*
*/
-#include <freeradius-devel/ident.h>
RCSID("$Id$")
-
-#include <freeradius-devel/autoconf.h>
+USES_APPLE_DEPRECATED_API /* OpenSSL API has been deprecated by Apple */
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#include "rlm_eap_tls.h"
-#include "config.h"
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
-static CONF_PARSER cache_config[] = {
- { "enable", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, session_cache_enable), NULL, "no" },
- { "lifetime", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, session_timeout), NULL, "24" },
- { "max_entries", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, session_cache_size), NULL, "255" },
- { "name", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, session_id_name), NULL, NULL},
- { NULL, -1, 0, NULL, NULL } /* end the list */
-};
-
static CONF_PARSER module_config[] = {
- { "rsa_key_exchange", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, rsa_key), NULL, "no" },
- { "dh_key_exchange", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, dh_key), NULL, "yes" },
- { "rsa_key_length", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, rsa_key_length), NULL, "512" },
- { "dh_key_length", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, dh_key_length), NULL, "512" },
- { "verify_depth", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, verify_depth), NULL, "0" },
- { "CA_path", PW_TYPE_FILENAME,
- offsetof(EAP_TLS_CONF, ca_path), NULL, NULL },
- { "pem_file_type", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, file_type), NULL, "yes" },
- { "private_key_file", PW_TYPE_FILENAME,
- offsetof(EAP_TLS_CONF, private_key_file), NULL, NULL },
- { "certificate_file", PW_TYPE_FILENAME,
- offsetof(EAP_TLS_CONF, certificate_file), NULL, NULL },
- { "CA_file", PW_TYPE_FILENAME,
- offsetof(EAP_TLS_CONF, ca_file), NULL, NULL },
- { "private_key_password", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, private_key_password), NULL, NULL },
- { "dh_file", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, dh_file), NULL, NULL },
- { "random_file", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, random_file), NULL, NULL },
- { "fragment_size", PW_TYPE_INTEGER,
- offsetof(EAP_TLS_CONF, fragment_size), NULL, "1024" },
- { "include_length", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, include_length), NULL, "yes" },
- { "check_crl", PW_TYPE_BOOLEAN,
- offsetof(EAP_TLS_CONF, check_crl), NULL, "no"},
- { "check_cert_cn", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, check_cert_cn), NULL, NULL},
- { "cipher_list", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, cipher_list), NULL, NULL},
- { "check_cert_issuer", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, check_cert_issuer), NULL, NULL},
- { "make_cert_command", PW_TYPE_STRING_PTR,
- offsetof(EAP_TLS_CONF, make_cert_command), NULL, NULL},
+ { "tls", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, tls_conf_name), NULL },
- { "cache", PW_TYPE_SUBSECTION, 0, NULL, (const void *) cache_config },
+ { "virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_tls_t, virtual_server), NULL },
- { NULL, -1, 0, NULL, NULL } /* end the list */
+ { NULL, -1, 0, NULL, NULL } /* end the list */
};
/*
- * TODO: Check for the type of key exchange * like conf->dh_key
- */
-static int load_dh_params(SSL_CTX *ctx, char *file)
-{
- DH *dh = NULL;
- BIO *bio;
-
- if ((bio = BIO_new_file(file, "r")) == NULL) {
- radlog(L_ERR, "rlm_eap_tls: Unable to open DH file - %s", file);
- return -1;
- }
-
- dh = PEM_read_bio_DHparams(bio, NULL, NULL, NULL);
- BIO_free(bio);
- if (!dh) {
- DEBUG2("WARNING: rlm_eap_tls: Unable to set DH parameters. DH cipher suites may not work!");
- DEBUG2("WARNING: Fix this by running the OpenSSL command listed in eap.conf");
- return 0;
- }
-
- if (SSL_CTX_set_tmp_dh(ctx, dh) < 0) {
- radlog(L_ERR, "rlm_eap_tls: Unable to set DH parameters");
- DH_free(dh);
- return -1;
- }
-
- DH_free(dh);
- return 0;
-}
-
-
-/*
- * Generate ephemeral RSA keys.
- */
-static int generate_eph_rsa_key(SSL_CTX *ctx)
-{
- RSA *rsa;
-
- rsa = RSA_generate_key(512, RSA_F4, NULL, NULL);
-
- if (!SSL_CTX_set_tmp_rsa(ctx, rsa)) {
- radlog(L_ERR, "rlm_eap_tls: Couldn't set ephemeral RSA key");
- return -1;
- }
-
- RSA_free(rsa);
- return 0;
-}
-
-
-/*
- * These functions don't do anything other than print debugging
- * messages.
