From 0c8312d9579c2c5a414585e71bdd65a4a3a97f47 Mon Sep 17 00:00:00 2001 From: "Alan T. DeKok" Date: Sat, 6 Jul 2024 10:01:18 -0400 Subject: [PATCH] rever TEAP related changes for TTLS Which broke some systems --- src/modules/rlm_eap/libeap/eap_tls.c | 22 +++++++++++++++++++ src/modules/rlm_eap/libeap/eap_tls.h | 1 + .../rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c | 8 +------ 3 files changed, 24 insertions(+), 7 deletions(-) diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 424c4b5c013..3a915bc624d 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -105,6 +105,28 @@ tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_ return talloc_steal(handler, ssn); /* ssn */ } +/* + The S flag is set only within the EAP-TLS start message + sent from the EAP server to the peer. +*/ +int eaptls_start(EAP_DS *eap_ds, int peap_flag) +{ + EAPTLS_PACKET reply; + + reply.code = FR_TLS_START; + reply.length = TLS_HEADER_LEN + 1/*flags*/; + + reply.flags = peap_flag; + reply.flags = SET_START(reply.flags); + + reply.data = NULL; + reply.dlen = 0; + + eaptls_compose(eap_ds, &reply); + + return 1; +} + /** Send an EAP-TLS success * * Composes an EAP-TLS-Success. This is a message with code EAP_TLS_ESTABLISHED. diff --git a/src/modules/rlm_eap/libeap/eap_tls.h b/src/modules/rlm_eap/libeap/eap_tls.h index 616265b6f6f..1112bcbef39 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.h +++ b/src/modules/rlm_eap/libeap/eap_tls.h @@ -105,6 +105,7 @@ typedef struct tls_packet { EAPTLS_PACKET *eaptls_alloc(void); void eaptls_free(EAPTLS_PACKET **eaptls_packet_ptr); tls_session_t *eaptls_session(eap_handler_t *handler, fr_tls_server_conf_t *tls_conf, bool client_cert, bool allow_tls13); +int eaptls_start(EAP_DS *eap_ds, int peap); int eaptls_compose(EAP_DS *eap_ds, EAPTLS_PACKET *reply); fr_tls_server_conf_t *eaptls_conf_parse(CONF_SECTION *cs, char const *key); diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index 035a1f6044a..9ce78430c52 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -204,13 +204,7 @@ static int mod_session_init(void *type_arg, eap_handler_t *handler) * TLS session initialization is over. Now handle TLS * related handshaking or application data. */ - status = eaptls_request(handler->eap_ds, ssn, true); - if ((status == FR_TLS_INVALID) || (status == FR_TLS_FAIL)) { - REDEBUG("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "")); - } else { - RDEBUG3("[eaptls start] = %s", fr_int2str(fr_tls_status_table, status, "")); - } - if (status == 0) return 0; + eaptls_start(handler->eap_ds, ssn->peap_flag); /* * The next stage to process the packet. -- 2.47.3