From: Arran Cudbard-Bell Date: Sat, 16 Mar 2013 03:46:30 +0000 (-0400) Subject: Fixup rlm_eap and submodules, correcting data types and removing cruft X-Git-Tag: release_3_0_0_beta1~740 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=120806ed6596a31e8cdcd486427f6f96a165b898;p=thirdparty%2Ffreeradius-server.git Fixup rlm_eap and submodules, correcting data types and removing cruft --- diff --git a/src/include/tls-h b/src/include/tls-h index a44c134af0e..10480d8a690 100644 --- a/src/include/tls-h +++ b/src/include/tls-h @@ -106,7 +106,7 @@ typedef struct _tls_info_t { } tls_info_t; /* - * tls_session_t Structure gets stored as opaque in EAP_HANDLER + * tls_session_t Structure gets stored as opaque in eap_handler_t * This contains EAP-REQUEST specific data * (ie FR_TLS_DATA(fragment), EAPTLS-ALERT, EAPTLS-REQUEST ...) * diff --git a/src/main/modules.c b/src/main/modules.c index 68a4cdce291..7c704a54163 100644 --- a/src/main/modules.c +++ b/src/main/modules.c @@ -184,8 +184,6 @@ typedef struct lt_dlmodule_t { void *ref; } lt_dlmodule_t; -typedef struct eap_type_data_t EAP_TYPE; -typedef struct rlm_sql_module_t rlm_sql_module_t; /* * FIXME: Write hackery to auto-generate this data. @@ -197,8 +195,8 @@ extern module_t rlm_eap; extern module_t rlm_sql; /* and so on ... */ -extern EAP_TYPE rlm_eap_md5; -extern rlm_sql_module_t rlm_sql_mysql; +extern struct eap_type_data_t rlm_eap_md5; +extern struct rlm_sql_module_t rlm_sql_mysql; /* and so on ... */ static const lt_dlmodule_t lt_dlmodules[] = { diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c index ad46bc85b92..5587b452f30 100644 --- a/src/modules/rlm_eap/eap.c +++ b/src/modules/rlm_eap/eap.c @@ -56,25 +56,26 @@ #include #include + RCSID("$Id$") #include "rlm_eap.h" static const char *eap_codes[] = { - "", /* 0 is invalid */ - "request", - "response", - "success", - "failure" + "", /* 0 is invalid */ + "request", + "response", + "success", + "failure" }; -static int eaptype_free(void *ctx) +static int eap_module_free(void *ctx) { - EAP_TYPES *node; + eap_module_t *inst; - node = talloc_get_type_abort(ctx, EAP_TYPES); + inst = talloc_get_type_abort(ctx, eap_module_t); - if (node->type->detach) (node->type->detach)(node->type_data); + if (inst->type->detach) (inst->type->detach)(inst->instance); #ifndef NDEBUG /* @@ -84,7 +85,7 @@ static int eaptype_free(void *ctx) */ if (!mainconfig.debug_memory) #endif - if (node->handle) lt_dlclose(node->handle); + if (inst->handle) lt_dlclose(inst->handle); return 0; } @@ -93,150 +94,270 @@ static int eaptype_free(void *ctx) * Load all the required eap authentication types. * Get all the supported EAP-types from config file. */ -int eaptype_load(EAP_TYPES **type, int eap_type, CONF_SECTION *cs) +int eap_module_load(eap_module_t **instance, eap_type_t method, + CONF_SECTION *cs) { - char buffer[64]; - char namebuf[64]; - const char *eaptype_name; - EAP_TYPES *node; - - eaptype_name = eap_type_data_type2name(eap_type, namebuf, sizeof(namebuf)); - snprintf(buffer, sizeof(buffer), "rlm_eap_%s", eaptype_name); + eap_module_t *inst; + const char *mod_name; /* Make room for the EAP-Type */ - *type = node = talloc_zero(cs, EAP_TYPES); - if (!node) return -1; + *instance = inst = talloc_zero(cs, eap_module_t); + if (!inst) return -1; - talloc_set_destructor((void *) node, eaptype_free); + talloc_set_destructor((void *) inst, eap_module_free); /* fill in the structure */ - node->cs = cs; - + inst->cs = cs; + inst->typename = eap_type2name(method); + /* - * In general, this is a terrible idea. It works here - * solely because the eap_type2name function returns a - * 'static const char *' pointer sometimes, and we can - * ONLY link to module which are named in that static - * array. + * The name of the module were trying to load */ - node->typename = eaptype_name; - node->type_data = NULL; + mod_name = talloc_asprintf(inst, "rlm_eap_%s", inst->typename); + inst->instance = NULL; #if !defined(WITH_LIBLTDL) && defined(HAVE_DLFCN_H) && defined(RTLD_SELF) - node->type = (EAP_TYPE *)lt_dlsym(RTLD_SELF, buffer); - if (node->type) goto open_self; + inst->type = (rlm_eap_module_t *)lt_dlsym(RTLD_SELF, buffer); + if (inst->type) goto open_self; #endif - /* Link the loaded EAP-Type */ - node->handle = lt_dlopenext(buffer); - if (node->handle == NULL) { - radlog(L_ERR, "rlm_eap: Failed to link EAP-Type/%s: %s", - eaptype_name, lt_dlerror()); + /* + * Link the loaded EAP-Type + */ + inst->handle = lt_dlopenext(mod_name); + if (inst->handle == NULL) { + radlog(L_ERR, "rlm_eap: Failed to link %s: %s", + mod_name, lt_dlerror()); + return -1; } - node->type = (EAP_TYPE *)lt_dlsym(node->handle, buffer); - if (!node->type) { - radlog(L_ERR, "rlm_eap: Failed linking to %s structure in %s: %s", - buffer, eaptype_name, lt_dlerror()); + inst->type = (rlm_eap_module_t *)lt_dlsym(inst->handle, mod_name); + if (!inst->type) { + radlog(L_ERR, "rlm_eap: Failed linking to structure in %s: %s", + inst->typename, lt_dlerror()); + return -1; } #if !defined(WITH_LIBLTDL) && defined(HAVE_DLFCN_H) && defined(RTLD_SELF) open_self: #endif - cf_log_module(cs, "Linked to sub-module %s", buffer); - - cf_log_module(cs, "Instantiating eap-%s", eaptype_name); - - if ((node->type->attach) && - ((node->type->attach)(node->cs, &(node->type_data)) < 0)) { - - radlog(L_ERR, "rlm_eap: Failed to initialize type %s", - eaptype_name); - talloc_steal(node, node->type_data); + cf_log_module(cs, "Linked to sub-module %s", mod_name); + + /* + * Call the attach method in the EAP Method module + */ + if ((inst->type->attach) && + ((inst->type->attach)(inst->cs, &(inst->instance)) < 0)) { + radlog(L_ERR, "rlm_eap: Failed to initialise %s", + mod_name); + + talloc_steal(inst, inst->instance); + return -1; } - if (node->type_data) { - talloc_steal(node, node->type_data); + if (inst->instance) { + talloc_steal(inst, inst->instance); } - *type = node; + return 0; } /* - * Call the appropriate handle with the right eap_type. + * Call the appropriate handle with the right eap_method. */ -static int eaptype_call(EAP_TYPES *atype, EAP_HANDLER *handler) +static int eap_module_call(eap_module_t *module, eap_handler_t *handler) { int rcode = 1; REQUEST *request = handler->request; - const char *module = request->module; + + const char *caller = request->module; - RDEBUG2("processing type %s", atype->typename); - request->module = atype->typename; + RDEBUG2("Calling %s to process EAP data", module->type->name); + + request->module = module->type->name; - rad_assert(atype != NULL); + rad_assert(module != NULL); switch (handler->stage) { case INITIATE: - if (!atype->type->initiate(atype->type_data, handler)) + if (!module->type->initiate(module->instance, handler)) { rcode = 0; + } + break; case AUTHORIZE: /* * The called function updates the EAP reply packet. */ - if (!atype->type->authorize || - !atype->type->authorize(atype->type_data, handler)) + if (!module->type->authorize || + !module->type->authorize(module->instance, handler)) { rcode = 0; + } + break; case AUTHENTICATE: /* * The called function updates the EAP reply packet. */ - if (!atype->type->authenticate || - !atype->type->authenticate(atype->type_data, handler)) + if (!module->type->authenticate || + !module->type->authenticate(module->instance, handler)) { rcode = 0; + } + break; default: /* Should never enter here */ - RDEBUG("Internal sanity check failed on eap_type"); + RDEBUG("Internal sanity check failed on eap"); rcode = 0; break; } - request->module = module; + request->module = caller; return rcode; } -/* - * Based on TYPE, call the appropriate EAP-type handler - * Default to the configured EAP-Type - * for all Unsupported EAP-Types +/** Process NAK data from EAP peer + * */ -int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) +static eap_type_t eap_process_nak(rlm_eap_t *inst, REQUEST *request, + eap_type_t type, + eap_type_data_t *nak) { - size_t i; - unsigned int default_eap_type = inst->default_eap_type; - eap_type_data_t *eaptype; - VALUE_PAIR *vp; - char namebuf[64]; - const char *eaptype_name; - REQUEST *request = handler->request; + unsigned int i; + VALUE_PAIR *vp; + eap_type_t method = PW_EAP_INVALID; + + /* + * The NAK data is the preferred EAP type(s) of + * the client. + * + * RFC 3748 says to list one or more proposed + * alternative types, one per octet, or to use + * 0 for no alternative. + */ + if (!nak->data) { + RDEBUGE("Peer sent empty (invalid) NAK. " + "Can't select method to continue with"); - eaptype = &handler->eap_ds->response->type; + return EAP_INVALID; + } + /* + * Pick one type out of the one they asked for, + * as they may have asked for many. + */ + vp = pairfind(request->config_items, PW_EAP_TYPE, 0, TAG_ANY); + for (i = 0; i < nak->length; i++) { + /* + * Type 0 is valid, and means there are no + * common choices. + */ + if (nak->data[i] == 0) { + RDEBUG("Peer NAK'd indicating it is not willing to " + "continue "); + + return PW_EAP_INVALID; + } + + /* + * It is invalid to request identity, + * notification & nak in nak. + */ + if (nak->data[i] < PW_EAP_MD5) { + RDEBUGE("Peer NAK'd asking for bad " + "type %s (%d)", + eap_type2name(nak->data[i]), + nak->data[i]); + + return PW_EAP_INVALID; + } + + if ((nak->data[i] >= PW_EAP_MAX_TYPES) || + !inst->methods[nak->data[i]]) { + RDEBUG2("Peer NAK'd asking for " + "unsupported type %s (%d), skipping...", + eap_type2name(nak->data[i]), + nak->data[i]); + + continue; + } + + /* + * Prevent a firestorm if the client is confused. + */ + if (type == nak->data[i]) { + RDEBUG2("Peer NAK'd our request for " + "%s (%d) with a request for " + "%s (%d), skipping...", + eap_type2name(nak->data[i]), + nak->data[i], + eap_type2name(nak->data[i]), + nak->data[i]); + + continue; + } + + /* + * Enforce per-user configuration of EAP + * types. + */ + if (vp && (vp->vp_integer != nak->data[i])) { + RDEBUG2("Peer wants %s (%d), while we " + "require %s (%d), skipping", + eap_type2name(nak->data[i]), + nak->data[i], + eap_type2name(vp->vp_integer), + vp->vp_integer); + + continue; + } + + RDEBUG("Found mutually acceptable type %s (%d)", + eap_type2name(nak->data[i]), nak->data[i]); + + method = nak->data[i]; + + break; + } + + if (method == PW_EAP_INVALID) { + RDEBUGE("No mutually acceptable types found"); + } + + return method; +} + +/** Select the correct callback based on a response + * + * Based on the EAP response from the supplicant, call the appropriate + * method callback. + * + * Default to the configured EAP-Type for all Unsupported EAP-Types. + * + * @param inst Configuration data for this instance of rlm_eap. + * @param handler State data that persists over multiple rounds of EAP. + * @return a status code. + */ +eap_code_t eap_method_select(rlm_eap_t *inst, eap_handler_t *handler) +{ + eap_type_data_t *type = &handler->eap_ds->response->type; + REQUEST *request = handler->request; + + eap_type_t next = inst->default_method; + VALUE_PAIR *vp; + /* * Don't trust anyone. */ - if ((eaptype->type == 0) || - (eaptype->type >= PW_EAP_MAX_TYPES)) { - RDEBUG2("Asked to select bad type"); + if ((type->num == 0) || (type->num >= PW_EAP_MAX_TYPES)) { + RDEBUGE("Peer sent type (%d), which is outside known range"); + return EAP_INVALID; } @@ -245,64 +366,58 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) */ if (handler->request->parent && handler->request->parent->parent) { RDEBUG2("Multiple levels of TLS nesting is invalid."); + return EAP_INVALID; } + RDEBUG2("EAP Peer sent %s (%d)", eap_type2name(type->num), + type->num); /* * Figure out what to do. */ - switch(eaptype->type) { + switch(type->num) { case PW_EAP_IDENTITY: - RDEBUG2("EAP Identity"); - /* * Allow per-user configuration of EAP types. */ - vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY); - if (vp) default_eap_type = vp->vp_integer; - - do_initiate: + vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, + TAG_ANY); + if (vp) next = vp->vp_integer; + /* * Ensure it's valid. */ - if ((default_eap_type < PW_EAP_MD5) || - (default_eap_type >= PW_EAP_MAX_TYPES) || - (inst->types[default_eap_type] == NULL)) { - RDEBUG2("No such EAP type %s", - eap_type_data_type2name(default_eap_type, - namebuf, sizeof(namebuf))); + if ((next < PW_EAP_MD5) || + (next >= PW_EAP_MAX_TYPES) || + (inst->methods[next] == NULL)) { + RDEBUG2E("Tried to start unsupported method (%d)", + next); + return EAP_INVALID; } - handler->stage = INITIATE; - handler->eap_type = default_eap_type; + do_initiate: + /* + * If any of these fail, we messed badly somewhere + */ + rad_assert(next >= PW_EAP_MD5); + rad_assert(next < PW_EAP_MAX_TYPES); + rad_assert(inst->methods[next]); - if ((default_eap_type == PW_EAP_TNC) && - !handler->request->parent) { - RDEBUG2E("EAP-TNC must be run inside of a TLS method."); - return EAP_INVALID; - } + handler->stage = INITIATE; + handler->type = next; - if (eaptype_call(inst->types[default_eap_type], - handler) == 0) { - RDEBUG2("Default EAP type %s failed in initiate", - eap_type_data_type2name(default_eap_type, - namebuf, sizeof(namebuf))); + if (eap_module_call(inst->methods[next], handler) == 0) { + RDEBUG2E("Failed starting EAP %s (%d) session. " + "EAP sub-module failed", + eap_type2name(next), + next); + return EAP_INVALID; } break; case PW_EAP_NAK: - /* - * The NAK data is the preferred EAP type(s) of - * the client. - * - * RFC 3748 says to list one or more proposed - * alternative types, one per octet, or to use - * 0 for no alternative. - */ - RDEBUG2("EAP NAK"); - /* * Delete old data, if necessary. */ @@ -311,89 +426,16 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) handler->free_opaque = NULL; handler->opaque = NULL; } - - if (eaptype->data == NULL) { - RDEBUG2E("Client sent empty NAK packet, cannot decide what EAP type it wants."); - return EAP_INVALID; - } - - /* - * Pick one type out of the one they asked for, - * as they may have asked for many. - */ - default_eap_type = 0; - vp = pairfind(handler->request->config_items, PW_EAP_TYPE, 0, TAG_ANY); - for (i = 0; i < eaptype->length; i++) { - /* - * It is invalid to request identity, - * notification & nak in nak. - * - * Type 0 is valid, and means there are no - * common choices. - */ - if (eaptype->data[i] < PW_EAP_MD5) { - RDEBUG2E("Client sent NAK asking for bad type %d", - eaptype->data[i]); - return EAP_INVALID; - } - - if ((eaptype->data[i] >= PW_EAP_MAX_TYPES) || - !inst->types[eaptype->data[i]]) { - DICT_VALUE *dv; - - dv = dict_valbyattr(PW_EAP_TYPE, 0, eaptype->data[i]); - if (dv) { - RDEBUG2E("Client NAK asked for unsupported type %s", - dv->name); - } else { - RDEBUG2E("Client NAK asked for unsupported type %d", - eaptype->data[i]); - } - continue; - } - - eaptype_name = eap_type_data_type2name(eaptype->data[i], - namebuf, - sizeof(namebuf)); - - /* - * Prevent a firestorm if the client is confused. - */ - if (handler->eap_type == eaptype->data[i]) { - RDEBUG2E("Client NAK'd our request for %s with a request for %s. Ignoring it.", - eaptype_name, eaptype_name); - continue; - } - - /* - * Enforce per-user configuration of EAP - * types. - */ - if (vp && (vp->vp_integer != eaptype->data[i])) { - char mynamebuf[64]; - RDEBUG2("Client wants %s, while we require %s. Skipping the requested type.", - eaptype_name, - eap_type_data_type2name(vp->vp_integer, - mynamebuf, - sizeof(mynamebuf))); - continue; - } - - default_eap_type = eaptype->data[i]; - break; - } + + next = eap_process_nak(inst, handler->request, + handler->type, type); /* * We probably want to return 'fail' here... */ - if (!default_eap_type) { - RDEBUG2("No common EAP types found."); + if (!next) { return EAP_INVALID; } - eaptype_name = eap_type_data_type2name(default_eap_type, - namebuf, sizeof(namebuf)); - RDEBUG2("EAP-NAK asked for EAP-Type/%s", - eaptype_name); goto do_initiate; break; @@ -402,26 +444,31 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) * Key off of the configured sub-modules. */ default: - eaptype_name = eap_type_data_type2name(eaptype->type, - namebuf, - sizeof(namebuf)); - RDEBUG2("EAP/%s", eaptype_name); + RDEBUG2("EAP %s (%d)", + eap_type2name(type->num), + type->num); /* * We haven't configured it, it doesn't exit. */ - if (!inst->types[eaptype->type]) { - RDEBUG2E("Client ask for unsupported EAP type %d", - eaptype->type); + if (!inst->methods[type->num]) { + RDEBUG2E("Client asked for unsupported " + "type %s (%d)", + eap_type2name(type->num), + type->num); + return EAP_INVALID; } rad_assert(handler->stage == AUTHENTICATE); - handler->eap_type = eaptype->type; - if (eaptype_call(inst->types[eaptype->type], - handler) == 0) { - RDEBUG2("Handler failed in EAP/%s", - eaptype_name); + handler->type = type->num; + if (eap_module_call(inst->methods[type->num], + handler) == 0) { + RDEBUG2E("Failed continuing EAP %s (%d) session. " + "EAP sub-module failed", + eap_type2name(type->num), + type->num); + return EAP_INVALID; } break; @@ -438,7 +485,7 @@ int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *handler) * Set the RADIUS reply codes based on EAP request codes. Append * any additonal VPs to RADIUS reply */ -rlm_rcode_t eap_compose(EAP_HANDLER *handler) +rlm_rcode_t eap_compose(eap_handler_t *handler) { VALUE_PAIR *vp; eap_packet_raw_t *eap_packet; @@ -507,11 +554,11 @@ rlm_rcode_t eap_compose(EAP_HANDLER *handler) */ if (((eap_ds->request->code == PW_EAP_REQUEST) || (eap_ds->request->code == PW_EAP_RESPONSE)) && - (eap_ds->request->type.type == 0)) { - rad_assert(handler->eap_type >= PW_EAP_MD5); - rad_assert(handler->eap_type < PW_EAP_MAX_TYPES); + (eap_ds->request->type.num == 0)) { + rad_assert(handler->type >= PW_EAP_MD5); + rad_assert(handler->type < PW_EAP_MAX_TYPES); - eap_ds->request->type.type = handler->eap_type; + eap_ds->request->type.num = handler->type; } /* @@ -643,7 +690,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) */ if ((eap_msg->length == 0) || (eap_msg->length == 2)) { EAP_DS *eap_ds; - EAP_HANDLER handler; + eap_handler_t handler; /* * It's a valid EAP-Start, but the request @@ -652,7 +699,8 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) */ if (proxy) { do_proxy: - RDEBUG2("Request is supposed to be proxied to Realm %s. Not doing EAP.", proxy->vp_strvalue); + RDEBUG2("Request is supposed to be proxied to " + "Realm %s. Not doing EAP.", proxy->vp_strvalue); return EAP_NOOP; } @@ -670,7 +718,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * EAP-Start packet for something... */ eap_ds->request->code = PW_EAP_REQUEST; - eap_ds->request->type.type = PW_EAP_IDENTITY; + eap_ds->request->type.num = PW_EAP_IDENTITY; /* * We don't have a handler, but eap_compose needs one, @@ -757,10 +805,10 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) * internally, so they never have handlers. */ if ((eap_msg->vp_octets[4] >= PW_EAP_MD5) && - inst->ignore_unknown_eap_types && + inst->ignore_unknown_types && ((eap_msg->vp_octets[4] == 0) || (eap_msg->vp_octets[4] >= PW_EAP_MAX_TYPES) || - (inst->types[eap_msg->vp_octets[4]] == NULL))) { + (inst->methods[eap_msg->vp_octets[4]] == NULL))) { RDEBUG2(" Ignoring Unknown EAP type"); return EAP_NOOP; } @@ -782,10 +830,10 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) */ if ((eap_msg->vp_octets[4] == PW_EAP_NAK) && (eap_msg->length >= (EAP_HEADER_LEN + 2)) && - inst->ignore_unknown_eap_types && + inst->ignore_unknown_types && ((eap_msg->vp_octets[5] == 0) || (eap_msg->vp_octets[5] >= PW_EAP_MAX_TYPES) || - (inst->types[eap_msg->vp_octets[5]] == NULL))) { + (inst->methods[eap_msg->vp_octets[5]] == NULL))) { RDEBUG2("Ignoring NAK with request for unknown EAP type"); return EAP_NOOP; } @@ -837,7 +885,7 @@ int eap_start(rlm_eap_t *inst, REQUEST *request) /* * compose EAP FAILURE packet in EAP-Message */ -void eap_fail(EAP_HANDLER *handler) +void eap_fail(eap_handler_t *handler) { /* * Delete any previous replies. @@ -855,7 +903,7 @@ void eap_fail(EAP_HANDLER *handler) /* * compose EAP SUCCESS packet in EAP-Message */ -void eap_success(EAP_HANDLER *handler) +void eap_success(eap_handler_t *handler) { handler->eap_ds->request->code = PW_EAP_SUCCESS; eap_compose(handler); @@ -945,7 +993,7 @@ static EAP_DS *eap_buildds(eap_packet_raw_t **eap_packet_p) eap_ds->response->packet = (unsigned char *)eap_packet; eap_ds->response->code = eap_packet->code; eap_ds->response->id = eap_packet->id; - eap_ds->response->type.type = eap_packet->data[0]; + eap_ds->response->type.num = eap_packet->data[0]; memcpy(&len, eap_packet->length, sizeof(uint16_t)); len = ntohs(len); @@ -988,10 +1036,10 @@ static EAP_DS *eap_buildds(eap_packet_raw_t **eap_packet_p) * username contains REQUEST->username which might have been stripped. * identity contains the one sent in EAP-Identity response */ -EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p, +eap_handler_t *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p, REQUEST *request) { - EAP_HANDLER *handler = NULL; + eap_handler_t *handler = NULL; eap_packet_raw_t *eap_packet = *eap_packet_p; VALUE_PAIR *vp; @@ -1005,7 +1053,7 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p, } /* - * EAP_HANDLER MUST be found in the list if it is not + * eap_handler_t MUST be found in the list if it is not * EAP-Identity response */ if (eap_packet->data[0] != PW_EAP_IDENTITY) { @@ -1028,7 +1076,7 @@ EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p, * OK to blindly return data for another type. */ if ((eap_packet->data[0] != PW_EAP_NAK) && - (eap_packet->data[0] != handler->eap_type)) { + (eap_packet->data[0] != handler->type)) { RDEBUG("Response appears to match, but EAP type is wrong."); free(*eap_packet_p); *eap_packet_p = NULL; diff --git a/src/modules/rlm_eap/eap.h b/src/modules/rlm_eap/eap.h index 1e82e89ca81..a84214b4368 100644 --- a/src/modules/rlm_eap/eap.h +++ b/src/modules/rlm_eap/eap.h @@ -64,7 +64,7 @@ typedef enum operation_t { /* - * EAP_HANDLER is the interface for any EAP-Type. + * eap_handler_t is the interface for any EAP-Type. * Each handler contains information for one specific EAP-Type. * This way we don't need to change any interfaces in future. * It is also a list of EAP-request handlers waiting for EAP-response @@ -96,14 +96,16 @@ typedef struct _eap_handler { struct _eap_handler *prev, *next; uint8_t state[EAP_STATE_LEN]; fr_ipaddr_t src_ipaddr; - unsigned int eap_id; - unsigned int eap_type; + + uint8_t eap_id; //!< EAP Identifier used to match + //!< requests and responses. + eap_type_t type; //!< EAP type number. time_t timestamp; REQUEST *request; - char *identity; /* User name from EAP-Identity */ + char *identity; //!