From: Alan T. DeKok Date: Sat, 24 Jan 2026 17:22:06 +0000 (-0500) Subject: this isn't used, so we delete it X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=45cb9cacf0ab568f93b3e5ec4504c70f1245423d;p=thirdparty%2Ffreeradius-server.git this isn't used, so we delete it --- diff --git a/redhat/freeradius.spec b/redhat/freeradius.spec index 9d72f2a6004..f9838a3ce73 100644 --- a/redhat/freeradius.spec +++ b/redhat/freeradius.spec @@ -949,7 +949,6 @@ fi %{_libdir}/freeradius/process_radius.so %{_libdir}/freeradius/process_tacacs.so %{_libdir}/freeradius/process_tls.so -%{_libdir}/freeradius/process_ttls.so %{_libdir}/freeradius/process_vmps.so # Proto modules without external deps diff --git a/src/process/ttls/all.mk b/src/process/ttls/all.mk deleted file mode 100644 index 3ee049617b8..00000000000 --- a/src/process/ttls/all.mk +++ /dev/null @@ -1,10 +0,0 @@ -TARGETNAME := process_ttls - -ifneq "$(TARGETNAME)" "" -TARGET := $(TARGETNAME)$(L) -endif - -SOURCES := base.c - -TGT_PREREQS := libfreeradius-radius$(L) - diff --git a/src/process/ttls/base.c b/src/process/ttls/base.c deleted file mode 100644 index b8c360dffe7..00000000000 --- a/src/process/ttls/base.c +++ /dev/null @@ -1,672 +0,0 @@ -/* - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA - */ - -/** - * $Id$ - * @file src/process/ttls/base.c - * @brief TTLS process module - * - * @copyright 2021 The FreeRADIUS server project. - * @copyright 2021 Network RADIUS SAS (legal@networkradius.com) - */ -#include - -#include - -#include -#include -#include -#include -#include - -#include -#include - -#include - -static fr_dict_t const *dict_freeradius; -static fr_dict_t const *dict_radius; - -extern fr_dict_autoload_t process_ttls_dict[]; -fr_dict_autoload_t process_ttls_dict[] = { - { .out = &dict_freeradius, .proto = "freeradius" }, - { .out = &dict_radius, .proto = "radius" }, - DICT_AUTOLOAD_TERMINATOR -}; - -static fr_dict_attr_t const *attr_auth_type; -static fr_dict_attr_t const *attr_module_failure_message; -static fr_dict_attr_t const *attr_module_success_message; -static fr_dict_attr_t const *attr_stripped_user_name; - -static fr_dict_attr_t const *attr_calling_station_id; -static fr_dict_attr_t const *attr_chap_password; -static fr_dict_attr_t const *attr_nas_port; -static fr_dict_attr_t const *attr_packet_type; -static fr_dict_attr_t const *attr_service_type; -static fr_dict_attr_t const *attr_state; -static fr_dict_attr_t const *attr_user_name; -static fr_dict_attr_t const *attr_user_password; -static fr_dict_attr_t const *attr_original_packet_code; -static fr_dict_attr_t const *attr_error_cause; - -extern fr_dict_attr_autoload_t process_ttls_dict_attr[]; -fr_dict_attr_autoload_t process_ttls_dict_attr[] = { - { .out = &attr_auth_type, .name = "Auth-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius }, - { .out = &attr_module_failure_message, .name = "Module-Failure-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_module_success_message, .name = "Module-Success-Message", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - { .out = &attr_stripped_user_name, .name = "Stripped-User-Name", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, - - { .out = &attr_calling_station_id, .name = "Calling-Station-Id", .type = FR_TYPE_STRING, .dict = &dict_radius }, - { .out = &attr_chap_password, .name = "CHAP-Password", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, - { .out = &attr_nas_port, .name = "NAS-Port", .type = FR_TYPE_UINT32, .dict = &dict_radius }, - { .out = &attr_packet_type, .name = "Packet-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius }, - { .out = &attr_service_type, .name = "Service-Type", .type = FR_TYPE_UINT32, .dict = &dict_radius }, - { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, - { .out = &attr_user_name, .name = "User-Name", .type = FR_TYPE_STRING, .dict = &dict_radius }, - { .out = &attr_user_password, .name = "User-Password", .type = FR_TYPE_STRING, .dict = &dict_radius }, - - { .out = &attr_original_packet_code, .name = "Extended-Attribute-1.Original-Packet-Code", .type = FR_TYPE_UINT32, .dict = &dict_radius }, - { .out = &attr_error_cause, .name = "Error-Cause", .type = FR_TYPE_UINT32, .dict = &dict_radius }, - - DICT_AUTOLOAD_TERMINATOR -}; - -static fr_value_box_t const *enum_auth_type_accept; -static fr_value_box_t const *enum_auth_type_reject; - -extern fr_dict_enum_autoload_t process_ttls_dict_enum[]; -fr_dict_enum_autoload_t process_ttls_dict_enum[] = { - { .out = &enum_auth_type_accept, .name = "Accept", .attr = &attr_auth_type }, - { .out = &enum_auth_type_reject, .name = "Reject", .attr = &attr_auth_type }, - DICT_AUTOLOAD_TERMINATOR -}; - -/* - * RADIUS state machine configuration - */ -typedef struct { - uint64_t nothing; // so that "access_request" isn't at offset 0 - - CONF_SECTION *access_request; - CONF_SECTION *access_accept; - CONF_SECTION *access_reject; - CONF_SECTION *access_challenge; - - CONF_SECTION *accounting_request; - CONF_SECTION *accounting_response; - - CONF_SECTION *status_server; - - CONF_SECTION *coa_request; - CONF_SECTION *coa_ack; - CONF_SECTION *coa_nak; - - CONF_SECTION *disconnect_request; - CONF_SECTION *disconnect_ack; - CONF_SECTION *disconnect_nak; - - CONF_SECTION *do_not_respond; - CONF_SECTION *protocol_error; /* @todo - allow protocol error as a reject reply? */ -} process_ttls_sections_t; - -typedef struct { - fr_state_config_t session; //!< Session settings. - - fr_state_tree_t *state_tree; //!< State tree to link multiple requests/responses. -} process_ttls_auth_t; - -typedef struct { - CONF_SECTION *server_cs; //!< Our virtual server. - process_ttls_sections_t sections; //!< Pointers to various config sections - ///< we need to execute. - process_ttls_auth_t auth; //!< Authentication configuration. -} process_ttls_t; - -#define PROCESS_PACKET_TYPE fr_radius_packet_code_t -#define PROCESS_CODE_MAX FR_RADIUS_CODE_MAX -#define PROCESS_CODE_DO_NOT_RESPOND FR_RADIUS_CODE_DO_NOT_RESPOND -#define PROCESS_PACKET_CODE_VALID FR_RADIUS_PACKET_CODE_VALID -#define PROCESS_INST process_ttls_t -#include - -static const conf_parser_t auth_config[] = { - { FR_CONF_OFFSET_SUBSECTION("session", 0, process_ttls_auth_t, session, state_session_config )}, - - CONF_PARSER_TERMINATOR -}; - -static const conf_parser_t config[] = { - { FR_CONF_OFFSET_SUBSECTION("Access-Request", 0, process_ttls_t, auth, auth_config) }, - - CONF_PARSER_TERMINATOR -}; - -/* - * Debug the packet if requested. - */ -static void radius_packet_debug(request_t *request, fr_packet_t *packet, fr_pair_list_t *list, bool received) -{ -#ifdef WITH_IFINDEX_NAME_RESOLUTION - char if_name[IFNAMSIZ]; -#endif - - if (!packet) return; - if (!RDEBUG_ENABLED) return; - - log_request(L_DBG, L_DBG_LVL_1, request, __FILE__, __LINE__, "%s %s ID %d from %s%pV%s:%i to %s%pV%s:%i " -#ifdef WITH_IFINDEX_NAME_RESOLUTION - "%s%s%s" -#endif - "", - received ? "Received" : "Sending", - fr_radius_packet_name[packet->code], - packet->id, - packet->socket.inet.src_ipaddr.af == AF_INET6 ? "[" : "", - fr_box_ipaddr(packet->socket.inet.src_ipaddr), - packet->socket.inet.src_ipaddr.af == AF_INET6 ? "]" : "", - packet->socket.inet.src_port, - packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "[" : "", - fr_box_ipaddr(packet->socket.inet.dst_ipaddr), - packet->socket.inet.dst_ipaddr.af == AF_INET6 ? "]" : "", - packet->socket.inet.dst_port -#ifdef WITH_IFINDEX_NAME_RESOLUTION - , packet->socket.inet.ifindex ? "via " : "", - packet->socket.inet.ifindex ? fr_ifname_from_ifindex(if_name, packet->socket.inet.ifindex) : "", - packet->socket.inet.ifindex ? " " : "" -#endif - ); - - if (received || request->parent) { - log_request_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); - } else { - log_request_proto_pair_list(L_DBG_LVL_1, request, NULL, list, NULL); - } -} - -RESUME(auth_type); - -RESUME(access_request) -{ - rlm_rcode_t rcode = RESULT_RCODE; - fr_pair_t *vp; - CONF_SECTION *cs; - fr_dict_enum_value_t const *dv; - fr_process_state_t const *state; - process_ttls_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_ttls_t); - - PROCESS_TRACE; - - fr_assert(rcode < RLM_MODULE_NUMCODES); - - UPDATE_STATE(packet); - - request->reply->code = state->packet_type[rcode]; - if (!request->reply->code) request->reply->code = state->default_reply; - if (!request->reply->code) request->reply->code = PROCESS_CODE_DO_NOT_RESPOND; - UPDATE_STATE_CS(reply); - - if (request->reply->code == FR_RADIUS_CODE_DO_NOT_RESPOND) { - RDEBUG("The 'recv Access-Request' section returned %s - not sending a response", - fr_table_str_by_value(rcode_table, rcode, "")); - - send_reply: - fr_assert(state->send != NULL); - return CALL_SEND_STATE(state); - } - - /* - * Run authenticate foo { ... } - */ - vp = fr_pair_find_by_da(&request->control_pairs, NULL, attr_auth_type); - if (!vp) goto send_reply; - - dv = fr_dict_enum_by_value(vp->da, &vp->data); - if (!dv) goto send_reply; - - /* - * The magic Auth-Type accept value - * which means skip the authenticate - * section... - */ - if (fr_value_box_cmp(enum_auth_type_accept, dv->value) == 0) { - request->reply->code = FR_RADIUS_CODE_ACCESS_ACCEPT; - goto send_reply; - } else if (fr_value_box_cmp(enum_auth_type_reject, dv->value) == 0) { - request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT; - goto send_reply; - } - - cs = cf_section_find(inst->server_cs, "authenticate", dv->name); - if (!cs) { - RDEBUG2("No 'authenticate %s { ... }' section found - skipping...", dv->name); - goto send_reply; - } - - /* - * Run the "Authenticate = foo" section. - * - * And continue with sending the generic reply. - */ - RDEBUG("Running 'authenticate %s' from file %s", cf_section_name2(cs), cf_filename(cs)); - return unlang_module_yield_to_section(RESULT_P, request, - cs, RLM_MODULE_NOOP, resume_auth_type, - NULL, 0, mctx->rctx); -} - -RESUME(auth_type) -{ - static const fr_process_rcode_t auth_type_rcode = { - [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCESS_ACCEPT, - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT, - }; - - rlm_rcode_t rcode = RESULT_RCODE; - fr_pair_t *vp; - fr_process_state_t const *state; - - PROCESS_TRACE; - - fr_assert(rcode < RLM_MODULE_NUMCODES); - fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code)); - - if (auth_type_rcode[rcode] == FR_RADIUS_CODE_DO_NOT_RESPOND) { - request->reply->code = auth_type_rcode[rcode]; - UPDATE_STATE(reply); - - RDEBUG("The 'authenticate' section returned %s - not sending a response", - fr_table_str_by_value(rcode_table, rcode, "")); - - fr_assert(state->send != NULL); - return state->send(p_result, mctx, request); - } - - /* - * Most cases except handled... - */ - if (auth_type_rcode[rcode]) request->reply->code = auth_type_rcode[rcode]; - - switch (request->reply->code) { - case 0: - RDEBUG("No reply code was set. Forcing to Access-Reject"); - request->reply->code = FR_RADIUS_CODE_ACCESS_REJECT; - FALL_THROUGH; - - /* - * Print complaints before running "send Access-Reject" - */ - case FR_RADIUS_CODE_ACCESS_REJECT: - RDEBUG2("Failed to authenticate the user"); - - /* - * Maybe the shared secret is wrong? - */ - vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_password); - if (vp) { - if (RDEBUG_ENABLED2) { - uint8_t const *p; - - p = (uint8_t const *) vp->vp_strvalue; - while (*p) { - int size; - - size = fr_utf8_char(p, -1); - if (!size) { - RWDEBUG("Unprintable characters in the password. " - "Double-check the shared secret on the server " - "and the NAS!"); - break; - } - p += size; - } - } - } - break; - - /* - * Access-Challenge sections require a State. If there is - * none, create one here. This is so that the State - * attribute is accessible in the "send Access-Challenge" - * section. - */ - case FR_RADIUS_CODE_ACCESS_CHALLENGE: - if ((vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_state)) != NULL) { - uint8_t buffer[16]; - - fr_rand_buffer(buffer, sizeof(buffer)); - - MEM(pair_update_reply(&vp, attr_state) >= 0); - fr_pair_value_memdup(vp, buffer, sizeof(buffer), false); - } - break; - - default: - break; - - } - UPDATE_STATE(reply); - - fr_assert(state->send != NULL); - return state->send(p_result, mctx, request); -} - -RESUME_FLAG(access_accept, UNUSED,) -{ - fr_pair_t *vp; - process_ttls_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_ttls_t); - - PROCESS_TRACE; - - /* - * Check that there is a name which can be used to - * identify the user. The configuration depends on - * User-Name or Stripped-User-Name existing, and being - * (mostly) unique to that user. - */ - if (!request->parent && - ((vp = fr_pair_find_by_da(&request->request_pairs, NULL, attr_user_name)) != NULL) && - (vp->vp_strvalue[0] == '@') && - !fr_pair_find_by_da(&request->request_pairs, NULL, attr_stripped_user_name)) { - RWDEBUG("User-Name is anonymized, and no Stripped-User-Name exists."); - RWDEBUG("It may be difficult or impossible to identify the user."); - RWDEBUG("Please update Stripped-User-Name with information which identifies the user."); - } - - fr_state_discard(inst->auth.state_tree, request); - return UNLANG_ACTION_CALCULATE_RESULT; -} - -RESUME_FLAG(access_reject, UNUSED,) -{ - process_ttls_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_ttls_t); - - PROCESS_TRACE; - - fr_state_discard(inst->auth.state_tree, request); - return UNLANG_ACTION_CALCULATE_RESULT; -} - -RESUME(access_challenge) -{ - CONF_SECTION *cs; - fr_process_state_t const *state; - process_ttls_t const *inst = talloc_get_type_abort_const(mctx->mi->data, process_ttls_t); - - PROCESS_TRACE; - - /* - * Cache the state context. - * - * If this fails, don't respond to the request. - */ - if (fr_state_store(inst->auth.state_tree, request) < 0) { - request->reply->code = FR_RADIUS_CODE_DO_NOT_RESPOND; - UPDATE_STATE_CS(reply); - return CALL_SEND_STATE(state); - } - - fr_assert(request->reply->code == FR_RADIUS_CODE_ACCESS_CHALLENGE); - return UNLANG_ACTION_CALCULATE_RESULT; -} - -RESUME(protocol_error) -{ - fr_pair_t *vp; - - PROCESS_TRACE; - - fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->reply->code)); - - /* - * https://tools.ietf.org/html/rfc7930#section-4 - */ - vp = fr_pair_find_by_da_nested(&request->reply_pairs, NULL, attr_original_packet_code); - if (!vp) { - vp = fr_pair_afrom_da(request->reply_ctx, attr_original_packet_code); - if (vp) { - vp->vp_uint32 = request->packet->code; - fr_pair_append(&request->reply_pairs, vp); - } - } - - /* - * If there's no Error-Cause, then include a generic 404. - */ - vp = fr_pair_find_by_da(&request->reply_pairs, NULL, attr_error_cause); - if (!vp) { - vp = fr_pair_afrom_da(request->reply_ctx, attr_error_cause); - if (vp) { - vp->vp_uint32 = FR_ERROR_CAUSE_VALUE_INVALID_REQUEST; - fr_pair_append(&request->reply_pairs, vp); - } - } - - /* - * And do the generic processing after running a "send" section. - */ - return CALL_RESUME(send_generic); -} - -static unlang_action_t mod_process(unlang_result_t *p_result, module_ctx_t const *mctx, request_t *request) -{ - fr_process_state_t const *state; - - (void) talloc_get_type_abort_const(mctx->mi->data, process_ttls_t); - - PROCESS_TRACE; - - fr_assert(FR_RADIUS_PACKET_CODE_VALID(request->packet->code)); - - request->component = "radius"; - request->module = NULL; - fr_assert(request->proto_dict == dict_radius); - - UPDATE_STATE(packet); - - radius_packet_debug(request, request->packet, &request->request_pairs, true); - - return state->recv(p_result, mctx, request); -} - -static int mod_instantiate(module_inst_ctx_t const *mctx) -{ - process_ttls_t *inst = talloc_get_type_abort(mctx->mi->data, process_ttls_t); - - inst->server_cs = cf_item_to_section(cf_parent(mctx->mi->conf)); - - inst->auth.session.thread_safe = main_config->spawn_workers; - inst->auth.session.context_id = fr_hash_string(cf_section_name2(inst->server_cs)); - - inst->auth.state_tree = fr_state_tree_init(inst, attr_state, &inst->auth.session); - - return 0; -} - -static int mod_bootstrap(module_inst_ctx_t const *mctx) -{ - CONF_SECTION *server_cs = cf_item_to_section(cf_parent(mctx->mi->conf)); - - if (virtual_server_section_attribute_define(server_cs, "authenticate", attr_auth_type) < 0) return -1; - - return 0; -} - -/* - * rcodes not listed under a packet_type - * mean that the packet code will not be - * changed. - */ -static