- *
- * FIXME: Write sessions to some long-term storage, so that
- * session resumption can still occur after the server
- * restarts.
- */
-#define MAX_SESSION_SIZE (256)
-
-static void cbtls_remove_session(UNUSED SSL_CTX *ctx, SSL_SESSION *sess)
-{
- size_t size;
- char buffer[2 * MAX_SESSION_SIZE + 1];
-
- size = sess->session_id_length;
- if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
-
- fr_bin2hex(sess->session_id, buffer, size);
-
- DEBUG2(" SSL: Removing session %s from the cache", buffer);
- SSL_SESSION_free(sess);
-
- return;
-}
-
-static int cbtls_new_session(UNUSED SSL *s, SSL_SESSION *sess)
-{
- size_t size;
- char buffer[2 * MAX_SESSION_SIZE + 1];
-
- size = sess->session_id_length;
- if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
-
- fr_bin2hex(sess->session_id, buffer, size);
-
- DEBUG2(" SSL: adding session %s to cache", buffer);
-
- return 1;
-}
-
-static SSL_SESSION *cbtls_get_session(UNUSED SSL *s,
- unsigned char *data, int len,
- UNUSED int *copy)
-{
- size_t size;
- char buffer[2 * MAX_SESSION_SIZE + 1];
-
- size = len;
- if (size > MAX_SESSION_SIZE) size = MAX_SESSION_SIZE;
-
- fr_bin2hex(data, buffer, size);
-
- DEBUG2(" SSL: Client requested nonexistent cached session %s",
- buffer);
-
- return NULL;
-}
-
-/*
- * Before trusting a certificate, you must make sure that the
- * certificate is 'valid'. There are several steps that your
- * application can take in determining if a certificate is
- * valid. Commonly used steps are:
- *
- * 1.Verifying the certificate's signature, and verifying that
- * the certificate has been issued by a trusted Certificate
- * Authority.
- *
- * 2.Verifying that the certificate is valid for the present date
- * (i.e. it is being presented within its validity dates).
- *
- * 3.Verifying that the certificate has not been revoked by its
- * issuing Certificate Authority, by checking with respect to a
- * Certificate Revocation List (CRL).
- *
- * 4.Verifying that the credentials presented by the certificate
- * fulfill additional requirements specific to the application,
- * such as with respect to access control lists or with respect
- * to OCSP (Online Certificate Status Processing).
- *
- * NOTE: This callback will be called multiple times based on the
- * depth of the root certificate chain
- */
-static int cbtls_verify(int ok, X509_STORE_CTX *ctx)
-{
- char subject[1024]; /* Used for the subject name */
- char issuer[1024]; /* Used for the issuer name */
- char common_name[1024];
- char cn_str[1024];
- EAP_HANDLER *handler = NULL;
- X509 *client_cert;
- SSL *ssl;
- int err, depth;
- EAP_TLS_CONF *conf;
- int my_ok = ok;
- REQUEST *request;
-
- client_cert = X509_STORE_CTX_get_current_cert(ctx);
- err = X509_STORE_CTX_get_error(ctx);
- depth = X509_STORE_CTX_get_error_depth(ctx);
-
- if (!my_ok) {
- radlog(L_ERR,"--> verify error:num=%d:%s\n",err,
- X509_verify_cert_error_string(err));
- return my_ok;
- }
-
- /*
- * Retrieve the pointer to the SSL of the connection currently treated
- * and the application specific data stored into the SSL object.
- */
- ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx());
- handler = (EAP_HANDLER *)SSL_get_ex_data(ssl, 0);
- request = handler->request;
- conf = (EAP_TLS_CONF *)SSL_get_ex_data(ssl, 1);
-
- /*
- * Get the Subject & Issuer
- */
- subject[0] = issuer[0] = '\0';
- X509_NAME_oneline(X509_get_subject_name(client_cert), subject,
- sizeof(subject));
- X509_NAME_oneline(X509_get_issuer_name(ctx->current_cert), issuer,
- sizeof(issuer));
-
- subject[sizeof(subject) - 1] = '\0';
- issuer[sizeof(issuer) - 1] = '\0';
-
- /*
- * Get the Common Name
- */
- X509_NAME_get_text_by_NID(X509_get_subject_name(client_cert),
- NID_commonName, common_name, sizeof(common_name));
- common_name[sizeof(common_name) - 1] = '\0';
-
- switch (ctx->error) {
-
- case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT:
- radlog(L_ERR, "issuer= %s\n", issuer);
- break;
- case X509_V_ERR_CERT_NOT_YET_VALID:
- case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD:
- radlog(L_ERR, "notBefore=");
-#if 0
- ASN1_TIME_print(bio_err, X509_get_notBefore(ctx->current_cert));
-#endif
- break;
- case X509_V_ERR_CERT_HAS_EXPIRED:
- case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD:
- radlog(L_ERR, "notAfter=");
-#if 0
- ASN1_TIME_print(bio_err, X509_get_notAfter(ctx->current_cert));
-#endif
- break;
- }
-
- /*
- * If we're at the actual client cert, apply additional
- * checks.