< User name from EAP-Identity EAP_DS *prev_eapds; EAP_DS *eap_ds; @@ -121,21 +123,21 @@ typedef struct _eap_handler { int tls; int finished; VALUE_PAIR *certs; -} EAP_HANDLER; +} eap_handler_t; /* * Interface to call EAP sub mdoules */ -typedef struct eap_type_data_t { - const char *name; - int (*attach)(CONF_SECTION *conf, void **type_data); - int (*initiate)(void *type_data, EAP_HANDLER *handler); - int (*authorize)(void *type_data, EAP_HANDLER *handler); - int (*authenticate)(void *type_data, EAP_HANDLER *handler); - int (*detach)(void *type_data); -} EAP_TYPE; - -#define REQUEST_DATA_EAP_HANDLER (1) +typedef struct rlm_eap_module { + const char *name; + int (*attach)(CONF_SECTION *conf, void **instance); + int (*initiate)(void *instance, eap_handler_t *handler); + int (*authorize)(void *instance, eap_handler_t *handler); + int (*authenticate)(void *instance, eap_handler_t *handler); + int (*detach)(void *instance); +} rlm_eap_module_t; + +#define REQUEST_DATA_eap_handler_t (1) #define REQUEST_DATA_EAP_TUNNEL_CALLBACK PW_EAP_MESSAGE #define REQUEST_DATA_EAP_MSCHAP_TUNNEL_CALLBACK ((PW_EAP_MESSAGE << 16) | PW_EAP_MSCHAPV2) #define RAD_REQUEST_OPTION_PROXY_EAP (1 << 16) @@ -143,7 +145,8 @@ typedef struct eap_type_data_t { /* * This is for tunneled callbacks */ -typedef int (*eap_tunnel_callback_t)(EAP_HANDLER *handler, void *tls_session); +typedef int (*eap_tunnel_callback_t)(eap_handler_t *handler, void *tls_session); + typedef struct eap_tunnel_data_t { void *tls_session; eap_tunnel_callback_t callback; diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 816fc5d0d3f..6e84dbce1f7 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -96,7 +96,7 @@ void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr) * * Fragment length is Framed-MTU - 4. */ -tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, EAP_HANDLER *handler, int client_cert) +tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, eap_handler_t *handler, int client_cert) { tls_session_t *ssn; int verify_mode = 0; @@ -169,7 +169,7 @@ int eaptls_start(EAP_DS *eap_ds, int peap_flag) return 1; } -int eaptls_success(EAP_HANDLER *handler, int peap_flag) +int eaptls_success(eap_handler_t *handler, int peap_flag) { EAPTLS_PACKET reply; REQUEST *request = handler->request; @@ -200,11 +200,11 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) } eaptls_gen_eap_key(handler->request->reply, tls_session->ssl, - handler->eap_type, &handler->request->reply->vps); + handler->type, &handler->request->reply->vps); return 1; } -int eaptls_fail(EAP_HANDLER *handler, int peap_flag) +int eaptls_fail(eap_handler_t *handler, int peap_flag) { EAPTLS_PACKET reply; tls_session_t *tls_session = handler->opaque; @@ -340,7 +340,7 @@ static int eaptls_send_ack(EAP_DS *eap_ds, int peap_flag) * EAP-Type=EAP-TLS and no data. This serves as a fragment * ACK. The EAP peer MUST wait. */ -static fr_tls_status_t eaptls_verify(EAP_HANDLER *handler) +static fr_tls_status_t eaptls_verify(eap_handler_t *handler) { EAP_DS *eap_ds = handler->eap_ds; EAP_DS *prev_eap_ds = handler->prev_eapds; @@ -356,9 +356,9 @@ static fr_tls_status_t eaptls_verify(EAP_HANDLER *handler) * NULL, of if it's NOT an EAP-Response, or if the packet * is too short. See eap_validation()., in ../../eap.c * - * Also, eaptype_select() takes care of selecting the + * Also, eap_method_select() takes care of selecting the * appropriate type, so we don't need to check - * eap_ds->response->type.type == PW_EAP_TLS, or anything + * eap_ds->response->type.num == PW_EAP_TLS, or anything * else. */ eaptls_packet = (eaptls_packet_t *)eap_ds->response->type.data; @@ -657,7 +657,7 @@ static EAPTLS_PACKET *eaptls_extract(REQUEST *request, EAP_DS *eap_ds, fr_tls_st * then how to let SSL API know about these sessions.) */ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, - EAP_HANDLER *handler) + eap_handler_t *handler) { tls_session_t *tls_session; @@ -752,7 +752,7 @@ static fr_tls_status_t eaptls_operation(fr_tls_status_t status, /* * Process an EAP request */ -fr_tls_status_t eaptls_process(EAP_HANDLER *handler) +fr_tls_status_t eaptls_process(eap_handler_t *handler) { tls_session_t *tls_session = (tls_session_t *) handler->opaque; EAPTLS_PACKET *tlspacket; @@ -893,7 +893,7 @@ int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply) uint8_t *ptr; /* - * Don't set eap_ds->request->type.type, as the main EAP + * Don't set eap_ds->request->type.num, as the main EAP * handler will do that for us. This allows the TLS * module to be called from TTLS & PEAP. */ diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h index 85bcecc81f4..857c2884fdf 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.h +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -59,10 +59,10 @@ RCSIDH(eap_tls_h, "$Id$") /* * Externally exported TLS functions. */ -fr_tls_status_t eaptls_process(EAP_HANDLER *handler); +fr_tls_status_t eaptls_process(eap_handler_t *handler); -int eaptls_success(EAP_HANDLER *handler, int peap_flag); -int eaptls_fail(EAP_HANDLER *handler, int peap_flag); +int eaptls_success(eap_handler_t *handler, int peap_flag); +int eaptls_fail(eap_handler_t *handler, int peap_flag); int eaptls_request(EAP_DS *eap_ds, tls_session_t *ssn); @@ -102,7 +102,7 @@ typedef struct tls_packet { /* EAP-TLS framework */ EAPTLS_PACKET *eaptls_alloc(void); void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr); -tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, EAP_HANDLER *handler, int client_cert); +tls_session_t *eaptls_session(fr_tls_server_conf_t *tls_conf, eap_handler_t *handler, int client_cert); int eaptls_start(EAP_DS *eap_ds, int peap); int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply); diff --git a/src/modules/rlm_eap/libeap/eap_types.h b/src/modules/rlm_eap/libeap/eap_types.h index c36e93daa88..d026f7e5d66 100644 --- a/src/modules/rlm_eap/libeap/eap_types.h +++ b/src/modules/rlm_eap/libeap/eap_types.h @@ -27,7 +27,7 @@ #define _EAP_TYPES_H #include -RCSIDH(eap_types_h, "$Id$") +RCSIDH(eap_methods_h, "$Id$") #include #include @@ -48,8 +48,9 @@ typedef enum eap_code { PW_EAP_MAX_CODES } eap_code_t; -typedef enum eap_type { - PW_EAP_IDENTITY = 1, /* 1 */ +typedef enum eap_method { + PW_EAP_INVALID = 0, /* 0 */ + PW_EAP_IDENTITY, /* 1 */ PW_EAP_NOTIFICATION, /* 2 */ PW_EAP_NAK, /* 3 */ PW_EAP_MD5, /* 4 */ @@ -107,8 +108,8 @@ typedef enum eap_type { } eap_type_t; typedef enum eap_rcode { - EAP_NOTFOUND, //!< Not found. - EAP_FOUND, //!< Found, continue. + EAP_NOTFOUND, //!< EAP handler data not found. + EAP_FOUND, //!< EAP handler data found, continue. EAP_OK, //!< Ok, continue. EAP_FAIL, //!< Failed, don't reply. EAP_NOOP, //!< Succeeded without doing anything. @@ -117,13 +118,15 @@ typedef enum eap_rcode { EAP_MAX_RCODES } eap_rcode_t; +extern const FR_NAME_NUMBER eap_rcode_table[]; + /* * EAP-Type specific data. */ typedef struct eap_type_data { - uint8_t type; - size_t length; - uint8_t *data; + eap_type_t num; + size_t length; + uint8_t *data; } eap_type_data_t; /* @@ -133,12 +136,12 @@ typedef struct eap_type_data { * = 1 + 1 + 2 + 1 + X */ typedef struct eap_packet { - unsigned char code; - unsigned char id; - unsigned int length; + eap_code_t code; + uint8_t id; + size_t length; eap_type_data_t type; - unsigned char *packet; + uint8_t *packet; } eap_packet_t; /* @@ -155,8 +158,8 @@ typedef struct eap_packet_raw { /* * interfaces in eapcommon.c */ -extern int eaptype_name2type(const char *name); -extern const char *eap_type_data_type2name(unsigned int type, char *buffer, size_t buflen); +extern eap_type_t eap_name2type(const char *name); +extern const char *eap_type2name(eap_type_t method); extern int eap_wireformat(eap_packet_t *reply); extern int eap_basic_compose(RADIUS_PACKET *packet, eap_packet_t *reply); extern VALUE_PAIR *eap_packet2vp(RADIUS_PACKET *packet, diff --git a/src/modules/rlm_eap/libeap/eapcommon.c b/src/modules/rlm_eap/libeap/eapcommon.c index cfa1e1fbd9e..0e5d204a173 100644 --- a/src/modules/rlm_eap/libeap/eapcommon.c +++ b/src/modules/rlm_eap/libeap/eapcommon.c @@ -63,113 +63,46 @@ RCSID("$Id$") #include #include "eap_types.h" -static const char *eap_types[] = { - "", - "identity", - "notification", - "nak", /* NAK */ - "md5", - "otp", - "gtc", - "7", - "8", - "9", - "10", - "11", - "12", - "tls", /* 13 */ - "14", - "15", - "16", - "leap", /* 17 */ - "sim", /* 18 GSM-SIM authentication */ - "19", - "20", - "ttls", /* 21 */ - "22", - "23", - "24", - "peap", /* 25 */ - "mschapv2", /* 26 */ - "27", - "28", - "cisco_mschapv2", /* 29 */ - "30", - "31", - "32", - "33", - "34", - "35", - "36", - "37", - "tnc", /* 38 */ - "39", - "40", - "41", - "42", - "fast", - "44", - "45", - "pax", - "psk", - "sake", - "ikev2", - "50", - "51", - "pwd", - "eke" -}; /* MUST have PW_EAP_MAX_TYPES */ - -/* - * Return an EAP-Type for a particular name. +const FR_NAME_NUMBER eap_rcode_table[] = { + { "notfound", EAP_NOTFOUND }, + { "found", EAP_OK }, + { "ok", EAP_FAIL }, + { "fail", EAP_NOOP }, + { "noop", EAP_INVALID }, + { "invalid", EAP_VALID }, + { "valid", EAP_MAX_RCODES }, + + { NULL , -1 } +}; + +/** Return an EAP-Type for a particular name + * . */ -int eaptype_name2type(const char *name) +eap_type_t eap_name2type(const char *name) { - int i; + DICT_VALUE *dv; - for (i = 0; i < PW_EAP_MAX_TYPES; i++) { - if (strcmp(name, eap_types[i]) == 0) { - return i; - } + dv = dict_valbyname(PW_EAP_TYPE, 0, name); + if (dv) { + return dv->value; } - + return -1; } -/* - * Returns a text string containing the name of the EAP type. +/** Return an EAP-name for a particular type + * . */ -const char *eap_type_data_type2name(unsigned int type, char *buffer, size_t buflen) +const char *eap_type2name(eap_type_t method) { - DICT_VALUE *dval; + DICT_VALUE *dv; - if (type >= PW_EAP_MAX_TYPES) { - /* - * Prefer the dictionary name over a number, - * if it exists. - */ - dval = dict_valbyattr(PW_EAP_TYPE, 0, type); - if (dval) { - snprintf(buffer, buflen, "%s", dval->name); - } - - snprintf(buffer, buflen, "%d", type); - return buffer; - } else if ((*eap_types[type] >= '0') && (*eap_types[type] <= '9')) { - /* - * Prefer the dictionary name, if it exists. - */ - dval = dict_valbyattr(PW_EAP_TYPE, 0, type); - if (dval) { - snprintf(buffer, buflen, "%s", dval->name); - return buffer; - } /* else it wasn't in the dictionary */ - } /* else the name in the array was non-numeric */ - - /* - * Return the name, whatever it is. - */ - return eap_types[type]; + dv = dict_valbyattr(PW_EAP_TYPE, 0, method); + if (dv) { + return dv->name; + } + + return "unknown"; } /* @@ -188,7 +121,7 @@ const char *eap_type_data_type2name(unsigned int type, char *buffer, size_t bufl */ int eap_wireformat(eap_packet_t *reply) { - eap_packet_raw_t *hdr; + eap_packet_raw_t *header; uint16_t total_length = 0; if (reply == NULL) return EAP_INVALID; @@ -201,30 +134,31 @@ int eap_wireformat(eap_packet_t *reply) total_length = EAP_HEADER_LEN; if (reply->code < 3) { - total_length += 1/*EAPtype*/; + total_length += 1/* EAP Method */; if (reply->type.data && reply->type.length > 0) { total_length += reply->type.length; } } reply->packet = (unsigned char *)malloc(total_length); - hdr = (eap_packet_raw_t *)reply->packet; - if (!hdr) { + header = (eap_packet_raw_t *)reply->packet; + if (!header) { radlog(L_ERR, "rlm_eap: out of memory"); return EAP_INVALID; } - hdr->code = (reply->code & 0xFF); - hdr->id = (reply->id & 0xFF); + header->code = (reply->code & 0xFF); + header->id = (reply->id & 0xFF); + total_length = htons(total_length); - memcpy(hdr->length, &total_length, sizeof(total_length)); + memcpy(header->length, &total_length, sizeof(total_length)); /* * Request and Response packets are special. */ if ((reply->code == PW_EAP_REQUEST) || (reply->code == PW_EAP_RESPONSE)) { - hdr->data[0] = (reply->type.type & 0xFF); + header->data[0] = (reply->type.num & 0xFF); /* * Here since we cannot know the typedata format and length @@ -235,7 +169,7 @@ int eap_wireformat(eap_packet_t *reply) * type is defined */ if (reply->type.data && reply->type.length > 0) { - memcpy(&hdr->data[1], reply->type.data, reply->type.length); + memcpy(&header->data[1], reply->type.data, reply->type.length); free(reply->type.data); reply->type.data = reply->packet + EAP_HEADER_LEN + 1/*EAPtype*/; } diff --git a/src/modules/rlm_eap/libeap/eapsimlib.c b/src/modules/rlm_eap/libeap/eapsimlib.c index 018c6775ed9..1838a23a3cd 100644 --- a/src/modules/rlm_eap/libeap/eapsimlib.c +++ b/src/modules/rlm_eap/libeap/eapsimlib.c @@ -150,7 +150,7 @@ int map_eapsim_basictypes(RADIUS_PACKET *r, eap_packet_t *ep) if (ep->code != PW_EAP_SUCCESS) ep->code = eapcode; ep->id = (id & 0xff); - ep->type.type = PW_EAP_SIM; + ep->type.num = PW_EAP_SIM; /* * if no attributes were