]> git.ipfire.org Git - thirdparty/freeradius-server.git/commitdiff
projects / thirdparty / freeradius-server.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 5c7ef86)
add and document global require_message_authenticator
authorAlan T. DeKok <aland@freeradius.org>
Fri, 16 Feb 2024 13:09:54 +0000 (08:09 -0500)
committerMatthew Newton <matthew-git@newtoncomputing.co.uk>
Mon, 8 Jul 2024 15:22:09 +0000 (16:22 +0100)
raddb/radiusd.conf.in patch | blob | blame | history
src/include/radiusd.h patch | blob | blame | history
src/main/mainconfig.c patch | blob | blame | history

diff --git a/raddb/radiusd.conf.in b/raddb/radiusd.conf.in
index 12fac7abd5e3cd5ec083621a227cfce89c26979d..cd2d80c8e6babf0f3af3921014f5e3e0b085ee30 100644 (file)
--- a/raddb/radiusd.conf.in
+++ b/raddb/radiusd.conf.in
@@ -603,6 +603,17 @@ security {
        #
        status_server = yes
 
+       #
+       #  Global configuration for requiring Message-Authenticator
+       #  in all Access-* packets.
+       #
+       #  This flag sets the global default for all clients and home
+       #  servers.  It can be over-ridden in individual client or
+       #  home server by adding a flag to that section which says
+       #  "require_message_authenticator = false".
+       #
+       require_message_authenticator = yes
+
 @openssl_version_check_config@
 }
 
diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index 4cd9feae36973cb3ebefd2afdf8b1d41442e1c7e..76931fabd4952a6b1d2aa3ffe6ee241db1d90cea 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -176,6 +176,7 @@ typedef struct main_config {
 
        bool            exiting;                        //!< are we exiting?
 
+       bool            require_ma;                     //!< global configuration for all clients and home servers
 
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
        char const      *allow_vulnerable_openssl;      //!< The CVE number of the last security issue acknowledged.
diff --git a/src/main/mainconfig.c b/src/main/mainconfig.c
index 80cfedd77596f69d4abd5371a6487ed498a6bfa4..cbc0d6b646dba28f874667b8c6c2036c1e170663 100644 (file)
--- a/src/main/mainconfig.c
+++ b/src/main/mainconfig.c
@@ -162,6 +162,7 @@ static const CONF_PARSER security_config[] = {
        { "max_attributes",  FR_CONF_POINTER(PW_TYPE_INTEGER, &fr_max_attributes), STRINGIFY(0) },
        { "reject_delay",  FR_CONF_POINTER(PW_TYPE_TIMEVAL, &main_config.reject_delay), STRINGIFY(0) },
        { "status_server", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.status_server), "no"},
+       { "require_message_authenticator", FR_CONF_POINTER(PW_TYPE_BOOLEAN, &main_config.require_ma), "yes"},
 #ifdef ENABLE_OPENSSL_VERSION_CHECK
        { "allow_vulnerable_openssl", FR_CONF_POINTER(PW_TYPE_STRING, &main_config.allow_vulnerable_openssl), "no"},
 #endif
Mirror of https://github.com/FreeRADIUS/freeradius-server.git