- */
- if (depth == 0) {
- /*
- * If the conf tells us to, check cert issuer
- * against the specified value and fail
- * verification if they don't match.
- */
- if (conf->check_cert_issuer &&
- (strcmp(issuer, conf->check_cert_issuer) != 0)) {
- radlog(L_AUTH, "rlm_eap_tls: Certificate issuer (%s) does not match specified value (%s)!", issuer, conf->check_cert_issuer);
- my_ok = 0;
- }
-
- /*
- * If the conf tells us to, check the CN in the
- * cert against xlat'ed value, but only if the
- * previous checks passed.
- */
- if (my_ok && conf->check_cert_cn) {
- if (!radius_xlat(cn_str, sizeof(cn_str), conf->check_cert_cn, handler->request, NULL)) {
- radlog(L_ERR, "rlm_eap_tls (%s): xlat failed.",
- conf->check_cert_cn);
- /* if this fails, fail the verification */
- my_ok = 0;
- } else {
- RDEBUG2("checking certificate CN (%s) with xlat'ed value (%s)", common_name, cn_str);
- if (strcmp(cn_str, common_name) != 0) {
- radlog(L_AUTH, "rlm_eap_tls: Certificate CN (%s) does not match specified value (%s)!", common_name, cn_str);
- my_ok = 0;
- }
- }
- } /* check_cert_cn */
- } /* depth == 0 */
-
- if (debug_flag > 0) {
- RDEBUG2("chain-depth=%d, ", depth);
- RDEBUG2("error=%d", err);
-
- RDEBUG2("--> User-Name = %s", handler->identity);
- RDEBUG2("--> BUF-Name = %s", common_name);
- RDEBUG2("--> subject = %s", subject);
- RDEBUG2("--> issuer = %s", issuer);
- RDEBUG2("--> verify return:%d", my_ok);
- }
- return my_ok;
-}
-
-
-/*
- * Free cached session data, which is always a list of VALUE_PAIRs
- */
-static void eaptls_session_free(UNUSED void *parent, void *data_ptr,
- UNUSED CRYPTO_EX_DATA *ad, UNUSED int idx,
- UNUSED long argl, UNUSED void *argp)
-{
- VALUE_PAIR *vp = data_ptr;
- if (!data_ptr) return;
-
- pairfree(&vp);
-}
-
-
-/*
- * Create Global context SSL and use it in every new session
- *
- * - Load the trusted CAs
- * - Load the Private key & the certificate
- * - Set the Context options & Verify options
- */
-static SSL_CTX *init_tls_ctx(EAP_TLS_CONF *conf)
-{
- SSL_METHOD *meth;
- SSL_CTX *ctx;
- X509_STORE *certstore;
- int verify_mode = SSL_VERIFY_NONE;
- int ctx_options = 0;
- int type;
-
- /*
- * Add all the default ciphers and message digests
- * Create our context.
- */
- SSL_library_init();
- SSL_load_error_strings();
-
- /*
- * SHA256 is in all versions of OpenSSL, but isn't
- * initialized by default. It's needed for WiMAX
- * certificates.
- */
-#ifdef HAVE_OPENSSL_EVP_SHA256
- EVP_add_digest(EVP_sha256());
-#endif
-
- meth = TLSv1_method();
- ctx = SSL_CTX_new(meth);
-
- /*
- * Identify the type of certificates that needs to be loaded
- */
- if (conf->file_type) {
- type = SSL_FILETYPE_PEM;
- } else {
- type = SSL_FILETYPE_ASN1;
- }
-
- /*
- * Set the password to load private key
- */
- if (conf->private_key_password) {
-#ifdef __APPLE__
- /*
- * We don't want to put the private key password in eap.conf, so check
- * for our special string which indicates we should get the password
- * programmatically.
