From: Alan T. DeKok Date: Tue, 29 Aug 2023 23:35:32 +0000 (-0400) Subject: remove last vestiges of Virtual-Server X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=aaf05884f2a67d2f1fd1174a1173fd77e37eef36;p=thirdparty%2Ffreeradius-server.git remove last vestiges of Virtual-Server --- diff --git a/doc/antora/modules/raddb/pages/mods-available/eap.adoc b/doc/antora/modules/raddb/pages/mods-available/eap.adoc index 7458d2189e6..69f7c135095 100644 --- a/doc/antora/modules/raddb/pages/mods-available/eap.adoc +++ b/doc/antora/modules/raddb/pages/mods-available/eap.adoc @@ -754,6 +754,7 @@ session_ticket_key:: Sets a persistent key used to encrypt stateless session tickets. If this is not set, then a random key will be chosen when the server starts. + As the ticket key length depends on the version/flavour of OpenSSL being used, the value provided is fed into a HKDF function (digest SHA256, @@ -994,6 +995,7 @@ will be sent through the virtual server that processed the outer requests. + require_client_cert:: Unlike `EAP-TLS`, `PEAP `does not require a client certificate. @@ -1340,11 +1342,10 @@ eap { } session { # mode = auto -# name = "%{EAP-Type}%{Virtual-Server}" +# name = "%{EAP-Type}%{interpreter:server}" # lifetime = 86400 # require_extended_master_secret = yes # require_perfect_forward_secrecy = no - * # session_ticket_key = "super-secret-key" } } diff --git a/src/lib/eap/base.c b/src/lib/eap/base.c index 2d1a3d5aead..da7f3e52f79 100644 --- a/src/lib/eap/base.c +++ b/src/lib/eap/base.c @@ -84,7 +84,6 @@ fr_dict_attr_t const *attr_chbind_response_code; fr_dict_attr_t const *attr_eap_session_id; fr_dict_attr_t const *attr_eap_identity; fr_dict_attr_t const *attr_eap_type; -fr_dict_attr_t const *attr_virtual_server; fr_dict_attr_t const *attr_message_authenticator; fr_dict_attr_t const *attr_eap_channel_binding_message; @@ -104,7 +103,6 @@ fr_dict_attr_autoload_t eap_base_dict_attr[] = { { .out = &attr_eap_session_id, .name = "EAP-Session-Id", .type = FR_TYPE_OCTETS, .dict = &dict_freeradius }, { .out = &attr_eap_type, .name = "EAP-Type", .type = FR_TYPE_UINT32, .dict = &dict_freeradius }, { .out = &attr_state, .name = "State", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, - { .out = &attr_virtual_server, .name = "Virtual-Server", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, { .out = &attr_message_authenticator, .name = "Message-Authenticator", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, { .out = &attr_eap_channel_binding_message, .name = "Vendor-Specific.UKERNA.EAP-Channel-Binding-Message", .type = FR_TYPE_OCTETS, .dict = &dict_radius }, @@ -400,8 +398,11 @@ void eap_add_reply(request_t *request, fr_dict_attr_t const *da, uint8_t const * * @param[in] virtual_server The default virtual server to send the request to. * @return the rcode of the last executed section in the virtual server. */ -rlm_rcode_t eap_virtual_server(request_t *request, eap_session_t *eap_session, char const *virtual_server) +rlm_rcode_t eap_virtual_server(UNUSED request_t *request, UNUSED eap_session_t *eap_session, UNUSED char const *virtual_server) { +#if 1 + return RLM_MODULE_FAIL; +#else eap_session_t *eap_session_inner; rlm_rcode_t rcode; fr_pair_t *vp; @@ -456,6 +457,7 @@ rlm_rcode_t eap_virtual_server(request_t *request, eap_session_t *eap_session, c } return rcode; +#endif } /** Initialise the lib eap base library diff --git a/src/lib/tls/conf.c b/src/lib/tls/conf.c index 2fb27a6256a..876632d53a9 100644 --- a/src/lib/tls/conf.c +++ b/src/lib/tls/conf.c @@ -89,7 +89,7 @@ static CONF_PARSER tls_cache_config[] = { }, .dflt = "auto" }, { FR_CONF_OFFSET("name", FR_TYPE_TMPL, fr_tls_cache_conf_t, id_name), - .dflt = "%{EAP-Type}%{Virtual-Server}", .quote = T_DOUBLE_QUOTED_STRING }, + .dflt = "%{EAP-Type}%{interpreter:server}", .quote = T_DOUBLE_QUOTED_STRING }, { FR_CONF_OFFSET("lifetime", FR_TYPE_TIME_DELTA, fr_tls_cache_conf_t, lifetime), .dflt = "1d" }, #if OPENSSL_VERSION_NUMBER >= 0x10100000L diff --git a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c index 452dbd1b1f6..e4792aa848d 100644 --- a/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c +++ b/src/modules/rlm_eap/types/rlm_eap_tls/rlm_eap_tls.c @@ -60,12 +60,10 @@ fr_dict_autoload_t rlm_eap_tls_dict[] = { }; static fr_dict_attr_t const *attr_eap_tls_require_client_cert; -static fr_dict_attr_t const *attr_virtual_server; extern fr_dict_attr_autoload_t rlm_eap_tls_dict_attr[]; fr_dict_attr_autoload_t rlm_eap_tls_dict_attr[] = { { .out = &attr_eap_tls_require_client_cert, .name = "EAP-TLS-Require-Client-Cert", .type = FR_TYPE_UINT32, .dict = &dict_freeradius }, - { .out = &attr_virtual_server, .name = "Virtual-Server", .type = FR_TYPE_STRING, .dict = &dict_freeradius }, { NULL } };