VALUE Auth-Type Local 1
VALUE Auth-Type Reject 4
-VALUE Auth-Type EAP 6
#
# FreeRADIUS extensions (most originally from Cistron)
#
VALUE Auth-Type Accept 254
-VALUE Auth-Type MS-CHAP 1028
-
#
# Authorization type, too.
#
bool with_ntdomain_hack;
bool send_error;
char const *identity;
+ int auth_type_mschap;
} rlm_eap_mschapv2_t;
static CONF_PARSER module_config[] = {
static int mod_instantiate(CONF_SECTION *cs, void **instance)
{
rlm_eap_mschapv2_t *inst;
+ DICT_VALUE const *dv;
*instance = inst = talloc_zero(cs, rlm_eap_mschapv2_t);
if (!inst) return -1;
inst->identity = talloc_asprintf(inst, "freeradius-%s", RADIUSD_VERSION_STRING);
}
+ dv = dict_valbyname(PW_AUTH_TYPE, 0, "MSCHAP");
+ if (!dv) dv = dict_valbyname(PW_AUTH_TYPE, 0, "MS-CHAP");
+ if (!dv) {
+ cf_log_err_cs(cs, "Failed to find 'Auth-Type MS-CHAP' section. Cannot authenticate users.");
+ return -1;
+ }
+ inst->auth_type_mschap = dv->value;
+
return 0;
}
/*
* This is a wild & crazy hack.
*/
- rcode = process_authenticate(PW_AUTH_TYPE_MS_CHAP, request);
+ rcode = process_authenticate(inst->auth_type_mschap, request);
/*
* Delete MPPE keys & encryption policy. We don't
/*
* Process the PEAP portion of an EAP-PEAP request.
*/
-rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session) CC_HINT(nonnull);
+rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session, int auth_type_eap) CC_HINT(nonnull);
#endif /* _EAP_PEAP_H */
/*
* Process the pseudo-EAP contents of the tunneled data.
*/
-rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session)
+rlm_rcode_t eappeap_process(eap_handler_t *handler, tls_session_t *tls_session, int auth_type_eap)
{
peap_tunnel_t *t = tls_session->opaque;
REQUEST *fake;
* Run the EAP authentication.
*/
RDEBUG2("Calling authenticate in order to initiate tunneled EAP session");
- rcode = process_authenticate(PW_AUTH_TYPE_EAP, fake);
+ rcode = process_authenticate(auth_type_eap, fake);
if (rcode == RLM_MODULE_OK) {
/*
* Authentication succeeded! Rah!
fr_tls_server_conf_t *tls_conf;
char const *default_method_name; //!< Default tunneled EAP type.
int default_method;
+
+ int auth_type_eap;
bool use_tunneled_reply; //!< Use the reply attributes from the tunneled session in
//!< the non-tunneled reply to the client.
{ "require_client_cert", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_peap_t, req_client_cert), "no" },
{ "soh_virtual_server", FR_CONF_OFFSET(PW_TYPE_STRING, rlm_eap_peap_t, soh_virtual_server), NULL },
+
CONF_PARSER_TERMINATOR
};
static int mod_instantiate(CONF_SECTION *cs, void **instance)
{
rlm_eap_peap_t *inst;
+ DICT_VALUE const *dv;
*instance = inst = talloc_zero(cs, rlm_eap_peap_t);
if (!inst) return -1;
return -1;
}
+ dv = dict_valbyname(PW_AUTH_TYPE, 0, "eap");
+ if (!dv) {
+ cf_log_err_cs(cs, "Failed to find 'Auth-Type mschap' section. Cannot authenticate users.");
+ return -1;
+ }
+ inst->auth_type_eap = dv->value;
return 0;
}
/*
* Process the PEAP portion of the request.
*/
- rcode = eappeap_process(handler, tls_session);
+ rcode = eappeap_process(handler, tls_session, inst->auth_type_eap);
switch (rcode) {
case RLM_MODULE_REJECT:
eaptls_fail(handler, 0);
projects / thirdparty / freeradius-server.git / commitdiff