found, do very little. diff --git a/src/modules/rlm_eap/mem.c b/src/modules/rlm_eap/mem.c index d7b4fae64bf..378521012d4 100644 --- a/src/modules/rlm_eap/mem.c +++ b/src/modules/rlm_eap/mem.c @@ -118,14 +118,14 @@ void eap_ds_free(EAP_DS **eap_ds_p) } /* - * Allocate a new EAP_HANDLER + * Allocate a new eap_handler_t */ -EAP_HANDLER *eap_handler_alloc(rlm_eap_t *inst) +eap_handler_t *eap_handler_alloc(rlm_eap_t *inst) { - EAP_HANDLER *handler; + eap_handler_t *handler; - handler = rad_malloc(sizeof(EAP_HANDLER)); - memset(handler, 0, sizeof(EAP_HANDLER)); + handler = rad_malloc(sizeof(eap_handler_t)); + memset(handler, 0, sizeof(eap_handler_t)); if (inst->handler_tree) { PTHREAD_MUTEX_LOCK(&(inst->handler_mutex)); @@ -136,7 +136,7 @@ EAP_HANDLER *eap_handler_alloc(rlm_eap_t *inst) return handler; } -void eap_opaque_free(EAP_HANDLER *handler) +void eap_opaque_free(eap_handler_t *handler) { if (!handler) return; @@ -144,7 +144,7 @@ void eap_opaque_free(EAP_HANDLER *handler) eap_handler_free(handler->inst_holder, handler); } -void eap_handler_free(rlm_eap_t *inst, EAP_HANDLER *handler) +void eap_handler_free(rlm_eap_t *inst, eap_handler_t *handler) { if (!handler) return; @@ -182,7 +182,7 @@ void eap_handler_free(rlm_eap_t *inst, EAP_HANDLER *handler) typedef struct check_handler_t { rlm_eap_t *inst; - EAP_HANDLER *handler; + eap_handler_t *handler; int trips; } check_handler_t; @@ -251,7 +251,7 @@ done: void eaplist_free(rlm_eap_t *inst) { - EAP_HANDLER *node, *next; + eap_handler_t *node, *next; for (node = inst->session_head; node != NULL; node = next) { next = node->next; @@ -278,8 +278,8 @@ static uint32_t eap_rand(fr_randctx *ctx) } -static EAP_HANDLER *eaplist_delete(rlm_eap_t *inst, REQUEST *request, - EAP_HANDLER *handler) +static eap_handler_t *eaplist_delete(rlm_eap_t *inst, REQUEST *request, + eap_handler_t *handler) { rbnode_t *node; @@ -321,7 +321,7 @@ static EAP_HANDLER *eaplist_delete(rlm_eap_t *inst, REQUEST *request, static void eaplist_expire(rlm_eap_t *inst, REQUEST *request, time_t timestamp) { int i; - EAP_HANDLER *handler; + eap_handler_t *handler; /* * Check the first few handlers in the list, and delete @@ -374,7 +374,7 @@ static void eaplist_expire(rlm_eap_t *inst, REQUEST *request, time_t timestamp) * Since we're adding it to the list, we guess that this means * the packet needs a State attribute. So add one. */ -int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler) +int eaplist_add(rlm_eap_t *inst, eap_handler_t *handler) { int status = 0; VALUE_PAIR *state; @@ -441,7 +441,7 @@ int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler) */ state->vp_octets[4] = handler->trips ^ handler->state[0]; state->vp_octets[5] = handler->eap_id ^ handler->state[1]; - state->vp_octets[6] = handler->eap_type ^ handler->state[2]; + state->vp_octets[6] = handler->type ^ handler->state[2]; /* * and copy the state back again. @@ -466,7 +466,7 @@ int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler) } if (status) { - EAP_HANDLER *prev; + eap_handler_t *prev; prev = inst->session_tail; if (prev) { @@ -535,11 +535,11 @@ int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler) * Also since we fill the eap_ds with the present EAP-Response we * got to free the prev_eapds & move the eap_ds to prev_eapds */ -EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request, +eap_handler_t *eaplist_find(rlm_eap_t *inst, REQUEST *request, eap_packet_raw_t *eap_packet) { VALUE_PAIR *state; - EAP_HANDLER *handler, myHandler; + eap_handler_t *handler, myHandler; /* * We key the sessions off of the 'state' attribute, so it diff --git a/src/modules/rlm_eap/radeapclient.c b/src/modules/rlm_eap/radeapclient.c index 8f31e675830..b75d41563d0 100644 --- a/src/modules/rlm_eap/radeapclient.c +++ b/src/modules/rlm_eap/radeapclient.c @@ -66,8 +66,8 @@ char password[256]; struct eapsim_keys eapsim_mk; -static void map_eap_types(RADIUS_PACKET *req); -static void unmap_eap_types(RADIUS_PACKET *rep); +static void map_eap_methods(RADIUS_PACKET *req); +static void unmap_eap_methods(RADIUS_PACKET *rep); static int map_eapsim_types(RADIUS_PACKET *r); static int unmap_eapsim_types(RADIUS_PACKET *r); @@ -872,7 +872,7 @@ static int sendrecv_eap(RADIUS_PACKET *rep) * if there are EAP types, encode them into an EAP-Message * */ - map_eap_types(rep); + map_eap_methods(rep); /* * Fix up Digest-Attributes issues @@ -937,7 +937,7 @@ static int sendrecv_eap(RADIUS_PACKET *rep) send_packet(rep, &req); /* okay got back the packet, go and decode the EAP-Message. */ - unmap_eap_types(req); + unmap_eap_methods(req); debug_packet(req, R_RECV); @@ -1254,12 +1254,12 @@ int main(int argc, char **argv) * just deserves an assert? * */ -static void map_eap_types(RADIUS_PACKET *req) +static void map_eap_methods(RADIUS_PACKET *req) { VALUE_PAIR *vp, *vpnext; int id, eapcode; eap_packet_t ep; - int eap_type; + int eap_method; vp = pairfind(req->vps, ATTRIBUTE_EAP_ID, 0, TAG_ANY); if(vp == NULL) { @@ -1290,9 +1290,9 @@ static void map_eap_types(RADIUS_PACKET *req) return; } - eap_type = vp->da->attribute - ATTRIBUTE_EAP_BASE; + eap_method = vp->da->attribute - ATTRIBUTE_EAP_BASE; - switch(eap_type) { + switch(eap_method) { case PW_EAP_IDENTITY: case PW_EAP_NOTIFICATION: case PW_EAP_NAK: @@ -1315,7 +1315,7 @@ static void map_eap_types(RADIUS_PACKET *req) memset(&ep, 0, sizeof(ep)); ep.code = eapcode; ep.id = id; - ep.type.type = eap_type; + ep.type.num = eap_method; ep.type.length = vp->length; ep.type.data = malloc(vp->length); memcpy(ep.type.data,vp->vp_octets, vp->length); @@ -1327,7 +1327,7 @@ static void map_eap_types(RADIUS_PACKET *req) * given a radius request with an EAP-Message body, decode it specific * attributes. */ -static void unmap_eap_types(RADIUS_PACKET *rep) +static void unmap_eap_methods(RADIUS_PACKET *rep) { VALUE_PAIR *eap1; eap_packet_raw_t *e; @@ -1488,7 +1488,7 @@ main(int argc, char *argv[]) } map_eapsim_types(req); - map_eap_types(req); + map_eap_methods(req); if (fr_debug_flag > 1) { printf("Mapped to:\n"); @@ -1503,7 +1503,7 @@ main(int argc, char *argv[]) pairadd(&req2->vps, vp); /* only call unmap for sim types here */ - unmap_eap_types(req2); + unmap_eap_methods(req2); unmap_eapsim_types(req2); if (fr_debug_flag > 1) { diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index 18b624191a9..b821aa47c6f 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -32,11 +32,11 @@ RCSID("$Id$") static const CONF_PARSER module_config[] = { { "default_eap_type", PW_TYPE_STRING_PTR, - offsetof(rlm_eap_t, default_eap_type_name), NULL, "md5" }, + offsetof(rlm_eap_t, default_method_name), NULL, "md5" }, { "timer_expire", PW_TYPE_INTEGER, offsetof(rlm_eap_t, timer_limit), NULL, "60"}, { "ignore_unknown_eap_types", PW_TYPE_BOOLEAN, - offsetof(rlm_eap_t, ignore_unknown_eap_types), NULL, "no" }, + offsetof(rlm_eap_t, ignore_unknown_types), NULL, "no" }, { "cisco_accounting_username_bug", PW_TYPE_BOOLEAN, offsetof(rlm_eap_t, cisco_accounting_username_bug), NULL, "no" }, { "max_sessions", PW_TYPE_INTEGER, @@ -74,8 +74,8 @@ static int eap_detach(void *instance) static int eap_handler_cmp(const void *a, const void *b) { int rcode; - const EAP_HANDLER *one = a; - const EAP_HANDLER *two = b; + const eap_handler_t *one = a; + const eap_handler_t *two = b; if (one->eap_id < two->eap_id) return -1; if (one->eap_id > two->eap_id) return +1; @@ -90,7 +90,8 @@ static int eap_handler_cmp(const void *a, const void *b) * EAP work. */ if (fr_ipaddr_cmp(&one->src_ipaddr, &two->src_ipaddr) != 0) { - DEBUGW("EAP packets are arriving from two different upstream servers. Has there been a proxy fail-over?"); + DEBUGW("EAP packets are arriving from two different upstream " + "servers. Has there been a proxy fail-over?"); } return 0; @@ -113,8 +114,9 @@ static int eap_handler_ptr_cmp(const void *a, const void *b) */ static int eap_instantiate(CONF_SECTION *cs, void **instance) { - int i, eap_type; - int num_types; + int i; + eap_type_t method; + int num_methods; CONF_SECTION *scs; rlm_eap_t *inst; @@ -139,24 +141,24 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance) if (!inst->xlat_name) inst->xlat_name = "EAP"; /* Load all the configured EAP-Types */ - num_types = 0; - for(scs=cf_subsection_find_next(cs, NULL, NULL); - scs != NULL; - scs=cf_subsection_find_next(cs, scs, NULL)) { + num_methods = 0; + for(scs = cf_subsection_find_next(cs, NULL, NULL); + scs != NULL; + scs = cf_subsection_find_next(cs, scs, NULL)) { - const char *auth_type; + const char *name; - auth_type = cf_section_name1(scs); + name = cf_section_name1(scs); + if (!name) continue; - if (!auth_type) continue; + if (!strcmp(name, TLS_CONFIG_SECTION)) continue; - if (!strcmp(auth_type, TLS_CONFIG_SECTION)) continue; - - eap_type = eaptype_name2type(auth_type); - if (eap_type < 0) { - radlog(L_ERR, "rlm_eap: Unknown EAP type %s", - auth_type); + method = eap_name2type(name); + if (method == PW_EAP_INVALID) { + radlog(L_ERR, "rlm_eap: Unknown EAP method %s", + name); eap_detach(inst); + return -1; } @@ -173,10 +175,11 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance) * etc. configurations from eap.conf in order to * have EAP without the TLS types. */ - if ((eap_type == PW_EAP_TLS) || - (eap_type == PW_EAP_TTLS) || - (eap_type == PW_EAP_PEAP)) { - DEBUG2("Ignoring EAP-Type/%s because we do not have OpenSSL support.", auth_type); + if ((method == PW_EAP_TLS) || + (method == PW_EAP_TTLS) || + (method == PW_EAP_PEAP)) { + DEBUG2("Ignoring EAP method %s because we do not have " + "OpenSSL support", name); continue; } #endif @@ -184,40 +187,45 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance) /* * Load the type. */ - if (eaptype_load(&inst->types[eap_type], eap_type, scs) < 0) { - talloc_steal(inst, inst->types[eap_type]); + if (eap_module_load(&inst->methods[method], method, scs) < 0) { + talloc_steal(inst, inst->methods[method]); eap_detach(inst); + return -1; } - talloc_steal(inst, inst->types[eap_type]); - num_types++; /* successfully loaded one more types */ + talloc_steal(inst, inst->methods[method]); + num_methods++; /* successfully loaded one more methods */ } - if (num_types == 0) { - radlog(L_ERR, "rlm_eap: No EAP type configured, module cannot do anything."); + if (num_methods == 0) { + radlog(L_ERR, "rlm_eap: No EAP method configured, module " + "cannot do anything."); + eap_detach(inst); + return -1; } /* * Ensure that the default EAP type is loaded. */ - eap_type = eaptype_name2type(inst->default_eap_type_name); - if (eap_type < 0) { - radlog(L_ERR, "rlm_eap: Unknown default EAP type %s", - inst->default_eap_type_name); + method = eap_name2type(inst->default_method_name); + if (method == PW_EAP_INVALID) { + radlog(L_ERR, "rlm_eap: Unknown default EAP method %s", + inst->default_method_name); eap_detach(inst); return -1; } - if (inst->types[eap_type] == NULL) { - radlog(L_ERR, "rlm_eap: No such sub-type for default EAP type %s", - inst->default_eap_type_name); + if (inst->methods[method] == NULL) { + radlog(L_ERR, "rlm_eap: No such sub-type for default EAP " + "method %s", inst->default_method_name); eap_detach(inst); + return -1; } - inst->default_eap_type = eap_type; /* save the numerical type */ + inst->default_method = method; /* save the numerical method */ /* * List of sessions are set to NULL by the memset @@ -269,16 +277,17 @@ static int eap_instantiate(CONF_SECTION *cs, void **instance) */ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) { - rlm_eap_t *inst; - EAP_HANDLER *handler; + rlm_eap_t *inst; + eap_handler_t *handler; eap_packet_raw_t *eap_packet; - int rcode; - rlm_rcode_t module_rcode; + eap_rcode_t status; + rlm_rcode_t rcode; inst = (rlm_eap_t *) instance; if (!pairfind(request->packet->vps, PW_EAP_MESSAGE, 0, TAG_ANY)) { - RDEBUGE("You