- */
- const char* special_string = "Apple:UseCertAdmin";
- if (strncmp(conf->private_key_password,
- special_string,
- strlen(special_string)) == 0)
- {
- char cmd[256];
- const long max_password_len = 128;
- snprintf(cmd, sizeof(cmd) - 1,
- "/usr/sbin/certadmin --get-private-key-passphrase \"%s\"",
- conf->private_key_file);
-
- DEBUG2("rlm_eap: Getting private key passphrase using command \"%s\"", cmd);
-
- FILE* cmd_pipe = popen(cmd, "r");
- if (!cmd_pipe) {
- radlog(L_ERR, "rlm_eap: %s command failed. Unable to get private_key_password", cmd);
- radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
- return NULL;
- }
-
- free(conf->private_key_password);
- conf->private_key_password = malloc(max_password_len * sizeof(char));
- if (!conf->private_key_password) {
- radlog(L_ERR, "rlm_eap: Can't malloc space for private_key_password");
- radlog(L_ERR, "rlm_eap: Error reading private_key_file %s", conf->private_key_file);
- pclose(cmd_pipe);
- return NULL;
- }
-
- fgets(conf->private_key_password, max_password_len, cmd_pipe);
- pclose(cmd_pipe);
-
- /* Get rid of newline at end of password. */
- conf->private_key_password[strlen(conf->private_key_password) - 1] = '\0';
- DEBUG2("rlm_eap: Password from command = \"%s\"", conf->private_key_password);
- }
-#endif
- SSL_CTX_set_default_passwd_cb_userdata(ctx, conf->private_key_password);
- SSL_CTX_set_default_passwd_cb(ctx, cbtls_password);
- }
-
- /*
- * Load our keys and certificates
- *
- * If certificates are of type PEM then we can make use
- * of cert chain authentication using openssl api call
- * SSL_CTX_use_certificate_chain_file. Please see how
- * the cert chain needs to be given in PEM from
- * openSSL.org
- */
- if (type == SSL_FILETYPE_PEM) {
- if (!(SSL_CTX_use_certificate_chain_file(ctx, conf->certificate_file))) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
- return NULL;
- }
-
- } else if (!(SSL_CTX_use_certificate_file(ctx, conf->certificate_file, type))) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error reading certificate file %s", conf->certificate_file);
- return NULL;
- }
-
- /* Load the CAs we trust */
- if (conf->ca_file || conf->ca_path) {
- if (!SSL_CTX_load_verify_locations(ctx, conf->ca_file, conf->ca_path)) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error reading Trusted root CA list %s",conf->ca_file );
- return NULL;
- }
- }
- if (conf->ca_file && *conf->ca_file) SSL_CTX_set_client_CA_list(ctx, SSL_load_client_CA_file(conf->ca_file));
- if (!(SSL_CTX_use_PrivateKey_file(ctx, conf->private_key_file, type))) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error reading private key file %s", conf->private_key_file);
- return NULL;
- }
-
- /*
- * Check if the loaded private key is the right one
- */
- if (!SSL_CTX_check_private_key(ctx)) {
- radlog(L_ERR, "rlm_eap_tls: Private key does not match the certificate public key");
- return NULL;
- }
-
- /*
- * Set ctx_options
- */
- ctx_options |= SSL_OP_NO_SSLv2;
- ctx_options |= SSL_OP_NO_SSLv3;
-
- /*
- * SSL_OP_SINGLE_DH_USE must be used in order to prevent
- * small subgroup attacks and forward secrecy. Always
- * using
- *
- * SSL_OP_SINGLE_DH_USE has an impact on the computer
- * time needed during negotiation, but it is not very
- * large.
- */
- ctx_options |= SSL_OP_SINGLE_DH_USE;
-
- /*
- * SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS to work around issues
- * in Windows Vista client.
- * http://www.openssl.org/~bodo/tls-cbc.txt
- * http://www.nabble.com/(RADIATOR)-Radiator-Version-3.16-released-t2600070.html
- */
- ctx_options |= SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS;
-
- SSL_CTX_set_options(ctx, ctx_options);
-
- /*
- * TODO: Set the RSA & DH
- * SSL_CTX_set_tmp_rsa_callback(ctx, cbtls_rsa);
- * SSL_CTX_set_tmp_dh_callback(ctx, cbtls_dh);
- */
-
- /*
- * set the message callback to identify the type of
- * message. For every new session, there can be a
- * different callback argument.
- *
- * SSL_CTX_set_msg_callback(ctx, cbtls_msg);
- */
-
- /* Set Info callback */
- SSL_CTX_set_info_callback(ctx, cbtls_info);
-
- /*
- * Callbacks, etc. for session resumption.
- */
- if (conf->session_cache_enable) {
- SSL_CTX_sess_set_new_cb(ctx, cbtls_new_session);
- SSL_CTX_sess_set_get_cb(ctx, cbtls_get_session);
- SSL_CTX_sess_set_remove_cb(ctx, cbtls_remove_session);
-
- SSL_CTX_set_quiet_shutdown(ctx, 1);
- }
-
- /*
- * Check the certificates for revocation.
