/* * Attach the module. */ static int eappeap_attach(CONF_SECTION *cs, void **instance) { rlm_eap_peap_t *inst; inst = malloc(sizeof(*inst)); if (!inst) { radlog(L_ERR, "rlm_eap_peap: out of memory"); return -1; } memset(inst, 0, sizeof(*inst)); /* * Parse the configuration attributes. */ if (cf_section_parse(cs, inst, module_config) < 0) { eappeap_detach(inst); return -1; } /* * Convert the name to an integer, to make it easier to * handle. */ inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name); if (inst->default_eap_type < 0) { radlog(L_ERR, "rlm_eap_peap: Unknown EAP type %s", inst->default_eap_type_name); eappeap_detach(inst); return -1; } /* * Read tls configuration, either from group given by 'tls' * option, or from the eap-tls configuration. */ inst->tls_conf = eaptls_conf_parse(cs, "tls"); if (!inst->tls_conf) { radlog(L_ERR, "rlm_eap_peap: Failed initializing SSL context"); eappeap_detach(inst); return -1; } *instance = inst; return 0; }
/* * Attach the module. */ static int eappeap_attach(CONF_SECTION *cs, void **instance) { rlm_eap_peap_t *inst; *instance = inst = talloc_zero(cs, rlm_eap_peap_t); if (!inst) return -1; /* * Parse the configuration attributes. */ if (cf_section_parse(cs, inst, module_config) < 0) { return -1; } /* * Convert the name to an integer, to make it easier to * handle. */ inst->default_method = eap_name2type(inst->default_method_name); if (inst->default_method < 0) { ERROR("rlm_eap_peap: Unknown EAP type %s", inst->default_method_name); return -1; } /* * Read tls configuration, either from group given by 'tls' * option, or from the eap-tls configuration. */ inst->tls_conf = eaptls_conf_parse(cs, "tls"); if (!inst->tls_conf) { ERROR("rlm_eap_peap: Failed initializing SSL context"); return -1; } return 0; }
/* * Attach the EAP-TLS module. */ static int eaptls_attach(CONF_SECTION *cs, void **instance) { rlm_eap_tls_t *inst; /* * Parse the config file & get all the configured values */ *instance = inst = talloc_zero(cs, rlm_eap_tls_t); if (!inst) return -1; if (cf_section_parse(cs, inst, module_config) < 0) { return -1; } inst->tls_conf = eaptls_conf_parse(cs, "tls"); if (!inst->tls_conf) { ERROR("rlm_eap_tls: Failed initializing SSL context"); return -1; } return 0; }
/* * Attach the module. */ static int mod_instantiate(CONF_SECTION *cs, void **instance) { rlm_eap_fast_t *inst; *instance = inst = talloc_zero(cs, rlm_eap_fast_t); if (!inst) return -1; /* * Parse the configuration attributes. */ if (cf_section_parse(cs, inst, module_config) < 0) { return -1; } if (!cf_section_sub_find_name2(main_config.config, "server", inst->virtual_server)) { ERROR("rlm_eap_fast.virtual_server: Unknown virtual server '%s'", inst->virtual_server); return -1; } inst->default_method = eap_name2type(inst->default_method_name); if (!inst->default_method) { ERROR("rlm_eap_fast.default_provisioning_eap_type: " "Unknown EAP type %s", inst->default_method_name); return -1; } /* * Read tls configuration, either from group given by 'tls' * option, or from the eap-tls configuration. */ inst->tls_conf = eaptls_conf_parse(cs, "tls"); if (!inst->tls_conf) { ERROR("rlm_eap_fast.tls: Failed initializing SSL context"); return -1; } if (talloc_array_length(inst->pac_opaque_key) - 1 != 32) { ERROR("rlm_eap_fast.pac_opaque_key: Must be 32 bytes long"); return -1; } // FIXME TLSv1.2 uses a different PRF and SSL_export_keying_material("key expansion") is forbidden if (!inst->tls_conf->disable_tlsv1_2) { ERROR("rlm_eap_fast.disable_tlsv1_2: require disable_tlsv1_2=yes"); return -1; } if (!inst->pac_lifetime) { ERROR("rlm_eap_fast.pac_lifetime: must be non-zero"); return -1; } rad_assert(PAC_A_ID_LENGTH == MD5_DIGEST_LENGTH); FR_MD5_CTX ctx; fr_md5_init(&ctx); fr_md5_update(&ctx, inst->authority_identity, talloc_array_length(inst->authority_identity) - 1); fr_md5_final(inst->a_id, &ctx); return 0; }