set 'Auth-Type = EAP' for a request that does not contain an EAP-Message attribute!"); + RDEBUGE("You set 'Auth-Type = EAP' for a request that does " + "not contain an EAP-Message attribute!"); return RLM_MODULE_INVALID; } @@ -303,15 +312,15 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) } /* - * Select the appropriate eap_type or default to the + * Select the appropriate method or default to the * configured one */ - rcode = eaptype_select(inst, handler); + status = eap_method_select(inst, handler); /* * If it failed, die. */ - if (rcode == EAP_INVALID) { + if (status == EAP_INVALID) { eap_fail(handler); eap_handler_free(inst, handler); RDEBUG2("Failed in EAP select"); @@ -330,11 +339,10 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) * send a response. */ handler->inst_holder = inst; - rcode = request_data_add(request, - inst, REQUEST_DATA_EAP_HANDLER, - handler, - (void *) eap_opaque_free); - rad_assert(rcode == 0); + status = request_data_add(request, + inst, REQUEST_DATA_eap_handler_t, + handler, (void *) eap_opaque_free); + rad_assert(status == 0); return RLM_MODULE_HANDLED; } @@ -356,11 +364,11 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) * send a response. */ handler->inst_holder = inst; - rcode = request_data_add(request, - inst, REQUEST_DATA_EAP_HANDLER, - handler, - (void *) eap_opaque_free); - rad_assert(rcode == 0); + status = request_data_add(request, + inst, REQUEST_DATA_eap_handler_t, + handler, + (void *) eap_opaque_free); + rad_assert(status == 0); /* * Some simple sanity checks. These should really @@ -393,14 +401,14 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) * We are done, wrap the EAP-request in RADIUS to send * with all other required radius attributes */ - module_rcode = eap_compose(handler); + rcode = eap_compose(handler); /* * Add to the list only if it is EAP-Request, OR if * it's LEAP, and a response. */ if (((handler->eap_ds->request->code == PW_EAP_REQUEST) && - (handler->eap_ds->request->type.type >= PW_EAP_MD5)) || + (handler->eap_ds->request->type.num >= PW_EAP_MD5)) || /* * LEAP is a little different. At Stage 4, @@ -412,9 +420,9 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) * isn't put into the list. */ ((handler->eap_ds->response->code == PW_EAP_RESPONSE) && - (handler->eap_ds->response->type.type == PW_EAP_LEAP) && + (handler->eap_ds->response->type.num == PW_EAP_LEAP) && (handler->eap_ds->request->code == PW_EAP_SUCCESS) && - (handler->eap_ds->request->type.type == 0))) { + (handler->eap_ds->request->type.num == 0))) { /* * Return FAIL if we can't remember the handler. @@ -472,7 +480,7 @@ static rlm_rcode_t eap_authenticate(void *instance, REQUEST *request) } } - return module_rcode; + return rcode; } /* @@ -529,10 +537,8 @@ static rlm_rcode_t eap_authorize(void *instance, REQUEST *request) * each EAP sub-module to look for handler->request->username, * and to get excited if it doesn't appear. */ - vp = pairfind(request->config_items, PW_AUTH_TYPE, 0, TAG_ANY); - if ((!vp) || - (vp->vp_integer != PW_AUTHTYPE_REJECT)) { + if ((!vp) || (vp->vp_integer != PW_AUTHTYPE_REJECT)) { vp = pairmake("Auth-Type", inst->xlat_name, T_OP_EQ); if (!vp) { RDEBUG2("Failed to create Auth-Type %s: %s\n", @@ -560,7 +566,7 @@ static rlm_rcode_t eap_post_proxy(void *inst, REQUEST *request) size_t i; size_t len; VALUE_PAIR *vp; - EAP_HANDLER *handler; + eap_handler_t *handler; /* * Just in case the admin lists EAP in post-proxy-type Fail. @@ -571,7 +577,7 @@ static rlm_rcode_t eap_post_proxy(void *inst, REQUEST *request) * If there was a handler associated with this request, * then it's a tunneled request which was proxied... */ - handler = request_data_get(request, inst, REQUEST_DATA_EAP_HANDLER); + handler = request_data_get(request, inst, REQUEST_DATA_eap_handler_t); if (handler != NULL) { rlm_rcode_t rcode; eap_tunnel_data_t *data; @@ -612,7 +618,7 @@ static rlm_rcode_t eap_post_proxy(void *inst, REQUEST *request) * it's LEAP, and a response. */ if ((handler->eap_ds->request->code == PW_EAP_REQUEST) && - (handler->eap_ds->request->type.type >= PW_EAP_MD5)) { + (handler->eap_ds->request->type.num >= PW_EAP_MD5)) { if (!eaplist_add(inst, handler)) { eap_fail(handler); eap_handler_free(inst, handler); @@ -718,7 +724,7 @@ static rlm_rcode_t eap_post_auth(void *instance, REQUEST *request) { rlm_eap_t *inst = instance; VALUE_PAIR *vp; - EAP_HANDLER *handler; + eap_handler_t *handler; eap_packet_raw_t *eap_packet; /* diff --git a/src/modules/rlm_eap/rlm_eap.h b/src/modules/rlm_eap/rlm_eap.h index d25c408097f..586fd5699a5 100644 --- a/src/modules/rlm_eap/rlm_eap.h +++ b/src/modules/rlm_eap/rlm_eap.h @@ -34,13 +34,13 @@ RCSIDH(rlm_eap_h, "$Id$") /* * Keep track of which sub modules we've loaded. */ -typedef struct eap_types_t { - const char *typename; - EAP_TYPE *type; - lt_dlhandle handle; - CONF_SECTION *cs; - void *type_data; -} EAP_TYPES; +typedef struct eap_module { + const char *typename; + rlm_eap_module_t *type; + lt_dlhandle handle; + CONF_SECTION *cs; + void *instance; +} eap_module_t; /* * This structure contains eap's persistent data. @@ -48,20 +48,23 @@ typedef struct eap_types_t { * types = All supported EAP-Types * mutex = ensure only one thread is updating the sessions[] struct */ -typedef struct rlm_eap_t { +typedef struct rlm_eap { rbtree_t *session_tree; - EAP_HANDLER *session_head, *session_tail; + eap_handler_t *session_head, *session_tail; rbtree_t *handler_tree; /* for debugging only */ - EAP_TYPES *types[PW_EAP_MAX_TYPES]; + eap_module_t *methods[PW_EAP_MAX_TYPES]; /* * Configuration items. */ int timer_limit; - char *default_eap_type_name; - int default_eap_type; - int ignore_unknown_eap_types; + + const char *default_method_name; + eap_type_t default_method; + + int ignore_unknown_types; int cisco_accounting_username_bug; + int max_sessions; #ifdef HAVE_PTHREAD_H @@ -88,27 +91,28 @@ typedef struct rlm_eap_t { /* function definitions */ /* EAP-Type */ -int eaptype_load(EAP_TYPES **type, int eap_type, CONF_SECTION *cs); -int eaptype_select(rlm_eap_t *inst, EAP_HANDLER *h); +int eap_module_load(eap_module_t **instance, eap_type_t method, + CONF_SECTION *cs); +eap_code_t eap_method_select(rlm_eap_t *inst, eap_handler_t *handler); /* EAP */ int eap_start(rlm_eap_t *inst, REQUEST *request); -void eap_fail(EAP_HANDLER *handler); -void eap_success(EAP_HANDLER *handler); -rlm_rcode_t eap_compose(EAP_HANDLER *handler); -EAP_HANDLER *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_msg, REQUEST *request); +void eap_fail(eap_handler_t *handler); +void eap_success(eap_handler_t *handler); +rlm_rcode_t eap_compose(eap_handler_t *handler); +eap_handler_t *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_msg, REQUEST *request); /* Memory Management */ eap_packet_t *eap_packet_alloc(void); EAP_DS *eap_ds_alloc(void); -EAP_HANDLER *eap_handler_alloc(rlm_eap_t *inst); +eap_handler_t *eap_handler_alloc(rlm_eap_t *inst); void eap_packet_free(eap_packet_t **eap_packet); void eap_ds_free(EAP_DS **eap_ds); -void eap_opaque_free(EAP_HANDLER *handler); -void eap_handler_free(rlm_eap_t *inst, EAP_HANDLER *handler); +void eap_opaque_free(eap_handler_t *handler); +void eap_handler_free(rlm_eap_t *inst, eap_handler_t *handler); -int eaplist_add(rlm_eap_t *inst, EAP_HANDLER *handler); -EAP_HANDLER *eaplist_find(rlm_eap_t *inst, REQUEST *request, +int eaplist_add(rlm_eap_t *inst, eap_handler_t *handler); +eap_handler_t *eaplist_find(rlm_eap_t *inst, REQUEST *request, eap_packet_raw_t *eap_packet); void eaplist_free(rlm_eap_t *inst); diff --git a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c index eccdfe4eeb4..1cc21a21bae 100644 --- a/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c +++ b/src/modules/rlm_eap/types/rlm_eap_gtc/rlm_eap_gtc.c @@ -86,12 +86,12 @@ static int gtc_attach(CONF_SECTION *cs, void **instance) /* * Initiate the EAP-GTC session by sending a challenge to the peer. */ -static int gtc_initiate(void *type_data, EAP_HANDLER *handler) +static int gtc_initiate(void *instance, eap_handler_t *handler) { char challenge_str[1024]; int length; EAP_DS *eap_ds = handler->eap_ds; - rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) type_data; + rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) instance; if (!radius_xlat(challenge_str, sizeof(challenge_str), inst->challenge, handler->request, NULL, NULL)) { radlog(L_ERR, "rlm_eap_gtc: xlat of \"%s\" failed", inst->challenge); @@ -130,11 +130,11 @@ static int gtc_initiate(void *type_data, EAP_HANDLER *handler) /* * Authenticate a previously sent challenge. */ -static int gtc_authenticate(void *type_data, EAP_HANDLER *handler) +static int gtc_authenticate(void *instance, eap_handler_t *handler) { VALUE_PAIR *vp; EAP_DS *eap_ds = handler->eap_ds; - rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) type_data; + rlm_eap_gtc_t *inst = (rlm_eap_gtc_t *) instance; REQUEST *request = handler->request; /* @@ -248,7 +248,7 @@ static int gtc_authenticate(void *type_data, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_gtc = { +rlm_eap_module_t rlm_eap_gtc = { "eap_gtc", gtc_attach, /* attach */ gtc_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_ikev2/rlm_eap_ikev2.c b/src/modules/rlm_eap/types/rlm_eap_ikev2/rlm_eap_ikev2.c index 1e47ead9c1e..b646c0d316a 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ikev2/rlm_eap_ikev2.c +++ b/src/modules/rlm_eap/types/rlm_eap_ikev2/rlm_eap_ikev2.c @@ -69,7 +69,7 @@ static void add_reply(VALUE_PAIR** vp, pairadd(vp, reply_attr); } -static int set_mppe_keys(EAP_HANDLER *handler) +static int set_mppe_keys(eap_handler_t *handler) { unsigned char *p; struct IKEv2Session *session; @@ -95,7 +95,7 @@ static int set_mppe_keys(EAP_HANDLER *handler) // Compose Radius like message from table of output bytes static int ComposeRadMsg(uint8_t *out,u_int32_t olen, EAP_DS *eap_ds){ - eap_ds->request->type.type = PW_EAP_IKEV2; + eap_ds->request->type.num = PW_EAP_IKEV2; eap_ds->request->code = ((struct EAPHeader *)out)->Code; if(eap_ds->request->code<=PW_EAP_REQUEST && olen>4) { int lenn=(int)ntohs(((struct EAPHeader *)out)->Length); @@ -120,9 +120,9 @@ static int ComposeRadMsg(uint8_t *out,u_int32_t olen, EAP_DS *eap_ds){ * Free memory after EAP-IKEv2 module usage */ -static int ikev2_detach(void *type_data) +static int ikev2_detach(void *instance) { - struct ikev2_ctx *data = (struct ikev2_ctx *) type_data; + struct ikev2_ctx *data = (struct ikev2_ctx *) instance; if (data) { Free_ikev2_ctx(data); data=NULL; @@ -161,7 +161,7 @@ static void ikev2_free_opaque(void *opaque) * Configure EAP-ikev2 handler */ -static int ikev2_attach(CONF_SECTION *conf, void **type_data) +static int ikev2_attach(CONF_SECTION *conf, void **instance) { char *default_authtype=NULL; char *usersfilename=NULL; @@ -215,7 +215,7 @@ static int ikev2_attach(CONF_SECTION *conf, void **type_data) if (i2 == NULL) { return -1; } - *type_data =i2; + *instance =i2; if (cf_section_parse(conf,i2, module_config) < 0) { return -1; @@ -294,7 +294,7 @@ static int ikev2_attach(CONF_SECTION *conf, void **type_data) */ -static int ikev2_initiate(void *type_data, EAP_HANDLER *handler) +static int ikev2_initiate(void *instance, eap_handler_t *handler) { radlog( L_INFO,IKEv2_LOG_PREFIX "Initiate connection!"); // This is the way for silent discarding behavior @@ -303,7 +303,7 @@ static int ikev2_initiate(void *type_data, EAP_HANDLER *handler) // handler->request->reply->code=0; // return 0; - struct ikev2_ctx *i2=(struct ikev2_ctx*)type_data; + struct ikev2_ctx *i2=(struct ikev2_ctx*)instance; struct IKEv2Session *session; @@ -386,10 +386,10 @@ static int ikev2_initiate(void *type_data, EAP_HANDLER *handler) /* * Authenticate a previously sent challenge. */ -static int ikev2_authenticate(void *type_data, EAP_HANDLER *handler) +static int ikev2_authenticate(void *instance, eap_handler_t *handler) { - struct ikev2_ctx *i2=(struct ikev2_ctx*)type_data; + struct ikev2_ctx *i2=(struct ikev2_ctx*)instance; radlog( L_INFO, IKEv2_LOG_PREFIX "authenticate" ); rad_assert(handler->request != NULL); @@ -401,7 +401,7 @@ static int ikev2_authenticate(void *type_data, EAP_HANDLER *handler) if (!eap_ds || !eap_ds->response || (eap_ds->response->code != PW_IKEV2_RESPONSE) || - eap_ds->response->type.type != PW_EAP_IKEV2 || + eap_ds->response->type.num != PW_EAP_IKEV2 || !eap_ds->response->type.data){ radlog(L_ERR, IKEv2_LOG_PREFIX "corrupted data"); return -1; @@ -420,7 +420,7 @@ static int ikev2_authenticate(void *type_data, EAP_HANDLER *handler) hdr->Code=eap_ds->response->code; hdr->Id=eap_ds->response->id; hdr->Length=htons(eap_ds->response->length); - hdr->Type=eap_ds->response->type.type; + hdr->Type=eap_ds->response->type.num; memcpy(in+5,eap_ds->response->type.data,eap_ds->response->length-5); //koniec: skladanie pakietu @@ -529,7 +529,7 @@ static int ikev2_authenticate(void *type_data, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_ikev2 = { +rlm_eap_module_t rlm_eap_ikev2 = { "eap_ikev2", ikev2_attach, /* attach */ ikev2_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c index 16eb0884cfe..40b068ee302 100644 --- a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c +++ b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.c @@ -53,26 +53,26 @@ RCSID("$Id$") #include "eap_leap.h" /* - * Allocate a new Leap_packet_t + * Allocate a new leap_packet_t */ -Leap_packet_t *eapleap_alloc(void) +leap_packet_t *eapleap_alloc(void) { - Leap_packet_t *rp; + leap_packet_t *rp; - if ((rp = malloc(sizeof(Leap_packet_t))) == NULL) { + if ((rp = malloc(sizeof(leap_packet_t))) == NULL) { radlog(L_ERR, "rlm_eap_leap: out of memory"); return NULL; } - memset(rp, 0, sizeof(Leap_packet_t)); + memset(rp, 0, sizeof(leap_packet_t)); return rp; } /* - * Free Leap_packet_t + * Free leap_packet_t */ -void eapleap_free(Leap_packet_t **leap_packet_ptr) +void eapleap_free(leap_packet_t **leap_packet_ptr) { - Leap_packet_t *leap_packet; + leap_packet_t *leap_packet; if (!leap_packet_ptr) return; leap_packet = *leap_packet_ptr; @@ -89,10 +89,10 @@ void eapleap_free(Leap_packet_t **leap_packet_ptr) /* * Extract the data from the LEAP packet. */ -Leap_packet_t *eapleap_extract(EAP_DS *eap_ds) +leap_packet_t *eapleap_extract(EAP_DS *eap_ds) { leap_packet_raw_t *data; - Leap_packet_t *packet; + leap_packet_t *packet; int name_len; /* @@ -103,7 +103,7 @@ Leap_packet_t *eapleap_extract(EAP_DS *eap_ds) !eap_ds->response || ((eap_ds->response->code != PW_EAP_RESPONSE) && (eap_ds->response->code != PW_EAP_REQUEST)) || - eap_ds->response->type.type != PW_EAP_LEAP || + eap_ds->response->type.num != PW_EAP_LEAP || !eap_ds->response->type.data || (eap_ds->response->length < LEAP_HEADER_LEN) || (eap_ds->response->type.data[0] != 0x01)) { /* version 1 */ @@ -243,7 +243,7 @@ static int eapleap_ntpwdhash(unsigned char *ntpwdhash, VALUE_PAIR *password) /* * Verify the MS-CHAP response from the user. */ -int eapleap_stage4(Leap_packet_t *packet, VALUE_PAIR* password, +int eapleap_stage4(leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session) { unsigned char ntpwdhash[16]; @@ -278,14 +278,14 @@ int eapleap_stage4(Leap_packet_t *packet, VALUE_PAIR* password, /* * Verify ourselves to the AP */ -Leap_packet_t *eapleap_stage6(Leap_packet_t *packet, REQUEST *request, +leap_packet_t *eapleap_stage6(leap_packet_t *packet, REQUEST *request, VALUE_PAIR *user_name, VALUE_PAIR* password, leap_session_t *session, VALUE_PAIR **reply_vps) { size_t i; unsigned char ntpwdhash[16], ntpwdhashhash[16]; unsigned char buffer[256]; - Leap_packet_t *reply; + leap_packet_t *reply; unsigned char *p; VALUE_PAIR *vp; @@ -388,10 +388,10 @@ Leap_packet_t *eapleap_stage6(Leap_packet_t *packet, REQUEST *request, * If an EAP LEAP request needs to be initiated then * create such a packet. */ -Leap_packet_t *eapleap_initiate(UNUSED EAP_DS *eap_ds, VALUE_PAIR *user_name) +leap_packet_t *eapleap_initiate(UNUSED EAP_DS *eap_ds, VALUE_PAIR *user_name) { int i; - Leap_packet_t *reply; + leap_packet_t *reply; reply = eapleap_alloc(); if (reply == NULL) { @@ -442,7 +442,7 @@ Leap_packet_t *eapleap_initiate(UNUSED EAP_DS *eap_ds, VALUE_PAIR *user_name) /* * compose the LEAP reply packet in the EAP reply typedata */ -int eapleap_compose(EAP_DS *eap_ds, Leap_packet_t *reply) +int eapleap_compose(EAP_DS *eap_ds, leap_packet_t *reply) { leap_packet_raw_t *data; @@ -452,7 +452,7 @@ int eapleap_compose(EAP_DS *eap_ds, Leap_packet_t *reply) switch (reply->code) { case PW_EAP_REQUEST: case PW_EAP_RESPONSE: - eap_ds->request->type.type = PW_EAP_LEAP; + eap_ds->request->type.num = PW_EAP_LEAP; eap_ds->request->type.length = reply->length; eap_ds->request->type.data = malloc(reply->length); diff --git a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h index 0b7d1954605..dbfa4eaceee 100644 --- a/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h +++ b/src/modules/rlm_eap/types/rlm_eap_leap/eap_leap.h @@ -47,7 +47,7 @@ typedef struct leap_packet { unsigned char *challenge; int name_len; char *name; -} Leap_packet_t; +} leap_packet_t; /* * The information which must be kept around @@ -61,15 +61,15 @@ typedef struct leap_session_t { /* function declarations here */ -Leap_packet_t *eapleap_alloc(void); -void eapleap_free(Leap_packet_t **leap_packet_ptr); +leap_packet_t *eapleap_alloc(void); +void eapleap_free(leap_packet_t **leap_packet_ptr); -int eapleap_compose(EAP_DS *auth, Leap_packet_t *reply); -Leap_packet_t *eapleap_extract(EAP_DS *auth); -Leap_packet_t *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); -int eapleap_stage4(Leap_packet_t *packet, VALUE_PAIR* password, +int eapleap_compose(EAP_DS *auth, leap_packet_t *reply); +leap_packet_t *eapleap_extract(EAP_DS *auth); +leap_packet_t *eapleap_initiate(EAP_DS *eap_ds, VALUE_PAIR *user_name); +int eapleap_stage4(leap_packet_t *packet, VALUE_PAIR* password, leap_session_t *session); -Leap_packet_t *eapleap_stage6(Leap_packet_t *packet, REQUEST *request, +leap_packet_t *eapleap_stage6(leap_packet_t *packet, REQUEST *request, VALUE_PAIR *user_name, VALUE_PAIR* password, leap_session_t *session, VALUE_PAIR **reply_vps); diff --git a/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c b/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c index bcbb77fba20..b3342fd4492 100644 --- a/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c +++ b/src/modules/rlm_eap/types/rlm_eap_leap/rlm_eap_leap.c @@ -35,13 +35,13 @@ RCSID("$Id$") * ie access challenge to the user/peer. * Frame eap reply packet. - * len = header + type + leap_typedata - * leap_typedata = value_size + value + * len = header + type + leap_methoddata + * leap_methoddata = value_size + value */ -static int leap_initiate(UNUSED void *instance, EAP_HANDLER *handler) +static int leap_initiate(UNUSED void *instance, eap_handler_t *handler) { leap_session_t *session; - Leap_packet_t *reply; + leap_packet_t *reply; DEBUG2(" rlm_eap_leap: Stage 2"); @@ -88,12 +88,12 @@ static int leap_initiate(UNUSED void *instance, EAP_HANDLER *handler) return 1; } -static int leap_authenticate(UNUSED void *instance, EAP_HANDLER *handler) +static int leap_authenticate(UNUSED void *instance, eap_handler_t *handler) { int rcode; leap_session_t *session; - Leap_packet_t *packet; - Leap_packet_t *reply; + leap_packet_t *packet; + leap_packet_t *reply; VALUE_PAIR *password; if (!handler->opaque) { @@ -196,7 +196,7 @@ static int leap_authenticate(UNUSED void *instance, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_leap = { +rlm_eap_module_t rlm_eap_leap = { "eap_leap", NULL, /* attach */ leap_initiate, /* Start the initial request, after Identity */ diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c index f87c8dee098..5cd806fece8 100644 --- a/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c +++ b/src/modules/rlm_eap/types/rlm_eap_md5/eap_md5.c @@ -95,7 +95,7 @@ MD5_PACKET *eapmd5_extract(EAP_DS *eap_ds) if (!eap_ds || !eap_ds->response || (eap_ds->response->code != PW_MD5_RESPONSE) || - eap_ds->response->type.type != PW_EAP_MD5 || + eap_ds->response->type.num != PW_EAP_MD5 || !eap_ds->response->type.data || (eap_ds->response->length <= MD5_HEADER_LEN) || (eap_ds->response->type.data[0] <= 0)) { @@ -222,7 +222,7 @@ int eapmd5_compose(EAP_DS *eap_ds, MD5_PACKET *reply) * and EAP-Success, and EAP-Failure. */ if (reply->code < 3) { - eap_ds->request->type.type = PW_EAP_MD5; + eap_ds->request->type.num = PW_EAP_MD5; rad_assert(reply->length > 0); diff --git a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c index c0a0e598269..8a428526d18 100644 --- a/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c +++ b/src/modules/rlm_eap/types/rlm_eap_md5/rlm_eap_md5.c @@ -34,12 +34,12 @@ RCSID("$Id$") /* * Initiate the EAP-MD5 session by sending a challenge to the peer. */ -static int md5_initiate(void *type_data, EAP_HANDLER *handler) +static int md5_initiate(void *instance, eap_handler_t *handler) { int i; MD5_PACKET *reply; - type_data = type_data; /* -Wunused */ + instance = instance; /* -Wunused */ /* * Allocate an EAP-MD5 packet. @@ -105,7 +105,7 @@ static int md5_initiate(void *type_data, EAP_HANDLER *handler) /* * Authenticate a previously sent challenge. */ -static int md5_authenticate(UNUSED void *arg, EAP_HANDLER *handler) +static int md5_authenticate(UNUSED void *arg, eap_handler_t *handler) { MD5_PACKET *packet; MD5_PACKET *reply; @@ -164,7 +164,7 @@ static int md5_authenticate(UNUSED void *arg, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_md5 = { +rlm_eap_module_t rlm_eap_md5 = { "eap_md5", NULL, /* attach */ md5_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c index 759ffdb7fdd..66ca8aa169f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c +++ b/src/modules/rlm_eap/types/rlm_eap_mschapv2/rlm_eap_mschapv2.c @@ -46,7 +46,7 @@ static CONF_PARSER module_config[] = { }; -static void fix_mppe_keys(EAP_HANDLER *handler, mschapv2_opaque_t *data) +static void fix_mppe_keys(eap_handler_t *handler, mschapv2_opaque_t *data) { pairmove2(&data->mppe_keys, &handler->request->reply->vps, 7, VENDORPEC_MICROSOFT, TAG_ANY); pairmove2(&data->mppe_keys, &handler->request->reply->vps, 8, VENDORPEC_MICROSOFT, TAG_ANY); @@ -88,7 +88,7 @@ static int mschapv2_attach(CONF_SECTION *cs, void **instance) /* * Compose the response. */ -static int eapmschapv2_compose(EAP_HANDLER *handler, VALUE_PAIR *reply) +static int eapmschapv2_compose(eap_handler_t *handler, VALUE_PAIR *reply) { uint8_t *ptr; int16_t length; @@ -96,7 +96,7 @@ static int eapmschapv2_compose(EAP_HANDLER *handler, VALUE_PAIR *reply) EAP_DS *eap_ds = handler->eap_ds; eap_ds->request->code = PW_EAP_REQUEST; - eap_ds->request->type.type = PW_EAP_MSCHAPV2; + eap_ds->request->type.num = PW_EAP_MSCHAPV2; /* * Always called with vendor Microsoft @@ -218,13 +218,13 @@ static int eapmschapv2_compose(EAP_HANDLER *handler, VALUE_PAIR *reply) /* * Initiate the EAP-MSCHAPV2 session by sending a challenge to the peer. */ -static int mschapv2_initiate(void *type_data, EAP_HANDLER *handler) +static int mschapv2_initiate(void *instance, eap_handler_t *handler) { int i; VALUE_PAIR *challenge; mschapv2_opaque_t *data; - type_data = type_data; /* -Wunused */ + instance = instance; /* -Wunused */ challenge = pairmake("MS-CHAP-Challenge", "0x00", T_OP_EQ); if (!challenge) { @@ -293,7 +293,7 @@ static int mschapv2_initiate(void *type_data, EAP_HANDLER *handler) * * Called from rlm_eap.c, eap_postproxy(). */ -static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data) +static int mschap_postproxy(eap_handler_t *handler, void *tunnel_data) { VALUE_PAIR *response = NULL; mschapv2_opaque_t *data; @@ -370,7 +370,7 @@ static int mschap_postproxy(EAP_HANDLER *handler, void *tunnel_data) /* * Authenticate a previously sent challenge. */ -static int mschapv2_authenticate(void *arg, EAP_HANDLER *handler) +static int mschapv2_authenticate(void *arg, eap_handler_t *handler) { int rcode, ccode; mschapv2_opaque_t *data; @@ -769,7 +769,7 @@ packet_ready: * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_mschapv2 = { +rlm_eap_module_t rlm_eap_mschapv2 = { "eap_mschapv2", mschapv2_attach, /* attach */ mschapv2_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h b/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h index 3ad3a33ca65..fa4cec73a5e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h +++ b/src/modules/rlm_eap/types/rlm_eap_peap/eap_peap.h @@ -35,7 +35,7 @@ typedef struct peap_tunnel_t { VALUE_PAIR *accept_vps; int status; int home_access_accept; - int default_eap_type; + int default_method; int copy_request_to_tunnel; int use_tunneled_reply; int proxy_tunneled_request_as_eap; @@ -68,5 +68,5 @@ typedef struct peap_tunnel_t { /* * Process the PEAP portion of an EAP-PEAP request. */ -int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session); +int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session); #endif /* _EAP_PEAP_H */ diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c index f4bfd275e79..048615ace7d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/peap.c @@ -33,7 +33,7 @@ static int setup_fake_request(REQUEST *request, REQUEST *fake, peap_tunnel_t *t) * * Result-TLV = Failure */ -static int eappeap_failure(EAP_HANDLER *handler, tls_session_t *tls_session) +static int eappeap_failure(eap_handler_t *handler, tls_session_t *tls_session) { uint8_t tlv_packet[11]; REQUEST *request = handler->request; @@ -68,7 +68,7 @@ static int eappeap_failure(EAP_HANDLER *handler, tls_session_t *tls_session) * * Result-TLV = Success */ -static int eappeap_success(EAP_HANDLER *handler, tls_session_t *tls_session) +static int eappeap_success(eap_handler_t *handler, tls_session_t *tls_session) { uint8_t tlv_packet[11]; REQUEST *request = handler->request; @@ -98,7 +98,7 @@ static int eappeap_success(EAP_HANDLER *handler, tls_session_t *tls_session) } -static int eappeap_identity(EAP_HANDLER *handler, tls_session_t *tls_session) +static int eappeap_identity(eap_handler_t *handler, tls_session_t *tls_session) { eap_packet_raw_t eap_packet; @@ -120,7 +120,7 @@ static int eappeap_identity(EAP_HANDLER *handler, tls_session_t *tls_session) /* * Send an MS SoH request */ -static int eappeap_soh(EAP_HANDLER *handler, tls_session_t *tls_session) +static int eappeap_soh(eap_handler_t *handler, tls_session_t *tls_session) { uint8_t tlv_packet[20]; @@ -159,9 +159,9 @@ static int eappeap_soh(EAP_HANDLER *handler, tls_session_t *tls_session) static VALUE_PAIR* eapsoh_verify(REQUEST *request, const uint8_t *data, unsigned int data_len) { VALUE_PAIR *vp; - uint8_t eap_type_base; + uint8_t eap_method_base; uint32_t eap_vendor; - uint32_t eap_type; + uint32_t eap_method; int rv; vp = pairmake("SoH-Supported", "no", T_OP_EQ); @@ -175,9 +175,9 @@ static VALUE_PAIR* eapsoh_verify(REQUEST *request, const uint8_t *data, unsigned goto done; } - eap_type_base = *data++; - if (eap_type_base != 254) { - RDEBUG("SoH - response is not extended EAP: %i", eap_type_base); + eap_method_base = *data++; + if (eap_method_base != 254) { + RDEBUG("SoH - response is not extended EAP: %i", eap_method_base); goto done; } @@ -187,9 +187,9 @@ static VALUE_PAIR* eapsoh_verify(REQUEST *request, const uint8_t *data, unsigned goto done; } - eap_type = soh_pull_be_32(data); data += 4; - if (eap_type != 0x21) { - RDEBUG("SoH - response eap type %08x is not EAP-SoH", eap_type); + eap_method = soh_pull_be_32(data); data += 4; + if (eap_method != 0x21) { + RDEBUG("SoH - response eap type %08x is not EAP-SoH", eap_method); goto done; } @@ -211,8 +211,7 @@ static int eapmessage_verify(REQUEST *request, const uint8_t *data, unsigned int data_len) { const eap_packet_raw_t *eap_packet = (const eap_packet_raw_t *) data; - uint8_t eap_type; - char buffer[256]; + eap_type_t eap_method; /* * No data, OR only 1 byte of EAP type. @@ -222,8 +221,8 @@ static int eapmessage_verify(REQUEST *request, return 0; } - eap_type = *data; - switch (eap_type) { + eap_method = *data; + switch (eap_method) { case PW_EAP_IDENTITY: if (data_len == 1) { RDEBUG2("Identity - "); @@ -254,9 +253,8 @@ static int eapmessage_verify(REQUEST *request, */ case PW_EAP_MSCHAPV2: default: - RDEBUG2("EAP type %s", - eap_type_data_type2name(eap_type, - buffer, sizeof(buffer))); + RDEBUG2("EAP type %s (%d)", eap_type2name(eap_method), + eap_method); return 1; break; } @@ -415,7 +413,7 @@ static int eappeap_check_tlv(REQUEST *request, const uint8_t *data, /* * Use a reply packet to determine what to do. */ -static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, +static int process_reply(eap_handler_t *handler, tls_session_t *tls_session, REQUEST *request, RADIUS_PACKET *reply) { int rcode = RLM_MODULE_REJECT; @@ -538,7 +536,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, /* * Do post-proxy processing, */ -static int eappeap_postproxy(EAP_HANDLER *handler, void *data) +static int eappeap_postproxy(eap_handler_t *handler, void *data) { int rcode; tls_session_t *tls_session = (tls_session_t *) data; @@ -731,7 +729,7 @@ static void print_tunneled_data(const uint8_t *data, size_t data_len) /* * Process the pseudo-EAP contents of the tunneled data. */ -int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) +int eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) { peap_tunnel_t *t = tls_session->opaque; REQUEST *fake; @@ -946,10 +944,10 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) pairadd(&fake->packet->vps, vp); - if (t->default_eap_type != 0) { + if (t->default_method != 0) { RDEBUG2("Setting default EAP type for tunneled EAP session."); vp = pairmake("EAP-Type", "0", T_OP_EQ); - vp->vp_integer = t->default_eap_type; + vp->vp_integer = t->default_method; pairadd(&fake->config_items, vp); } break; } @@ -1000,10 +998,10 @@ int eappeap_process(EAP_HANDLER *handler, tls_session_t *tls_session) * If there's a default EAP type, * set it here. */ - if (t->default_eap_type != 0) { + if (t->default_method != 0) { DEBUG2(" PEAP: Setting default EAP type for tunneled EAP session."); vp = pairmake("EAP-Type", "0", T_OP_EQ); - vp->vp_integer = t->default_eap_type; + vp->vp_integer = t->default_method; pairadd(&fake->config_items, vp); } } diff --git a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c index 650f680762f..a9f2a4cbcdd 100644 --- a/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c +++ b/src/modules/rlm_eap/types/rlm_eap_peap/rlm_eap_peap.c @@ -36,8 +36,8 @@ typedef struct rlm_eap_peap_t { /* * Default tunneled EAP type */ - char *default_eap_type_name; - int default_eap_type; + char *default_method_name; + int default_method; /* * Use the reply attributes from the tunneled session in @@ -81,8 +81,8 @@ static CONF_PARSER module_config[] = { { "tls", PW_TYPE_STRING_PTR, offsetof(rlm_eap_peap_t, tls_conf_name), NULL, NULL }, - { "default_eap_type", PW_TYPE_STRING_PTR, - offsetof(rlm_eap_peap_t, default_eap_type_name), NULL, "mschapv2" }, + { "default_method", PW_TYPE_STRING_PTR, + offsetof(rlm_eap_peap_t, default_method_name), NULL, "mschapv2" }, { "copy_request_to_tunnel", PW_TYPE_BOOLEAN, offsetof(rlm_eap_peap_t, copy_request_to_tunnel), NULL, "no" }, @@ -132,10 +132,10 @@ static int eappeap_attach(CONF_SECTION *cs, void **instance) * Convert the name to an integer, to make it easier to * handle. */ - inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name); - if (inst->default_eap_type < 0) { + inst->default_method = eap_name2type(inst->default_method_name); + if (inst->default_method < 0) { radlog(L_ERR, "rlm_eap_peap: Unknown EAP type %s", - inst->default_eap_type_name); + inst->default_method_name); return -1; } @@ -181,7 +181,7 @@ static peap_tunnel_t *peap_alloc(rlm_eap_peap_t *inst) t = rad_malloc(sizeof(*t)); memset(t, 0, sizeof(*t)); - t->default_eap_type = inst->default_eap_type; + t->default_method = inst->default_method; t->copy_request_to_tunnel = inst->copy_request_to_tunnel; t->use_tunneled_reply = inst->use_tunneled_reply; #ifdef WITH_PROXY @@ -198,7 +198,7 @@ static peap_tunnel_t *peap_alloc(rlm_eap_peap_t *inst) /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static int eappeap_initiate(void *type_arg, EAP_HANDLER *handler) +static int eappeap_initiate(void *type_arg, eap_handler_t *handler) { int status; tls_session_t *ssn; @@ -278,7 +278,7 @@ static int eappeap_initiate(void *type_arg, EAP_HANDLER *handler) /* * Do authentication, by letting EAP-TLS do most of the work. */ -static int eappeap_authenticate(void *arg, EAP_HANDLER *handler) +static int eappeap_authenticate(void *arg, eap_handler_t *handler) { int rcode; fr_tls_status_t status; @@ -419,7 +419,7 @@ static int eappeap_authenticate(void *arg, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_peap = { +rlm_eap_module_t rlm_eap_peap = { "eap_peap", eappeap_attach, /* attach */ eappeap_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c index 35df9c0263d..8e9dc73997c 100644 --- a/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c +++ b/src/modules/rlm_eap/types/rlm_eap_pwd/rlm_eap_pwd.c @@ -143,7 +143,7 @@ send_pwd_request (pwd_session_t *sess, EAP_DS *eap_ds) len = (sess->out_buf_len - sess->out_buf_pos) + sizeof(pwd_hdr); rad_assert(len > 0); eap_ds->request->code = PW_EAP_REQUEST; - eap_ds->request->type.type = PW_EAP_PWD; + eap_ds->request->type.num = PW_EAP_PWD; eap_ds->request->type.length = (len > sess->mtu) ? sess->mtu : len; eap_ds->request->type.data = malloc(eap_ds->request->type.length); memset(eap_ds->request->type.data, 0, eap_ds->request->type.length); @@ -201,10 +201,10 @@ send_pwd_request (pwd_session_t *sess, EAP_DS *eap_ds) } static int -eap_pwd_initiate (void *type_data, EAP_HANDLER *handler) +eap_pwd_initiate (void *instance, eap_handler_t *handler) { pwd_session_t *pwd_session; - eap_pwd_t *inst = (eap_pwd_t *)type_data; + eap_pwd_t *inst = (eap_pwd_t *)instance; VALUE_PAIR *vp; pwd_id_packet *pack; @@ -297,7 +297,7 @@ eap_pwd_initiate (void *type_data, EAP_HANDLER *handler) } static int -eap_pwd_authenticate (void *arg, EAP_HANDLER *handler) +eap_pwd_authenticate (void *arg, eap_handler_t *handler) { pwd_session_t *pwd_session; pwd_hdr *hdr; @@ -375,7 +375,7 @@ eap_pwd_authenticate (void *arg, EAP_HANDLER *handler) */ exch = EAP_PWD_GET_EXCHANGE(hdr); eap_ds->request->code = PW_EAP_REQUEST; - eap_ds->request->type.type = PW_EAP_PWD; + eap_ds->request->type.num = PW_EAP_PWD; eap_ds->request->type.length = sizeof(pwd_hdr); if ((eap_ds->request->type.data = malloc(sizeof(pwd_hdr))) == NULL) { radlog(L_ERR, "rlm_eap_pwd: fragment ACK, out of memory"); @@ -631,7 +631,7 @@ eap_pwd_authenticate (void *arg, EAP_HANDLER *handler) } -EAP_TYPE rlm_eap_pwd = { +rlm_eap_module_t rlm_eap_pwd = { "eap_pwd", eap_pwd_attach, /* attach */ eap_pwd_initiate, /* initiate to a client */ diff --git a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c index f192bc3465c..cc5daac2e4f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c +++ b/src/modules/rlm_eap/types/rlm_eap_sim/rlm_eap_sim.c @@ -75,7 +75,7 @@ static void eap_sim_state_free(void *opaque) /* * build a reply to be sent. */ -static int eap_sim_compose(EAP_HANDLER *handler) +static int eap_sim_compose(eap_handler_t *handler) { /* we will set the ID on requests, since we have to HMAC it */ handler->eap_ds->set_request_id = 1; @@ -84,7 +84,7 @@ static int eap_sim_compose(EAP_HANDLER *handler) handler->eap_ds->request); } -static