Add config for each of the EAP-TTLS tests

diff --git a/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap b/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap
new file mode 100644 (file)
index 0000000..4f34cbe
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap
@@ -0,0 +1,9 @@
+type = ttls
+## EAP-TTLS
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+}
+

diff --git a/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap b/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2
new file mode 100644 (file)
index 0000000..b6097c8
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2
@@ -0,0 +1,12 @@
+type = ttls
+type = mschapv2
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+       require_client_cert = yes
+}
+
+mschapv2 {
+}

diff --git a/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls
new file mode 100644 (file)
index 0000000..7991147
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls
@@ -0,0 +1,13 @@
+type = ttls
+type = tls
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+       require_client_cert = yes
+}
+
+tls {
+       tls = tls-common
+}

diff --git a/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc
new file mode 100644 (file)
index 0000000..9454bc1
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc
@@ -0,0 +1,12 @@
+type = ttls
+type = gtc
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+}
+
+gtc {
+       auth_type = pap
+}

diff --git a/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2
new file mode 100644 (file)
index 0000000..9e82160
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2
@@ -0,0 +1,11 @@
+type = ttls
+type = mschapv2
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+}
+
+mschapv2 {
+}

diff --git a/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2
new file mode 100644 (file)
index 0000000..4f34cbe
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2
@@ -0,0 +1,9 @@
+type = ttls
+## EAP-TTLS
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+}
+

diff --git a/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap b/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap
new file mode 100644 (file)
index 0000000..4f34cbe
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap
@@ -0,0 +1,9 @@
+type = ttls
+## EAP-TTLS
+ttls {
+       tls = tls-common
+       default_eap_type = md5
+       virtual_server = "inner-tunnel"
+       include_length = no
+}
+

diff --git a/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap b/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls/methods-enabled/ttls b/src/tests/eapol_test/config/ttls/methods-enabled/ttls
index 62f6862749021d159649375218905744c054d535..4f34cbeff71dd884009baf086d40c56a1e98f4d3 100644 (file)
--- a/src/tests/eapol_test/config/ttls/methods-enabled/ttls
+++ b/src/tests/eapol_test/config/ttls/methods-enabled/ttls
@@ -1,60 +1,9 @@
 type = ttls
 ## EAP-TTLS
-#
-#  The TTLS module implements the EAP-TTLS protocol,
-#  which can be described as EAP inside of Diameter,
-#  inside of TLS, inside of EAP, inside of RADIUS...
-#
-#  Surprisingly, it works quite well.
-#
 ttls {
-       #  Which tls-config section the TLS negotiation parameters
-       #  are in - see EAP-TLS above for an explanation.
-       #
-       #  In the case that an old configuration from FreeRADIUS
-       #  v2.x is being used, all the options of the tls-config
-       #  section may also appear instead in the 'tls' section
-       #  above. If that is done, the tls= option here (and in
-       #  tls above) MUST be commented out.
-       #
        tls = tls-common
-
-       #  The tunneled EAP session needs a default EAP type
-       #  which is separate from the one for the non-tunneled
-       #  EAP module.  Inside of the TTLS tunnel, we recommend
-       #  using EAP-MD5.  If the request does not contain an
-       #  EAP conversation, then this configuration entry is
-       #  ignored.
-       #
        default_eap_type = md5
-
-       #
-       #  The inner tunneled request can be sent
-       #  through a virtual server constructed
-       #  specifically for this purpose.
-       #
-       #  If this entry is commented out, the inner
-       #  tunneled request will be sent through
-       #  the virtual server that processed the
-       #  outer requests.
-       #
        virtual_server = "inner-tunnel"
-
-       #  This has the same meaning, and overwrites, the
-       #  same field in the "tls" configuration, above.
-       #  The default value here is "yes".
-       #
        include_length = no
-
-       #
-       # Unlike EAP-TLS, EAP-TTLS does not require a client
-       # certificate. However, you can require one by setting the
-       # following option. You can also override this option by
-       # setting
-       #
-       #       EAP-TLS-Require-Client-Cert = Yes
-       #
-       # in the control items for a request.
-       #
-#      require_client_cert = yes
 }
+

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel b/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel
new file mode 100644 (file)
index 0000000..e699ac7
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel
@@ -0,0 +1,46 @@
+server inner-tunnel {
+       namespace = radius
+
+recv Access-Request {
+       copy_request_to_tunnel
+       filter_username
+       filter_inner_identity
+
+       split_username_nai
+       &control.Password.Cleartext := &Stripped-User-Name
+
+       chap
+       mschap
+       eap {
+               ok = return
+       }
+
+       files
+
+       pap
+}
+
+authenticate pap {
+       pap
+}
+
+authenticate chap {
+       chap
+}
+
+authenticate mschap {
+       mschap
+}
+
+authenticate eap {
+       eap
+}
+
+send Access-Accept {
+       ok
+}
+
+send Access-Reject {
+       ok
+}
+}

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file

diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap
new file mode 120000 (symlink)
index 0000000..4317e33
--- /dev/null
+++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap
@@ -0,0 +1 @@
+inner-tunnel
\ No newline at end of file