- */
-#ifdef X509_V_FLAG_CRL_CHECK
- if (conf->check_crl) {
- certstore = SSL_CTX_get_cert_store(ctx);
- if (certstore == NULL) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error reading Certificate Store");
- return NULL;
- }
- X509_STORE_set_flags(certstore, X509_V_FLAG_CRL_CHECK);
- }
-#endif
-
- /*
- * Set verify modes
- * Always verify the peer certificate
- */
- verify_mode |= SSL_VERIFY_PEER;
- verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- verify_mode |= SSL_VERIFY_CLIENT_ONCE;
- SSL_CTX_set_verify(ctx, verify_mode, cbtls_verify);
-
- if (conf->verify_depth) {
- SSL_CTX_set_verify_depth(ctx, conf->verify_depth);
- }
-
- /* Load randomness */
- if (!(RAND_load_file(conf->random_file, 1024*1024))) {
- radlog(L_ERR, "rlm_eap: SSL error %s", ERR_error_string(ERR_get_error(), NULL));
- radlog(L_ERR, "rlm_eap_tls: Error loading randomness");
- return NULL;
- }
-
- /*
- * Set the cipher list if we were told to
- */
- if (conf->cipher_list) {
- if (!SSL_CTX_set_cipher_list(ctx, conf->cipher_list)) {
- radlog(L_ERR, "rlm_eap_tls: Error setting cipher list");
- return NULL;
- }
- }
-
- /*
- * Setup session caching
- */
- if (conf->session_cache_enable) {
- /*
- * Create a unique context Id per EAP-TLS configuration.
- */
- if (conf->session_id_name) {
- snprintf(conf->session_context_id,
- sizeof(conf->session_context_id),
- "FreeRADIUS EAP-TLS %s",
- conf->session_id_name);
- } else {
- snprintf(conf->session_context_id,
- sizeof(conf->session_context_id),
- "FreeRADIUS EAP-TLS %p", conf);
- }
-
- /*
- * Cache it, and DON'T auto-clear it.
- */
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_SERVER | SSL_SESS_CACHE_NO_AUTO_CLEAR);
-
- SSL_CTX_set_session_id_context(ctx,
- (unsigned char *) conf->session_context_id,
- (unsigned int) strlen(conf->session_context_id));
-
- /*
- * Our timeout is in hours, this is in seconds.
- */
- SSL_CTX_set_timeout(ctx, conf->session_timeout * 3600);
-
- /*
- * Set the maximum number of entries in the
- * session cache.
- */
- SSL_CTX_sess_set_cache_size(ctx, conf->session_cache_size);
-
- } else {
- SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
- }
-
- /*
- * Register the application indices. We can't use
- * hard-coded "0" and "1" as before, because we need to
- * set up a "free" handler for the cached session
- * information.
- */
- if (eaptls_handle_idx < 0) {
- eaptls_handle_idx = SSL_get_ex_new_index(0, "eaptls_handle_idx",
- NULL, NULL, NULL);
- }
-
- if (eaptls_conf_idx < 0) {
- eaptls_conf_idx = SSL_get_ex_new_index(0, "eaptls_conf_idx",
- NULL, NULL, NULL);
- }
-
- if (eaptls_session_idx < 0) {
- eaptls_session_idx = SSL_get_ex_new_index(0, "eaptls_session_idx",
- NULL, NULL,
- eaptls_session_free);
- }
-
- return ctx;
-}
-
-
-/*
- * Detach the EAP-TLS module.
- */
-static int eaptls_detach(void *arg)
-{
- EAP_TLS_CONF *conf;
- eap_tls_t *inst;
-
- inst = (eap_tls_t *) arg;
- conf = inst->conf;
-
- if (conf) {
- memset(conf, 0, sizeof(*conf));
- free(inst->conf);
- inst->conf = NULL;
- }
-
- if (inst->ctx) SSL_CTX_free(inst->ctx);
- inst->ctx = NULL;
-
- free(inst);
-
- return 0;
-}
-
-
-/*
* Attach the EAP-TLS module.
*/
static int eaptls_attach(CONF_SECTION *cs, void **instance)
{
- EAP_TLS_CONF *conf;
- eap_tls_t *inst;
-
- /* Store all these values in the data structure for later references */
- inst = (eap_tls_t *)malloc(sizeof(*inst));
- if (!inst) {
- radlog(L_ERR, "rlm_eap_tls: out of memory");
- return -1;
- }
- memset(inst, 0, sizeof(*inst));
+ rlm_eap_tls_t *inst;
/*
* Parse the config file & get all the configured values
*/
- conf = (EAP_TLS_CONF *)malloc(sizeof(*conf));
- if (conf == NULL) {
- free(inst);
- radlog(L_ERR, "rlm_eap_tls: out of memory");
- return -1;
- }
- memset(conf, 0, sizeof(*conf));
+ *instance = inst = talloc_zero(cs, rlm_eap_tls_t);
+ if (!inst) return -1;
- inst->conf = conf;
- if (cf_section_parse(cs, conf, module_config) < 0) {
- eaptls_detach(inst);
- return -1;
- }
-
- /*
- * The EAP RFC's say 1020, but we're less picky.
