From: Alan T. DeKok Date: Fri, 7 Jul 2023 14:32:46 +0000 (-0400) Subject: configuration to allow empty identities for TEAP X-Git-Tag: release_3_2_4~212 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7774f681ad3d588e40734a3ac6dfcfad876826bf;p=thirdparty%2Ffreeradius-server.git configuration to allow empty identities for TEAP --- diff --git a/src/modules/rlm_eap/eap.c b/src/modules/rlm_eap/eap.c index 14b1c756fc5..b355d8c2562 100644 --- a/src/modules/rlm_eap/eap.c +++ b/src/modules/rlm_eap/eap.c @@ -1226,10 +1226,14 @@ eap_handler_t *eap_handler(rlm_eap_t *inst, eap_packet_raw_t **eap_packet_p, */ handler->identity = eap_identity(request, handler, eap_packet); if (!handler->identity) { - RDEBUG("Identity Unknown, authentication failed"); - error2: - talloc_free(handler); - goto error; + if (!inst->allow_empty_identities) { + RDEBUG("Identity Unknown, authentication failed"); + error2: + talloc_free(handler); + goto error; + } + + handler->identity = ""; } vp = fr_pair_find_by_num(request->packet->vps, PW_USER_NAME, 0, TAG_ANY); diff --git a/src/modules/rlm_eap/rlm_eap.c b/src/modules/rlm_eap/rlm_eap.c index 25601cce44e..fbd75e9dbaa 100644 --- a/src/modules/rlm_eap/rlm_eap.c +++ b/src/modules/rlm_eap/rlm_eap.c @@ -38,6 +38,7 @@ static const CONF_PARSER module_config[] = { { "max_eap_type", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_t, max_eap_type), "52" }, { "ignore_unknown_eap_types", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_t, ignore_unknown_types), "no" }, { "cisco_accounting_username_bug", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_t, mod_accounting_username_bug), "no" }, + { "allow_empty_identities", FR_CONF_OFFSET(PW_TYPE_BOOLEAN, rlm_eap_t, allow_empty_identities), NULL }, { "max_sessions", FR_CONF_OFFSET(PW_TYPE_INTEGER, rlm_eap_t, max_sessions), "2048" }, CONF_PARSER_TERMINATOR }; diff --git a/src/modules/rlm_eap/rlm_eap.h b/src/modules/rlm_eap/rlm_eap.h index 0b9311cd83a..930b763b6a6 100644 --- a/src/modules/rlm_eap/rlm_eap.h +++ b/src/modules/rlm_eap/rlm_eap.h @@ -63,6 +63,7 @@ typedef struct rlm_eap { bool ignore_unknown_types; bool mod_accounting_username_bug; + bool allow_empty_identities; uint32_t max_sessions;