Make EAP-Key-Name things work

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 1372649822d21cf9a10607981d9bc96b9ff5ff56..e9036775a3df478120fa33dccafc38eb4649e734 100644 (file)
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -545,12 +545,14 @@ post-auth {
        #  MacSEC requires the use of EAP-Key-Name.  However, we don't
        #  want to send it for all EAP sessions.  Therefore, the EAP
        #  modules put required data into the EAP-Session-Id attribute.
-       #  This attribute is never put into a packet.
+       #  This attribute is never put into a request or reply packet.
        #
        #  Uncomment the next few lines to copy the required data into
        #  the EAP-Key-Name attribute
-#      update reply {
-#              EAP-Key-Name := "%{reply:EAP-Session-Id}"
+#      if (reply:EAP-Session-Id) {
+#              update reply {
+#                      EAP-Key-Name := "%{reply:EAP-Session-Id}"
+#              }
 #      }
 
        #  If the WiMAX module did it's work, you may want to do more

diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c
index 4fdb9fca42939f9c7ed91d0526d466dfe95a3c17..3e2efbf244262334dcfb71f8fcff353a35b593c0 100644 (file)
--- a/src/modules/rlm_eap/libeap/eap_tls.c
+++ b/src/modules/rlm_eap/libeap/eap_tls.c
@@ -223,8 +223,8 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag)
                RDEBUG("WARNING: Not adding MPPE keys because there is no PRF label");
        }
 
-       eaptls_gen_eap_key(tls_session->ssl->session,
-                          handler->eap_type, &request->reply->vps);
+       eaptls_gen_eap_key(tls_session->ssl,
+                          handler->eap_type, &handler->request->reply->vps);
        return 1;
 }
 

diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c
index 97d4295d20fb61df12faf66dcc65e41b857abde7..c724937ba8afe24c15e16083b58a6ecb696ff4ad 100644 (file)
--- a/src/modules/rlm_eap/libeap/mppe_keys.c
+++ b/src/modules/rlm_eap/libeap/mppe_keys.c
@@ -133,7 +133,7 @@ void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s,
        size_t prf_size;
 
        if (!s->s3) {
-               radlog(L_ERR, "ERROR: OpenSSL build / link incompatibility detected");
+               DEBUG("ERROR: No SSLv3 information");
                return;
        }
 
@@ -177,7 +177,7 @@ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size)
        uint8_t *p = seed;
 
        if (!s->s3) {
-               radlog(L_ERR, "ERROR: OpenSSL build / link incompatibility detected");
+               DEBUG("ERROR: No SSLv3 information");
                return;
        }
 
@@ -201,6 +201,11 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps)
 {
        VALUE_PAIR *vp;
 
+       if (!s->s3) {
+               DEBUG("ERROR: No SSLv3 information");
+               return;
+       }
+
        vp = paircreate(PW_EAP_SESSION_ID, PW_TYPE_OCTETS);
        if (!vp) return;
 
@@ -208,5 +213,6 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps)
        memcpy(vp->vp_octets + 1, s->s3->client_random, SSL3_RANDOM_SIZE);
        memcpy(vp->vp_octets + 1 + SSL3_RANDOM_SIZE,
               s->s3->server_random, SSL3_RANDOM_SIZE);
+       vp->length = 1 + 2 * SSL3_RANDOM_SIZE;
        pairadd(vps, vp);
 }