From: Alan T. DeKok Date: Wed, 17 Jul 2024 15:09:53 +0000 (-0400) Subject: inherit from the main dynamic client definition X-Git-Tag: release_3_2_6~54 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ef5e6560492cd238f0ad14b15245e0b33338403b;p=thirdparty%2Ffreeradius-server.git inherit from the main dynamic client definition --- diff --git a/doc/ChangeLog b/doc/ChangeLog index 9cfa0706d5a..ff96d245a93 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -8,7 +8,7 @@ FreeRADIUS 3.2.6 Mon 15 May 2024 12:00:00 UTC urgency=low Bug fixes * Dynamic clients now inherit require_message_authenticator - and limit_proxy_state from the "security" section. + and limit_proxy_state from dynamic client {...} definition. * Fix radsecret build rules to better support parallel builds. FreeRADIUS 3.2.5 Tue 09 Jul 2024 12:00:00 UTC urgency=high diff --git a/raddb/sites-available/dynamic-clients b/raddb/sites-available/dynamic-clients index 0459a7f4b1d..0482381b821 100644 --- a/raddb/sites-available/dynamic-clients +++ b/raddb/sites-available/dynamic-clients @@ -62,6 +62,30 @@ client dynamic { # be used. # directory = ${confdir}/dynamic-clients/ + # + # If these two flags are not set here, Then their values will + # be taken from the corresponding flags in the main + # security{...} section. + # + # The resulting values will be used as the defaults for any + # dynamic client which is being defined. The + # "FreeRADIUS-Client-Require-MA" attribute (see below) can be + # used to further over-ride this flag. + # + # Note that it is NOT possible to set + # + # &FreeRADIUS-Client-Require-MA = auto + # + # The value MUST be either "yes" or "no". + # + # Note that is is NOT possible to change the value of + # "limit_proxy_state" dynamically via an attribute. + # + # +# require_message_authenticator = yes +# limit_proxy_state = yes + + # # Define the lifetime (in seconds) for dynamic clients. # They will be cached for this lifetime, and deleted afterwards. @@ -111,7 +135,7 @@ server dynamic_clients { &FreeRADIUS-Client-IP-Address = "%{Packet-Src-IP-Address}" # require_message_authenticator - &FreeRADIUS-Client-Require-MA = no +# &FreeRADIUS-Client-Require-MA = no # secret &FreeRADIUS-Client-Secret = "testing123" diff --git a/src/main/client.c b/src/main/client.c index 837822645a9..6e89fafc16a 100644 --- a/src/main/client.c +++ b/src/main/client.c @@ -1300,8 +1300,13 @@ RADCLIENT *client_afrom_request(RADCLIENT_LIST *clients, REQUEST *request) c->ipaddr.af = AF_UNSPEC; c->src_ipaddr.af = AF_UNSPEC; - c->require_ma = main_config.require_ma; - c->limit_proxy_state = main_config.limit_proxy_state; + /* + * Set these defaults from the main 0/0 client. This + * allows it to either inherit the global configuration, + * OR to have the client{...} setting override it. + */ + c->require_ma = request->client->require_ma; + c->limit_proxy_state = request->client->limit_proxy_state; fr_cursor_init(&cursor, &request->config);