/* * Attach the module. */ static int eapttls_attach(CONF_SECTION *cs, void **instance) { rlm_eap_ttls_t *inst; inst = malloc(sizeof(*inst)); if (!inst) { radlog(L_ERR, "rlm_eap_ttls: out of memory"); return -1; } memset(inst, 0, sizeof(*inst)); /* * Parse the configuration attributes. */ if (cf_section_parse(cs, inst, module_config) < 0) { eapttls_detach(inst); return -1; } /* * Convert the name to an integer, to make it easier to * handle. */ inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name); if (inst->default_eap_type < 0) { radlog(L_ERR, "rlm_eap_ttls: Unknown EAP type %s", inst->default_eap_type_name); eapttls_detach(inst); return -1; } *instance = inst; return 0; }
/* * Attach the module. */ static int eappeap_attach(CONF_SECTION *cs, void **instance) { rlm_eap_peap_t *inst; inst = malloc(sizeof(*inst)); if (!inst) { radlog(L_ERR, "rlm_eap_peap: out of memory"); return -1; } memset(inst, 0, sizeof(*inst)); /* * Parse the configuration attributes. */ if (cf_section_parse(cs, inst, module_config) < 0) { eappeap_detach(inst); return -1; } /* * Convert the name to an integer, to make it easier to * handle. */ inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name); if (inst->default_eap_type < 0) { radlog(L_ERR, "rlm_eap_peap: Unknown EAP type %s", inst->default_eap_type_name); eappeap_detach(inst); return -1; } /* * Read tls configuration, either from group given by 'tls' * option, or from the eap-tls configuration. */ inst->tls_conf = eaptls_conf_parse(cs, "tls"); if (!inst->tls_conf) { radlog(L_ERR, "rlm_eap_peap: Failed initializing SSL context"); eappeap_detach(inst); return -1; } *instance = inst; return 0; }
/* * read the config section and load all the eap authentication types present. */ static int eap_instantiate(CONF_SECTION *cs, void **instance) { int i, eap_type; int num_types; CONF_SECTION *scs; rlm_eap_t *inst; inst = (rlm_eap_t *) malloc(sizeof(*inst)); if (!inst) { return -1; } memset(inst, 0, sizeof(*inst)); if (cf_section_parse(cs, inst, module_config) < 0) { eap_detach(inst); return -1; } /* * Create our own random pool. */ for (i = 0; i < 256; i++) { inst->rand_pool.randrsl[i] = fr_rand(); } fr_randinit(&inst->rand_pool, 1); inst->rand_pool.randcnt = 0; inst->xlat_name = cf_section_name2(cs); if (!inst->xlat_name) inst->xlat_name = "EAP"; /* Load all the configured EAP-Types */ num_types = 0; for(scs=cf_subsection_find_next(cs, NULL, NULL); scs != NULL; scs=cf_subsection_find_next(cs, scs, NULL)) { const char *auth_type; auth_type = cf_section_name1(scs); if (!auth_type) continue; if (!strcmp(auth_type, TLS_CONFIG_SECTION)) continue; eap_type = eaptype_name2type(auth_type); if (eap_type < 0) { radlog(L_ERR, "rlm_eap: Unknown EAP type %s", auth_type); eap_detach(inst); return -1; } #ifndef HAVE_OPENSSL_SSL_H /* * This allows the default configuration to be * shipped with EAP-TLS, etc. enabled. If the * system doesn't have OpenSSL, they will be * ignored. * * If the system does have OpenSSL, then this * code will not be used. The administrator will * then have to delete the tls, * etc. configurations from eap.conf in order to * have EAP without the TLS types. */ if ((eap_type == PW_EAP_TLS) || (eap_type == PW_EAP_TTLS) || (eap_type == PW_EAP_PEAP)) { DEBUG2("Ignoring EAP-Type/%s because we do not have OpenSSL support.", auth_type); continue; } #endif /* * Load the type. */ if (eaptype_load(&inst->types[eap_type], eap_type, scs) < 0) { eap_detach(inst); return -1; } num_types++; /* successfully loaded one more types */ } if (num_types == 0) { radlog(L_ERR|L_CONS, "rlm_eap: No EAP type configured, module cannot do anything."); eap_detach(inst); return -1; } /* * Ensure that the default EAP type is loaded. */ eap_type = eaptype_name2type(inst->default_eap_type_name); if (eap_type < 0) { radlog(L_ERR|L_CONS, "rlm_eap: Unknown default EAP type %s", inst->default_eap_type_name); eap_detach(inst); return -1; } if (inst->types[eap_type] == NULL) { radlog(L_ERR|L_CONS, "rlm_eap: No such sub-type for default EAP type %s", inst->default_eap_type_name); eap_detach(inst); return -1; } inst->default_eap_type = eap_type; /* save the numerical type */ /* * List of sessions are set to NULL by the memset * of 'inst', above. */ /* * Lookup sessions in the tree. We don't free them in * the tree, as that's taken care of elsewhere... */ inst->session_tree = rbtree_create(eap_handler_cmp, NULL, 0); if (!inst->session_tree) { radlog(L_ERR|L_CONS, "rlm_eap: Cannot initialize tree"); eap_detach(inst); return -1; } if (fr_debug_flag) { inst->handler_tree = rbtree_create(eap_handler_ptr_cmp, NULL, 0); if (!inst->handler_tree) { radlog(L_ERR|L_CONS, "rlm_eap: Cannot initialize tree"); eap_detach(inst); return -1; } #ifdef HAVE_PTHREAD_H if (pthread_mutex_init(&(inst->handler_mutex), NULL) < 0) { radlog(L_ERR|L_CONS, "rlm_eap: Failed initializing mutex: %s", strerror(errno)); eap_detach(inst); return -1; } #endif } #ifdef HAVE_PTHREAD_H if (pthread_mutex_init(&(inst->session_mutex), NULL) < 0) { radlog(L_ERR|L_CONS, "rlm_eap: Failed initializing mutex: %s", strerror(errno)); eap_detach(inst); return -1; } #endif *instance = inst; return 0; }