- */
- if (conf->fragment_size < 100) {
- radlog(L_ERR, "rlm_eap_tls: Fragment size is too small.");
- eaptls_detach(inst);
+ if (cf_section_parse(cs, inst, module_config) < 0) {
return -1;
}
- /*
- * The maximum size for a RADIUS packet is 4096,
- * minus the header (20), Message-Authenticator (18),
- * and State (18), etc. results in about 4000 bytes of data
- * that can be devoted *solely* to EAP.
- */
- if (conf->fragment_size > 4000) {
- radlog(L_ERR, "rlm_eap_tls: Fragment size is too large.");
- eaptls_detach(inst);
- return -1;
- }
-
- /*
- * Account for the EAP header (4), and the EAP-TLS header
- * (6), as per Section 4.2 of RFC 2716. What's left is
- * the maximum amount of data we read from a TLS buffer.
- */
- conf->fragment_size -= 10;
-
- /*
- * This magic makes the administrators life HUGELY easier
- * on initial deployments.
- *
- * If the server starts up in debugging mode, AND the
- * bootstrap command is configured, AND it exists, AND
- * there is no server certificate
- */
- if (conf->make_cert_command && (debug_flag >= 2)) {
- struct stat buf;
-
- if ((stat(conf->make_cert_command, &buf) == 0) &&
- (stat(conf->certificate_file, &buf) < 0) &&
- (errno == ENOENT) &&
- (radius_exec_program(conf->make_cert_command, NULL, 1,
- NULL, 0, NULL, NULL, 0) != 0)) {
- eaptls_detach(inst);
- return -1;
- }
- }
-
+ inst->tls_conf = eaptls_conf_parse(cs, "tls");
- /*
- * Initialize TLS
- */
- inst->ctx = init_tls_ctx(conf);
- if (inst->ctx == NULL) {
- eaptls_detach(inst);
+ if (!inst->tls_conf) {
+ ERROR("rlm_eap_tls: Failed initializing SSL context");
return -1;
}
- if (load_dh_params(inst->ctx, conf->dh_file) < 0) {
- eaptls_detach(inst);
- return -1;
- }
-
- if (generate_eph_rsa_key(inst->ctx) < 0) {
- return -1;
- }
-
- *instance = inst;
-
return 0;
}
/*
- * Send an initial eap-tls request to the peer.
- *
- * Frame eap reply packet.
- * len = header + type + tls_typedata
- * tls_typedata = flags(Start (S) bit set, and no data)
- *
- * Once having received the peer's Identity, the EAP server MUST
- * respond with an EAP-TLS/Start packet, which is an
- * EAP-Request packet with EAP-Type=EAP-TLS, the Start (S) bit
- * set, and no data. The EAP-TLS conversation will then begin,
- * with the peer sending an EAP-Response packet with
- * EAP-Type = EAP-TLS. The data field of that packet will
- * be the TLS data.
- *
- * Fragment length is Framed-MTU - 4.
- *
- * http://mail.frascone.com/pipermail/public/eap/2003-July/001426.html
+ * Send an initial eap-tls request to the peer, using the libeap functions.
*/
-static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler)
+static int eaptls_initiate(void *type_arg, eap_handler_t *handler)
{
int status;
tls_session_t *ssn;
- eap_tls_t *inst;
- VALUE_PAIR *vp;
- int client_cert = TRUE;
- int verify_mode = 0;
+ rlm_eap_tls_t *inst;
REQUEST *request = handler->request;
- inst = (eap_tls_t *)type_arg;
-
- /*
- * Manually flush the sessions every so often. If HALF
- * of the session lifetime has passed since we last
- * flushed, then flush it again.
- *
- * FIXME: Also do it every N sessions?
- */
- if (inst->conf->session_cache_enable &&
- ((inst->conf->session_last_flushed + (inst->conf->session_timeout * 1800)) <= request->timestamp)) {
- RDEBUG2("Flushing SSL sessions (of #%ld)",
- SSL_CTX_sess_number(inst->ctx));
+ inst = type_arg;
- SSL_CTX_flush_sessions(inst->ctx, request->timestamp);
- inst->conf->session_last_flushed = request->timestamp;
- }
-
- /*
- * If we're TTLS or PEAP, then do NOT require a client
- * certificate.
