From 35a65b7fc4aa1809a26d981f481450ecdb510b32 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Wed, 9 Jul 2008 18:05:00 +0200 Subject: [PATCH] Use new RDEBUG macro --- src/modules/rlm_eap/libeap/cb.c | 12 +++++--- src/modules/rlm_eap/libeap/eap_tls.c | 7 +++-- src/modules/rlm_eap/libeap/tls.c | 12 +++++++- .../rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c | 34 ++++++++++++---------- 4 files changed, 42 insertions(+), 23 deletions(-) diff --git a/src/modules/rlm_eap/libeap/cb.c b/src/modules/rlm_eap/libeap/cb.c index b8bd2db..ad2b237 100644 --- a/src/modules/rlm_eap/libeap/cb.c +++ b/src/modules/rlm_eap/libeap/cb.c @@ -32,6 +32,10 @@ void cbtls_info(const SSL *s, int where, int ret) { const char *str, *state; int w; + EAP_HANDLER *handler = (EAP_HANDLER *)SSL_get_ex_data(s, 0); + REQUEST *request = NULL; + + if (handler) request = handler->request; w = where & ~SSL_ST_MASK; if (w & SSL_ST_CONNECT) str=" TLS_connect"; @@ -42,11 +46,11 @@ void cbtls_info(const SSL *s, int where, int ret) state = state ? state : "NULL"; if (where & SSL_CB_LOOP) { - DEBUG2("%s: %s\n", str, state); + RDEBUG2("%s: %s\n", str, state); } else if (where & SSL_CB_HANDSHAKE_START) { - DEBUG2("%s: %s\n", str, state); + RDEBUG2("%s: %s\n", str, state); } else if (where & SSL_CB_HANDSHAKE_DONE) { - DEBUG2("%s: %s\n", str, state); + RDEBUG2("%s: %s\n", str, state); } else if (where & SSL_CB_ALERT) { str=(where & SSL_CB_READ)?"read":"write"; radlog(L_ERR,"TLS Alert %s:%s:%s\n", str, @@ -57,7 +61,7 @@ void cbtls_info(const SSL *s, int where, int ret) radlog(L_ERR, "%s:failed in %s\n", str, state); } else if (ret < 0) { if (SSL_want_read(s)) { - DEBUG2("%s: Need to read more data: %s", + RDEBUG2("%s: Need to read more data: %s", str, state); } else { radlog(L_ERR, "%s:error in %s\n", str, state); diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 23e0ca3..1cef953 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -719,14 +719,15 @@ eaptls_status_t eaptls_process(EAP_HANDLER *handler) tls_session_t *tls_session = (tls_session_t *) handler->opaque; EAPTLS_PACKET *tlspacket; eaptls_status_t status; + REQUEST *request = handler->request; - DEBUG2(" rlm_eap_tls: processing TLS"); + RDEBUG2("processing EAP-TLS"); /* This case is when SSL generates Alert then we * send that alert to the client and then send the EAP-Failure */ status = eaptls_verify(handler); - DEBUG2(" eaptls_verify returned %d\n", status); + RDEBUG2("eaptls_verify returned %d\n", status); switch (status) { default: @@ -757,7 +758,7 @@ eaptls_status_t eaptls_process(EAP_HANDLER *handler) * data" phase. */ case EAPTLS_OK: - DEBUG2(" rlm_eap_tls: Done initial handshake"); + RDEBUG2("Done initial handshake"); /* * Get the rest of the fragments. diff --git a/src/modules/rlm_eap/libeap/tls.c b/src/modules/rlm_eap/libeap/tls.c index 3234e7c..5683306 100644 --- a/src/modules/rlm_eap/libeap/tls.c +++ b/src/modules/rlm_eap/libeap/tls.c @@ -403,6 +403,8 @@ void tls_session_information(tls_session_t *tls_session) { const char *str_write_p, *str_version, *str_content_type = ""; const char *str_details1 = "", *str_details2= ""; + EAP_HANDLER *handler; + REQUEST *request; /* * Don't print this out in the normal course of @@ -585,5 +587,13 @@ void tls_session_information(tls_session_t *tls_session) str_write_p, str_version, str_content_type, (unsigned long)tls_session->info.record_len, str_details1, str_details2); - DEBUG2(" rlm_eap_tls: %s\n", tls_session->info.info_description); + + handler = (EAP_HANDLER *)SSL_get_ex_data(tls_session->ssl, 0); + if (handler) { + request = handler->request; + } else { + request = NULL; + } + + RDEBUG2("%s\n", tls_session->info.info_description); } diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index 