void tls_global_init(void);
int tls_global_version_check(char const *acknowledged);
void tls_global_cleanup(void);
-tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request,
- int client_cert);
+tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQUEST *request, int client_cert);
tls_session_t *tls_new_client_session(fr_tls_server_conf_t *conf, int fd);
fr_tls_server_conf_t *tls_server_conf_parse(CONF_SECTION *cs);
fr_tls_server_conf_t *tls_client_conf_parse(CONF_SECTION *cs);
fr_tls_status_t tls_application_data(tls_session_t *ssn, REQUEST *request);
/* Session */
-void session_free(void *ssn);
void session_close(tls_session_t *ssn);
void session_init(tls_session_t *ssn);
* may be used by multiple listeners.
*/
if (this->tls) {
- if (sock->ssn) session_free(sock->ssn);
+ TALLOC_FREE(sock->ssn);
TALLOC_FREE(sock->request);
#ifdef HAVE_PTHREAD_H
pthread_mutex_destroy(&(sock->mutex));
return ssn;
}
-tls_session_t *tls_new_session(fr_tls_server_conf_t *conf, REQUEST *request,
- int client_cert)
+static int _tls_session_free(tls_session_t *ssn)
+{
+ /*
+ * Free any opaque TTLS or PEAP data.
+ */
+ if ((ssn->opaque) && (ssn->free_opaque)) {
+ ssn->free_opaque(ssn->opaque);
+ ssn->opaque = NULL;
+ }
+
+ session_close(ssn);
+
+ return 0;
+}
+
+tls_session_t *tls_new_session(TALLOC_CTX *ctx, fr_tls_server_conf_t *conf, REQUEST *request, int client_cert)
{
tls_session_t *state = NULL;
SSL *new_tls = NULL;
/* We use the SSL's "app_data" to indicate a call-back */
SSL_set_app_data(new_tls, NULL);
- state = talloc_zero(conf, tls_session_t);
+ state = talloc_zero(ctx, tls_session_t);
session_init(state);
+ talloc_set_destructor(state, _tls_session_free);
state->ctx = conf->ctx;
state->ssl = new_tls;
session_init(ssn);
}
-void session_free(void *ssn)
-{
- tls_session_t *sess = (tls_session_t *)ssn;
-
- if (!ssn) return;
-
- /*
- * Free any opaque TTLS or PEAP data.
- */
- if ((sess->opaque) && (sess->free_opaque)) {
- sess->free_opaque(sess->opaque);
- sess->opaque = NULL;
- }
-
- session_close(sess);
-
- talloc_free(sess);
-}
-
static void record_init(record_t *rec)
{
rec->used = 0;
rad_assert(sock->ssn == NULL);
- sock->ssn = tls_new_session(listener->tls, sock->request,
+ sock->ssn = tls_new_session(listener->tls, listener->tls, sock->request,
listener->tls->require_client_cert);
if (!sock->ssn) {
TALLOC_FREE(sock->request);
#include <assert.h>
#include "eap_tls.h"
-
/*
* Send an initial eap-tls request to the peer.
*
*
* Fragment length is Framed-MTU - 4.
*/
-tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, eap_handler_t *handler, int client_cert)
+tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert)
{
tls_session_t *ssn;
int verify_mode = 0;
* in Opaque. So that we can use these data structures
* when we get the response
*/
- ssn = tls_new_session(tls_conf, request, client_cert);
+ ssn = tls_new_session(handler, tls_conf, request, client_cert);
if (!ssn) {
return NULL;
}
/* EAP-TLS framework */
EAPTLS_PACKET *eaptls_alloc(void);
void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr);
-tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, eap_handler_t *handler, int client_cert);
+tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert);
int eaptls_start(EAP_DS *eap_ds, int peap);
int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply);
client_cert = inst->req_client_cert;
}
- ssn = eaptls_session(inst->tls_conf, handler, client_cert);
+ ssn = eaptls_session(handler, inst->tls_conf, client_cert);
if (!ssn) {
return 0;
}
handler->opaque = ((void *)ssn);
- handler->free_opaque = session_free;
/*
* Set up type-specific information.
/*
* EAP-TLS always requires a client certificate.
*/
- ssn = eaptls_session(inst->tls_conf, handler, true);
+ ssn = eaptls_session(handler, inst->tls_conf, true);
if (!ssn) {
return 0;
}
handler->opaque = ((void *)ssn);
- handler->free_opaque = session_free;
/*
* Set up type-specific information.
/*
* Allocate the TTLS per-session data
*/
-static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst,
- eap_handler_t *handler)
+static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst, eap_handler_t *handler)
{
ttls_tunnel_t *t;
client_cert = inst->req_client_cert;
}
- ssn = eaptls_session(inst->tls_conf, handler, client_cert);
+ ssn = eaptls_session(handler, inst->tls_conf, client_cert);
if (!ssn) {
return 0;
}
handler->opaque = ((void *)ssn);
- handler->free_opaque = session_free;
/*
* Set up type-specific information.