diff options
Diffstat (limited to 'src')
| -rw-r--r-- | src/libcharon/plugins/tnc_pdp/Makefile.am | 7 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnc_pdp/tnc_pdp.c | 85 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnc_pdp/tnc_pdp.h | 4 | ||||
| -rw-r--r-- | src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c | 11 |
4 files changed, 68 insertions, 39 deletions
diff --git a/src/libcharon/plugins/tnc_pdp/Makefile.am b/src/libcharon/plugins/tnc_pdp/Makefile.am index ce0ddce06..cc7c934d8 100644 --- a/src/libcharon/plugins/tnc_pdp/Makefile.am +++ b/src/libcharon/plugins/tnc_pdp/Makefile.am @@ -2,7 +2,11 @@ AM_CPPFLAGS = \ -I$(top_srcdir)/src/libstrongswan \ -I$(top_srcdir)/src/libhydra \ -I$(top_srcdir)/src/libcharon \ - -I$(top_srcdir)/src/libradius + -I$(top_srcdir)/src/libradius \ + -I$(top_srcdir)/src/libtncif \ + -I$(top_srcdir)/src/libtnccs \ + -I$(top_srcdir)/src/libtls \ + -I$(top_srcdir)/src/libpttls AM_CFLAGS = \ -rdynamic @@ -13,6 +17,7 @@ else plugin_LTLIBRARIES = libstrongswan-tnc-pdp.la libstrongswan_tnc_pdp_la_LIBADD = \ $(top_builddir)/src/libradius/libradius.la \ + $(top_builddir)/src/libpttls/libpttls.la \ $(top_builddir)/src/libtls/libtls.la \ $(top_builddir)/src/libtnccs/libtnccs.la endif diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c index a30d89535..7ef67fd18 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.c @@ -22,6 +22,8 @@ #include <radius_message.h> #include <radius_mppe.h> +#include <pt_tls_dispatcher.h> + #include <daemon.h> #include <utils/debug.h> #include <pen/pen.h> @@ -32,6 +34,16 @@ typedef struct private_tnc_pdp_t private_tnc_pdp_t; /** + * Default RADIUS port, when not configured + */ +#define RADIUS_PORT 1812 + +/** + * Default PT-TLS port, when not configured + */ +#define PT_TLS_PORT 271 + +/** * Maximum size of a RADIUS IP packet */ #define MAX_PACKET 4096 @@ -90,6 +102,12 @@ struct private_tnc_pdp_t { * List of registered TNC-PDP connections */ tnc_pdp_connections_t *connections; + + /** + * PT-TLS dispatcher + */ + pt_tls_dispatcher_t *pt_tls_dispatcher; + }; @@ -521,6 +539,7 @@ METHOD(tnc_pdp_t, destroy, void, close(this->ipv6); } DESTROY_IF(this->server); + DESTROY_IF(this->pt_tls_dispatcher); DESTROY_IF(this->signer); DESTROY_IF(this->hasher); DESTROY_IF(this->ng); @@ -531,17 +550,54 @@ METHOD(tnc_pdp_t, destroy, void, /* * see header file */ -tnc_pdp_t *tnc_pdp_create(u_int16_t port) +tnc_pdp_t *tnc_pdp_create(void) { private_tnc_pdp_t *this; char *secret, *server, *eap_type_str; + int radius_port, pt_tls_port; + identification_t *id; + host_t *host; + + server = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-pdp.server", NULL, charon->name); + pt_tls_port = lib->settings->get_int(lib->settings, + "%s.plugins.tnc-pdp.pt_tls.port", PT_TLS_PORT, charon->name); + radius_port = lib->settings->get_int(lib->settings, + "%s.plugins.tnc-pdp.radius.port", RADIUS_PORT, charon->name); + secret = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-pdp.radius.secret", NULL, charon->name); + eap_type_str = lib->settings->get_str(lib->settings, + "%s.plugins.tnc-pdp.radius.method", "ttls", charon->name); + + if (!server) + { + DBG1(DBG_CFG, "missing PDP server name, PDP disabled"); + return NULL; + } + if (!secret) + { + DBG1(DBG_CFG, "missing RADIUS secret, PDP disabled"); + return NULL; + } + + host = host_create_from_dns(server, AF_UNSPEC, pt_tls_port); + if (!host) + { + DBG1(DBG_CFG, "could not resolve server name"); + return NULL; + } + id = identification_create_from_string(server); INIT(this, .public = { .destroy = _destroy, }, - .ipv4 = open_socket(AF_INET, port), - .ipv6 = open_socket(AF_INET6, port), + .server = id, + .pt_tls_dispatcher = pt_tls_dispatcher_create(host, id, PT_TLS_AUTH_NONE), + .ipv4 = open_socket(AF_INET, radius_port), + .ipv6 = open_socket(AF_INET6, radius_port), + .secret = chunk_from_str(secret), + .type = eap_type_from_string(eap_type_str), .hasher = lib->crypto->create_hasher(lib->crypto, HASH_MD5), .signer = lib->crypto->create_signer(lib->crypto, AUTH_HMAC_MD5_128), .ng = lib->crypto->create_nonce_gen(lib->crypto), @@ -554,6 +610,7 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) destroy(this); return NULL; } + if (!this->ipv4 && !this->ipv6) { DBG1(DBG_NET, "could not create any RADIUS sockets"); @@ -579,25 +636,6 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) DBG1(DBG_NET, "could not open IPv6 RADIUS socket, IPv6 disabled"); } - server = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.server", NULL, charon->name); - if (!server) - { - DBG1(DBG_CFG, "missing PDP server name, PDP disabled"); - destroy(this); - return NULL; - } - this->server = identification_create_from_string(server); - - secret = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.secret", NULL, charon->name); - if (!secret) - { - DBG1(DBG_CFG, "missing RADIUS secret, PDP disabled"); - destroy(this); - return NULL; - } - this->secret = chunk_create(secret, strlen(secret)); if (!this->signer->set_key(this->signer, this->secret)) { DBG1(DBG_CFG, "could not set signer key"); @@ -605,9 +643,6 @@ tnc_pdp_t *tnc_pdp_create(u_int16_t port) return NULL; } - eap_type_str = lib->settings->get_str(lib->settings, - "%s.plugins.tnc-pdp.method", "ttls", charon->name); - this->type = eap_type_from_string(eap_type_str); if (this->type == 0) { DBG1(DBG_CFG, "unrecognized eap method \"%s\"", eap_type_str); diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp.h b/src/libcharon/plugins/tnc_pdp/tnc_pdp.h index 06291220f..25a041944 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp.h +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp.h @@ -38,9 +38,7 @@ struct tnc_pdp_t { /** * Create a TNC PDP instance - * - * @param port RADIUS port of TNC PDP */ -tnc_pdp_t* tnc_pdp_create(u_int16_t port); +tnc_pdp_t* tnc_pdp_create(void); #endif /** TNC_PDP_PLUGIN_H_ @}*/ diff --git a/src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c b/src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c index e35ba9ead..14ab9cf6f 100644 --- a/src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c +++ b/src/libcharon/plugins/tnc_pdp/tnc_pdp_plugin.c @@ -21,11 +21,6 @@ typedef struct private_tnc_pdp_plugin_t private_tnc_pdp_plugin_t; /** - * Default RADIUS port, when not configured - */ -#define RADIUS_PORT 1812 - -/** * private data of tnc_pdp plugin */ struct private_tnc_pdp_plugin_t { @@ -56,11 +51,7 @@ static bool plugin_cb(private_tnc_pdp_plugin_t *this, { if (reg) { - int port; - - port = lib->settings->get_int(lib->settings, - "%s.plugins.tnc-pdp.port", RADIUS_PORT, charon->name); - this->pdp = tnc_pdp_create(port); + this->pdp = tnc_pdp_create(); } else { |