- *
- * FIXME: This should be more configurable.
- */
- if (handler->eap_type != PW_EAP_TLS) {
- vp = pairfind(handler->request->config_items,
- PW_EAP_TLS_REQUIRE_CLIENT_CERT);
- if (!vp) {
- client_cert = FALSE;
- } else {
- client_cert = vp->vp_integer;
- }
- }
+ handler->tls = true;
+ handler->finished = false;
/*
- * Every new session is started only from EAP-TLS-START.
- * Before Sending EAP-TLS-START, open a new SSL session.
- * Create all the required data structures & store them
- * in Opaque. So that we can use these data structures
- * when we get the response
+ * EAP-TLS always requires a client certificate.
*/
- ssn = eaptls_new_session(inst->ctx, client_cert);
+ ssn = eaptls_session(handler, inst->tls_conf, true);
if (!ssn) {
return 0;
}
- /*
- * Verify the peer certificate, if asked.
- */
- if (client_cert) {
- RDEBUG2("Requiring client certificate");
- verify_mode = SSL_VERIFY_PEER;
- verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
- verify_mode |= SSL_VERIFY_CLIENT_ONCE;
- }
- SSL_set_verify(ssn->ssl, verify_mode, cbtls_verify);
-
- /*
- * Create a structure for all the items required to be
- * verified for each client and set that as opaque data
- * structure.
- *
- * NOTE: If we want to set each item sepearately then
- * this index should be global.
- */
- SSL_set_ex_data(ssn->ssl, 0, (void *)handler);
- SSL_set_ex_data(ssn->ssl, 1, (void *)inst->conf);
-
- ssn->length_flag = inst->conf->include_length;
-
- /*
- * We use default fragment size, unless the Framed-MTU
- * tells us it's too big. Note that we do NOT account
- * for the EAP-TLS headers if conf->fragment_size is
- * large, because that config item looks to be confusing.
- *
- * i.e. it should REALLY be called MTU, and the code here
- * should figure out what that means for TLS fragment size.
- * asking the administrator to know the internal details
- * of EAP-TLS in order to calculate fragment sizes is
- * just too much.
- */
- ssn->offset = inst->conf->fragment_size;
- vp = pairfind(handler->request->packet->vps, PW_FRAMED_MTU);
- if (vp && ((vp->vp_integer - 14) < ssn->offset)) {
- /*
- * Discount the Framed-MTU by:
- * 4 : EAPOL header
- * 4 : EAP header (code + id + length)
- * 1 : EAP type == EAP-TLS
- * 1 : EAP-TLS Flags
- * 4 : EAP-TLS Message length
- * (even if conf->include_length == 0,
- * just to be lazy).
- * ---
- * 14
- */
- ssn->offset = vp->vp_integer - 14;
- }
-
handler->opaque = ((void *)ssn);
- handler->free_opaque = session_free;
-
- RDEBUG2("Initiate");
/*
* Set up type-specific information.
*/
- switch (handler->eap_type) {
- case PW_EAP_TLS:
- default:
- ssn->prf_label = "client EAP encryption";
- break;
-
- case PW_EAP_TTLS:
- ssn->prf_label = "ttls keying material";
- break;
-
- /*
- * PEAP-specific breakage.
- */
- case PW_EAP_PEAP:
- /*
- * As it is a poorly designed protocol, PEAP uses
- * bits in the TLS header to indicate PEAP
- * version numbers. For now, we only support
- * PEAP version 0, so it doesn't matter too much.
- * However, if we support later versions of PEAP,
- * we will need this flag to indicate which
- * version we're currently dealing with.
- */
- ssn->peap_flag = 0x00;
-
- /*
- * PEAP version 0 requires 'include_length = no',
- * so rather than hoping the user figures it out,
- * we force it here.
- */
- ssn->length_flag = 0;
-
- ssn->prf_label = "client EAP encryption";
- break;
- }
-
- if (inst->conf->session_cache_enable) {
- ssn->allow_session_resumption = 1; /* otherwise it's zero */
- }
+ ssn->prf_label = "client EAP encryption";
/*
* TLS session initialization is over. Now handle TLS
*/
status = eaptls_start(handler->eap_ds, ssn->peap_flag);
RDEBUG2("Start returned %d", status);
- if (status == 0)
+ if (status == 0) {
return 0;
+ }
/*
* The next stage to process the packet.
/*
* Do authentication, by letting EAP-TLS do most of the work.
