Sets a persistent key used to encrypt stateless session
tickets. If this is not set, then a random key will be
chosen when the server starts.
+
As the ticket key length depends on the version/flavour
of OpenSSL being used, the value provided is fed into
a HKDF function (digest SHA256,
outer requests.
+
require_client_cert::
Unlike `EAP-TLS`, `PEAP `does not require a client certificate.
}
session {
# mode = auto
-# name = "%{EAP-Type}%{Virtual-Server}"
+# name = "%{EAP-Type}%{interpreter:server}"
# lifetime = 86400
# require_extended_master_secret = yes
# require_perfect_forward_secrecy = no
- *
# session_ticket_key = "super-secret-key"
}
}
fr_dict_attr_t const *attr_eap_session_id;
fr_dict_attr_t const *attr_eap_identity;
fr_dict_attr_t const *attr_eap_type;
-fr_dict_attr_t const *attr_virtual_server;
fr_dict_attr_t const *attr_message_authenticator;
fr_dict_attr_t const *attr_eap_channel_binding_message;
{ .out = &attr_eap_session_id, .name = "EAP-Session-Id", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius },
{ .out = &attr_eap_type, .name = "EAP-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
{ .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
- { .out = &attr_virtual_server, .name = "Virtual-Server", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ .out = &attr_message_authenticator, .name = "Message-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
{ .out = &attr_eap_channel_binding_message, .name = "Vendor-Specific.UKERNA.EAP-Channel-Binding-Message", .type = FR_TYPE_OCTETS, .dict = &dict_radius },
* @param[in] virtual_server The default virtual server to send the request to.
* @return the rcode of the last executed section in the virtual server.
*/
-rlm_rcode_t eap_virtual_server(request_t *request, eap_session_t *eap_session, char const *virtual_server)
+rlm_rcode_t eap_virtual_server(UNUSED request_t *request, UNUSED eap_session_t *eap_session, UNUSED char const *virtual_server)
{
+#if 1
+ return RLM_MODULE_FAIL;
+#else
eap_session_t *eap_session_inner;
rlm_rcode_t rcode;
fr_pair_t *vp;
}
return rcode;
+#endif
}
/** Initialise the lib eap base library
},
.dflt = "auto" },
{ FR_CONF_OFFSET("name", FR_TYPE_TMPL, fr_tls_cache_conf_t, id_name),
- .dflt = "%{EAP-Type}%{Virtual-Server}", .quote = T_DOUBLE_QUOTED_STRING },
+ .dflt = "%{EAP-Type}%{interpreter:server}", .quote = T_DOUBLE_QUOTED_STRING },
{ FR_CONF_OFFSET("lifetime", FR_TYPE_TIME_DELTA, fr_tls_cache_conf_t, lifetime), .dflt = "1d" },
#if OPENSSL_VERSION_NUMBER >= 0x10100000L
};
static fr_dict_attr_t const *attr_eap_tls_require_client_cert;
-static fr_dict_attr_t const *attr_virtual_server;
extern fr_dict_attr_autoload_t rlm_eap_tls_dict_attr[];
fr_dict_attr_autoload_t rlm_eap_tls_dict_attr[] = {
{ .out = &attr_eap_tls_require_client_cert, .name = "EAP-TLS-Require-Client-Cert", .type = FR_TYPE_UINT32, .dict = &dict_freeradius },
- { .out = &attr_virtual_server, .name = "Virtual-Server", .type = FR_TYPE_STRING, .dict = &dict_freeradius },
{ NULL }
};
projects / thirdparty / freeradius-server.git / commitdiff
