/*
* Attach the module.
*/
static int eappeap_attach(CONF_SECTION *cs, void **instance)
{
rlm_eap_peap_t *inst;
inst = malloc(sizeof(*inst));
if (!inst) {
radlog(L_ERR, "rlm_eap_peap: out of memory");
return -1;
}
memset(inst, 0, sizeof(*inst));
/*
* Parse the configuration attributes.
*/
if (cf_section_parse(cs, inst, module_config) < 0) {
eappeap_detach(inst);
return -1;
}
/*
* Convert the name to an integer, to make it easier to
* handle.
*/
inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name);
if (inst->default_eap_type < 0) {
radlog(L_ERR, "rlm_eap_peap: Unknown EAP type %s",
inst->default_eap_type_name);
eappeap_detach(inst);
return -1;
}
/*
* Read tls configuration, either from group given by 'tls'
* option, or from the eap-tls configuration.
*/
inst->tls_conf = eaptls_conf_parse(cs, "tls");
if (!inst->tls_conf) {
radlog(L_ERR, "rlm_eap_peap: Failed initializing SSL context");
eappeap_detach(inst);
return -1;
}
*instance = inst;
return 0;
}
/*
* Attach the module.
*/
static int eappeap_attach(CONF_SECTION *cs, void **instance)
{
rlm_eap_peap_t *inst;
*instance = inst = talloc_zero(cs, rlm_eap_peap_t);
if (!inst) return -1;
/*
* Parse the configuration attributes.
*/
if (cf_section_parse(cs, inst, module_config) < 0) {
return -1;
}
/*
* Convert the name to an integer, to make it easier to
* handle.
*/
inst->default_method = eap_name2type(inst->default_method_name);
if (inst->default_method < 0) {
ERROR("rlm_eap_peap: Unknown EAP type %s",
inst->default_method_name);
return -1;
}
/*
* Read tls configuration, either from group given by 'tls'
* option, or from the eap-tls configuration.
*/
inst->tls_conf = eaptls_conf_parse(cs, "tls");
if (!inst->tls_conf) {
ERROR("rlm_eap_peap: Failed initializing SSL context");
return -1;
}
return 0;
}
/*
* Attach the EAP-TLS module.
*/
static int eaptls_attach(CONF_SECTION *cs, void **instance)
{
rlm_eap_tls_t *inst;
/*
* Parse the config file & get all the configured values
*/
*instance = inst = talloc_zero(cs, rlm_eap_tls_t);
if (!inst) return -1;
if (cf_section_parse(cs, inst, module_config) < 0) {
return -1;
}
inst->tls_conf = eaptls_conf_parse(cs, "tls");
if (!inst->tls_conf) {
ERROR("rlm_eap_tls: Failed initializing SSL context");
return -1;
}
return 0;
}
/*
* Attach the module.
*/
static int mod_instantiate(CONF_SECTION *cs, void **instance)
{
rlm_eap_fast_t *inst;
*instance = inst = talloc_zero(cs, rlm_eap_fast_t);
if (!inst) return -1;
/*
* Parse the configuration attributes.
*/
if (cf_section_parse(cs, inst, module_config) < 0) {
return -1;
}
if (!cf_section_sub_find_name2(main_config.config, "server", inst->virtual_server)) {
ERROR("rlm_eap_fast.virtual_server: Unknown virtual server '%s'", inst->virtual_server);
return -1;
}
inst->default_method = eap_name2type(inst->default_method_name);
if (!inst->default_method) {
ERROR("rlm_eap_fast.default_provisioning_eap_type: "
"Unknown EAP type %s",
inst->default_method_name);
return -1;
}
/*
* Read tls configuration, either from group given by 'tls'
* option, or from the eap-tls configuration.
*/
inst->tls_conf = eaptls_conf_parse(cs, "tls");
if (!inst->tls_conf) {
ERROR("rlm_eap_fast.tls: Failed initializing SSL context");
return -1;
}
if (talloc_array_length(inst->pac_opaque_key) - 1 != 32) {
ERROR("rlm_eap_fast.pac_opaque_key: Must be 32 bytes long");
return -1;
}
// FIXME TLSv1.2 uses a different PRF and SSL_export_keying_material("key expansion") is forbidden
if (!inst->tls_conf->disable_tlsv1_2) {
ERROR("rlm_eap_fast.disable_tlsv1_2: require disable_tlsv1_2=yes");
return -1;
}
if (!inst->pac_lifetime) {
ERROR("rlm_eap_fast.pac_lifetime: must be non-zero");
return -1;
}
rad_assert(PAC_A_ID_LENGTH == MD5_DIGEST_LENGTH);
FR_MD5_CTX ctx;
fr_md5_init(&ctx);
fr_md5_update(&ctx, inst->authority_identity, talloc_array_length(inst->authority_identity) - 1);
fr_md5_final(inst->a_id, &ctx);
return 0;
}
