From: Nick Porter Date: Fri, 1 Nov 2024 15:34:57 +0000 (+0000) Subject: Add config for each of the EAP-TTLS tests X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=185ddc2e7c996f08061879aef85c32c2e98fbc86;p=thirdparty%2Ffreeradius-server.git Add config for each of the EAP-TTLS tests --- diff --git a/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap b/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap new file mode 100644 index 00000000000..4f34cbeff71 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-chap/methods-enabled/ttls-chap @@ -0,0 +1,9 @@ +type = ttls +## EAP-TTLS +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no +} + diff --git a/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap b/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-chap/sites-enabled/ttls-chap @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2 new file mode 100644 index 00000000000..b6097c80a91 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/methods-enabled/ttls-client-eap-mschapv2 @@ -0,0 +1,12 @@ +type = ttls +type = mschapv2 +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no + require_client_cert = yes +} + +mschapv2 { +} diff --git a/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2 new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-client-eap-mschapv2/sites-enabled/ttls-client-eap-mschapv2 @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls new file mode 100644 index 00000000000..79911474c02 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-client-eap-tls/methods-enabled/ttls-client-eap-tls @@ -0,0 +1,13 @@ +type = ttls +type = tls +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no + require_client_cert = yes +} + +tls { + tls = tls-common +} diff --git a/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-client-eap-tls/sites-enabled/ttls-client-eap-tls @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc new file mode 100644 index 00000000000..9454bc1a323 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-eap-gtc/methods-enabled/ttls-eap-gtc @@ -0,0 +1,12 @@ +type = ttls +type = gtc +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no +} + +gtc { + auth_type = pap +} diff --git a/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-eap-gtc/sites-enabled/ttls-eap-gtc @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2 new file mode 100644 index 00000000000..9e82160b20f --- /dev/null +++ b/src/tests/eapol_test/config/ttls-eap-mschapv2/methods-enabled/ttls-eap-mschapv2 @@ -0,0 +1,11 @@ +type = ttls +type = mschapv2 +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no +} + +mschapv2 { +} diff --git a/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2 new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-eap-mschapv2/sites-enabled/ttls-eap-mschapv2 @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2 new file mode 100644 index 00000000000..4f34cbeff71 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-mschapv2/methods-enabled/ttls-mschapv2 @@ -0,0 +1,9 @@ +type = ttls +## EAP-TTLS +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no +} + diff --git a/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2 new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-mschapv2/sites-enabled/ttls-mschapv2 @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap b/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap new file mode 100644 index 00000000000..4f34cbeff71 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-pap/methods-enabled/ttls-pap @@ -0,0 +1,9 @@ +type = ttls +## EAP-TTLS +ttls { + tls = tls-common + default_eap_type = md5 + virtual_server = "inner-tunnel" + include_length = no +} + diff --git a/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap b/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls-pap/sites-enabled/ttls-pap @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls/methods-enabled/ttls b/src/tests/eapol_test/config/ttls/methods-enabled/ttls index 62f68627490..4f34cbeff71 100644 --- a/src/tests/eapol_test/config/ttls/methods-enabled/ttls +++ b/src/tests/eapol_test/config/ttls/methods-enabled/ttls @@ -1,60 +1,9 @@ type = ttls ## EAP-TTLS -# -# The TTLS module implements the EAP-TTLS protocol, -# which can be described as EAP inside of Diameter, -# inside of TLS, inside of EAP, inside of RADIUS... -# -# Surprisingly, it works quite well. -# ttls { - # Which tls-config section the TLS negotiation parameters - # are in - see EAP-TLS above for an explanation. - # - # In the case that an old configuration from FreeRADIUS - # v2.x is being used, all the options of the tls-config - # section may also appear instead in the 'tls' section - # above. If that is done, the tls= option here (and in - # tls above) MUST be commented out. - # tls = tls-common - - # The tunneled EAP session needs a default EAP type - # which is separate from the one for the non-tunneled - # EAP module. Inside of the TTLS tunnel, we recommend - # using EAP-MD5. If the request does not contain an - # EAP conversation, then this configuration entry is - # ignored. - # default_eap_type = md5 - - # - # The inner tunneled request can be sent - # through a virtual server constructed - # specifically for this purpose. - # - # If this entry is commented out, the inner - # tunneled request will be sent through - # the virtual server that processed the - # outer requests. - # virtual_server = "inner-tunnel" - - # This has the same meaning, and overwrites, the - # same field in the "tls" configuration, above. - # The default value here is "yes". - # include_length = no - - # - # Unlike EAP-TLS, EAP-TTLS does not require a client - # certificate. However, you can require one by setting the - # following option. You can also override this option by - # setting - # - # EAP-TLS-Require-Client-Cert = Yes - # - # in the control items for a request. - # -# require_client_cert = yes } + diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel b/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel new file mode 100644 index 00000000000..e699ac71633 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/inner-tunnel @@ -0,0 +1,46 @@ +server inner-tunnel { + namespace = radius + +recv Access-Request { + copy_request_to_tunnel + filter_username + filter_inner_identity + + split_username_nai + &control.Password.Cleartext := &Stripped-User-Name + + chap + mschap + eap { + ok = return + } + + files + + pap +} + +authenticate pap { + pap +} + +authenticate chap { + chap +} + +authenticate mschap { + mschap +} + +authenticate eap { + eap +} + +send Access-Accept { + ok +} + +send Access-Reject { + ok +} +} diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-chap @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2 new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-mschapv2 @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-client-eap-tls @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-gtc @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2 new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-eap-mschapv2 @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2 b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2 new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-mschapv2 @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file diff --git a/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap new file mode 120000 index 00000000000..4317e332248 --- /dev/null +++ b/src/tests/eapol_test/config/ttls/sites-enabled/ttls-pap @@ -0,0 +1 @@ +inner-tunnel \ No newline at end of file