From: Alan T. DeKok Date: Wed, 20 Feb 2013 13:40:54 +0000 (-0500) Subject: Make EAP-Key-Name things work X-Git-Tag: release_2_2_1~142 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cee586eb08725e7d8544f0edfd5785f63f4d281a;p=thirdparty%2Ffreeradius-server.git Make EAP-Key-Name things work --- diff --git a/raddb/sites-available/default b/raddb/sites-available/default index 1372649822d..e9036775a3d 100644 --- a/raddb/sites-available/default +++ b/raddb/sites-available/default @@ -545,12 +545,14 @@ post-auth { # MacSEC requires the use of EAP-Key-Name. However, we don't # want to send it for all EAP sessions. Therefore, the EAP # modules put required data into the EAP-Session-Id attribute. - # This attribute is never put into a packet. + # This attribute is never put into a request or reply packet. # # Uncomment the next few lines to copy the required data into # the EAP-Key-Name attribute -# update reply { -# EAP-Key-Name := "%{reply:EAP-Session-Id}" +# if (reply:EAP-Session-Id) { +# update reply { +# EAP-Key-Name := "%{reply:EAP-Session-Id}" +# } # } # If the WiMAX module did it's work, you may want to do more diff --git a/src/modules/rlm_eap/libeap/eap_tls.c b/src/modules/rlm_eap/libeap/eap_tls.c index 4fdb9fca429..3e2efbf2442 100644 --- a/src/modules/rlm_eap/libeap/eap_tls.c +++ b/src/modules/rlm_eap/libeap/eap_tls.c @@ -223,8 +223,8 @@ int eaptls_success(EAP_HANDLER *handler, int peap_flag) RDEBUG("WARNING: Not adding MPPE keys because there is no PRF label"); } - eaptls_gen_eap_key(tls_session->ssl->session, - handler->eap_type, &request->reply->vps); + eaptls_gen_eap_key(tls_session->ssl, + handler->eap_type, &handler->request->reply->vps); return 1; } diff --git a/src/modules/rlm_eap/libeap/mppe_keys.c b/src/modules/rlm_eap/libeap/mppe_keys.c index 97d4295d20f..c724937ba8a 100644 --- a/src/modules/rlm_eap/libeap/mppe_keys.c +++ b/src/modules/rlm_eap/libeap/mppe_keys.c @@ -133,7 +133,7 @@ void eaptls_gen_mppe_keys(VALUE_PAIR **reply_vps, SSL *s, size_t prf_size; if (!s->s3) { - radlog(L_ERR, "ERROR: OpenSSL build / link incompatibility detected"); + DEBUG("ERROR: No SSLv3 information"); return; } @@ -177,7 +177,7 @@ void eapttls_gen_challenge(SSL *s, uint8_t *buffer, size_t size) uint8_t *p = seed; if (!s->s3) { - radlog(L_ERR, "ERROR: OpenSSL build / link incompatibility detected"); + DEBUG("ERROR: No SSLv3 information"); return; } @@ -201,6 +201,11 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps) { VALUE_PAIR *vp; + if (!s->s3) { + DEBUG("ERROR: No SSLv3 information"); + return; + } + vp = paircreate(PW_EAP_SESSION_ID, PW_TYPE_OCTETS); if (!vp) return; @@ -208,5 +213,6 @@ void eaptls_gen_eap_key(SSL *s, uint32_t header, VALUE_PAIR **vps) memcpy(vp->vp_octets + 1, s->s3->client_random, SSL3_RANDOM_SIZE); memcpy(vp->vp_octets + 1 + SSL3_RANDOM_SIZE, s->s3->server_random, SSL3_RANDOM_SIZE); + vp->length = 1 + 2 * SSL3_RANDOM_SIZE; pairadd(vps, vp); }