# Autz-Type Status-Server {
#
# }
+
+ #
+ # RADIUS/TLS (or RadSec) connections are processed through
+ # this section. See sites-available/tls, and the configuration
+ # item "check_client_connections" for more information.
+ #
+ # The request contains TLS client certificate attributes,
+ # and nothing else. The debug output will print which
+ # attributes are available on your system.
+ #
+ # If the section returns "ok" or "updated", then the
+ # connection is accepted. Otherwise the connection is
+ # terminated.
+ #
+ Autz-Type New-TLS-Connection {
+ ok
+ }
}
clients = radsec
+ #
+ # When this is set to "yes", new TLS connections
+ # are processed through a section called
+ #
+ # Autz-Type New-TLS-Connection {
+ # ...
+ # }
+ #
+ # The request contains TLS client certificate attributes,
+ # and nothing else. The debug output will print which
+ # attributes are available on your system.
+ #
+ # If the section returns "ok" or "updated", then the
+ # connection is accepted. Otherwise the connection is
+ # terminated.
+ #
+# check_client_connections = yes
+
#
# Connection limiting for sockets with "proto = tcp".
#
int rcode = RLM_MODULE_OK;
DICT_VALUE *dval;
+#ifdef WITH_TLS
+ if (request->listener->tls) {
+ listen_socket_t *sock = request->listener->data;
+
+ if (sock->state == LISTEN_TLS_CHECKING) {
+ RDEBUG("Checking TLS connection to see if it is authorized.");
+
+ dval = dict_valbyname(PW_AUTZ_TYPE, 0, "New-TLS-Connection");
+ if (dval) {
+ rcode = process_authorize(dval->value, request);
+ } else {
+ rcode = RLM_MODULE_OK;
+ RWDEBUG("Did not find 'Autz-Type New-TLS-Connection' - defaulting to accept");
+ }
+
+ if ((rcode == RLM_MODULE_OK) || (rcode == RLM_MODULE_UPDATED)) {
+ request->reply->code = PW_CODE_ACCESS_ACCEPT;
+ } else {
+ request->reply->code = PW_CODE_ACCESS_REJECT;
+ }
+
+ return 0;
+ }
+ }
+#endif
+
+
switch (request->listener->type) {
#ifdef WITH_STATS
case RAD_LISTEN_NONE:
goto get_application_data;
}
- RDEBUG("Checking initial connection");
request->packet->vps = fr_pair_list_copy(request->packet, sock->certs);
- rdebug_pair_list(L_DBG_LVL_1, request, request->packet->vps, "&request:");
/*
* Fake out a Status-Server packet, which
projects / thirdparty / freeradius-server.git / commitdiff
