Create Module-Failure-Message for *all* callback errors

[freeradius.git] / src / modules / rlm_eap / libeap / cb.c

diff --git a/src/modules/rlm_eap/libeap/cb.c b/src/modules/rlm_eap/libeap/cb.c
index abf1444..72d41d3 100644 (file)
--- a/src/modules/rlm_eap/libeap/cb.c
+++ b/src/modules/rlm_eap/libeap/cb.c
@@ -32,6 +32,11 @@ void cbtls_info(const SSL *s, int where, int ret)
 {
        const char *str, *state;
        int w;
+       EAP_HANDLER *handler = (EAP_HANDLER *)SSL_get_ex_data(s, 0);
+       REQUEST *request = NULL;
+       char buffer[1024];
+
+       if (handler) request = handler->request;
 
        w = where & ~SSL_ST_MASK;
        if (w & SSL_ST_CONNECT) str="    TLS_connect";
@@ -40,23 +45,46 @@ void cbtls_info(const SSL *s, int where, int ret)
 
        state = SSL_state_string_long(s);
        state = state ? state : "NULL";
+       buffer[0] = '\0';
 
        if (where & SSL_CB_LOOP) {
-               if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
+               RDEBUG2("%s: %s\n", str, state);
        } else if (where & SSL_CB_HANDSHAKE_START) {
-               if (debug_flag) radlog(L_INFO, "%s: %s\n", str, state);
+               RDEBUG2("%s: %s\n", str, state);
        } else if (where & SSL_CB_HANDSHAKE_DONE) {
-               radlog(L_INFO, "%s: %s\n", str, state);
+               RDEBUG2("%s: %s\n", str, state);
        } else if (where & SSL_CB_ALERT) {
                str=(where & SSL_CB_READ)?"read":"write";
-               radlog(L_ERR,"TLS Alert %s:%s:%s\n", str,
-                       SSL_alert_type_string_long(ret),
-                       SSL_alert_desc_string_long(ret));
+
+               snprintf(buffer, sizeof(buffer), "TLS Alert %s:%s:%s\n",
+                        str,
+                        SSL_alert_type_string_long(ret),
+                        SSL_alert_desc_string_long(ret));
        } else if (where & SSL_CB_EXIT) {
-               if (ret == 0)
-                       radlog(L_ERR, "%s:failed in %s\n", str, state);
-               else if (ret < 0)
-                       radlog(L_ERR, "%s:error in %s\n", str, state);
+               if (ret == 0) {
+                       snprintf(buffer, sizeof(buffer), "%s: failed in %s",
+                                str, state);
+
+               } else if (ret < 0) {
+                       if (SSL_want_read(s)) {
+                               RDEBUG2("%s: Need to read more data: %s",
+                                      str, state);
+                       } else {
+                               snprintf(buffer, sizeof(buffer),
+                                        "%s: error in %s\n", str, state);
+                       }
+               }
+       }
+
+       if (buffer[0]) {
+               radlog(L_ERR, "%s", buffer);
+               
+               if (request) {
+                       VALUE_PAIR *vp;
+                       
+                       vp = pairmake("Module-Failure-Message", buffer, T_OP_ADD);
+                       if (vp) pairadd(&request->packet->vps, vp);
+               }
        }
 }
 
@@ -103,15 +131,11 @@ int cbtls_password(char *buf,
        return(strlen((char *)userdata));
 }
 
-RSA *cbtls_rsa(SSL *s UNUSED, int is_export UNUSED, int keylength)
-{
-       static RSA *rsa_tmp=NULL;
-
-       if (rsa_tmp == NULL) {
-               radlog(L_INFO, "Generating temp (%d bit) RSA key...", keylength);
-               rsa_tmp=RSA_generate_key(keylength, RSA_F4, NULL, NULL);
-       }
-       return(rsa_tmp);
-}
+/*
+ *     For callbacks
+ */
+int eaptls_handle_idx = -1;
+int eaptls_conf_idx = -1;
+int eaptls_session_idx = -1;
 
 #endif /* !defined(NO_OPENSSL) */