set up for RADIUSv11

diff --git a/src/include/clients.h b/src/include/clients.h
index fc6034a2f5bee0caf1943f5bd955e45e552ddadd..14bec41446a68bf921edbbeb088487b3fd07714b 100644 (file)
--- a/src/include/clients.h
+++ b/src/include/clients.h
@@ -75,6 +75,10 @@ typedef struct radclient {
 #endif
 #ifdef WITH_TLS
        bool                    tls_required;           //!< whether TLS encryption is required.
+
+#ifdef WITH_RADIUSV11
+       fr_radiusv11_t          radiusv11;
+#endif
 #endif
 
 #ifdef WITH_DYNAMIC_CLIENTS

diff --git a/src/include/features-h b/src/include/features-h
index fc5c707afa381952518a00900772c37b46e31aa1..a664edd6161d4beb65e47c98eb64fa49b507bc6a 100644 (file)
--- a/src/include/features-h
+++ b/src/include/features-h
@@ -79,3 +79,17 @@
 #    error Reverse CoA requests requires TLS
 #  endif
 #endif
+
+#ifdef WITH_RADIUSV11_ONLY
+#  define WITH_RADIUSV11
+#else
+#  ifndef WITHOUT_RADIUSV11
+#    define WITH_RADIUSV11
+#endif
+#endif
+
+#ifdef WITH_RADIUSV11
+#  ifndef WITH_TLS
+#    error RADIUSv11 requires TLS
+#  endif
+#endif

diff --git a/src/include/libradius.h b/src/include/libradius.h
index e5f2251949b5f9d2525da8303b0cbbfd16a2872a..1b9b2cd40ec403a69fcc45ab9846ed71b2a600f4 100644 (file)
--- a/src/include/libradius.h
+++ b/src/include/libradius.h
@@ -407,6 +407,9 @@ typedef struct radius_packet {
        size_t                  partial;
        int                     proto;
 #endif
+#ifdef WITH_RADIUSV11
+       bool                    radiusv11;
+#endif
 } RADIUS_PACKET;
 
 typedef enum {
@@ -427,6 +430,14 @@ typedef enum {
        DECODE_FAIL_MAX
 } decode_fail_t;
 
+#ifdef WITH_RADIUSV11
+typedef enum {
+       FR_RADIUSV11_FORBID = 0,
+       FR_RADIUSV11_ALLOW,
+       FR_RADIUSV11_REQUIRE,
+} fr_radiusv11_t;
+#endif
+
 /*
  *     Version check.
  */
@@ -531,6 +542,8 @@ RADIUS_PACKET       *rad_alloc_reply(TALLOC_CTX *ctx, RADIUS_PACKET *);
 RADIUS_PACKET *rad_copy_packet(TALLOC_CTX *ctx, RADIUS_PACKET const *in);
 
 void           rad_free(RADIUS_PACKET **);
+
+#ifndef WITH_RADIUSV11_ONLY
 int            rad_pwencode(char *encpw, size_t *len, char const *secret,
                             uint8_t const *vector);
 int            rad_pwdecode(char *encpw, size_t len, char const *secret,
@@ -543,6 +556,7 @@ ssize_t             rad_tunnel_pwdecode(uint8_t *encpw, size_t *len,
                                    char const *secret, uint8_t const *vector);
 int            rad_chap_encode(RADIUS_PACKET *packet, uint8_t *output,
                                int id, VALUE_PAIR *password);
+#endif
 
 int            rad_attr_ok(RADIUS_PACKET const *packet, RADIUS_PACKET const *original,
                            DICT_ATTR *da, uint8_t const *data, size_t length);

diff --git a/src/include/listen.h b/src/include/listen.h
index e747b604da6017d9040625cf6f7162c3a547abee..0ba82b839122aba17229a2cf2fa7c0bb5a0c537f 100644 (file)
--- a/src/include/listen.h
+++ b/src/include/listen.h
@@ -88,6 +88,9 @@ struct rad_listen {
        bool            check_client_connections;
        bool            nonblock;
        bool            blocked;
+#ifdef WITH_RADIUSV11
+       fr_radiusv11_t  radiusv11;
+#endif
 
 #ifdef WITH_COA_TUNNEL
        char const      *key;           /* Originating-Realm-Key */

diff --git a/src/include/realms.h b/src/include/realms.h
index 23806f4bb1e0eeaa51c22da15a50bb2c1108400c..6f70f9cfa59d326dea6c4509adab4de1a43ba51c 100644 (file)
--- a/src/include/realms.h
+++ b/src/include/realms.h
@@ -140,6 +140,9 @@ typedef struct home_server {
        fr_tls_server_conf_t    *tls;
        uint32_t                connect_timeout;
        rbtree_t                *listeners;
+#ifdef WITH_RADIUSV11
+       fr_radiusv11_t          radiusv11;
+#endif
 #endif
 
 #ifdef WITH_STATS