From: Arran Cudbard-Bell Date: Tue, 7 Sep 2021 20:21:44 +0000 (-0500) Subject: Various eap-aka/sim doc cleanups X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=47aa3556d09a42ac926526c10ab428988c68299d;p=thirdparty%2Ffreeradius-server.git Various eap-aka/sim doc cleanups --- diff --git a/doc/antora/modules/raddb/pages/sites-available/eap-aka-sim.adoc b/doc/antora/modules/raddb/pages/sites-available/eap-aka-sim.adoc index 4356538af95..6a2cc586389 100644 --- a/doc/antora/modules/raddb/pages/sites-available/eap-aka-sim.adoc +++ b/doc/antora/modules/raddb/pages/sites-available/eap-aka-sim.adoc @@ -710,7 +710,7 @@ temporarily in `&Next-Pseudonym-Id` for use as a key. You should store the following attributes against the key `&Next-Paeudonym-Id`: -- `&session-State:Permanent-Identity`::The permanent identity of the user. +- `&session-state.Permanent-Identity`::The permanent identity of the user. If a failure rcode is returned authentication continues but the Next-Pseudonym-Id will not be sent to the supplicant. @@ -733,7 +733,7 @@ This section will be called prior to entering the AKA-CHALLENGE state. You should restore the contents of the following attributes using `&Next-Pseudonym-Id` as a key: -- `&session-State:Permanent-Identity`::The permanent identity of the user. +- `&session-state.Permanent-Identity`::The permanent identity of the user. NOTE: If you're using 3GPP style encrypted pseudonyms, you should decrypt the pseudonym here, and store the decrypted value in @@ -761,7 +761,7 @@ You should restore the contents of the following attributes using - `&session-state.Counter`:: How many times this session has been resumed. - `&session-state.Session-Data`:: The master session key. -- `&session-State:Permanent-Identity`::(optionally) the permanent +- `&session-state.Permanent-Identity`::(optionally) the permanent identity of the user. If a failure rcode is returned, authentication continues but the @@ -784,7 +784,7 @@ You should restore the contents of the following attributes using - `&session-state.Counter`:: How many times this session has been resumed. - `&session-state.Session-Data`:: The master session key. -- `&session-State:Permanent-Identity`::(optionally) the permanent +- `&session-state.Permanent-Identity`::(optionally) the permanent identity of the user. The following rcodes have special meanings in this section: diff --git a/raddb/mods-available/eap b/raddb/mods-available/eap index c16191b0dc7..298ef89d4ac 100644 --- a/raddb/mods-available/eap +++ b/raddb/mods-available/eap @@ -1213,41 +1213,6 @@ eap { # # ### EAP-SIM # - # Triplets can be provided using control attributes: - # - # * `&control.EAP-SIM-KC` - # * `&control.EAP-SIM-RAND` - # * `&control.EAP-SIM-SRES` - # - # NOTE: Three instances of each attribute must be provided. - # - # Alternatively triplets can be generated locally using - # control attributes: - # - # * `&control.SIM-Ki` - # * `&control.SIM-OPc` - # * `&control.SIM-Algo-Version` (optional - see defaults below) - # - # UMTS Milenage inputs (AMF, SQN) are ignored. - # - # `&control.SIM-Algo-Version` selects the SIM algorithm used, - # it must match the algorithm used by the SIM. - # - # Accepted values for `SIM-Algo-Version` are: - # - # * `Comp128v1` - # * `Comp128v2` - # * `Comp128v3` (default if no &control.SIM-OPc) - # * `Comp128v4` (default if &control.SIM-OPc is available) - # - # NOTE: In general operators will not provide the Ki (subscriber - # key) for their `SIM cards`, as the Ki is considered highly - # sensitive. - # - # Local triplet generation is intended for testing and - # research purposes where programmable or virtual SIM cards - # are in use. - # sim { # # virtual_server:: EAP-SIM virtual server containing policy diff --git a/raddb/policy.d/eap b/raddb/policy.d/eap index 1c4be4329aa..0309e83ae69 100644 --- a/raddb/policy.d/eap +++ b/raddb/policy.d/eap @@ -130,7 +130,7 @@ use_tunneled_reply { # copy the outer session-state list to the final reply. # update { - &outer.session-state: += &reply + &outer.session-state. += &reply } } diff --git a/raddb/sites-available/eap-aka-sim b/raddb/sites-available/eap-aka-sim index 7b5de5dffd3..30b0b477fa2 100644 --- a/raddb/sites-available/eap-aka-sim +++ b/raddb/sites-available/eap-aka-sim @@ -140,11 +140,6 @@ server eap-aka-sim { # # protected_success = no - # - # virtual_server:: Same as for `TTLS`, `PEAP`, etc. - # -# virtual_server = "" - # request_identity:: Send a AKA-Identity message to request # an additional identity to the one from the EAP-Identity-Response. # @@ -171,9 +166,6 @@ server eap-aka-sim { # ephemeral_id_length:: The length of any pseudonyms or # fastauth identities we generate (not including hint byte). # - # See sites-available/eap-aka-sim for details on how to trigger - # the generation of pseudonym or fastauth identities. - # # ephemeral_id_length = 14 # @@ -796,7 +788,7 @@ server eap-aka-sim { # You should store the following attributes against the key # `&Next-Paeudonym-Id`: # - # - `&session-State:Permanent-Identity`::The permanent identity of the user. + # - `&session-state.Permanent-Identity`::The permanent identity of the user. # # If a failure rcode is returned authentication continues but the # Next-Pseudonym-Id will not be sent to the supplicant. @@ -822,7 +814,7 @@ server eap-aka-sim { # You should restore the contents of the following attributes using # `&Next-Pseudonym-Id` as a key: # - # - `&session-State:Permanent-Identity`::The permanent identity of the user. + # - `&session-state.Permanent-Identity`::The permanent identity of the user. # # NOTE: If you're using 3GPP style encrypted pseudonyms, you should # decrypt the pseudonym here, and store the decrypted value in @@ -856,7 +848,7 @@ server eap-aka-sim { # - `&session-state.Counter`:: How many times this session has # been resumed. # - `&session-state.Session-Data`:: The master session key. - # - `&session-State:Permanent-Identity`::(optionally) the permanent + # - `&session-state.Permanent-Identity`::(optionally) the permanent # identity of the user. # # If a failure rcode is returned, authentication continues but the @@ -882,7 +874,7 @@ server eap-aka-sim { # - `&session-state.Counter`:: How many times this session has # been resumed. # - `&session-state.Session-Data`:: The master session key. - # - `&session-State:Permanent-Identity`::(optionally) the permanent + # - `&session-state.Permanent-Identity`::(optionally) the permanent # identity of the user. # # The following rcodes have special meanings in this section: diff --git a/src/lib/tls/verify.c b/src/lib/tls/verify.c index 7c8603796bb..1c75414f3b1 100644 --- a/src/lib/tls/verify.c +++ b/src/lib/tls/verify.c @@ -83,7 +83,7 @@ DIAG_OFF(used-but-marked-unused) /* fix spurious warnings for sk macros */ * certificate chain. * * @note As a byproduct of validation, various OIDs will be extracted from the - * certificates, and inserted into the session-state: list as fr_pair_t. + * certificates, and inserted into the session-state. list as fr_pair_t. * * @param ok preverify ok. 1 if true, 0 if false. * @param x509_ctx containing certs to verify.