]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: ff8ef54)
add and document global require_message_authenticator
authorAlan T. DeKok <aland@freeradius.org>
Fri, 16 Feb 2024 13:09:54 +0000 (08:09 -0500)
committerMatthew Newton <matthew-git@newtoncomputing.co.uk>
Mon, 8 Jul 2024 19:38:14 +0000 (20:38 +0100)
raddb/radiusd.conf.in patch | blob | blame | history
src/include/radiusd.h patch | blob | blame | history
src/main/mainconfig.c patch | blob | blame | history

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 8c00e9a4d2279eda4ef15b7a2a3fd2585b603376..92d25c2400116a216ccd212cc86ffc9ad27bf49b 100644 (file)
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -625,6 +625,17 @@ security {
        #
        status_server = yes
 
+       #
+       #  Global configuration for requiring Message-Authenticator
+       #  in all Access-* packets.
+       #
+       #  This flag sets the global default for all clients and home
+       #  servers.  It can be over-ridden in individual client or
+       #  home server by adding a flag to that section which says
+       #  "require_message_authenticator = false".
+       #
+       require_message_authenticator = yes
+
 @openssl_version_check_config@
 }
 
diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index bd7276f27e458cbcb19087b3c24e689983a80c42..bc2080211bce1cce6660ea9516b56f4bce654769 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -174,6 +174,7 @@ typedef struct main_config {
 
        bool            exiting;                        //!< are we exiting?
 
+       bool            require_ma;                     //!< global configuration for all clients and home servers
 
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
        char const      *allow_vulnerable_openssl;      //!< The CVE number of the last security issue acknowledged.
diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index af941b04735816a88525bf7a4f1155f1c8c2e9bc..7b53ae23b2d7b5d673dfdef2f7a73dbf02ccc432 100644 (file)
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -160,6 +160,7 @@ static const CONF_PARSER security_config[] = {
        { "max_attributes",  FR_CONF_POINTER(PW_TYPE_INTEGER, &fr_max_attributes), STRINGIFY(0) },
        { "reject_delay",  FR_CONF_POINTER(PW_TYPE_TIMEVAL, &main_config.reject_delay), STRINGIFY(0) },
        { "status_server", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.status_server), "no"},
+       { "require_message_authenticator", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.require_ma), "yes"},
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
        { "allow_vulnerable_openssl", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.allow_vulnerable_openssl), "no"},
 #endif
Mirror of https://github.com/FreeRADIUS/freeradius-server.git