*/
-static int eaptls_authenticate(void *arg, EAP_HANDLER *handler)
+static int CC_HINT(nonnull) mod_authenticate(void *type_arg, eap_handler_t *handler)
{
- eaptls_status_t status;
+ fr_tls_status_t status;
tls_session_t *tls_session = (tls_session_t *) handler->opaque;
REQUEST *request = handler->request;
- eap_tls_t *inst = (eap_tls_t *) arg;
+ rlm_eap_tls_t *inst;
+
+ inst = type_arg;
RDEBUG2("Authenticate");
/*
* EAP-TLS handshake was successful, return an
* EAP-TLS-Success packet here.
+ *
+ * If a virtual server was configured, check that
+ * it accepts the certificates, too.
*/
- case EAPTLS_SUCCESS:
+ case FR_TLS_SUCCESS:
+ if (inst->virtual_server) {
+ VALUE_PAIR *vp;
+ REQUEST *fake;
+
+ /* create a fake request */
+ fake = request_alloc_fake(request);
+ rad_assert(!fake->packet->vps);
+
+ fake->packet->vps = paircopy(fake->packet, request->packet->vps);
+
+ /* set the virtual server to use */
+ if ((vp = pairfind(request->config_items, PW_VIRTUAL_SERVER, 0, TAG_ANY)) != NULL) {
+ fake->server = vp->vp_strvalue;
+ } else {
+ fake->server = inst->virtual_server;
+ }
+
+ RDEBUG("Processing EAP-TLS Certificate check:");
+ rad_virtual_server(fake);
+
+ /* copy the reply vps back to our reply */
+ pairfilter(request->reply, &request->reply->vps,
+ &fake->reply->vps, 0, 0, TAG_ANY);
+
+ /* reject if virtual server didn't return accept */
+ if (fake->reply->code != PW_CODE_ACCESS_ACCEPT) {
+ RDEBUG2("Certificates were rejected by the virtual server");
+ talloc_free(fake);
+ eaptls_fail(handler, 0);
+ return 0;
+ }
+
+ talloc_free(fake);
+ /* success */
+ }
break;
/*
* exchange, and it's a valid TLS request.
* do nothing.
*/
- case EAPTLS_HANDLED:
+ case FR_TLS_HANDLED:
return 1;
/*
* Handshake is done, proceed with decoding tunneled
* data.
*/
- case EAPTLS_OK:
- RDEBUG2("Received unexpected tunneled data after successful handshake.");
+ case FR_TLS_OK:
+ RDEBUG2("Received unexpected tunneled data after successful handshake");
#ifndef NDEBUG
if ((debug_flag > 2) && fr_log_fp) {
unsigned int i;
data_len = (tls_session->record_minus)(&tls_session->dirty_in,
buffer, sizeof(buffer));
- log_debug(" Tunneled data (%u bytes)\n", data_len);
+ DEBUG(" Tunneled data (%u bytes)", data_len);
for (i = 0; i < data_len; i++) {
if ((i & 0x0f) == 0x00) fprintf(fr_log_fp, " %x: ", i);
if ((i & 0x0f) == 0x0f) fprintf(fr_log_fp, "\n");
* the client can't re-use it.
*/
default:
- if (inst->conf->session_cache_enable) {
- SSL_CTX_remove_session(inst->ctx,
- tls_session->ssl->session);
- }
+ tls_fail(tls_session);
return 0;
}
/*
- * New sessions cause some additional information to be
- * cached.
- */
- if (!SSL_session_reused(tls_session->ssl)) {
- /*
- * FIXME: Store miscellaneous data.
- */
- RDEBUG2("Adding user data to cached session");
-
-#if 0
- SSL_SESSION_set_ex_data(tls_session->ssl->session,
- ssl_session_idx_user_session, session_data);
-#endif
- } else {
- /*
- * FIXME: Retrieve miscellaneous data.
- */
-#if 0
- data = SSL_SESSION_get_ex_data(tls_session->ssl->session,
- ssl_session_idx_user_session);
-
- if (!session_data) {
- radlog_request(L_ERR, 0, request,
- "No user session data in cached session - "
- " REJECTING");
- return 0;
- }
-#endif
-
- RDEBUG2("Retrieved session data from cached session");
- }
-
- /*
* Success: Automatically return MPPE keys.
*/
return eaptls_success(handler, 0);
* The module name should be the only globally exported symbol.
* That is, everything else should be 'static'.
*/
-EAP_TYPE rlm_eap_tls = {
+rlm_eap_module_t rlm_eap_tls = {
"eap_tls",
eaptls_attach, /* attach */
eaptls_initiate, /* Start the initial request */
NULL, /* authorization */
- eaptls_authenticate, /* authentication */
- eaptls_detach /* detach */
+ mod_authenticate, /* authentication */
+ NULL /* detach */
};
projects / freeradius.git / blobdiff