From: Alan T. DeKok Date: Thu, 7 May 2009 08:43:27 +0000 (+0200) Subject: Add option "include_length" for TTLS, too. X-Git-Tag: release_2_1_7~175 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7302fd50c884ce0995a89d2e9f851de1d3374998;p=thirdparty%2Ffreeradius-server.git Add option "include_length" for TTLS, too. We've always set it to "yes" in the past, by inheriting the value from the TLS configuration. In contrast, PEAP always sets it to "no". However... RFC 5281 says that we should set it to "no". Since the previous code works with everyone, we don't want to change the defaults. But we DO add the flag that allows it to be RFC compliant.y --- diff --git a/raddb/eap.conf b/raddb/eap.conf index 969f8849855..209b5886198 100644 --- a/raddb/eap.conf +++ b/raddb/eap.conf @@ -370,6 +370,11 @@ # outer requests. # virtual_server = "inner-tunnel" + + # This has the same meaning as the + # same field in the "tls" module, above. + # The default value here is "yes". + # include_length = yes } ################################################## diff --git a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c index 91a42344889..1a3b3c009eb 100644 --- a/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c +++ b/src/modules/rlm_eap/types/rlm_eap_ttls/rlm_eap_ttls.c @@ -47,6 +47,17 @@ typedef struct rlm_eap_ttls_t { */ int copy_request_to_tunnel; + /* + * RFC 5281 (TTLS) says that the length field MUST NOT be + * in fragments after the first one. However, we've done + * it that way for years, and no one has complained. + * + * In the interests of allowing the server to follow the + * RFC, we add the option here. If set to "no", it sends + * the length field in ONLY the first fragment. + */ + int include_length; + /* * Virtual server for inner tunnel session. */ @@ -67,6 +78,9 @@ static CONF_PARSER module_config[] = { { "virtual_server", PW_TYPE_STRING_PTR, offsetof(rlm_eap_ttls_t, virtual_server), NULL, NULL }, + { "include_length", PW_TYPE_BOOLEAN, + offsetof(rlm_eap_ttls_t, include_length), NULL, "yes" }, + { NULL, -1, 0, NULL, NULL } /* end the list */ }; @@ -175,6 +189,8 @@ static int eapttls_authenticate(void *arg, EAP_HANDLER *handler) RDEBUG2("Authenticate"); + tls_session->length_flag = inst->include_length; + /* * Process TLS layer until done. */