eap_session)
char const * name
The name of the sub-module (without rlm_ prefix).
void rdebug_pair_list(log_lvl_t level, REQUEST *, VALUE_PAIR *, char const *)
Print a list of VALUE_PAIRs.
USES_APPLE_DEPRECATED_API struct rlm_eap_ttls_t rlm_eap_ttls_t
tls_session_t * eap_tls_session_init(eap_session_t *eap_session, fr_tls_server_conf_t *tls_conf, bool client_cert)
Create a new tls_session_t associated with an eap_session_t.
bool copy_request_to_tunnel
Interface to call EAP sub mdoules.
#define FR_CONF_OFFSET(_n, _t, _s, _f)
RFC2865/RFC5997 - Status Server (response)
VALUE_PAIR * fr_pair_find_by_num(VALUE_PAIR *head, unsigned int vendor, unsigned int attr, int8_t tag)
Find the pair with the matching attribute.
int eap_tls_fail(eap_session_t *eap_session)
Send an EAP-TLS failure.
static CONF_PARSER module_config[]
fr_tls_server_conf_t * tls_conf
char const * fr_int2str(FR_NAME_NUMBER const *table, int number, char const *def)
static ttls_tunnel_t * ttls_alloc(TALLOC_CTX *ctx, rlm_eap_ttls_t *inst)
fr_tls_server_conf_t * eap_tls_conf_parse(CONF_SECTION *cs, char const *attr)
Parse TLS configuration.
String of printable characters.
int eap_tls_request(eap_session_t *eap_session)
Frames the OpenSSL data that needs to be sent to the client in an EAP-Request.
int eap_tls_start(eap_session_t *eap_session)
Send an initial EAP-TLS request to the peer.
char const * virtual_server
#define USES_APPLE_DEPRECATED_API