int eap_sim_sendstart(EAP_HANDLER *handler) +static int eap_sim_sendstart(eap_handler_t *handler) { VALUE_PAIR **vps, *newvp; uint16_t *words; @@ -206,7 +206,7 @@ static int eap_sim_getchalans(VALUE_PAIR *vps, int chalno, * module to generate/calculate things. * */ -static int eap_sim_sendchallenge(EAP_HANDLER *handler) +static int eap_sim_sendchallenge(eap_handler_t *handler) { struct eap_sim_server_state *ess; VALUE_PAIR **invps, **outvps, *newvp; @@ -306,7 +306,7 @@ static int eap_sim_sendchallenge(EAP_HANDLER *handler) * radius attributes derived from the MSK. * */ -static int eap_sim_sendsuccess(EAP_HANDLER *handler) +static int eap_sim_sendsuccess(eap_handler_t *handler) { unsigned char *p; struct eap_sim_server_state *ess; @@ -335,7 +335,7 @@ static int eap_sim_sendsuccess(EAP_HANDLER *handler) /* * run the server state machine. */ -static void eap_sim_stateenter(EAP_HANDLER *handler, +static void eap_sim_stateenter(eap_handler_t *handler, struct eap_sim_server_state *ess, enum eapsim_serverstates newstate) { @@ -380,7 +380,7 @@ static void eap_sim_stateenter(EAP_HANDLER *handler, * Initiate the EAP-SIM session by starting the state machine * and initiating the state. */ -static int eap_sim_initiate(void *type_data, EAP_HANDLER *handler) +static int eap_sim_initiate(void *instance, eap_handler_t *handler) { struct eap_sim_server_state *ess; VALUE_PAIR *vp; @@ -389,7 +389,7 @@ static int eap_sim_initiate(void *type_data, EAP_HANDLER *handler) outvps = handler->request->reply->vps; - type_data = type_data; /* shut up compiler */ + instance = instance; /* shut up compiler */ vp = pairfind(outvps, ATTRIBUTE_EAP_SIM_RAND1, 0, TAG_ANY); if(vp == NULL) { @@ -442,7 +442,7 @@ static int eap_sim_initiate(void *type_data, EAP_HANDLER *handler) * challenge, else, resend the Request/Start. * */ -static int process_eap_sim_start(EAP_HANDLER *handler, VALUE_PAIR *vps) +static int process_eap_sim_start(eap_handler_t *handler, VALUE_PAIR *vps) { VALUE_PAIR *nonce_vp, *selectedversion_vp; struct eap_sim_server_state *ess; @@ -500,7 +500,7 @@ static int process_eap_sim_start(EAP_HANDLER *handler, VALUE_PAIR *vps) * calculated from the packet with the SRESx appended. * */ -static int process_eap_sim_challenge(EAP_HANDLER *handler, VALUE_PAIR *vps) +static int process_eap_sim_challenge(eap_handler_t *handler, VALUE_PAIR *vps) { struct eap_sim_server_state *ess; uint8_t srescat[EAPSIM_SRES_SIZE*3]; @@ -546,7 +546,7 @@ static int process_eap_sim_challenge(EAP_HANDLER *handler, VALUE_PAIR *vps) /* * Authenticate a previously sent challenge. */ -static int eap_sim_authenticate(void *arg, EAP_HANDLER *handler) +static int eap_sim_authenticate(void *arg, eap_handler_t *handler) { struct eap_sim_server_state *ess; VALUE_PAIR *vp, *vps; @@ -636,7 +636,7 @@ static int eap_sim_authenticate(void *arg, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_sim = { +rlm_eap_module_t rlm_eap_sim = { "eap_sim", NULL, /* XXX attach */ eap_sim_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index d64f70e0ad1..303acd7ee0e 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -83,7 +83,7 @@ static int eaptls_attach(CONF_SECTION *cs, void **instance) /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) +static int eaptls_initiate(void *type_arg, eap_handler_t *handler) { int status; tls_session_t *ssn; @@ -132,7 +132,7 @@ static int eaptls_initiate(void *type_arg, EAP_HANDLER *handler) /* * Do authentication, by letting EAP-TLS do most of the work. */ -static int eaptls_authenticate(void *type_arg, EAP_HANDLER *handler) +static int eaptls_authenticate(void *type_arg, eap_handler_t *handler) { fr_tls_status_t status; tls_session_t *tls_session = (tls_session_t *) handler->opaque; @@ -256,7 +256,7 @@ static int eaptls_authenticate(void *type_arg, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_tls = { +rlm_eap_module_t rlm_eap_tls = { "eap_tls", eaptls_attach, /* attach */ eaptls_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c index 310a2caa213..805ad9c661f 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c +++ b/src/modules/rlm_eap/types/rlm_eap_tnc/rlm_eap_tnc.c @@ -138,7 +138,7 @@ static void tnc_free(void *conn_id) * For this package, only 'Identifier' has to be set dynamically. Any * other information is static. */ -static int tnc_initiate(void *instance, EAP_HANDLER *handler) +static int tnc_initiate(void *instance, eap_handler_t *handler) { rlm_eap_tnc_t *inst = instance; REQUEST *request = NULL; @@ -234,7 +234,7 @@ static int tnc_initiate(void *instance, EAP_HANDLER *handler) *eap_tnc_request = SET_START(1); handler->eap_ds->request->code = PW_EAP_REQUEST; - handler->eap_ds->request->type.type = PW_EAP_TNC; + handler->eap_ds->request->type.num = PW_EAP_TNC; handler->eap_ds->request->type.length = 1; @@ -260,10 +260,10 @@ static int tnc_initiate(void *instance, EAP_HANDLER *handler) * based on the TNC_ConnectionState determined by NAA-TNCS. * * @param instance The configuration data. - * @param handler The EAP_HANDLER. + * @param handler The eap_handler_t. * @return True, if successfully, else false. */ -static int tnc_authenticate(UNUSED void *instance, EAP_HANDLER *handler) +static int tnc_authenticate(UNUSED void *instance, eap_handler_t *handler) { TNC_ConnectionID conn_id; TNC_Result result; @@ -274,7 +274,7 @@ static int tnc_authenticate(UNUSED void *instance, EAP_HANDLER *handler) TNC_ConnectionState connection_state; uint8_t code = 0; - if (handler->eap_ds->response->type.type != PW_EAP_TNC) { + if (handler->eap_ds->response->type.num != PW_EAP_TNC) { radlog(L_ERR, "rlm_eap_tnc: Incorrect response type"); return 0; @@ -324,7 +324,6 @@ static int tnc_authenticate(UNUSED void *instance, EAP_HANDLER *handler) code = PW_EAP_SUCCESS; pairadd(&handler->request->config_items, pairmake("TNC-Status", "Access", T_OP_SET)); - break; case TNC_CONNECTION_STATE_ACCESS_ISOLATED: @@ -343,7 +342,7 @@ static int tnc_authenticate(UNUSED void *instance, EAP_HANDLER *handler) * Build the TNC EAP request */ handler->eap_ds->request->code = code; - handler->eap_ds->request->type.type = PW_EAP_TNC; + handler->eap_ds->request->type.num = PW_EAP_TNC; handler->eap_ds->request->type.length = datalen; @@ -357,7 +356,7 @@ static int tnc_authenticate(UNUSED void *instance, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_tnc = { +rlm_eap_module_t rlm_eap_tnc = { "eap_tnc", tnc_attach, /* attach */ tnc_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h index 1525092cdea..51133d04c03 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/eap_ttls.h @@ -33,7 +33,7 @@ typedef struct ttls_tunnel_t { VALUE_PAIR *state; VALUE_PAIR *accept_vps; int authenticated; - int default_eap_type; + int default_method; int copy_request_to_tunnel; int use_tunneled_reply; const char *virtual_server; @@ -42,6 +42,6 @@ typedef struct ttls_tunnel_t { /* * Process the TTLS portion of an EAP-TTLS request. */ -int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session); +int eapttls_process(eap_handler_t *handler, tls_session_t *tls_session); #endif /* _EAP_TTLS_H */ diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index 1b28ca8f07d..d0ca33e66b0 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -36,8 +36,8 @@ typedef struct rlm_eap_ttls_t { /* * Default tunneled EAP type */ - char *default_eap_type_name; - int default_eap_type; + char *default_method_name; + int default_method; /* * Use the reply attributes from the tunneled session in @@ -79,7 +79,7 @@ static CONF_PARSER module_config[] = { offsetof(rlm_eap_ttls_t, tls_conf_name), NULL, NULL }, { "default_eap_type", PW_TYPE_STRING_PTR, - offsetof(rlm_eap_ttls_t, default_eap_type_name), NULL, "md5" }, + offsetof(rlm_eap_ttls_t, default_method_name), NULL, "md5" }, { "copy_request_to_tunnel", PW_TYPE_BOOLEAN, offsetof(rlm_eap_ttls_t, copy_request_to_tunnel), NULL, "no" }, @@ -121,10 +121,10 @@ static int eapttls_attach(CONF_SECTION *cs, void **instance) * Convert the name to an integer, to make it easier to * handle. */ - inst->default_eap_type = eaptype_name2type(inst->default_eap_type_name); - if (inst->default_eap_type < 0) { + inst->default_method = eap_name2type(inst->default_method_name); + if (inst->default_method < 0) { radlog(L_ERR, "rlm_eap_ttls: Unknown EAP type %s", - inst->default_eap_type_name); + inst->default_method_name); return -1; } @@ -174,7 +174,7 @@ static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst) t = rad_malloc(sizeof(*t)); memset(t, 0, sizeof(*t)); - t->default_eap_type = inst->default_eap_type; + t->default_method = inst->default_method; t->copy_request_to_tunnel = inst->copy_request_to_tunnel; t->use_tunneled_reply = inst->use_tunneled_reply; t->virtual_server = inst->virtual_server; @@ -185,7 +185,7 @@ static ttls_tunnel_t *ttls_alloc(rlm_eap_ttls_t *inst) /* * Send an initial eap-tls request to the peer, using the libeap functions. */ -static int eapttls_initiate(void *type_arg, EAP_HANDLER *handler) +static int eapttls_initiate(void *type_arg, eap_handler_t *handler) { int status; tls_session_t *ssn; @@ -248,7 +248,7 @@ static int eapttls_initiate(void *type_arg, EAP_HANDLER *handler) /* * Do authentication, by letting EAP-TLS do most of the work. */ -static int eapttls_authenticate(void *arg, EAP_HANDLER *handler) +static int eapttls_authenticate(void *arg, eap_handler_t *handler) { int rcode; fr_tls_status_t status; @@ -383,7 +383,7 @@ static int eapttls_authenticate(void *arg, EAP_HANDLER *handler) * The module name should be the only globally exported symbol. * That is, everything else should be 'static'. */ -EAP_TYPE rlm_eap_ttls = { +rlm_eap_module_t rlm_eap_ttls = { "eap_ttls", eapttls_attach, /* attach */ eapttls_initiate, /* Start the initial request */ diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c index 07b3560a0fa..ea965ca20d0 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/ttls.c @@ -651,7 +651,7 @@ static int vp2diameter(REQUEST *request, tls_session_t *tls_session, VALUE_PAIR /* * Use a reply packet to determine what to do. */ -static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, +static int process_reply(eap_handler_t *handler, tls_session_t *tls_session, REQUEST *request, RADIUS_PACKET *reply) { int rcode = RLM_MODULE_REJECT; @@ -826,7 +826,7 @@ static int process_reply(EAP_HANDLER *handler, tls_session_t *tls_session, /* * Do post-proxy processing, */ -static int eapttls_postproxy(EAP_HANDLER *handler, void *data) +static int eapttls_postproxy(eap_handler_t *handler, void *data) { int rcode; tls_session_t *tls_session = (tls_session_t *) data; @@ -965,7 +965,7 @@ static void my_request_free(void *data) /* * Process the "diameter" contents of the tunneled data. */ -int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) +int eapttls_process(eap_handler_t *handler, tls_session_t *tls_session) { int rcode = PW_AUTHENTICATION_REJECT; REQUEST *fake; @@ -1093,11 +1093,11 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) * If there's a default EAP type, * set it here. */ - if (t->default_eap_type != 0) { + if (t->default_method != 0) { RDEBUG("Setting default EAP type for tunneled EAP session."); vp = paircreate(request, PW_EAP_TYPE, 0); rad_assert(vp != NULL); - vp->vp_integer = t->default_eap_type; + vp->vp_integer = t->default_method; pairadd(&fake->config_items, vp); } @@ -1238,7 +1238,7 @@ int eapttls_process(EAP_HANDLER *handler, tls_session_t *tls_session) switch (fake->reply->code) { case 0: /* No reply code, must be proxied... */ #ifdef WITH_PROXY - vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); + vp = pairfind(fake->config_items, PW_PROXY_TO_REALM, 0, TAG_ANY); if (vp) { eap_tunnel_data_t *tunnel; RDEBUG("Tunneled authentication will be proxied to %s", vp->vp_strvalue);