5729a0d..acdae93 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -152,6 +152,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) int err, depth; EAP_TLS_CONF *conf; int my_ok = ok; + REQUEST *request; client_cert = X509_STORE_CTX_get_current_cert(ctx); err = X509_STORE_CTX_get_error(ctx); @@ -169,6 +170,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) */ ssl = X509_STORE_CTX_get_ex_data(ctx, SSL_get_ex_data_X509_STORE_CTX_idx()); handler = (EAP_HANDLER *)SSL_get_ex_data(ssl, 0); + request = handler->request; conf = (EAP_TLS_CONF *)SSL_get_ex_data(ssl, 1); /* @@ -239,7 +241,7 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) /* if this fails, fail the verification */ my_ok = 0; } else { - DEBUG2(" rlm_eap_tls: checking certificate CN (%s) with xlat'ed value (%s)", common_name, cn_str); + RDEBUG2("checking certificate CN (%s) with xlat'ed value (%s)", common_name, cn_str); if (strcmp(cn_str, common_name) != 0) { radlog(L_AUTH, "rlm_eap_tls: Certificate CN (%s) does not match specified value (%s)!", common_name, cn_str); my_ok = 0; @@ -249,14 +251,14 @@ static int cbtls_verify(int ok, X509_STORE_CTX *ctx) } /* depth == 0 */ if (debug_flag > 0) { - DEBUG2("chain-depth=%d, ", depth); - DEBUG2("error=%d", err); - - DEBUG2("--> User-Name = %s", handler->identity); - DEBUG2("--> BUF-Name = %s", common_name); - DEBUG2("--> subject = %s", subject); - DEBUG2("--> issuer = %s", issuer); - DEBUG2("--> verify return:%d", my_ok); + RDEBUG2("chain-depth=%d, ", depth); + RDEBUG2("error=%d", err); + + RDEBUG2("--> User-Name = %s", handler->identity); + RDEBUG2("--> BUF-Name = %s", common_name); + RDEBUG2("--> subject = %s", subject); + RDEBUG2("--> issuer = %s", issuer); + RDEBUG2("--> verify return:%d", my_ok); } return my_ok; } @@ -597,6 +599,7 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) VALUE_PAIR *vp; int client_cert = TRUE; int verify_mode = 0; + REQUEST *request = handler->request; inst = (eap_tls_t *)type_arg; @@ -632,7 +635,7 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) * Verify the peer certificate, if asked. */ if (client_cert) { - DEBUG2(" rlm_eap_tls: Requiring client certificate"); + RDEBUG2("Requiring client certificate"); verify_mode = SSL_VERIFY_PEER; verify_mode |= SSL_VERIFY_FAIL_IF_NO_PEER_CERT; verify_mode |= SSL_VERIFY_CLIENT_ONCE; @@ -685,7 +688,7 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) handler->opaque = ((void *)ssn); handler->free_opaque = session_free; - DEBUG2(" rlm_eap_tls: Initiate"); + RDEBUG2("Initiate"); /* * PEAP-specific breakage. @@ -715,7 +718,7 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) * related handshaking or application data. */ status = eaptls_start(handler->eap_ds, ssn->peap_flag); - DEBUG2(" rlm_eap_tls: Start returned %d", status); + RDEBUG2("Start returned %d", status); if (status == 0) return 0; @@ -734,11 +737,12 @@ static int eaptls_authenticate(void *arg UNUSED, EAP_HANDLER *handler) { eaptls_status_t status; tls_session_t *tls_session = (tls_session_t *) handler->opaque; + REQUEST *request = handler->request; - DEBUG2(" rlm_eap_tls: Authenticate"); + RDEBUG2("Authenticate"); status = eaptls_process(handler); - DEBUG2(" eaptls_process returned %d\n", status); + RDEBUG2("eaptls_process returned %d\n", status); switch (status) { /* * EAP-TLS handshake was successful, return an @@ -760,7 +764,7 @@ static int eaptls_authenticate(void *arg UNUSED, EAP_HANDLER *handler) * data. */ case EAPTLS_OK: - DEBUG2(" rlm_eap_tls: Received unexpected tunneled data after successful handshake."); + RDEBUG2("Received unexpected tunneled data after successful handshake."); #ifndef NDEBUG if ((debug_flag > 2) && fr_log_fp) { unsigned int i; -- 2.1.4