It just caches User-Name right now, and doesn't do much else.
But it's slightly better than it was before.
return(strlen((char *)userdata));
}
+/*
+ * For callbacks
+ */
+int eaptls_handle_idx = -1;
+int eaptls_conf_idx = -1;
+int eaptls_session_idx = -1;
+
#endif /* !defined(NO_OPENSSL) */
int eaptls_success(EAP_HANDLER *handler, int peap_flag)
{
EAPTLS_PACKET reply;
+ VALUE_PAIR *vp, *vps = NULL;
+ REQUEST *request = handler->request;
tls_session_t *tls_session = handler->opaque;
reply.code = EAPTLS_SUCCESS;
reply.data = NULL;
reply.dlen = 0;
+ /*
+ * Store the reply, if configured.
+ */
+ if (!SSL_session_reused(tls_session->ssl)) {
+ RDEBUG2("Saving response in the cache");
+
+ vp = paircopy2(request->reply->vps, PW_USER_NAME);
+ pairadd(&vps, vp);
+
+ vp = paircopy2(request->packet->vps, PW_STRIPPED_USER_NAME);
+ pairadd(&vps, vp);
+
+ if (vps) {
+ SSL_SESSION_set_ex_data(tls_session->ssl->session,
+ eaptls_session_idx, vps);
+ }
+
+ /*
+ * Copy the previous reply.
+ */
+ } else {
+ vp = SSL_SESSION_get_ex_data(tls_session->ssl->session,
+ eaptls_session_idx);
+ if (!vp) {
+ RDEBUG("WARNING: No information in cached session!");
+ /*
+ * FIXME: Call eaptls_fail, and return 0
+ */
+ return 1;
+ }
+
+ RDEBUG("Adding cached attributes to the reply:");
+ debug_pair_list(vp);
+ pairadd(&request->reply->vps, paircopy(vp));
+ }
+
+ /*
+ * Call compose AFTER checking for cached data.
+ */
eaptls_compose(handler->eap_ds, &reply);
/*
return 1;
}
+
#define SET_MORE_FRAGMENTS(x) ((x) | (0x40))
#define SET_LENGTH_INCLUDED(x) ((x) | (0x80))
-
/*
* Following enums from rfc2246
*
void session_close(tls_session_t *ssn);
void session_init(tls_session_t *ssn);
+/* SSL Indicies for ex data */
+extern int eaptls_handle_idx;
+extern int eaptls_conf_idx;
+extern int eaptls_session_idx;
+
#endif /*_EAP_TLS_H*/
static int map_eapsim_types(RADIUS_PACKET *r);
static int unmap_eapsim_types(RADIUS_PACKET *r);
+void debug_pair_list(UNUSED VALUE_PAIR *vp)
+{
+ return;
+}
+
static void NEVER_RETURNS usage(void)
{
fprintf(stderr, "Usage: radeapclient [options] server[:port] <command> [<secret>]\n");
/*
* Success: Automatically return MPPE keys.
*/
- eaptls_success(handler, 0);
- return 1;
+ return eaptls_success(handler, 0);
default:
RDEBUG2("Reply was unknown.");
case RLM_MODULE_OK:
/*
- * Success: Automatically return MPPE keys.
- */
- eaptls_success(handler, 0);
-
- /*
* Move the saved VP's from the Access-Accept to
* our Access-Accept.
*/
peap = tls_session->opaque;
if (peap->accept_vps) {
- DEBUG2(" Using saved attributes from the original Access-Accept");
+ RDEBUG2("Using saved attributes from the original Access-Accept");
+ pairmove(&handler->request->reply->vps, &peap->accept_vps);
+ pairfree(&peap->accept_vps);
}
- pairmove(&handler->request->reply->vps, &peap->accept_vps);
- pairfree(&peap->accept_vps);
- return 1;
+
+ /*
+ * Success: Automatically return MPPE keys.
+ */
+ return eaptls_success(handler, 0);
/*
* No response packet, MUST be proxying it.
/*
+ * Free cached session data, which is always a list of VALUE_PAIRs
+ */
+void eaptls_session_free(void *parent, void *data_ptr, CRYPTO_EX_DATA *ad,
+ int idx, long argl, void *argp)
+{
+ VALUE_PAIR *vp = data_ptr;
+ if (!data_ptr) return;
+
+ pairfree(&vp);
+}
+
+
+/*
* Create Global context SSL and use it in every new session
*
* - Load the trusted CAs
SSL_CTX_set_session_cache_mode(ctx, SSL_SESS_CACHE_OFF);
}
+ /*
+ * Register the application indices. We can't use
+ * hard-coded "0" and "1" as before, because we need to
+ * set up a "free" handler for the cached session
+ * information.
+ */
+ if (eaptls_handle_idx < 0) {
+ eaptls_handle_idx = SSL_get_ex_new_index(0, "eaptls_handle_idx",
+ NULL, NULL, NULL);
+ }
+
+ if (eaptls_conf_idx < 0) {
+ eaptls_conf_idx = SSL_get_ex_new_index(0, "eaptls_conf_idx",
+ NULL, NULL, NULL);
+ }
+
+ if (eaptls_session_idx < 0) {
+ eaptls_session_idx = SSL_get_ex_new_index(0, "eaptls_session_idx",
+ NULL, NULL,
+ eaptls_session_free);
+ }
+
return ctx;
}
/*
* Success: Automatically return MPPE keys.
*/
- eaptls_success(handler, 0);
- return 1;
+ return eaptls_success(handler, 0);
}
/*
/*
* Success: Automatically return MPPE keys.
*/
- eaptls_success(handler, 0);
+ return eaptls_success(handler, 0);
} else {
eaptls_request(handler->eap_ds, tls_session);
}
* Success: Automatically return MPPE keys.
*/
case PW_AUTHENTICATION_ACK:
- eaptls_success(handler, 0);
- return 1;
+ return eaptls_success(handler, 0);
/*
* No response packet, MUST be proxying it.
/*
* Success: Automatically return MPPE keys.
*/
- eaptls_success(handler, 0);
- return 1;
+ return eaptls_success(handler, 0);
default:
RDEBUG("Reply was unknown.");