fr_process_state_t const process_state[] = { - [ FR_RADIUS_CODE_ACCESS_REQUEST ] = { - .packet_type = { - [RLM_MODULE_NOOP] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_OK] = FR_RADIUS_CODE_ACCESS_ACCEPT, - [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_ACCESS_ACCEPT, - - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .recv = recv_generic, - .resume = resume_access_request, - .section_offset = offsetof(process_ttls_sections_t, access_request), - }, - [ FR_RADIUS_CODE_ACCESS_ACCEPT ] = { - .packet_type = { - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .result_rcode = RLM_MODULE_OK, - .send = send_generic, - .resume = resume_access_accept, - .section_offset = offsetof(process_ttls_sections_t, access_accept), - }, - [ FR_RADIUS_CODE_ACCESS_REJECT ] = { - .packet_type = { - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .result_rcode = RLM_MODULE_REJECT, - .send = send_generic, - .resume = resume_access_reject, - .section_offset = offsetof(process_ttls_sections_t, access_reject), - }, - [ FR_RADIUS_CODE_ACCESS_CHALLENGE ] = { - .packet_type = { - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_ACCESS_REJECT, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .result_rcode = RLM_MODULE_OK, - .send = send_generic, - .resume = resume_access_challenge, - .section_offset = offsetof(process_ttls_sections_t, access_challenge), - }, - - - [ FR_RADIUS_CODE_PROTOCOL_ERROR ] = { /* @todo - fill out required fields */ - .packet_type = { - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .result_rcode = RLM_MODULE_FAIL, - .send = send_generic, - .resume = resume_protocol_error, - .section_offset = offsetof(process_ttls_sections_t, protocol_error), - }, - [ FR_RADIUS_CODE_DO_NOT_RESPOND ] = { - .packet_type = { - [RLM_MODULE_NOOP] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_OK] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_UPDATED] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_HANDLED] = FR_RADIUS_CODE_DO_NOT_RESPOND, - - [RLM_MODULE_NOTFOUND] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_FAIL] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_INVALID] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_REJECT] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_DISALLOW] = FR_RADIUS_CODE_DO_NOT_RESPOND, - [RLM_MODULE_TIMEOUT] = FR_RADIUS_CODE_DO_NOT_RESPOND - }, - .default_rcode = RLM_MODULE_NOOP, - .result_rcode = RLM_MODULE_HANDLED, - .send = send_generic, - .resume = resume_send_generic, - .section_offset = offsetof(process_ttls_sections_t, do_not_respond), - } -}; - -static virtual_server_compile_t const compile_list[] = { - { - .section = SECTION_NAME("recv", "Access-Request"), - .actions = &mod_actions_authorize, - .offset = PROCESS_CONF_OFFSET(access_request), - }, - { - .section = SECTION_NAME("send", "Access-Accept"), - .actions = &mod_actions_postauth, - .offset = PROCESS_CONF_OFFSET(access_accept), - }, - { - .section = SECTION_NAME("send", "Access-Challenge"), - .actions = &mod_actions_postauth, - .offset = PROCESS_CONF_OFFSET(access_challenge), - }, - { - .section = SECTION_NAME("send", "Access-Reject"), - .actions = &mod_actions_postauth, - .offset = PROCESS_CONF_OFFSET(access_reject), - }, - - { - .section = SECTION_NAME("send", "Protocol-Error"), - .actions = &mod_actions_postauth, - .offset = PROCESS_CONF_OFFSET(protocol_error), - }, - { - .section = SECTION_NAME("send", "Do-Not-Respond"), - .actions = &mod_actions_postauth, - .offset = PROCESS_CONF_OFFSET(do_not_respond), - }, - { - .section = SECTION_NAME("authenticate", CF_IDENT_ANY), - .actions = &mod_actions_authenticate - }, - COMPILE_TERMINATOR -}; - -extern fr_process_module_t process_ttls; -fr_process_module_t process_ttls = { - .common = { - .magic = MODULE_MAGIC_INIT, - .name = "ttls", - .config = config, - MODULE_INST(process_ttls_t), - MODULE_RCTX(process_rctx_t), - - .bootstrap = mod_bootstrap, - .instantiate = mod_instantiate - }, - .process = mod_process, - .compile_list = compile_list, - .dict = &dict_radius, - .packet_type = &attr_packet_type -};